Confidentiality is not only a promise, it is a clinical requirement. Cura Mind and Wellness delivers care that meets HIPAA privacy and security rules across therapy, medication management, testing, and telehealth. Treatment is led by Vivian Emuobe, MSN, BSN, APRN, PMHNP-BC, a board-certified psychiatric mental health nurse practitioner with hospital and outpatient leadership experience. Our policies protect the information you share, while keeping care practical and accessible.
What counts as protected health information
Protected Health Information, PHI, is any detail that can identify you, linked to your health or care. This includes your name, contact information, insurance details, diagnoses, medications, test results, visit notes, and billing records. PHI exists in many forms, electronic records, paper files, and spoken information. We protect all forms.
How we safeguard your information
Administrative safeguards
- Written privacy, security, and breach response policies, reviewed regularly,
- Annual risk assessments and ongoing policy updates,
- Required HIPAA training for all team members,
- Role based access so staff only see the minimum necessary information,
- Business Associate Agreements with vendors that receive PHI.
Technical safeguards
- Encrypted electronic health record for storage and transmission,
- Multi factor authentication and automatic logoff,
- Audit trails to monitor access and changes,
- Secure e prescribing, pharmacy communications, and lab interfaces,
- Encrypted messaging through a patient portal for non urgent questions.
Physical safeguards
- Controlled office access, secure workstations, and locked storage where required,
- Clean desk procedures and disposal protocols for any printed PHI,
- Device protections for laptops and mobile devices used for care.
Telehealth, privacy that travels with you
Virtual sessions use encrypted, HIPAA compliant platforms. Before care begins, we verify your identity, physical location, and emergency contacts. Sessions are conducted from private spaces on both sides. We do not record sessions. If connectivity fails, we will rejoin the visit, or continue with audio when appropriate. For your privacy, choose a quiet room, use headphones, close other apps, and avoid public networks when possible.
“Minimum necessary” use and disclosure
We use, access, and disclose only the minimum necessary PHI to deliver care, bill for services, and manage operations. Examples include coordination with your therapist or primary care provider, insurance claims, quality review, and required auditing. Any other use, such as sharing information with a school, employer, family member, or program, requires your written authorization, unless a law requires or allows disclosure, for example imminent risk or mandated reporting.
Consent, authorizations, and revocation
- You receive a Notice of Privacy Practices that explains how PHI may be used,
- You may sign authorizations to share information with outside parties,
- You may revoke an authorization at any time, future disclosures will stop,
- We document all permissions in your record.
Coordinated care, with your permission
Many patients benefit when we collaborate with another clinician. With your written consent, we can share concise updates, diagnoses, medication lists, and care plans. If you prefer, we limit communication to specific items, such as medication reconciliation only. You are always in control.
Additional protections for substance use information
If treatment involves substance use details, additional confidentiality rules may apply, 42 CFR Part 2, which provide stricter limits on disclosure. We follow the most protective rule that applies to the situation, and obtain specific consent forms when needed.
Care for adolescents and young adults
When minors receive care, privacy rules include parent or guardian involvement in most cases, with important exceptions that protect safety and applicable state rules. We explain how information is shared, who can access records, and what requires consent. For young adults, we encourage clear choices about who, if anyone, may receive updates.
Data retention and your records
We keep records for the period required by law and professional standards. When the retention period ends, records are destroyed securely. You may request a copy of your record, request amendments, or ask for an accounting of certain disclosures. We respond within required timelines and explain any limits that apply.
Email, text, social media, and recordings
- Email or text may be used for logistics only, appointment times and forms, never for clinical details unless you request, understand the risks, and provide consent,
- Portal messaging is the preferred method for non urgent clinical questions,
- We do not engage in clinical conversations through social media, and we do not accept friend or follow requests, to protect your privacy,
- We do not record sessions, and we ask that you do not record without mutual agreement,
- Testimonials or reviews are never solicited, and we never disclose PHI in any public response.
Your rights under HIPAA
You have the right to:
- Access and obtain copies of your record,
- Request amendments to correct or clarify your record,
- Request restrictions on how PHI is used or disclosed,
- Receive confidential communications at a preferred address or method,
- Receive a Notice of Privacy Practices,
- File a complaint without fear of retaliation if you believe your privacy rights were violated.
How we handle a potential breach
If an incident risks the privacy or security of your PHI, we investigate promptly, mitigate harm, and notify you when required. Notifications include what happened, the information involved, steps we took, and what you can do next. We use findings to strengthen safeguards.
Vendors and technology we trust
Any vendor that can access PHI signs a Business Associate Agreement and must meet security standards. This can include video platforms, the electronic health record, pharmacy networks, labs, and e prescription services. For services like gene testing, we share the minimum necessary identifiers to perform the test and return results, then store those results securely in your record.
What we will never do
- Sell your PHI,
- Use or disclose PHI for marketing without your written authorization,
- Record your therapy or medication visits,
- Post or respond to reviews with any PHI,
- Share your information beyond the minimum necessary for care, payment, or operations, unless you authorize it or a law requires it.
Practical tips for protecting your privacy during virtual care
- Pick a private space, use headphones, place your screen where others cannot see,
- Use a strong passcode on your device, enable automatic updates,
- Avoid public Wi-Fi, or use a trusted network,
- Log out of shared devices, close the video tab after each session,
- Store downloaded documents in a secure folder, or request that we keep them in the portal only.
FAQs, Confidentiality and HIPAA Compliance
-
Yes. We use encrypted platforms, verify location and identity, and do not record visits.
-
Yes. Authorizations can be limited to specific items, for example medication list only, and you can revoke permission at any time.
-
Submit a request through the secure portal. We will confirm identity and provide copies within the required timeline.
-
We prefer the portal. Email or text may be used for logistics. Clinical content is not sent outside the portal unless you consent and understand the risks.
-
Insurance requires limited information for payment. We disclose the minimum necessary as permitted by law.
-
We do not record sessions. If you wish to record, discuss it with your clinician so that an informed decision can be made together.
-
We investigate quickly, mitigate any risk, notify you when required, and enhance safeguards based on findings.
Why patients trust Cura Mind and Wellness
- Board-certified leadership, clinical decisions grounded in training and ethics,
- Written safeguards, a living compliance program reviewed and updated,
- Encrypted technology, from telehealth to e prescribing,
- Patient centered communication, clear explanations, informed consent, and easy to use portals,
- Respect, your story is confidential, your data is handled with care.
Confidential care, clear protections
Confidentiality is the foundation of trust. At Cura Mind and Wellness, every policy, platform, and conversation is designed to respect your privacy while delivering effective care. If you have questions about your rights or how we protect your information, send a secure message through the patient portal.