Legal

Privacy Policy

Exhale Psychiatry, S.C.

Effective Date: May 23, 2026

1. Information We Collect

Clinical Information (Protected Health Information)

When you become a patient, we collect information necessary for your psychiatric evaluation and ongoing care, including demographic information such as your name, date of birth, address, phone number and email address; medical and psychiatric history; clinical assessment and diagnostic information; prescription and medication records; cognitive testing results administered through our third-party testing platform (Creyos); treatment plans and clinical notes; and billing and payment records.

Website Information

When you visit exhalepsych.com, we may collect limited, non-clinical information including your name, email address and phone number if you submit our waitlist or contact form; anonymized website usage data through Google Analytics (page views, scroll depth, time on page and general geographic region); and technical information such as browser type, device type and referring URL. We do not use cookies for advertising or tracking across other websites.

2. How We Use Your Information

Protected Health Information

We use your protected health information (PHI) for treatment, including conducting psychiatric evaluations, prescribing medications, administering and interpreting cognitive assessments, and coordinating your care with other providers when clinically indicated and authorized by you. We may also use PHI for payment purposes, including generating superbills for out-of-network reimbursement and processing payments for clinical services. PHI may be used for healthcare operations, including quality improvement, clinical training and compliance activities as permitted under HIPAA.

Website Information

We use website information to respond to your inquiries or waitlist submissions, to understand how visitors interact with our website so we can improve its content and functionality, and to communicate with you about practice availability and services you have expressed interest in.

3. How We Protect Your Information

We implement administrative, physical and technical safeguards to protect your information in accordance with the HIPAA Security Rule. These include use of HIPAA-compliant, encrypted telehealth technology for all clinical encounters; electronic prescribing through secure, certified systems (EPCS for controlled substances); secure electronic health record systems with role-based access controls; encrypted data transmission and storage; Business Associate Agreements with all third-party vendors who handle protected health information; and regular review of security practices and policies.

4. Third-Party Services

We use a limited number of third-party services in connection with our practice and website. Each service that handles protected health information operates under a Business Associate Agreement (BAA) with Exhale Psychiatry.

Creyos (Cambridge Brain Sciences). We use the Creyos platform to administer computerized cognitive assessments as part of your psychiatric evaluation and ongoing care. Creyos processes and stores assessment data on secure servers located in Canada. Your cognitive testing data is protected under our BAA with Creyos. De-identified data may be used by Creyos for research purposes, as disclosed in our patient intake documentation. You will be asked to provide separate written consent before any Creyos assessments are administered.

Doxy.me. We use Doxy.me as our HIPAA-compliant telehealth video platform for clinical appointments. Doxy.me operates under a BAA with our practice.

Google Analytics. Our website uses Google Analytics (measurement ID: G-ZH68R6ZLNN) to collect anonymized usage data such as page views, session duration, scroll depth and general geographic region. Google Analytics does not collect your name, email address or any protected health information. You may opt out of Google Analytics by installing the Google Analytics Opt-Out Browser Add-on.

Zapier. If you submit information through our website waitlist or contact form, your name, email address, phone number and any message you include are routed and processed through Zapier, an automation service, so we can receive and respond to your submission. Zapier does not receive any protected health information.

5. Disclosure of Your Information

We do not sell your personal or health information. We will never disclose your protected health information for marketing purposes without your written authorization.

We may disclose your PHI without your authorization only in the limited circumstances permitted or required by law, including when required by court order or subpoena; for public health activities as required by law; to avert a serious threat to health or safety; for health oversight activities; and as otherwise required by federal or state law.

In all other circumstances, we will obtain your written authorization before disclosing your PHI to any third party.

6. Your Rights Regarding Your Health Information

Under HIPAA and Wisconsin law, you have the right to access and obtain copies of your medical records; request amendments to your medical records if you believe they are inaccurate or incomplete; request restrictions on certain uses and disclosures of your PHI; request confidential communications (for example, receiving communications at an alternative address or phone number); receive an accounting of certain disclosures of your PHI made by our practice; and file a complaint if you believe your privacy rights have been violated.

These rights are described in full in our Notice of Privacy Practices. To exercise any of these rights, contact us using the information provided at the bottom of this page.

7. Data Retention

We retain all patient medical records for a minimum of seven years following the last date of service, in compliance with Wisconsin Administrative Code MED 21.03 and HIPAA requirements. Website form submissions are retained only as long as necessary to respond to your inquiry or maintain waitlist records.

8. Telehealth-Specific Privacy Practices

All clinical services at Exhale Psychiatry are delivered via telehealth. We take additional steps to protect your privacy during virtual encounters, including using only HIPAA-compliant video technology with encryption; verifying your identity and Wisconsin residency at each visit; confirming you are in a private location before beginning the clinical encounter; conducting all visits from a secure, private environment on the provider side; and transmitting prescriptions electronically through secure, certified channels.

9. State-Specific Compliance

Exhale Psychiatry is licensed and operates exclusively in the state of Wisconsin. Our privacy practices comply with all applicable Wisconsin statutes and administrative codes governing the privacy of patient health information, including the Wisconsin Telehealth Practice Act and Wis. Admin. Code MED 21. Where Wisconsin law provides greater privacy protections than HIPAA, we follow the more protective standard.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with a revised effective date. Material changes to how we handle protected health information will be communicated to active patients directly.

11. Complaints

If you believe your privacy rights have been violated, you have the right to file a complaint with our practice or with the U.S. Department of Health and Human Services Office for Civil Rights. We will not retaliate against you for filing a complaint.

To file a complaint with HHS, visit hhs.gov/hipaa/filing-a-complaint or call 1-800-368-1019.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights regarding your health information, contact us at: