Privacy Policy

Effective Date: 08/01/2025
Last Updated: 10/01/2025

This Privacy Policy (“Policy”) governs the manner in which NeuroBloom Mental Health Collective, LLC (“NeuroBloom,” “Company,” “we,” “our,” or “us”), an Illinois limited liability company owned and directed by Azzah Nasraddin, LCSW, MPH, collects, uses, maintains, and discloses information obtained from users (“you,” “your,” “data subject”) of our website https://neurobloommhc.com

(“Website”) and any affiliated digital or clinical service platforms.

We recognize our dual obligations under federal law (HIPAA, HITECH Act, etc.) and Illinois law (including but not limited to the Illinois Mental Health and Developmental Disabilities Confidentiality Act (740 ILCS 110/1 et seq.) and the Illinois Personal Information Protection Act (815 ILCS 530/1 et seq.)). This Policy is written in legal form to ensure maximum compliance and risk mitigation.

1. Scope of Policy

This Policy applies to:

  • Visitors accessing our Website,

  • Individuals submitting inquiries through online forms,

  • Clients and prospective clients engaging via our scheduling systems, telehealth platforms, or electronic intake tools, and

  • Any person whose data is transmitted, stored, or processed in connection with NeuroBloom operations.

This Policy does not replace our Notice of Privacy Practices provided to clinical clients under HIPAA; in the event of conflict, HIPAA and Illinois law shall govern.

2. Categories of Data Collected

We may collect and maintain:

A. Personally Identifiable Information (PII):

  • Names, email addresses, phone numbers, mailing addresses, insurance information.

B. Protected Health Information (PHI):

  • Clinical records, diagnoses, treatment notes, mental health evaluation data, billing identifiers, telehealth recordings (where applicable).

C. Technical and Analytical Data (Non-PII/Non-PHI):

  • Browser types, IP addresses, device identifiers, cookies, geolocation, and analytics metrics.

3. Methods of Collection

  • Direct voluntary submissions via web forms, emails to info@neurobloommhc.com

    , or telephonic communications.

  • Intake portals, electronic health record (EHR) platforms, and secure telehealth systems.

  • Automated technologies, including cookies, tags, or third-party analytics.

  • Insurance verification and claims processing tools.

4. Purposes of Use

Information is processed for the following purposes:

  • Provision and coordination of psychotherapy, mental health counseling, and evaluation services.

  • Insurance credentialing, eligibility verification, and reimbursement processing.

  • Legal compliance with Illinois and federal recordkeeping requirements.

  • Security, fraud prevention, and IT operations.

  • Marketing and communications (limited to de-identified or non-PHI data unless you provide written authorization).

5. Disclosure of Information

We do not disclose PHI or PII except as permitted or required by law. Permitted disclosures may include:

  • Treatment: Coordinating with other health professionals.

  • Payment: Claims submission and insurance communications.

  • Healthcare Operations: Supervision, quality improvement, audits.

  • Legal Obligations: Subpoenas, court orders, mandatory reporting.

  • Business Associates: Contractors bound by HIPAA-compliant Business Associate Agreements.

We will not sell, trade, or rent PHI or PII under any circumstances.

6. Data Retention

  • PHI is retained in accordance with HIPAA and Illinois retention laws (minimum 10 years for adults, longer for minors).

  • Website/technical data may be retained indefinitely for security and analytic purposes.

7. Security Measures

We maintain administrative, physical, and technical safeguards, including but not limited to:

  • Encryption of electronic PHI,

  • Access controls and authentication protocols,

  • Secure disposal procedures,

  • Regular auditing and monitoring.

Notwithstanding our safeguards, no system can guarantee absolute immunity from unauthorized access, cyberattack, or data breach.

8. Illinois-Specific Protections

  • Illinois Mental Health and Developmental Disabilities Confidentiality Act (IMHDDCA): Mental health records are subject to heightened protections and may not be disclosed without written authorization except in narrowly defined statutory circumstances.

  • Illinois Personal Information Protection Act (PIPA): In the event of a breach involving unencrypted personal information, NeuroBloom shall provide notice consistent with Illinois statutory requirements.

9. Individual Rights

You may exercise rights including:

  • Accessing your PHI,

  • Requesting amendments to your PHI,

  • Requesting restrictions on disclosure,

  • Receiving an accounting of disclosures,

  • Revoking prior authorizations for use/disclosure.

Requests must be made in writing to info@neurobloommhc.com

or mailed to our business office.

10. Third-Party Links

Our Website may contain links to external platforms (e.g., scheduling portals, social media). We are not responsible for third-party privacy practices.

11. Children’s Privacy

The Website is not directed to children under 18 years of age. We do not knowingly collect information from minors without parental or guardian consent.

12. Amendments

We reserve the unilateral right to revise this Policy at any time. Continued use of the Website constitutes acceptance of revised terms.

13. Governing Law

This Policy is governed by and construed in accordance with the laws of the State of Illinois, without regard to conflict of law principles.

14. Contact Information

For questions, concerns, or to exercise your rights, contact:

NeuroBloom Mental Health Collective, LLC
Attn: Privacy Officer
Owner: Azzah Nasraddin, LCSW, MPH
https://neurobloommhc.com


Email: info@neurobloommhc.com