PRIVACY POLICY AND NOTICE OF PRIVACY PRACTICES


Roots to Rise Counseling, LLC

www.rootstorisecounseling.com


Effective Date: February 17, 2026

Last Updated: February 17, 2026


————————————————————————————————



1. INTRODUCTION


Roots to Rise Counseling, LLC ("we," "us," "our," or "the Practice") is a virtual mental health counseling practice owned and operated by Teresa Grechenkov, LMHC (License: 39005471A), serving clients throughout the State of Indiana.


Your privacy is important to us. This Privacy Policy and Notice of Privacy Practices explains how we collect, use, store, share, and protect your personal information and Protected Health Information (PHI) when you visit our website, use our services, or communicate with us. This policy also serves as our Notice of Privacy Practices as required under the Health Insurance Portability and Accountability Act (HIPAA).


By accessing our website at www.rootstorisecounseling.com, scheduling an appointment, or receiving our services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use our website or services.



2. CONTACT INFORMATION


If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal information is handled, you may contact us using any of the following methods:


Practice Name: Roots to Rise Counseling, LLC

Privacy Officer: Teresa Grechenkov, LMHC

Email: teresagrechenkov25@rootstorisecounseling.com

Phone: (260) 222-7247

Website: www.rootstorisecounseling.com

Location: Virtual practice serving all of Indiana

Business Hours: Monday–Thursday 9:00 AM – 3:00 PM, Friday 9:00 AM – 12:00 PM (EST)



3. INFORMATION WE COLLECT


We collect the following categories of personal information and Protected Health Information in the course of providing our services:


3.1 Personal Identifying Information


- Full name

- Date of birth

- Email address

- Phone number

- Mailing address

- Emergency contact information


3.2 Health and Clinical Information (Protected Health Information)


- Mental health history and presenting concerns

- Diagnosis and treatment information

- Therapy session notes and progress notes

- Intake forms and clinical assessments

- Treatment plans and goals

- Information related to previous mental health or medical treatment

- Medication information (as reported by client)

- Information related to risk assessment (safety planning)


3.3 Financial and Billing Information


- Credit card, debit card, or HSA/FSA card information (processed securely through our payment processor)

- Billing records and superbill documentation

- Good Faith Estimate documentation


3.4 Technical and Website Data


- IP address and approximate geographic location

- Browser type and version

- Device type and operating system

- Pages visited on our website and time spent on each page

- Referring website or source

- Cookies and tracking data (see Section 10 for details)


3.5 Communication Data


- Emails and messages sent through our website contact forms

- Phone call records (date, time, and duration)

- Scheduling and appointment-related communications



4. HOW WE COLLECT INFORMATION


We collect personal information through the following methods:


4.1 Directly From You


- Website contact forms and consultation request forms

- Intake and consent forms completed prior to your first session

- During therapy sessions conducted via our HIPAA-compliant telehealth platform

- Phone calls and email communications

- Payment transactions

- Client portal communications through SimplePractice


4.2 Automatically Through Technology


- Cookies and similar tracking technologies used on our website (see Section 10)

- Website analytics tools that collect usage data

- Our website hosting platform (Duda)


4.3 From Third-Party Sources


- Referral information from other healthcare providers (with your consent)

- Information from your insurance company if you submit a superbill for out-of-network reimbursement (note: we do not bill insurance directly)



5. WHY WE COLLECT AND HOW WE USE YOUR INFORMATION


We collect and use your personal information and PHI for the following purposes:


5.1 Providing Therapy Services


- To conduct clinical assessments and develop treatment plans

- To provide individual and family therapy via telehealth

- To maintain accurate and complete clinical records

- To coordinate care with other providers when authorized by you

- To ensure continuity of care


5.2 Appointment Management


- To schedule, confirm, reschedule, or cancel appointments

- To send appointment reminders

- To manage our client portal through SimplePractice


5.3 Billing and Payment


- To process payments for therapy services

- To generate superbills for out-of-network insurance reimbursement

- To provide Good Faith Estimates

- To manage billing records and financial accounts


5.4 Communication


- To respond to inquiries submitted through our website, email, or phone

- To communicate about your care and treatment

- To provide information about our practice and services


5.5 Legal Compliance


- To comply with federal and state laws, including HIPAA

- To comply with Indiana state licensing and regulatory requirements

- To respond to lawful requests, court orders, or subpoenas

- To fulfill mandatory reporting obligations (e.g., suspected child abuse, vulnerable adult abuse, or imminent danger to self or others)


5.6 Website Improvement and Analytics


- To understand how visitors interact with our website

- To improve website content, functionality, and user experience

- To monitor website performance and security



6. WHO WE SHARE INFORMATION WITH


We take the confidentiality of your information seriously. We do not sell, rent, or trade your personal information or PHI to any third party. We may share your information only in the following circumstances:


6.1 Service Providers and Business Associates


We work with trusted third-party service providers who assist in the operation of our practice. These providers are contractually bound to protect your information and are only permitted to use it for the purposes we specify. They include:


SimplePractice: Our electronic health records (EHR) and practice management platform, used for scheduling, documentation, billing, telehealth sessions, and secure client communication. SimplePractice is HIPAA-compliant and operates under a Business Associate Agreement (BAA) with our practice.


Payment Processor: We use a secure, PCI-compliant payment processor integrated through SimplePractice to process credit card, debit card, and HSA/FSA payments. We do not store your full payment card details on our systems.


Website Hosting Platform (Duda): Our website is hosted on the Duda platform, which may collect certain technical data such as IP addresses and browser information through server logs.


Website Analytics: We may use analytics tools to understand how visitors use our website. See Section 10 for details on cookies and tracking.


UserWay (Accessibility Widget): We use the UserWay Accessibility Widget to enhance website accessibility. See Section 11 for details.


6.2 Legal and Regulatory Disclosures


We may disclose your information without your consent when required or permitted by law, including:


- When there is a reasonable belief of imminent danger to you or another person

- When there is suspected abuse or neglect of a child, elderly person, or vulnerable adult

- In response to a valid court order, subpoena, or other legal process

- To comply with mandatory reporting requirements under Indiana law

- As required by federal or state regulatory agencies


6.3 With Your Written Authorization


We may share your PHI with other healthcare providers, family members, or other individuals you designate, but only after receiving your written authorization. You may revoke this authorization at any time in writing, although revocation will not apply to information already shared based on your prior authorization.


6.4 Other Permitted Disclosures Under HIPAA


As permitted by HIPAA, we may use or disclose your PHI for purposes such as treatment coordination, healthcare operations, and as otherwise described in our Notice of Privacy Practices (Section 8).



7. HOW LONG WE RETAIN YOUR INFORMATION


We retain your personal information and clinical records in accordance with applicable federal and state laws:


7.1 Clinical Records


Adult client records: We retain clinical records for a minimum of seven (7) years following the date of the last service provided, or as otherwise required by Indiana state law and applicable federal regulations.


Minor client records: Records for clients who were minors at the time of treatment are retained for a minimum of seven (7) years after the client reaches the age of 18, or as otherwise required by law.


7.2 Billing and Financial Records


Billing and financial records are retained for a minimum of seven (7) years in accordance with IRS requirements and Indiana state law.


7.3 Website and Communication Data


Non-clinical data such as website analytics, contact form submissions, and general communications may be retained for up to three (3) years or until it is no longer needed for the purpose for which it was collected.


7.4 Deletion and Destruction


When the retention period for your information has expired, we will securely destroy or de-identify your records using methods appropriate to the format of the data (e.g., secure digital deletion, shredding of paper documents). If you request deletion of your information prior to the end of the retention period, we will comply to the extent permitted by law, noting that certain records must be maintained to meet legal and regulatory requirements.



8. NOTICE OF PRIVACY PRACTICES (HIPAA)


THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.


8.1 Our Duties


We are required by law to maintain the privacy of your Protected Health Information (PHI), to provide you with this Notice of our legal duties and privacy practices with respect to PHI, and to notify you in the event of a breach of your unsecured PHI. We are required to abide by the terms of this Notice currently in effect.


8.2 How We May Use and Disclose Your PHI


The following describes the ways we may use and disclose your PHI:


Treatment: We may use your PHI to provide, coordinate, or manage your mental health treatment. For example, your therapist will use information from your sessions to develop and update your treatment plan.


Payment: We may use your PHI for billing purposes, including generating superbills for out-of-network insurance reimbursement at your request.


Healthcare Operations: We may use your PHI for practice management activities such as quality assessment, training, and compliance activities.


As Required by Law: We will disclose your PHI when required to do so by federal, state, or local law.


To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious and imminent threat to your health or safety or the health or safety of another person or the public.


Abuse or Neglect Reporting: We are required to report suspected child abuse, elder abuse, or abuse of a vulnerable adult to the appropriate authorities.


Judicial and Administrative Proceedings: We may disclose your PHI in response to a court order or administrative tribunal, or in response to a subpoena or discovery request under certain circumstances.


Coroners, Medical Examiners, and Funeral Directors: We may release PHI to a coroner or medical examiner as necessary.


8.3 Psychotherapy Notes


Psychotherapy notes receive additional protection under HIPAA. We will not use or disclose psychotherapy notes without your written authorization, except in the following limited circumstances: for use by the therapist who created them for treatment purposes, for training purposes within our practice, to defend ourselves in legal proceedings brought by you, as required by law for health oversight activities, or when necessary to avert a serious and imminent threat.


8.4 Uses and Disclosures Requiring Your Written Authorization


Except as described above, we will not use or disclose your PHI without your written authorization. This includes the use of your PHI for marketing purposes, the sale of your PHI, and most disclosures of psychotherapy notes. You may revoke your authorization at any time in writing, and the revocation will apply to future uses and disclosures.



9. YOUR RIGHTS REGARDING YOUR INFORMATION


Under HIPAA and applicable Indiana state law, you have the following rights with respect to your personal information and PHI:


9.1 Right to Access Your Records


You have the right to inspect and obtain a copy of your PHI that is maintained in our records. To request access, please submit a written request to our Privacy Officer. We may charge a reasonable fee for copies. We will respond to your request within 30 days.


9.2 Right to Request Amendment


If you believe that information in your records is incorrect or incomplete, you have the right to request an amendment. Submit your request in writing to our Privacy Officer, including the reason for the requested change. We may deny your request under certain circumstances (for example, if we believe the information is accurate and complete), but we will provide you with a written explanation of any denial.


9.3 Right to an Accounting of Disclosures


You have the right to request an accounting of certain disclosures of your PHI that we have made. This accounting does not include disclosures made for treatment, payment, healthcare operations, or disclosures you authorized in writing. Submit your request in writing to our Privacy Officer.


9.4 Right to Request Restrictions


You have the right to request restrictions on how we use or disclose your PHI for treatment, payment, or healthcare operations. You also have the right to request restrictions on disclosures to individuals involved in your care. We are not required to agree to all restriction requests, but we will carefully consider each request. If we agree to a restriction, we will abide by it unless the information is needed for emergency treatment.


9.5 Right to Request Confidential Communications


You have the right to request that we communicate with you about your health information in a specific way or at a specific location. For example, you may request that we contact you only by email or at a specific phone number. We will accommodate reasonable requests.


9.6 Right to a Paper Copy of This Notice


You have the right to receive a paper copy of this Privacy Policy and Notice of Privacy Practices at any time, even if you have previously agreed to receive it electronically. To request a paper copy, contact our Privacy Officer using the information listed in Section 2.


9.7 Right to File a Complaint


If you believe your privacy rights have been violated, you have the right to file a complaint with our practice or with the U.S. Department of Health and Human Services (HHS), Office for Civil Rights. We will not retaliate against you for filing a complaint.


HHS Office for Civil Rights: www.hhs.gov/ocr/privacy/hipaa/complaints

Indiana Attorney General: www.in.gov/attorneygeneral


9.8 Right to Revoke Authorization


If you have provided written authorization for us to use or disclose your PHI for a specific purpose, you have the right to revoke that authorization at any time in writing. Revocation will not affect any disclosures already made in reliance on your prior authorization.



10. COOKIES AND TRACKING TECHNOLOGIES


10.1 What Are Cookies?


Cookies are small text files placed on your device when you visit a website. They help websites function properly, improve user experience, and provide information to website owners.


10.2 How We Use Cookies


Our website at www.rootstorisecounseling.com may use the following types of cookies and tracking technologies:


Essential Cookies: These are necessary for the website to function properly, such as enabling navigation and access to secure areas of the site. These cookies do not collect personal information.


Analytics Cookies: We may use analytics cookies (such as those provided by our website platform, Duda) to understand how visitors interact with our website, including which pages are visited most often, how long visitors stay on the site, and how visitors navigate between pages. This helps us improve the website experience.


Functionality Cookies: These cookies remember your preferences and settings (such as accessibility preferences set through the UserWay widget) to provide a more personalized experience.


10.3 Third-Party Cookies


Some cookies on our website may be placed by third-party services we use, such as our website hosting platform (Duda), analytics tools, and the UserWay Accessibility Widget. These third parties have their own privacy policies governing the data they collect.


10.4 Managing Cookies


You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of our website. To learn more about managing cookies, visit your browser's help section or visit www.allaboutcookies.org.


10.5 Do Not Track


Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your online activity tracked. At this time, there is no uniform standard for responding to DNT signals, and our website may not respond to such signals. However, you can manage your tracking preferences through your browser settings and cookie preferences as described above.



11. WEBSITE ACCESSIBILITY – USERWAY


Roots to Rise Counseling is committed to ensuring that our website is accessible to all visitors, including individuals with disabilities.


11.1 The UserWay Accessibility Widget


We use the Accessibility Widget provided by UserWay to enhance the accessibility of our website. The UserWay widget is an AI-powered accessibility tool that helps our website work toward compliance with the Web Content Accessibility Guidelines (WCAG 2.1), the Americans with Disabilities Act (ADA), Section 508, and EN 301 549 standards.


11.2 Features of the UserWay Accessibility Widget


The UserWay widget provides website visitors with a range of accessibility customization options, including but not limited to:


- Text size adjustment (increase or decrease font size)

- Contrast adjustment (multiple contrast modes for improved readability)

- Highlight links (makes all links on a page more visible)

- Text spacing adjustment (increased letter and word spacing)

- Pause animations (stop moving or flashing content)

- Dyslexia-friendly font option

- Cursor enhancement (larger cursor or reading guide)

- Screen reader compatibility and optimization

- Keyboard navigation support

- Color saturation adjustments

- Tooltips for images and interface elements

- Page structure and heading navigation

- Content scaling and zoom features


11.3 Privacy and the UserWay Widget


UserWay operates under a Privacy by Design approach. According to UserWay, the widget does not collect personal information from users who interact with it. Accessibility preferences are stored locally on your device and are not transmitted to external servers. For more information about UserWay's data practices, you may review UserWay's privacy policy at userway.org/privacy.


11.4 Accessibility Feedback


If you experience any difficulty accessing our website or have suggestions for improving accessibility, please contact us at teresagrechenkov25@rootstorisecounseling.com or call (260) 222-7247. We value your feedback and are committed to making our website as accessible as possible.



12. HOW WE PROTECT YOUR INFORMATION


We take the security of your personal information and PHI seriously and have implemented the following safeguards:


12.1 Administrative Safeguards


- Designation of a Privacy Officer (Teresa Grechenkov, LMHC) responsible for overseeing privacy and security practices

- Regular review and updating of privacy and security policies

- Ongoing training on HIPAA compliance and privacy best practices

- Business Associate Agreements (BAAs) with all third-party vendors who handle PHI


12.2 Technical Safeguards


- Use of HIPAA-compliant, encrypted telehealth platform (SimplePractice) for all therapy sessions

- Encryption of electronic data both in transit and at rest

- Password-protected access to all systems containing PHI

- Secure, HIPAA-compliant electronic health records system (SimplePractice)

- PCI-compliant payment processing for credit card and debit card transactions

- Regular software updates and security patches


12.3 Physical Safeguards


- Secure storage of any physical records (if applicable)

- Restricted access to devices used for clinical work

- Secure disposal of physical documents containing PHI through shredding


12.4 Limitations


While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of information transmitted electronically. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.



13. DATA BREACH NOTIFICATION


13.1 Our Commitment


In the event of a breach of unsecured PHI, we will comply with all applicable breach notification requirements under HIPAA, Indiana state law, and any other applicable regulations.


13.2 Notification Procedures


If a breach occurs that affects your PHI, we will:


- Notify affected individuals in writing without unreasonable delay, and no later than 60 days after discovery of the breach

- Include in the notification: a description of the breach, the types of information involved, steps you can take to protect yourself, what we are doing to investigate and mitigate the breach, and contact information for further questions

- Notify the U.S. Department of Health and Human Services (HHS) as required by law

- If the breach affects 500 or more individuals, notify prominent media outlets serving the affected area


13.3 Breach Mitigation


In the event of a breach, we will take immediate steps to contain the breach, investigate its scope and cause, implement measures to prevent future occurrences, and cooperate with any regulatory investigations.



14. CHILDREN'S PRIVACY


Our website is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13 through our website. Our therapy services are primarily designed for adult women (ages 18 and older). Family therapy involving minors requires appropriate parental or guardian consent, and all information collected in that context is handled in accordance with HIPAA and applicable state laws.



15. SOCIAL MEDIA AND EXTERNAL LINKS


15.1 External Links


Our website may contain links to external websites or resources. We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any external sites you visit.


15.2 Social Media


If we maintain a social media presence, please be aware that any information you share on public social media platforms is not protected by this Privacy Policy or by HIPAA. We strongly advise against sharing personal health information through social media channels. We will not respond to requests for clinical information or therapeutic communication through social media.



16. TELEHEALTH-SPECIFIC PRIVACY CONSIDERATIONS


Because all of our services are provided via telehealth, there are additional privacy considerations:


Platform Security: All therapy sessions are conducted through SimplePractice's HIPAA-compliant telehealth platform, which uses end-to-end encryption.


Your Responsibility: You are responsible for ensuring that you are in a private, secure location during sessions and that you are using a secure internet connection. We recommend using headphones and avoiding public Wi-Fi.


Recording: Therapy sessions are not recorded by the Practice. You agree not to record sessions without the express written consent of the therapist.


Emergency Protocols: If an emergency arises during a telehealth session, please call 911 immediately. Our practice is not an emergency or crisis service.



17. INDIANA STATE LAW COMPLIANCE


Roots to Rise Counseling complies with all applicable Indiana state laws governing the practice of mental health counseling, including:


- Indiana Code Title 25, Article 23.6 (Behavioral Health and Human Services Licensing Board)

- Indiana state regulations regarding confidentiality of mental health records

- Indiana mandatory reporting requirements for suspected child abuse, elder abuse, and abuse of vulnerable adults

- Indiana breach notification law (IC 24-4.9)


Where Indiana state law provides greater privacy protections than HIPAA, we will follow the stricter standard.



18. UPDATES TO THIS PRIVACY POLICY


We reserve the right to update or modify this Privacy Policy at any time. When we make changes, we will:


- Update the "Last Updated" date at the top of this document

- Post the revised Privacy Policy on our website

- Notify active clients of material changes via email

- When appropriate, discuss significant changes during your next scheduled session


We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our website or services after changes are posted constitutes your acceptance of the revised policy.



19. CONSENT AND ACKNOWLEDGMENT


By using our website, contacting our practice, or receiving our services, you acknowledge that:


- You have read and understand this Privacy Policy and Notice of Privacy Practices

- You consent to the collection, use, and disclosure of your information as described in this policy

- You understand your rights regarding your personal information and PHI

- You know how to contact us with questions or concerns about your privacy


————————————————————————————————


Questions About This Privacy Policy?


Contact Teresa Grechenkov, LMHC – Privacy Officer

Email: teresagrechenkov25@rootstorisecounseling.com

Phone: (260) 222-7247

www.rootstorisecounseling.com


————————————————————————————————


© 2025 Roots to Rise Counseling, LLC. All rights reserved.