Skip to main contentSkip to footer
Free Consultation

Privacy Policy

Effective Date: November 10, 2025

This Privacy Policy describes how Cedric Reeves, Licensed Professional Counselor Candidate (LPCC #0021389), supervised by Shannon Heers, Licensed Professional Counselor (LPC #4786), collects, uses, protects, and discloses your personal health information and website usage data.

This policy applies to:

  • Attachment Repair Psychotherapy website (attachmentrepairpsychotherapy.com)
  • Telehealth therapy services provided via secure video platform
  • Email and phone communications related to therapy services
  • Client portal and scheduling systems

Your privacy is paramount. All services comply with:

  • HIPAA Privacy Rule (Health Insurance Portability and Accountability Act)
  • Colorado Mental Health Practice Act (C.R.S. § 12-245-101 et seq.)
  • American Counseling Association (ACA) Code of Ethics (2014)

By using this website or engaging in therapy services, you acknowledge you have read and understood this Privacy Policy.

Information We Collect

Personal Health Information (PHI)

When you engage in therapy services, I collect and maintain Protected Health Information (PHI) as defined by HIPAA, including:

  • Identifying Information: Name, date of birth, address, phone number, email address
  • Clinical Information: Mental health history, presenting concerns, treatment goals, session notes, diagnoses (for documentation only, not marketing), treatment plans, progress notes
  • Billing Information: Payment method, insurance information (if applicable), superbills, receipts
  • Communication Records: Emails, voicemails, text messages related to therapy services

Legal Basis for Collection: PHI is collected with your informed consent for the purpose of providing professional psychotherapy services.

Website Usage Data (Non-PHI)

When you visit attachmentrepairpsychotherapy.com, I collect non-identifiable website usage data:

  • Technical Data: IP address, browser type, device type, operating system
  • Usage Data: Pages visited, time spent on site, referral source (e.g., Google search, Psychology Today)
  • Cookies: Session cookies for website functionality (see Section 5)

Legal Basis for Collection: Website usage data is collected for improving user experience, understanding traffic patterns, and optimizing website performance.

How We Use Your Information

Protected Health Information (PHI) Uses

Your PHI is used exclusively for:

  • Treatment: Providing trauma-informed attachment therapy, including assessment, treatment planning, session delivery, and progress monitoring
  • Payment: Processing session fees, generating superbills for insurance reimbursement, maintaining billing records
  • Healthcare Operations: Quality assurance, clinical supervision (with Shannon Heers, LPC #4786), professional development, compliance with legal and ethical obligations

PHI is NEVER used for:

  • Marketing or advertising
  • Selling to third parties
  • Research without your explicit written consent

Website Usage Data Uses

Non-identifiable website data is used for:

  • Understanding which services prospective clients seek
  • Optimizing website navigation and content
  • Tracking referral sources (e.g., Psychology Today, Google search)
  • Improving user experience

When We Share Your Information

Disclosures WITH Your Consent

I may share your PHI only with your written authorization to:

  • Other healthcare providers (e.g., psychiatrists, primary care physicians) for coordinated care
  • Insurance companies for reimbursement purposes (if you request superbills)
  • Family members or support persons you designate

You control these disclosures. Written authorization is required and can be revoked at any time.

Disclosures WITHOUT Your Consent (Required by Law)

Colorado law and HIPAA require disclosure of PHI without consent in specific circumstances:

Mandatory Reporting (Colorado C.R.S. § 19-3-304, § 26-3.1-101)

  • Child abuse or neglect — Suspected abuse or neglect of a child under 18 must be reported to county department of human/social services
  • Elder abuse or neglect — Suspected abuse, neglect, or exploitation of adults 70+ or at-risk adults must be reported
  • Imminent danger to self or others — If you pose a serious and imminent threat of physical harm to yourself or an identifiable third party, I may disclose PHI to law enforcement, emergency services, or the intended victim

Court Orders & Legal Proceedings

  • Valid court orders or subpoenas may require disclosure of PHI
  • I will notify you and assert privilege when legally permissible

Business Associates (HIPAA-Compliant)

I share limited PHI with HIPAA-compliant Business Associates who assist with practice operations:

  • Telehealth Platform: [Specify: Zoom with HIPAA BAA, SimplePractice, Doxy.me, etc.] — Secure video sessions
  • Electronic Health Records (EHR): [Specify: SimplePractice, TherapyNotes, etc.] — Client records, billing, scheduling
  • Payment Processing: [Specify: Stripe, Square, etc.] — Credit card processing
  • Email Provider: [Specify: ProtonMail, Google Workspace with HIPAA BAA, etc.] — Secure email communications

All Business Associates sign HIPAA Business Associate Agreements (BAAs) ensuring PHI protection.

Clinical Supervision

As a Licensed Professional Counselor Candidate (LPCC), I am required by Colorado law to receive clinical supervision. Your PHI may be shared with my supervisor, Shannon Heers, LPC #4786, for:

  • Case consultation and clinical guidance
  • Quality assurance and treatment planning
  • Professional development and licensure compliance

Supervision is conducted confidentially and complies with HIPAA and Colorado confidentiality laws. All supervision discussions are protected under professional confidentiality standards.

Cookies & Website Tracking

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help improve user experience and website functionality.

Cookies We Use

Essential Cookies (Required)

  • Session cookies for website functionality (e.g., form completion, scheduling)
  • Security cookies for protecting against fraud and unauthorized access

Analytics Cookies (Optional)

  • Google Analytics (anonymized IP tracking) to understand website traffic and user behavior
  • No personally identifiable information (PII) is collected through analytics

No Advertising Cookies

  • I do not use advertising cookies or retargeting pixels
  • I do not sell website data to third parties
  • I do not track users across other websites

Managing Cookies

You can control cookies through your browser settings:

  • Disable cookies: Most browsers allow you to block cookies (may affect website functionality)
  • Delete cookies: You can clear cookies at any time through browser settings
  • Opt-out of Google Analytics: Install the Google Analytics Opt-out Browser Add-on

How We Protect Your Information

I implement industry-standard security measures to protect your PHI and website data:

Technical Safeguards

  • Encryption: All telehealth sessions use end-to-end encryption (AES-256 or equivalent)
  • Secure Email: Encrypted email communication via [specify: ProtonMail, HIPAA-compliant email provider]
  • HIPAA-Compliant Platforms: All technology vendors sign Business Associate Agreements (BAAs)
  • Password Protection: Strong passwords and two-factor authentication (2FA) on all systems
  • Regular Updates: Software and security patches applied regularly

Physical Safeguards

  • Device Security: All devices used for therapy services are password-protected and encrypted
  • Secure Storage: Paper records (if any) stored in locked filing cabinets in secure location
  • Telehealth Only: No in-person office reduces physical security risks

Administrative Safeguards

  • Training: Ongoing HIPAA compliance and security training
  • Access Controls: Only authorized personnel (me and my supervisor) access PHI
  • Breach Response Plan: Procedures for responding to security incidents or data breaches

Limitations

While I implement robust security measures, no system is 100% secure. I cannot guarantee absolute security of information transmitted over the internet. You acknowledge and accept this risk by using telehealth services.

Your Responsibility:

  • Use secure internet connections (avoid public Wi-Fi for therapy sessions)
  • Ensure privacy during sessions (private, confidential location)
  • Protect your login credentials for client portal and scheduling systems

Your Privacy Rights

Under HIPAA, you have the following rights regarding your PHI:

Right to Access

You may request access to your clinical records, including session notes, treatment plans, and billing records. Requests must be submitted in writing. I will provide copies within 30 days (extension to 60 days if necessary).

Process notes (psychotherapy notes) are my private reflections and are not included in your clinical record. You do not have a right to access process notes.

Right to Amend

You may request corrections to your PHI if you believe information is inaccurate or incomplete. I may deny amendment requests if information is accurate and complete.

Right to Request Restrictions

You may request restrictions on how I use or disclose your PHI. I am not required to agree to restrictions, except in specific circumstances (e.g., if you pay out-of-pocket and request insurance not be billed).

Right to Confidential Communications

You may request that I contact you via specific methods (e.g., email instead of phone, specific phone number). I will accommodate reasonable requests.

Right to an Accounting of Disclosures

You may request a list of disclosures of your PHI made in the past six years (excluding disclosures for treatment, payment, healthcare operations, or with your authorization).

Right to Revoke Authorization

If you have authorized disclosure of PHI to third parties, you may revoke that authorization in writing at any time (does not affect disclosures already made).

Right to a Paper Copy of This Notice

You may request a paper copy of this Privacy Policy at any time by emailing reevescedric@protonmail.com.

To Exercise Your Rights: Contact me via email at reevescedric@protonmail.com or by phone at 786-877-0932.

How Long We Keep Your Information

Clinical Records (PHI)

Colorado law requires I retain clinical records for seven (7) years after the last date of service. This includes:

  • Session notes
  • Treatment plans
  • Billing records
  • Correspondence related to therapy

After seven years, records are securely destroyed (shredded for paper records, permanently deleted for electronic records).

Exception: Records for minors are retained until the minor reaches age 25 (Colorado law).

Website Usage Data

Non-identifiable website usage data (analytics, cookies) is retained for two (2) years for website optimization purposes.

Children’s Privacy

I do not provide therapy services to individuals under age 18. This website is not directed at children under 18, and I do not knowingly collect personal information from minors.

If you are under 18 and have provided information through this website, please contact me immediately at reevescedric@protonmail.com to request deletion.

Changes to This Privacy Policy

I reserve the right to update this Privacy Policy to reflect changes in legal requirements, practice operations, or privacy standards. Material changes will be communicated via:

  • Website notification — Updated effective date at top of this page
  • Email notification — For current clients, email notification of significant changes

Your continued use of therapy services or this website after changes constitutes acceptance of the updated Privacy Policy.

Current Version: v2.0, effective November 10, 2025

Questions or Complaints

Contact Me

If you have questions about this Privacy Policy or your privacy rights:

Cedric Reeves, LPCC #0021389
Supervised by Shannon Heers, LPC #4786
Email: reevescedric@protonmail.com
Phone: 786-877-0932

File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

U.S. Department of Health and Human Services (HHS)
Office for Civil Rights
www.hhs.gov/ocr/privacy/hipaa/complaints
1-800-368-1019

Colorado Department of Regulatory Agencies (DORA)
Mental Health Section
1560 Broadway, Suite 1350
Denver, CO 80202
dora_mhp_complaints@state.co.us
303-894-7800

You will not be penalized or retaliated against for filing a complaint.