MedStart Psychiatry · Legal

Privacy Policy &
HIPAA Notice

This page contains our Notice of Privacy Practices as required by the Health Insurance Portability and Accountability Act (HIPAA), as well as our Website Privacy Policy. Please read both carefully.

Effective Date: May 1, 2026 · Version 1.0
Required Notice — Please Read

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Contents
Part I — HIPAA Notice of Privacy Practices Required by federal law — How We Use & Disclose Your Health Information — Your Rights Regarding Your Health Information — Our Duties & Your Right to Complain Part II — Website Privacy Policy Your online privacy — Contact & Questions

Part I — HIPAA Notice of Privacy Practices

MedStart Psychiatry, operated by Jolanta Iłowska, PMHNP-BC, is a covered health care provider under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations. We are required by law to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of our legal duties and privacy practices with respect to PHI, and to abide by the terms of the Notice currently in effect.

Protected Health Information (PHI) means individually identifiable health information — including demographic information — that relates to your past, present, or future physical or mental health or condition, the provision of health care to you, or the past, present, or future payment for the provision of health care to you.

How We May Use and Disclose Your Health Information

The following describes the ways we may use and disclose health information that identifies you. Not every use or disclosure in a category will be listed, but all of the ways we are permitted to use and disclose information will fall within one of the categories.

Uses and Disclosures That Do Not Require Your Authorization

For Treatment. We may use and disclose your PHI to provide, coordinate, or manage your health care and related services. For example, we may share information with other health care providers involved in your care, such as your primary care physician, specialists, pharmacists, or other mental health providers, when clinically appropriate and necessary.

For Payment. We may use and disclose your PHI to obtain payment for services we provide to you. This includes billing your insurance plan, submitting claims, and activities required to receive reimbursement from Tricare or other payers.

For Health Care Operations. We may use and disclose your PHI for our internal health care operations. This includes quality improvement activities, training, reviewing the competence of our health care professionals, conducting or arranging for legal services, and other business activities necessary to run the practice.

As Required by Law. We will disclose your PHI when required to do so by federal, state, or local law, including to public health authorities for disease control and reporting, to law enforcement in limited circumstances, and in judicial and administrative proceedings when required by a court order or subpoena.

For Serious Threats to Health or Safety. We may use or disclose your PHI if we, in good faith, believe that such use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.

For Workers' Compensation. We may release your PHI to workers' compensation carriers or similar programs as authorized by and to the extent necessary to comply with applicable law.

Business Associates. We may share your PHI with third-party service providers (business associates) who perform services on our behalf, such as billing companies, electronic health record systems, and telehealth platforms. These entities are required by contract to appropriately safeguard your PHI in accordance with HIPAA.

Psychotherapy Notes: Under HIPAA, psychotherapy notes are afforded special protection and are treated separately from the rest of your medical record. We will not disclose your psychotherapy notes without your specific written authorization, except in very limited circumstances permitted by law (such as to prevent serious harm or for our own training purposes).

Uses and Disclosures That Require Your Written Authorization

For any use or disclosure of your PHI not described above, we will ask for your written authorization. You may revoke your authorization in writing at any time, except to the extent that we have already taken action in reliance on your authorization. The following uses and disclosures require your specific written authorization:

  • Marketing communications about our services or products
  • Sale of your PHI
  • Psychotherapy notes (except as permitted by law)
  • Most uses and disclosures for purposes not described in this Notice

Your Rights Regarding Your Health Information

You have the following rights with respect to your PHI. To exercise any of these rights, please submit a written request to us using the contact information at the end of this Notice.

Right to Access Your Records

You have the right to inspect and obtain a copy of your PHI that we maintain in a designated record set. We may charge a reasonable fee for copying. We will respond to your request within 30 days. In certain limited circumstances, we may deny access; if so, you may request a review of the denial.

Right to Request Amendment

You have the right to request that we amend PHI that you believe is inaccurate or incomplete. We may deny your request in certain circumstances, in which case we will explain our reasons in writing and you may submit a statement of disagreement.

Right to an Accounting of Disclosures

You have the right to request an accounting of disclosures we have made of your PHI for purposes other than treatment, payment, and health care operations during the previous six years. The first accounting in any 12-month period is free; subsequent requests may incur a reasonable fee.

Right to Request Restrictions

You have the right to request that we restrict certain uses and disclosures of your PHI. We are not required to agree to your request except in the case where you request we restrict disclosure to a health plan for a service you paid for in full out of pocket. If we agree, we will honor the restriction unless it is needed to provide emergency treatment.

Right to Confidential Communications

You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may ask that we contact you only by phone rather than by mail, or at a specific address. We will accommodate reasonable requests.

Right to a Paper Copy of This Notice

You have the right to request a paper copy of this Notice at any time, even if you have agreed to receive it electronically. You may request a copy by contacting us at the information below.

Right to Opt Out of Fundraising

We do not engage in fundraising activities using your PHI. If this changes, we will update this Notice and provide you an opportunity to opt out.

Right to Notification of a Breach

You have the right to receive notice if there is a breach of your unsecured PHI. We will notify you without unreasonable delay and within 60 days of discovering a breach, as required by the HIPAA Breach Notification Rule.

Our Duties & Your Right to File a Complaint

Our Duties

We are required by law to:

  • Maintain the privacy and security of your PHI
  • Provide you with this Notice of our privacy practices
  • Follow the terms of the Notice currently in effect
  • Notify you if we are unable to agree to a requested restriction
  • Accommodate reasonable requests to receive PHI by alternative means or at alternative locations

We reserve the right to change our privacy practices and the terms of this Notice at any time, as permitted by law. Changes will apply to all PHI we maintain. When we make a material change, we will post the revised Notice on our website and make it available to you upon request. The effective date will appear at the top of the Notice.

We Will Not Retaliate

We will not retaliate against you in any way for filing a complaint or exercising any of the rights described in this Notice.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us directly or with the U.S. Department of Health and Human Services Office for Civil Rights.

To file a complaint with our practice: Contact Jolanta Iłowska, PMHNP-BC at (480) 420-8204 or via the secure booking portal. Written complaints are preferred.

To file a complaint with the U.S. Department of Health & Human Services:

  • Office for Civil Rights, U.S. Department of Health & Human Services
  • Online: hhs.gov/ocr/privacy/hipaa/complaints
  • Phone: 1-800-368-1019 (TDD: 1-800-537-7697)

Privacy Contact: All privacy-related requests and inquiries should be directed to Jolanta Iłowska, PMHNP-BC — MedStart Psychiatry · Phone: (480) 420-8204 · Secure communications: use the patient booking portal at medstartpsychiatry.com. Do not send protected health information via standard text message or unencrypted email.

Part II — Website Privacy Policy

This Website Privacy Policy applies to information collected through the MedStart Psychiatry website located at medstartpsychiatry.com (the "Site"). It is separate from the HIPAA Notice of Privacy Practices above, which governs the handling of your Protected Health Information as a patient.

Information We Collect Through the Website

Information you provide voluntarily. When you use the online booking portal, submit a contact form, or otherwise communicate with us through the Site, you may provide personal information such as your name, phone number, email address, and reason for contact.

Information collected automatically. Like most websites, our Site may automatically collect certain technical information when you visit, including your IP address, browser type, operating system, pages visited, and referring URLs. This information is collected through standard web analytics tools.

How We Use Website Information

  • To respond to your inquiries and schedule appointments
  • To improve the functionality and content of the Site
  • To understand how visitors interact with our pages
  • To comply with legal obligations

Third-Party Services

Our Site uses the following third-party services, each of which has its own privacy policy:

  • Squarespace — website hosting and content management. Squarespace may collect analytics data about Site visitors. See squarespace.com/privacy for details.
  • CarePatron — secure online appointment booking and patient management. When you use the booking portal, CarePatron's privacy policy and business associate agreement govern the handling of your information. CarePatron operates as a HIPAA Business Associate.
  • Google Fonts — typography delivered via Google's servers. Google may collect limited usage data. See policies.google.com/privacy for details.

We do not sell your personal information to third parties. We do not use your information for advertising purposes.

Cookies

Our Site may use cookies — small text files stored on your device — to improve your browsing experience and collect analytics information. You may disable cookies in your browser settings; however, this may affect the functionality of certain parts of the Site. We do not use cookies to track you across other websites or for advertising purposes.

Communications

Important: Standard text messages and unencrypted email are not HIPAA-compliant forms of communication. Do not send protected health information — including symptoms, diagnoses, medications, or personal health history — via text or standard email. For secure clinical communication, please use the patient booking portal or call us directly at (480) 420-8204.

Data Security

We implement reasonable administrative, technical, and physical safeguards to protect information collected through the Site. However, no method of transmission over the internet is completely secure. We encourage you to use our secure booking portal for all communications that include personal health information.

Children's Privacy

Our Site is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors through the Site. If you believe we have inadvertently collected information from a minor, please contact us immediately.

Links to Other Websites

Our Site may contain links to external websites, including mental health resources and third-party services. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies independently.

Changes to This Privacy Policy

We may update this Website Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. We encourage you to review this page periodically to stay informed about how we protect your information.

Questions & Contact

If you have questions about this Privacy Policy, the HIPAA Notice of Privacy Practices, or your rights regarding your health information, please contact us:

MedStart Psychiatry
Jolanta Iłowska, PMHNP-BC
Phone: (480) 420-8204
Telehealth · Licensed in Arizona
Secure communications: use the patient portal at medstartpsychiatry.com

This Notice is effective as of May 1, 2026. MedStart Psychiatry reserves the right to change the terms of this Notice and make the new Notice effective for all PHI that we maintain. Revised Notices will be posted on this website.