privacy

Renovated Heart Counseling, LLC

Effective Date: February 17, 2026

Last Updated: February 17, 2026

INTRODUCTION

Renovated Heart Counseling, LLC ("we," "us," "our," or "the Practice") is committed to protecting the privacy and confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, store, share, and protect your information when you visit our website (www.renovatedheartcounseling.com), use our services, or communicate with us.

Renovated Heart Counseling is a private-pay psychotherapy practice located in Memphis, Tennessee, owned and operated by Angie Galyean, LPC-MHSP (Licensed Professional Counselor with Mental Health Service Provider designation). We provide virtual therapy services to women throughout the state of Tennessee.

By using our website, scheduling an appointment, or engaging our services, you acknowledge that you have read and understand this Privacy Policy.

1. INFORMATION WE COLLECT

We collect the following categories of personal and health-related information:

Personal Identifying Information: Your name (first and last), email address, phone number, and mailing address.

Health Information: Information related to your mental health history, current symptoms, diagnoses, treatment plans, progress notes, assessment results, and other clinical records created during the course of therapy. This includes Protected Health Information (PHI) as defined by HIPAA.

Appointment and Scheduling Information: Dates, times, and details related to your therapy sessions, including consultation requests and scheduling preferences.

Payment and Billing Information: Credit or debit card details, HSA/FSA card information, payment history, and billing records. We do not store full credit card numbers on our systems; payment processing is handled by our HIPAA-compliant practice management platform.

Communication Records: Emails, phone messages, text messages, voicemail messages, and contact form submissions you send to us, including the content of those communications.

Website Usage Data: Information automatically collected when you visit our website, including your IP address, browser type, device information, pages visited, time spent on pages, and referring URLs. This data is collected through cookies and analytics tools (see Section 9 for details).

Intake and Consultation Information: Information you provide through our website contact form, including your preferred contact time and the reason you are seeking therapy.

2. HOW WE COLLECT YOUR INFORMATION

We collect your information through the following methods:

Website Contact Forms: When you submit an inquiry through our website contact form, we collect your first name, last name, email address, preferred contact time, and a brief description of why you are seeking therapy.

Scheduling and Practice Management Platform: When you book a consultation or appointment through our online scheduling system powered by Carepatron, your information is collected and stored within that HIPAA-compliant platform.

Telehealth Sessions: During virtual therapy sessions conducted through our HIPAA-compliant telehealth platform (Carepatron), clinical information is generated and recorded as part of your treatment.

Direct Communication: When you contact us by phone at (901) 213-6678, by email at angie@renovatedheartcounseling.com, or by text message, we collect the information you share with us.

Electronic Medical Records (EMR): Clinical notes, treatment plans, assessments, and other health records are created and stored within our HIPAA-compliant EMR system (Carepatron).

Cookies and Website Analytics: Our website uses cookies and analytics technologies to collect data about how visitors interact with the site (see Section 9).

3. WHY WE COLLECT YOUR INFORMATION (PURPOSES OF DATA COLLECTION)

We collect and use your information for the following purposes:

Providing Therapy Services: To deliver high-quality psychotherapy, including conducting assessments, developing treatment plans, tracking your progress, and maintaining clinical records as required by law and professional standards.

Appointment Management: To schedule, confirm, reschedule, and send reminders for your therapy sessions and consultations.

Communication: To respond to your inquiries, provide information about our services, and communicate with you about your care.

Payment and Billing: To process payments for therapy sessions, generate invoices and superbills for potential insurance reimbursement, and maintain accurate financial records.

Legal and Regulatory Compliance: To comply with federal and state laws, including HIPAA, Tennessee mental health record-keeping requirements, and mandated reporting obligations.

Website Improvement: To analyze how visitors use our website so we can improve its functionality, content, and user experience.

Safety and Crisis Response: To take appropriate action if we believe there is an imminent risk of harm to you or others, as permitted or required by law.

4. WHO WE SHARE YOUR INFORMATION WITH

We do not sell your personal or health information to any third party. We may share your information in the following limited circumstances:

Practice Management and EMR Platform (Carepatron): Your personal and health information is stored and processed through Carepatron, our HIPAA-compliant electronic medical records, scheduling, and telehealth platform. Carepatron uses encryption, secure cloud infrastructure, and maintains HIPAA certification to protect your data.

Payment Processors: When you make a payment by credit card, debit card, or HSA/FSA card, your payment information is processed by HIPAA-compliant third-party payment processors integrated with our practice management system. We do not directly store your full card numbers.

Website Hosting and Analytics Providers: Our website is hosted by a third-party platform that may collect analytics data about site visitors. This data is generally anonymized and used to improve website performance.

Legal Requirements: We may disclose your information when required to do so by federal or state law, including but not limited to court orders, subpoenas, mandatory reporting of child abuse or neglect, mandatory reporting of abuse or neglect of vulnerable adults, and situations involving imminent danger to you or others.

Healthcare Collaborators: With your written consent, we may share relevant clinical information with other healthcare providers involved in your care (such as psychiatrists, physicians, or other therapists).

Professional Consultation: We may consult with other licensed professionals about your clinical care. In these instances, identifying information is minimized or removed whenever possible.

Business Operations: In the event of a practice transition, merger, or closure, your records may be transferred to another qualified provider in accordance with Tennessee law and HIPAA requirements. You will be notified in advance of any such transfer.

5. HOW WE USE YOUR DATA

Your information is used to:

Provide and improve your therapy experience, including virtual sessions conducted through our secure telehealth platform.

Maintain accurate and complete clinical records as required by Tennessee law and professional ethics standards.

Process your payments and manage billing, including generating superbills upon request.

Communicate with you regarding your appointments, treatment, and any changes to our practice policies.

Respond to your questions and requests submitted through our website, email, phone, or text.

Ensure the security and functionality of our website and practice systems.

Comply with all applicable laws, regulations, and professional licensing requirements.

6. HOW LONG WE RETAIN YOUR DATA

Clinical and Health Records: In accordance with Tennessee state law and professional best practices, we retain your clinical records for a minimum of ten (10) years after the date of your last session. For clients who were minors at the time of treatment, records are retained for ten (10) years after the client reaches the age of majority (age 18) or ten (10) years after the last date of service, whichever is later.

Billing and Payment Records: Financial records are retained for a minimum of seven (7) years to comply with IRS requirements and applicable state law.

Website Contact Form Submissions: Inquiry information submitted through our contact form is retained only as long as necessary to respond to your inquiry, unless the inquiry leads to a therapeutic relationship, in which case it becomes part of your client record.

Website Analytics Data: Analytics data is retained according to the policies of the analytics tools used on our website and is generally anonymized.

When records are no longer required to be retained, they are securely destroyed. Electronic records are permanently deleted using secure data-destruction methods. Paper records, if any, are shredded.

7. HOW WE PROTECT YOUR INFORMATION

We take the security of your information seriously and have implemented the following safeguards:

Encryption: All data transmitted between your device and our systems is encrypted using industry-standard SSL/TLS encryption. Data stored within our EMR and practice management platform (Carepatron) is encrypted at rest and in transit.

Access Controls: Access to your personal and health information is restricted to authorized individuals only. Our EMR system requires secure login credentials, and access is limited to the minimum necessary for providing your care.

Secure Telehealth Platform: All virtual therapy sessions are conducted through Carepatron's HIPAA-compliant telehealth platform, which uses secure video conferencing technology with end-to-end encryption.

Secure Cloud Storage: Your records are stored on secure, HIPAA-compliant cloud infrastructure maintained by Carepatron, which uses facilities protected by biometric scanners, proximity readers, and 24/7 security monitoring.

Password Protection: All systems and accounts used in the practice are protected by strong, unique passwords and are updated regularly.

Device Security: All devices used to access client information are password-protected and use up-to-date security software.

Professional Training: Angie Galyean maintains ongoing education in privacy, confidentiality, HIPAA compliance, and ethical practices as required by Tennessee licensing standards.

Business Associate Agreements (BAAs): We maintain signed Business Associate Agreements with all third-party vendors who have access to your Protected Health Information, as required by HIPAA.

8. DATA BREACH NOTIFICATION PROCEDURES

In the unlikely event of a data breach that compromises your personal or health information, we will:

Investigate the breach promptly and take immediate steps to contain it and prevent further unauthorized access.

Notify affected clients without unreasonable delay, and no later than sixty (60) days following the discovery of the breach, as required by the HIPAA Breach Notification Rule.

Provide you with a written notice that includes a description of the breach, the types of information involved, steps you can take to protect yourself, what we are doing to address the breach, and contact information for questions.

Report the breach to the U.S. Department of Health and Human Services (HHS) as required by law. If the breach affects 500 or more individuals, we will also notify prominent media outlets in the affected area.

Document the breach and our response for our records.

9. COOKIES AND TRACKING TECHNOLOGIES

Our website (www.renovatedheartcounseling.com) uses the following types of cookies and tracking technologies:

Essential Cookies: These are necessary for the website to function properly, such as maintaining your session while you browse the site and enabling the contact form to work.

Analytics Cookies: We may use analytics tools to understand how visitors interact with our website. These tools may collect information such as pages visited, time spent on pages, referring websites, and general geographic location. This information is aggregated and anonymized and is used solely to improve our website and services.

Third-Party Cookies: Some features on our website, such as embedded videos or social media links, may set cookies from third-party services. These cookies are governed by the privacy policies of those third parties.

How to Manage Cookies: Most web browsers allow you to control cookies through their settings. You can set your browser to refuse cookies, delete existing cookies, or alert you when a cookie is being set. Please note that disabling cookies may affect the functionality of some parts of our website.

We do not use cookies or tracking technologies to collect Protected Health Information (PHI). No health data is collected through our website analytics.

10. NOTICE OF PRIVACY PRACTICES (HIPAA)

Renovated Heart Counseling, LLC is required to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations, including the Privacy Rule and Security Rule. This section serves as a summary of our Notice of Privacy Practices.

Your Protected Health Information (PHI): PHI includes any individually identifiable health information that we create, receive, maintain, or transmit in connection with your treatment. This includes your clinical records, treatment plans, diagnoses, session notes, and related billing information.

How We May Use and Disclose Your PHI Without Your Authorization:

Treatment: We may use your PHI to provide, coordinate, or manage your mental health treatment. For example, we may use your clinical information to develop a treatment plan or make a referral with your consent.

Payment: We may use your PHI to process payments and generate superbills for your records or for submission to your insurance provider.

Health Care Operations: We may use your PHI for internal practice operations, such as quality improvement, professional supervision, or compliance activities.

As Required by Law: We may disclose your PHI when required to do so by federal, state, or local law.

To Prevent a Serious Threat to Health or Safety: We may disclose your PHI if we believe in good faith that disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

Mandated Reporting: We are required by Tennessee law to report suspected child abuse or neglect and suspected abuse or neglect of vulnerable adults.

Uses and Disclosures That Require Your Written Authorization: For most other uses and disclosures of your PHI, we will obtain your written authorization before sharing your information. This includes disclosures for marketing purposes, sale of your PHI, and most disclosures of psychotherapy notes (if maintained separately from your clinical record). You may revoke any authorization in writing at any time, and we will honor your revocation for any future disclosures.

Your Rights Under HIPAA: See Section 11 (Client Rights) for a full description of your rights regarding your health information.

11. YOUR RIGHTS AS A CLIENT

You have the following rights regarding your personal and health information:

Right to Access Your Records: You have the right to request a copy of your clinical records and other personal information we maintain about you. We will respond to your request within thirty (30) days. A reasonable fee may be charged for copying costs.

Right to Amend Your Records: If you believe that information in your records is inaccurate or incomplete, you may request an amendment. We will review your request and respond within sixty (60) days. We may deny the request in limited circumstances as permitted by law, and if so, we will provide a written explanation.

Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI. This accounting will cover disclosures made for purposes other than treatment, payment, or health care operations for the six (6) years prior to your request.

Right to Request Restrictions: You may request that we restrict how we use or disclose your PHI. While we are not required to agree to all restriction requests, we will carefully consider each one. We are required to agree to a restriction on disclosures to a health plan for services you have paid for entirely out of pocket.

Right to Confidential Communications: You have the right to request that we communicate with you in a specific way or at a specific location. For example, you may ask that we only contact you by email rather than by phone. We will accommodate reasonable requests.

Right to a Paper Copy of This Policy: You may request a paper copy of this Privacy Policy at any time by contacting us.

Right to File a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights. You will not be penalized or retaliated against for filing a complaint.

U.S. Department of Health and Human Services

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, DC 20201

Toll-free: 1-877-696-6775

Website: www.hhs.gov/ocr/privacy/hipaa/complaints/

Right to Revoke Authorization: If you have provided written authorization for the use or disclosure of your PHI, you may revoke that authorization in writing at any time. Your revocation will apply to future disclosures but cannot apply to disclosures already made in reliance on your prior authorization.

Exceptions to Your Rights: In certain circumstances, we may deny or limit your requests as permitted by law. For example, we may withhold access to psychotherapy notes or to information that we believe could endanger you or another person. If a request is denied, you will receive a written explanation.

To exercise any of these rights, please contact us using the information provided in Section 13 of this policy.

12. WEBSITE ACCESSIBILITY (USERWAY)

Renovated Heart Counseling is committed to ensuring that our website is accessible to all visitors, including individuals with disabilities. To support this commitment, we use the Accessibility Widget by UserWay, an AI-powered accessibility tool designed to improve compliance with the Americans with Disabilities Act (ADA), Section 508, and Web Content Accessibility Guidelines (WCAG) 2.1.

The UserWay Accessibility Widget provides the following features for website visitors:

Screen Reader Compatibility: Enhances the website's compatibility with screen reader technology used by visitors who are blind or have low vision.

Keyboard Navigation: Improves the ability to navigate the website using a keyboard alone, without a mouse, for visitors with motor impairments.

Contrast Adjustments: Allows visitors to modify color contrast settings to improve readability for those with visual impairments or color vision deficiency.

Text Resizing: Enables visitors to increase or decrease text size for easier reading.

Text Spacing: Allows visitors to adjust spacing between letters and lines of text for improved readability.

Link Highlighting: Highlights all links on a page so they are easier to identify and navigate.

Cursor Enlargement: Provides a larger cursor option for visitors who have difficulty tracking the standard cursor.

Reading Guide: Offers a reading guide tool that helps visitors focus on specific lines of text.

Accessibility Profiles: Provides pre-configured accessibility profiles (such as profiles for seizure-safe browsing or ADHD-friendly navigation) that visitors can activate with a single click.

Language Support: The widget supports over 40 languages to accommodate multilingual visitors.

Page Structure and Navigation: Provides tools to view and navigate the page structure, including headings and landmarks.

Privacy Note Regarding UserWay: UserWay does not collect any personal information from visitors who interact with the accessibility widget. The widget operates within your browser and is designed to enhance accessibility without compromising your privacy. For more information about UserWay's privacy practices, you may visit their privacy policy at https://userway.org/privacy/.

If you experience any accessibility issues while using our website, please contact us at angie@renovatedheartcounseling.com or (901) 213-6678 so we can assist you and work to resolve the issue.

13. CONTACT INFORMATION

If you have any questions about this Privacy Policy, wish to exercise your privacy rights, or have concerns about how your information is being handled, please contact us:

Angie Galyean, LPC-MHSP

Privacy Officer

Renovated Heart Counseling, LLC

1028 Cresthaven Rd., Suite 200, #1101

Memphis, TN 38119

Phone: (901) 213-6678

Email: angie@renovatedheartcounseling.com

Website: www.renovatedheartcounseling.com

Business Hours: Monday through Thursday, 9:00 AM to 4:00 PM (Central Time)

Closed Friday through Sunday.

We will respond to privacy-related inquiries within thirty (30) days.

14. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make changes, we will:

Update the "Last Updated" date at the top of this policy.

Post the revised policy on our website at www.renovatedheartcounseling.com.

For significant changes that materially affect how we use or disclose your information, we will make reasonable efforts to notify current clients directly, such as by email or during your next scheduled session.

We encourage you to review this policy periodically to stay informed about how we are protecting your information.

15. TENNESSEE-SPECIFIC PROVISIONS

Renovated Heart Counseling, LLC operates under the laws of the State of Tennessee and is subject to regulation by the Tennessee Department of Health, Board of Licensed Professional Counselors, Marital and Family Therapists, and Clinical Pastoral Therapists. In addition to the federal protections provided by HIPAA, the following Tennessee-specific provisions apply:

Tennessee law (Tenn. Code Ann. Section 63-22-114) protects the confidentiality of communications between a licensed professional counselor and their client. We will not disclose confidential information without your written consent except as permitted or required by law.

In accordance with Tennessee record retention requirements, we maintain client records for a minimum of ten (10) years following the termination of services.

Tennessee mandated reporting laws require us to report suspected child abuse or neglect (Tenn. Code Ann. Section 37-1-403) and suspected abuse, neglect, or exploitation of vulnerable adults (Tenn. Code Ann. Section 71-6-103).

As a virtual-only practice licensed in Tennessee, we provide services exclusively to clients physically located within the state of Tennessee at the time of their session.

16. SOCIAL MEDIA AND EXTERNAL LINKS

Our website and social media accounts may contain links to external websites, resources, or social media platforms. This Privacy Policy applies only to information collected through our website and services. We are not responsible for the privacy practices or content of third-party websites or platforms.

If you follow us on social media or interact with our social media content, please be aware that your interactions are subject to the privacy policies of those platforms. We encourage you to review the privacy policies of any third-party websites you visit.

To protect your confidentiality, we ask that you do not disclose personal health information or details about your therapy through social media, public comments, or other unsecured channels. We will not acknowledge or confirm any therapeutic relationship through social media.

17. GOOD FAITH ESTIMATE DISCLOSURE

Under the No Surprises Act, you have the right to receive a Good Faith Estimate explaining how much your therapy will cost. As a private-pay practice, Renovated Heart Counseling does not bill insurance directly. You have the right to receive a Good Faith Estimate for the total expected cost of any non-emergency services before your appointment. If you receive a bill that is at least $400 more than your Good Faith Estimate, you may dispute the bill. For more information, visit www.cms.gov/nosurprises.

18. CONSENT

By using our website, contacting us, scheduling a consultation or appointment, or engaging our therapy services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy.

For health-related information, separate written consent or authorization may be required before we use or disclose your Protected Health Information for purposes beyond treatment, payment, and health care operations. You will be provided with appropriate consent and authorization forms as part of the intake process.

You may withdraw your consent at any time by contacting us in writing. Withdrawing consent may affect our ability to provide services to you.

This Privacy Policy is provided by Renovated Heart Counseling, LLC. If you have any questions, please do not hesitate to reach out to us at (901) 213-6678 or angie@renovatedheartcounseling.com.