Sandstone Counseling Privacy Policy
Effective Date: March 1, 2025
Your privacy matters to us. At Sandstone Counseling, we take the confidentiality of client information seriously and are committed to protecting it through every channel and system we use. This Privacy Policy explains what information we collect, how we protect it, and the limited circumstances under which we may be required to share it.
Who We Are
Sandstone Counseling is a licensed professional counseling practice located in Uniontown, Ohio. Our counselors hold active Ohio licensure and adhere to the ethical standards of their respective professional boards, including the Ohio Counselor, Social Worker, and Marriage and Family Therapist Board.
HIPAA Compliance
We are a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). All client health information is classified as Protected Health Information (PHI) and is handled in full compliance with HIPAA's Privacy Rule and Security Rule. This means:
• We collect only the information necessary to provide your care
• PHI is accessed only by authorized Sandstone staff involved in your treatment
• We do not sell, rent, or share your personal or health information for marketing purposes
• All staff members are trained on HIPAA requirements and privacy best practices
Confidentiality
Everything you share with your counselor is confidential. We will not disclose information about you to anyone outside of Sandstone Counseling without your written authorization.
There are narrow exceptions required by Ohio law and counseling ethics. We may be required to share information without your consent in the following situations:
• When there is an imminent risk of harm to you or another person
• When a court order or subpoena legally compels disclosure
• When we are required to report suspected abuse or neglect of a minor, elderly person, or vulnerable adult
• As permitted by HIPAA for treatment, payment, or healthcare operations
In any of these situations, we disclose only the minimum information necessary to fulfill the legal or safety obligation.
How We Protect Your Information
Electronic Health Records
All client records are stored digitally in a HIPAA-compliant, SOC 2-certified electronic health record (EHR) platform purpose-built for behavioral health practices. Our EHR system maintains rigorous security controls, including data encryption at rest and in transit, access controls, and regular third-party audits.
Email Communications
All staff email accounts are encrypted and HIPAA-compliant. Email access is restricted to authorized Sandstone personnel only. We recommend that clients avoid sending sensitive health information via email. If you need to share clinical information with us electronically, please use the secure messaging features within our client portal when available.
Internal Network Security
Sandstone's internal digital infrastructure is protected by a firewall and security controls designed to prevent unauthorized access to client data and practice systems.
Telehealth Sessions
Telehealth services are conducted using secure, HIPAA-compliant video platforms. Counselors who provide telehealth services from a personal residence are responsible for ensuring their home network is secure and HIPAA-compliant, and for maintaining client confidentiality within their physical environment during all remote sessions. Sandstone requires all telehealth providers to follow our telehealth privacy and security protocols as a condition of providing services.
Information We May Collect
Depending on the services you receive, we may collect the following types of information:
• Contact information (name, address, phone number, email address)
• Insurance and billing information
• Clinical and treatment records
• Emergency contact information
• Information you provide on intake forms or assessments
We also collect limited technical information if you visit our website, such as browser type and general usage data through standard analytics tools. This information is not linked to your identity or health records.
Your Rights Under HIPAA
As a client, you have the following rights regarding your health information:
• Right to access your records and request copies
• Right to request corrections to your records
• Right to an accounting of disclosures made without your authorization
• Right to request restrictions on how your information is used or shared
• Right to receive communications in a confidential manner
• Right to file a complaint if you believe your privacy rights have been violated
To exercise any of these rights, please contact us directly using the information below.
Filing a Complaint
If you believe your privacy rights have been violated, you may file a complaint with Sandstone Counseling directly or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you in any way for filing a complaint.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. Any updates will be posted on our website and made available to clients upon request. Continued use of our services after changes are posted constitutes your acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or how your information is handled, please contact us:
Sandstone Counseling
3500 Massillon Rd., Suite 400
Uniontown, OH 44685
Phone: 330-563-4222
This Privacy Policy is provided for informational purposes and does not constitute legal advice. For questions about your specific legal rights, consult a qualified attorney.