Privacy Policy

Next Opportunity Counseling ("we," "us," or "our") is committed to protecting the privacy and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our telehealth services. Please read this policy carefully. By using our services, you agree to the practices described here.

As a provider of mental health and substance use counseling services, we are subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the HITECH Act, and applicable California privacy laws, including the Confidentiality of Medical Information Act (CMIA) and the California Consumer Privacy Act (CCPA).

1. Information We Collect

Personal Information

When you contact us, complete a form, or schedule an appointment, we may collect:

• Name, email address, and phone number
• Date of birth and general location (city/state)
• Reason for seeking services and general health history
• Insurance information (if applicable)
• Payment information (processed securely through third-party processors)

Protected Health Information (PHI)

Once a therapeutic relationship is established, we collect and maintain Protected Health Information (PHI) as required for treatment, including:

• Clinical notes, assessments, and treatment plans
• Substance use history and evaluation results
• DOT SAP evaluation records and return-to-duty documentation
• Telehealth session records

Website Usage Data

We may automatically collect non-identifying technical data such as browser type, pages visited, and time spent on the site for the purpose of improving our website. This data is not linked to your identity.

2. How We Use Your Information

We use your information to:

• Provide, coordinate, and manage your clinical care and DOT SAP evaluations
• Respond to your inquiries and appointment requests
• Process payments and maintain billing records
• Comply with legal and regulatory obligations (including DOT 49 CFR Part 40 reporting requirements)
• Communicate appointment reminders and follow-up information
• Improve our website and services

We do not sell, rent, or trade your personal or health information to third parties for marketing purposes.

3. HIPAA Notice of Privacy Practices

As a HIPAA-covered provider, we are required to protect your PHI and provide you with a Notice of Privacy Practices. Under HIPAA, we may use and disclose your PHI for the following purposes without your written authorization:

• Treatment: Sharing information with other healthcare providers involved in your care
• Payment: Billing and collection activities
• Healthcare Operations: Quality improvement, training, and administrative functions
• Legal Requirements: Disclosures required by law, court orders, or public health authorities
• Safety: Disclosures to prevent serious threats to health or safety
• DOT Compliance: Reporting required under 49 CFR Part 40 for DOT SAP evaluations and return-to-duty processes

All other disclosures of your PHI require your written authorization, which you may revoke at any time.

4. California Privacy Rights

California residents have additional rights under the California Consumer Privacy Act (CCPA) and the Confidentiality of Medical Information Act (CMIA):

• Right to Know: You may request information about the personal data we have collected about you
• Right to Delete: You may request deletion of your personal data, subject to legal and clinical record-keeping requirements
• Right to Correct: You may request correction of inaccurate personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• Right to Access Medical Records: Under CMIA, you have the right to access and receive copies of your medical records

To exercise any of these rights, please contact us at [email protected].

5. Telehealth Privacy

All telehealth sessions are conducted using HIPAA-compliant video platforms. By participating in telehealth services, you acknowledge:

• Sessions are conducted over encrypted, secure connections
• Sessions are not recorded without your explicit written consent
• You are responsible for ensuring your own privacy in your chosen location during sessions
• Telehealth services are available only to clients physically located in California

6. Data Security

We implement administrative, technical, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include encrypted data transmission (SSL/TLS), secure storage of clinical records, and access controls limiting who can view your PHI. In the event of a breach affecting your PHI, we will notify you as required by HIPAA and California law.

7. Minors

Our website is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors without verifiable parental or guardian consent. If you believe we have inadvertently collected information from a minor, please contact us immediately.

8. Record Retention

Clinical records are retained for a minimum of seven (7) years from the date of last service, or seven years after a minor client reaches the age of 18, whichever is later — in accordance with California Business and Professions Code and BBS regulations. DOT SAP records are retained in accordance with 49 CFR Part 40 requirements.

9. Third-Party Services

We may use third-party service providers (Business Associates under HIPAA) to assist with operations such as scheduling, billing, and secure communications. These providers are contractually required to protect your PHI and may only use it for the purposes we specify. We are not responsible for the privacy practices of external websites linked from our site.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our services after changes are posted constitutes your acceptance of the updated policy. For material changes affecting your PHI, we will notify you directly.

11. Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or need to report a concern, please contact us: