Notice of Privacy Practices
Kairos Therapy Group
Effective Date: October 1, 2025
Introduction
The Health Insurance Portability and Accountability Act (HIPAA) requires mental health providers to maintain the privacy of your protected health information (PHI) and to provide you with this Notice of Privacy Practices.
This Notice explains:
How your health information may be used and disclosed
Your rights regarding that information
Our legal duties to protect your privacy
At Kairos Therapy Group, privacy is not only a legal obligation—it is foundational to trust, safety, and the healing process.
Our Legal Duties
Kairos Therapy Group is required by law to:
Maintain the privacy and security of your protected health information (PHI)
Provide you with this Notice describing our legal duties and privacy practices
Follow the terms of this Notice currently in effect
Notify you if a breach occurs that compromises the privacy or security of your unsecured PHI
If you have questions about this Notice, please contact the Privacy Officer, Kairos Therapy Group (see contact information at the end of this document).
Who Must Follow This Notice
This Notice applies to:
All licensed mental health professionals affiliated with Kairos Therapy Group
All employees, interns, contractors, and administrative staff
All Business Associates who provide services on behalf of the practice
Information may be shared internally for treatment, payment, and health care operations. Disclosures are limited to the minimum necessary to accomplish their purpose, unless otherwise required by law.
How Your Information May Be Used and Disclosed
Treatment, Payment, and Health Care Operations
Your PHI may be used or disclosed for the following purposes:
Treatment: Coordination of care among providers involved in your treatment, with appropriate authorization
Payment: Billing, claims submission, and documentation related to reimbursement
Health Care Operations: Practice operations such as quality review, training, supervision, and compliance activities
Uses and Disclosures Requiring Written Authorization
Any use or disclosure of your PHI outside of treatment, payment, or health care operations requires your written authorization. You may revoke an authorization in writing at any time, unless action has already been taken based on it.
Uses and Disclosures Without Authorization (As Required by Law)
Your PHI may be disclosed without your authorization in the following circumstances:
Child Abuse or Neglect: Mandatory reporting of suspected abuse or neglect
Abuse or Neglect of Vulnerable Adults: Mandatory reporting involving elderly or disabled individuals
Health Oversight Activities: Disclosures to licensing, regulatory, or disciplinary agencies
Judicial or Administrative Proceedings: Disclosures pursuant to a valid court order or subpoena
Serious Threat to Health or Safety: When necessary to prevent imminent harm to you or others
Workers’ Compensation: As required to comply with workers’ compensation laws
In most circumstances, psychotherapy records remain privileged and require either your authorization or a court order.
Special Protections for Certain Information
Additional written authorization is required for:
Psychotherapy Notes (kept separate from the clinical record)
HIV/AIDS-related information
Substance use treatment records, when applicable
These authorizations may be revoked in writing, subject to legal limitations.
Your Rights Regarding Your Health Information
You have the right to:
Request Restrictions: Ask for limits on how your PHI is used or disclosed (approval not guaranteed)
Confidential Communications: Request communication through alternative means or locations
Inspect and Obtain Copies: Access or request copies of your PHI, with limited exceptions
Request Amendments: Ask to correct or supplement your record
Accounting of Disclosures: Receive a list of certain disclosures made outside treatment, payment, or operations
Breach Notification: Be notified if your unsecured PHI is compromised
Paper Copy: Receive a paper copy of this Notice upon request
Reasonable fees may apply for copies of records, in accordance with state and federal law.
Minors and Parental Access
For minor clients, parents or legal guardians generally have the right to access records. Certain information may be restricted when clinically appropriate or when required by law.
Telehealth Services
Kairos Therapy Group provide services via telehealth using HIPAA-compliant platform, Therapynotes. While reasonable safeguards are used, telehealth services carry inherent privacy risks. By participating in telehealth, you acknowledge and accept these risks.
Electronic Communication, Website Use, and Technology Practices
Kairos Therapy Group uses secure electronic systems to support communication, documentation, and continuity of care.
Email Communication
We use Hushmail, a HIPAA-compliant encrypted email platform, when electronic communication is appropriate. While encryption reduces risk, no electronic communication can be guaranteed to be completely secure.
Text Messaging (SMS)
Text messaging may be used for limited administrative purposes such as appointment reminders. Text messaging is not secure and is not used to transmit clinical content. You may opt out at any time.
Electronic Health Records
We use TherapyNotes, a HIPAA-compliant EHR system, for documentation, scheduling, billing, and secure client portal communication. TherapyNotes employs encryption, access controls, and audit logs to protect PHI.
Website Forms
Information submitted through our website is used to respond to inquiries and facilitate care. Only the minimum necessary information is collected. Submitted information may become part of your administrative or clinical record.
Business Associates
Kairos Therapy Group works with trusted third-party service providers (“Business Associates”) who assist with secure communication and practice operations. These entities are legally required to safeguard your PHI and operate under HIPAA-compliant Business Associate Agreements (BAAs).
Business Associates include, but are not limited to:
Hushmail – encrypted email communication
TherapyNotes – electronic health records, scheduling, billing, and secure messaging
Data Security and Record Retention
We use reasonable administrative, technical, and physical safeguards to protect PHI.
Clinical records are retained in accordance with state and federal law. In Texas, records are generally retained for at least seven (7) years from the date of last service, or longer for minors or legal requirements.
Changes to This Notice
We may change our privacy practices at any time. Updated versions will apply to all PHI we maintain and will be available upon request, through the client portal, or at our practice location.
Complaints
If you believe your privacy rights have been violated, please contact us at:
Kairos Therapy Group:
Email: info@kairostg.com
Lindsey Montgomery, LCSW, SEP
RJ Ferguson, LPC-S
You may also file a complaint with the U.S. Department of Health and Human Services:
www.hhs.gov/hipaa
You will not be retaliated against for filing a complaint.