Accepting appointments for fall sessions
Ready to start?

Notice of Privacy Practices for Playful Pathways Therapy

Efective Date: September 22, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BEUSED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.PLEASE REVIEW IT CAREFULLY.

Table of contents

Introduction
How We May Use and Disclose Your Protected Health Information (PHI)
Special Protections for Children’s Information
Your Rights Regarding Your PHI
Our Duties and Security Measures
Complaints
Changes to This Notice
Contact Information

Introduction

At Emilee Greenman Therapy, doing business as Playful Pathways Therapy, we are committed to protecting the privacy and confidentiality of your health information. As a HIPAA-covered entity, we comply with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, the Michigan Mental Health Code, and other applicable federal and state laws. This Notice of Privacy Practices explains our practices regarding your Protected Health Information (PHI), which includes any information about your (or your child’s)past, present, or future physical or mental health, the provision of healthcare to you, or payment for such care that identifies you or could reasonably be used to identify you.

We provide play therapy services to children ages 4–18 and their families through in- person sessions, telehealth, group therapy, workshops, and classes. We understand the sensitive nature of working with children and prioritize trust and confidentiality in all our interactions. If you have any questions about this Notice, please contact our Privacy Officer using the information at the end.

1. How We May Use and Disclose Your Protected Health Information (PHI)

We may use and disclose your PHI for certain purposes without your specific authorization. The following categories describe different ways we use and disclose PHI. Not every use or disclosure in a category will be listed, but all are permitted under HIPAA and Michigan law.

1.1 For Treatment

We may use and disclose your PHI to provide, coordinate, or manage your health care and related services. For example:

  • Sharing session notes or progress reports with other members of your care team (e.g., a referring physician or school counselor) to coordinate therapy.
  • Discussing your child’s play therapy artifacts (e.g., drawings) with you as a parent/guardian to support treatment goals.
  • In telehealth sessions via secure platforms, or during group therapy/workshops.

1.2 For Payment

We may use and disclose your PHI to obtain payment for our services. For example:

  • Submitting claims to your insurance company, including details like diagnoses, session dates, and treatment summaries.
  • Sharing payment details or emergency contacts with billing services or collection agencies if needed.
  • Verifying insurance eligibility or benefits.

As a HIPAA-compliant entity that bills insurance electronically, these disclosures are standard.

1.3 For Health Care Operations

We may use and disclose your PHI for our business operations. For example:

  • Quality assessments, staff training, or auditing to improve our play therapy services.
  • Scheduling appointments, sending reminders via email or phone (using Google Workspace for non-PHI communications and Google Phone for numbers).
  • De-identified data for internal research to enhance child-focused therapy techniques.
  • Communicating with business associates, such as Simple Practice (our HIPAA-compliant platform for client portals, booking, forms, and secure storage of PHI), under strict Business Associate Agreements.

We do not store PHI in Google Workspace; it is used only for general communications. All PHI is securely stored in Simple Practice.

1.4 Other Permitted Uses and Disclosures Without Authorization

We may use or disclose PHI without your authorization in these situations:

  • As Required by Law: Including mandatory reporting of child abuse/neglect, threats of harm, or public health activities under Michigan law
  • Public Health and Safety: To prevent or control disease, injury, or disability; report vital events; or notify authorities of suspected abuse.
  • Health Oversight: For audits, investigations, or licensing by government agencies.
  • Judicial and Administrative Proceedings: In response to court orders or subpoenas.
  • Law Enforcement: Limited information for identification, locating suspects, or crime victims.
  • Emergencies: To avert serious threats to health or safety, or in disaster relief.
  • Workers’ Compensation: If related to work injuries.
  • Research: With approval from an Institutional Review Board and deidentification where possible.
  • Marketing and Fundraising: We do not use PHI for marketing without authorization, and we limit any fundraising communications (you can opt out).
  • Appointment Reminders and Treatment Alternatives: We may contact you about appointments or health-related benefits.
    Under the Michigan Mental Health Code, we require your consent for sharing mental health records for purposes other than treatment, payment, or operations, except where law requires otherwise.

1.5 Uses and Disclosures Requiring Your Authorization

For other uses, we will obtain your written authorization. Examples include:

  • Sharing PHI with schools or non-healthcare providers (beyond coordination).
  • Use for marketing or sale of PHI.
  • Disclosures to researchers if not de-identified.

You may revoke an authorization in writing at any time, except where we have already acted on it.

2. Special Protections for Children’s Information

Since our services focus on children ages 4–18, we take extra steps to protect their privacy. We obtain verifiable parental/guardian consent both verbally during initial meetings and in writing on our intake forms before starting therapy. This consent covers collection and use of the child’s information, such as health and family history, session notes, and play artifacts (e.g., drawings).

Our website (www.playfulpathways.fun), hosted by Webflow) and client portal (via Simple Practice) are designed for parents/guardians, not directly for children. We do not knowingly collect personal information online from children under 13 without parental consent, in line with the Children’s Online Privacy Protection Act (COPPA). If our services evolve to include child-directed online features, we will update this Notice and comply fully with COPPA requirements, including obtaining verifiable parental consent for collection, use, or disclosure of children’s personal information. Parents/guardians have the right to control their child’s PHI, including access and amendments, until the child reaches the age of majority or as allowed by Michigan law.

3. Your Rights Regarding Your PHI

You have the following rights regarding your PHI:

  • Right to Inspect and Copy: You may request access to your PHI in our designated record set (e.g., session notes, billing records). Requests can be made via SimplePractice or in writing. We may charge a reasonable fee for copies. We must respond within 30 days (extendable once by 30 days).
  • Right to Amend: If you believe your PHI is inaccurate or incomplete, you may request an amendment. We may deny the request in certain cases (e.g., if the information is accurate), but we will provide a written explanation.
  • Right to an Accounting of Disclosures: You may request a list of disclosures of your PHI over the past 6 years (not including those for treatment, payment, operations, or with your authorization).
  • Right to Request Restrictions: You may request limits on how we use or disclose your PHI for treatment, payment, or operations. We are not required to agree, except for restrictions on disclosures to health plans for services you pay out-of-pocket in full.
  • Right to Request Confidential Communications: You may ask us to communicate PHI in a specific way (e.g., by email instead of phone) or at a different location.
  • Right to a Paper Copy of This Notice: You may request a paper copy at any time, even if you agreed to receive it electronically.

To exercise these rights, log into your SimplePractice client portal or contact our Privacy Officer. We will respond promptly.

4. Our Duties and Security Measures

We are required by law to:

  • Maintain the privacy of your PHI.
  • Provide you with this Notice of our legal duties and privacy practices.
  • Abide by the terms of the Notice currently in effect.
  • Notify you of any changes to this Notice (posted on our website and provided upon request).
  • Notify affected individuals following a breach of unsecured PHI.

To protect your PHI, we implement robust security measures:

  • All PHI is stored securely in SimplePractice, a HIPAA-compliant platform with encryption, access controls, and audit logs.
  • We use Google Workspace under a Business Associate Agreement for HIPAA-compliant emails (no PHI stored outside covered services).
  • Our website, hosted by Webflow, includes standard security protocols (e.g., SSL encryption), but does not store or process PHI.
  • Staff training on confidentiality, secure disposal of records, and breach response.
  • Physical safeguards for in-person records and digital encryption for telehealth.

We retain PHI for at least 7 years as required by law, or longer if needed, and securely dispose of it thereafter.

5. Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or the U.S. Department of Health and Human Services (HHS) Office for Civil Rights. We will not retaliate against you for filing a complaint.

To file with us: Contact our Privacy Officer (details below). All complaints will be handled swiftly and confidentially.

To file with HHS: Visit www.hhs.gov/ocr/privacy/hipaa/complaints/ or call 1-800- 368-1019.

6. Changes to This Notice

We reserve the right to change this Notice. The new terms will apply to all PHI we maintain. We will post the revised Notice on our website(www.playfulpathways.fun) and make copies available at our office.

7. Contact Information

For questions, requests, or complaints, contact: Emilee Greenman, President and Privacy Officer Playful Pathways Therapy Emilee@playfulpathways.fun

248-242-5165

Thank you for trusting us with your family’s care. We are dedicated to providing compassionate, confidential play therapy services.