Notice of Privacy Practices

Last Updated: February 18, 2025

The Relationship Elevation and Learning (REAL) Institute (“we,” “us,” or “our”) is committed to protecting the privacy of visitors to our website and ensuring the security of the personal information we collect. This Privacy Policy outlines how we collect, use, and protect your data in compliance with applicable laws, including the Health Insurance Portability and Accountability Act (HIPAA).

Information We Collect

We collect the following personal information through our contact inquiry page:

  • Full legal name
  • Date of birth (DOB)
  • Phone number
  • Email address
  • Allergies/sensitivities
  • Insurance details including the address associated with insurance
  • Parent/Guardian information for minors (under 18)
  • Reasons for seeking therapy

This data is collected via Microsoft Forms embedded in our WordPress website.

Purpose of Data Collection

We collect this information to:

  • Process inquiries for new patient registration.
  • Create patient portals on therapyportal.com.
  • Verify insurance coverage with the insurance provider specified.

Data Sharing

We do not sell or rent your personal information. However, we may share your data with:

  • Insurance providers to verify coverage details and policy information.
  • Authorized personnel within our organization, such as administrative staff, executive team members, and assigned therapists.

All third parties are required to maintain the confidentiality and security of your information.

Legal Compliance

We comply with HIPAA to ensure the confidentiality, integrity, and security of protected health information (PHI). This includes adherence to the following HIPAA rules:

  • HIPAA Privacy Rule: We protect all forms of PHI—whether electronic, written, or oral—and limit its use and disclosure to purposes permitted by law, such as treatment, payment, and healthcare operations.
  • HIPAA Security Rule: We implement administrative, physical, and technical safeguards to protect electronic PHI (ePHI) from unauthorized access, breaches, or other risks.
  • HIPAA Breach Notification Rule: In the event of a breach involving unsecured PHI, we will notify affected individuals and authorities promptly within 60 days as required by federal regulations. Notifications will include details about the breach, what information was involved, steps being taken to mitigate harm, and how users can protect themselves.

California Online Privacy Protection Act (CalOPPA) and California Privacy Rights Act (CCPA) Compliance:

We comply with the California Online Privacy Protection Act and the California Privacy Rights Act. In accordance with CalOPPA and CCPA, we provide this clear and conspicuous privacy policy outlining how we collect, use, and protect your personal information. We also provide users with the ability to review and request changes to their personal information.

We also maintain Business Associate Agreements (BAAs) with all third-party vendors who handle PHI on our behalf to ensure they comply with HIPAA regulations. If additional laws apply (e.g., state-specific privacy laws), we will adhere to those as well. Our policies are designed to meet or exceed these legal requirements to ensure your data is handled responsibly and securely.

Security Measures

We implement robust security measures to safeguard your data:

  • Restricted access to authorized personnel only.
  • Encryption protocols to protect data during transmission and storage.
  • Multi-factor authentication (MFA) for accessing systems that store personal information, such as for accessing our EHR system and patient portals.
  • Single sign-on (SSO) for secure access across multiple applications.

Cookies and Tracking Technology

Our website may use cookies to enhance user experience. Cookies are small text files stored on your device that help us analyze website traffic and improve functionality. However, we do not share PHI with third-party tracking technologies unless explicitly permitted by law.You can manage or disable cookies through your browser settings. Users will be prompted to provide consent before any cookies are activated on our site.

Parental Consent for Minors

We offer a separate registration inquiry form for minors as part of our services. Parental or guardian consent is required for collecting and processing their data.

User Rights

Under HIPAA, CCPA, and applicable laws, you have the right to:

  • Access and obtain a copy of your personal health information.
  • Request corrections or amendments to your health records.
  • Request restrictions on how your information is used and disclosed.
  • Request confidential communications through alternative means or locations.
  • Receive an accounting of certain disclosures of your health information.
  • Obtain a copy of our Notice of Privacy Practices.
  • File a complaint if you believe your privacy rights have been violated.
  • Be notified in the event of a breach of your unsecured protected health information.

Under the California Consumer Privacy Act (CCPA), California residents also have the right to:

  • Know what personal information we collect about you, how we use it, and with whom it is shared.
  • Request access to or deletion of your personal information, subject to certain exceptions under the law.
  • Opt out of the sale or sharing of your personal information (if applicable).
  • Limit the use and disclosure of sensitive personal information.

We do not sell personal information. To exercise these rights, please contact us at outreach@therealinstitute.com or mail us at:

The REAL Institute
101 Parkshore Dr, Suite 100
Folsom, CA 95630

Data Retention

We retain patient data as required by applicable laws and professional standards typically for a period of 7 years after the last date of service. After this period, data may be securely disposed of following HIPAA guidelines.

Complaint Process

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS). To file a complaint with us, please contact us at outreach@therealinstitute.com. You may also file a complaint with HHS by visiting the Office for Civil Rights website at www.hhs.gov/ocr/privacy/hipaa/complaints/.

Accessibility Statement

We are committed to ensuring that this privacy policy is accessible to individuals with disabilities in compliance with Web Content Accessibility Guidelines (WCAG) 2.1 standards. If you experience any difficulties accessing this document or require it in an alternative format, please contact us at outreach@therealinstitute.com.

Updates to This Policy

We review and update this privacy policy annually or as needed to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with a revised “Last Updated” date. Policy changes will apply only to information collected after the date of the change.

This online privacy policy applies only to information collected through our website and not to information collected offline. By using our site, you consent to our privacy policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:
Email: outreach@therealinstitute.com
Address: 101 Parkshore Dr, Suite 100, Folsom, CA 95630