Entity: Zoe Psychiatry and Sleep Medicine Effective Date: December 22, 2022 Last Updated: December 22, 2025

1. Introduction

Zoe Psychiatry and Sleep Medicine (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and patient portal services.

As a registered medical practice, we operate in strict compliance with the Health Insurance Portability and Accountability Act (HIPAA), Texas House Bill 300 (HB 300), the Texas Data Privacy and Security Act (TDPSA), and applicable Oklahoma state laws.

2. Information We Collect

We collect information to provide specialized psychiatric and sleep medicine services.

A. Protected Health Information (PHI)

To provide our core medical services, we collect PHI including but not limited to:

  • Patient Identifiers: Name, date of birth, address, and insurance information.
  • Medical Data: Psychiatric history, sleep study results, medication logs, diagnoses, and treatment plans.
  • Communication: Messages sent between you and our providers via our secure portal.

B. Device and Usage Data (App & Website)

In compliance with Google Policy, when you use our digital tools, we may automatically collect:

  • Device ID, IP address, and operating system.
  • Analytics regarding app performance and usage.
  • Note: We do not use Sensitive Health Data for advertising purposes.

3. How We Use Your Information

We use your data for “Treatment, Payment, and Health Care Operations” (TPO) as defined by HIPAA:

  1. Treatment: To provide psychiatric assessments, sleep medicine management, and e-prescribing.
  2. Payment: To bill your health insurance plan for services rendered.
  3. Operations: For quality assessment, licensing, and secure app functionality.
  4. Communication: To send appointment reminders and secure health alerts.

4. Data Sharing and Disclosure

We do not sell your personal data. We strictly prohibit the sale of Protected Health Information (PHI). We share data only in the following contexts:

  • Business Associates: With trusted vendors (e.g., EMR providers, billing services) who have signed a Business Associate Agreement (BAA) ensuring they protect your data.
  • Other Providers: With other healthcare professionals involved in your care (e.g., your primary care physician), as permitted by HIPAA.
  • Legal Requirements: If required by law, court order, or to prevent a serious threat to health or safety.

5. Google Play & Health Connect Disclosures

If your application integrates with Google Health Connect to track sleep or vitals, this section is mandatory.

Limited Use Disclosure: The use of information received from Health Connect will adhere to the Health Connect Permissions Policy, including the Limited Use requirements.

  • No Sale of Data: We do not sell Health Connect data to third parties, data brokers, or ad networks.
  • Usage: Data is used solely to provide health insights related to your psychiatric or sleep treatment.

6. Your Rights Under Texas Law (HB 300)

For our patients residing in Texas, we adhere to the Texas Medical Records Privacy Act (HB 300):

  • Prohibition on Sale: We engage in the strict prohibition of selling PHI for any form of remuneration without your specific, written authorization.
  • Expedited Access: Upon your written request for an electronic copy of your Electronic Health Record (EHR), we will provide access within 15 business days.
  • Breach Notification: We comply with strict Texas timelines for notifying patients and the state agencies in the event of a breach of sensitive personal information.

7. Your Rights Under Oklahoma Law

For our patients residing in Oklahoma:

  • Confidentiality: We adhere to Oklahoma statutes regarding the privilege of communication between patient and physician/psychotherapist.
  • Security Breach: We comply with the Oklahoma Security Breach Notification Act to notify you without unreasonable delay if unencrypted personal information is compromised.

8. Data Retention and Deletion

  • Medical Records: We retain medical records for a minimum of 7 years (or until the patient reaches age 21 for minors), as required by Texas and Oklahoma medical board rules.
  • Account Deletion: You may request the deletion of your App account. However, note that clinical medical records maintained in our EMR are legally required to be retained for the statutory period and cannot be deleted upon request.
    • To request account deletion, please contact our Privacy Officer below.

9. Security

We employ HIPAA-compliant administrative, technical, and physical safeguards, including:

  • End-to-end encryption for data in transit and at rest.
  • Strict role-based access controls for our staff.
  • Regular security risk assessments.

10. Contact Us

For questions or concerns about this policy or your rights, contact:

Zoe Psychiatry and Sleep Medicine – Privacy Officer Website: https://zoeicare.com Practice Locations: Texas, Oklahoma, United States Link to this policy: https://zoeicare.com/privacy-policy