PRIVACY POLICY AND NOTICE OF PRIVACY PRACTICES
Roots to Rise Counseling, LLC
Effective Date: 01/9/2026
Last Updated: 01/9/2026
INTRODUCTION
Roots to Rise Counseling ("we," "us," "our," or "the Practice") is committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy and Notice of Privacy Practices explains how we collect, use, disclose, and safeguard your information when you visit our website (www.rootstorisecounseling.com), schedule appointments, and receive counseling services.
This document serves as both our Website Privacy Policy and our Notice of Privacy Practices as required under the Health Insurance Portability and Accountability Act (HIPAA). As a licensed mental health provider in Indiana, we are required by law to maintain the privacy of your Protected Health Information (PHI) and to provide you with this notice of our legal duties and privacy practices.
By using our website or services, you acknowledge that you have read and understood this Privacy Policy.
1. INFORMATION WE COLLECT
We collect several types of information to provide and improve our therapeutic services:
PERSONAL INFORMATION YOU PROVIDE DIRECTLY:
- Full name and contact information (email address, phone number, mailing address)
- Date of birth and age
- Emergency contact information
- Insurance information (if applicable)
- Payment and billing information
- Appointment scheduling details
- Communication preferences
PROTECTED HEALTH INFORMATION (PHI):
- Mental health history and current symptoms
- Treatment goals and progress notes
- Assessment and evaluation results
- Diagnoses and treatment plans
- Medication information
- Information about your physical health that relates to your mental health treatment
- Information from or about your family members or others that is relevant to your care
- Records from other healthcare providers (with your authorization)
INFORMATION COLLECTED AUTOMATICALLY:
- Internet Protocol (IP) address
- Browser type and version
- Device information
- Pages visited on our website
- Time and date of visits
- Time spent on pages
- Referring website addresses
- General location data (city/state level)
COOKIES AND TRACKING TECHNOLOGIES:
We use cookies and similar tracking technologies to improve your website experience and analyze website traffic. This includes:
- Essential cookies necessary for website functionality
- Analytics cookies to understand how visitors use our site
- Preference cookies to remember your settings
ACCESSIBILITY TECHNOLOGY:
Our website uses Accessibility by UserWay, a web accessibility widget that helps make our site accessible to individuals with disabilities. UserWay may collect limited technical information about your device and how you interact with the accessibility features to improve functionality. This information is processed in accordance with UserWay's privacy policy and is not considered PHI.
2. HOW WE COLLECT INFORMATION
We collect information through the following methods:
DIRECT COMMUNICATION:
- Initial consultation calls and intake sessions
- Therapy sessions (virtual sessions via secure telehealth platform)
- Email correspondence
- Phone calls and voicemail messages
- Contact forms on our website
- Scheduling requests
WEBSITE FORMS:
- Contact forms
- Consultation request forms
- Client portal login (when available)
THIRD-PARTY INTEGRATIONS:
- SimplePractice (Electronic Health Records system)
- Secure telehealth platform for virtual sessions
- Payment processing systems
- Website analytics tools
3. HOW WE USE YOUR INFORMATION
FOR TREATMENT PURPOSES:
- Providing mental health counseling and therapy services
- Developing and implementing treatment plans
- Coordinating care with other healthcare providers (with your authorization)
- Conducting clinical assessments and evaluations
- Maintaining accurate clinical records
- Ensuring continuity of care
FOR PAYMENT PURPOSES:
- Processing payments for services
- Billing and collection activities
- Verifying insurance coverage (if applicable)
- Obtaining payment authorizations
- Managing your account
FOR HEALTHCARE OPERATIONS:
- Quality assurance and improvement activities
- Staff training and supervision
- Business planning and management
- Legal and regulatory compliance
- Responding to complaints or concerns
- Risk management
FOR WEBSITE AND COMMUNICATION PURPOSES:
- Responding to your inquiries
- Scheduling appointments
- Sending appointment reminders
- Providing service updates
- Improving our website functionality
- Analyzing website usage and trends
- Sending occasional newsletters or updates (with your consent)
FOR LEGAL COMPLIANCE:
- Complying with applicable laws and regulations
- Responding to legal process or government requests
- Protecting against fraud or illegal activities
- Enforcing our Terms of Service
4. LEGAL BASIS FOR PROCESSING (HIPAA USES AND DISCLOSURES)
Under HIPAA, we are permitted to use and disclose your PHI for the following purposes without your authorization:
TREATMENT, PAYMENT, AND HEALTHCARE OPERATIONS
As described in Section 3 above.
REQUIRED BY LAW:
We may disclose PHI when required by federal, state, or local law, including:
- Reporting suspected abuse, neglect, or domestic violence to appropriate authorities
- Complying with court orders or subpoenas
- Reporting certain communicable diseases to public health authorities
- Cooperating with law enforcement in specific circumstances
- Responding to workers' compensation claims
PUBLIC HEALTH AND SAFETY:
- Preventing or controlling disease, injury, or disability
- Reporting adverse events related to medications or medical devices
- Notifying appropriate authorities if we believe you pose a serious threat to yourself or others
HEALTH OVERSIGHT ACTIVITIES:
- Audits and investigations by licensing boards or government agencies
- Compliance reviews
RESEARCH:
- With your authorization or as permitted by law when appropriate safeguards are in place
CORONERS, MEDICAL EXAMINERS, AND FUNERAL DIRECTORS:
- When necessary for them to carry out their duties
ORGAN AND TISSUE DONATION:
- To facilitate organ or tissue donation and transplantation (if applicable)
5. WHEN WE REQUIRE YOUR AUTHORIZATION
We will obtain your written authorization before using or disclosing your PHI for purposes other than those listed above, including:
- Most marketing communications
- Sale of PHI
- Psychotherapy notes (which are kept separate from your regular clinical record)
- Any other uses not described in this Notice
You have the right to revoke your authorization at any time by providing written notice. However, we cannot take back any disclosures already made with your authorization.
6. WHO WE SHARE YOUR INFORMATION WITH
HEALTHCARE PROVIDERS:
With your authorization, we may share information with:
- Your primary care physician
- Psychiatrists or other prescribers
- Other mental health professionals involved in your care
- Previous therapists or counselors
BUSINESS ASSOCIATES:
We share limited information with third-party service providers who assist us in operating our practice. These entities are contractually required to protect your information:
- SimplePractice: Electronic Health Records (EHR) system for maintaining clinical records, scheduling, and billing
- Secure Telehealth Platform: For conducting virtual therapy sessions
- Payment Processors: For processing credit card and other payments
- Website Hosting: Squarespace/Google Workspace for website and email services
- UserWay: Website accessibility widget provider
- IT Service Providers: For technical support and data security
All Business Associates sign HIPAA-compliant agreements (Business Associate Agreements) ensuring they maintain the same level of privacy and security protection for your information.
LEGAL AND REGULATORY AUTHORITIES:
As required or permitted by law, we may disclose information to:
- State licensing boards
- Law enforcement agencies
- Courts and attorneys
- Government oversight agencies
- Public health authorities
IN CASE OF EMERGENCY:
If you provide emergency contact information, we may contact that person if we believe there is an immediate threat to your safety or the safety of others.
NO SALE OF INFORMATION:
We do not sell, rent, or trade your personal information or PHI to third parties for marketing purposes.
7. DATA RETENTION
CLINICAL RECORDS:
We retain clinical records in accordance with Indiana law and professional standards:
- Adults: Clinical records are retained for seven (7) years from the date of last service
- Minors: Records are retained until the client reaches age 25 or for seven years from the date of last service, whichever is longer
- Specific Circumstances: Records may be retained longer if required by law, ongoing legal proceedings, or if clinically appropriate
BILLING AND FINANCIAL RECORDS:
Financial records are retained for seven (7) years as required by federal and state tax regulations.
WEBSITE AND COMMUNICATION DATA:
- Website analytics data: Retained for 26 months
- Contact form submissions: Retained as long as necessary to respond to inquiries
- Email communications: Retained as part of your clinical record if clinically relevant
- Cookies: Most cookies expire after your browser session ends; some may persist for up to 2 years
DELETION PROTOCOL:
When the retention period expires, records are destroyed in a manner that protects confidentiality:
- Paper records are shredded using a cross-cut shredder or secure shredding service
- Electronic records are permanently deleted using secure deletion methods
- Records in cloud-based systems are deleted in accordance with our Data Security procedures
8. HOW WE PROTECT YOUR INFORMATION
We implement comprehensive security measures to protect your personal and health information:
TECHNICAL SAFEGUARDS:
- Encryption of data in transit and at rest using industry-standard protocols (SSL/TLS)
- Secure, password-protected Electronic Health Records system (SimplePractice)
- HIPAA-compliant cloud storage with automatic backups
- Multi-factor authentication for system access
- Regular security updates and patches
- Firewall protection and antivirus software
- Secure, encrypted telehealth platform for virtual sessions
PHYSICAL SAFEGUARDS:
- Secure storage of any physical records
- Restricted access to locations where records are stored
- Locked filing cabinets for paper documents
- Secure disposal methods for confidential waste
ADMINISTRATIVE SAFEGUARDS:
- Comprehensive privacy and security policies and procedures
- Regular risk assessments
- Staff training on HIPAA compliance and privacy practices
- Business Associate Agreements with all third-party vendors
- Incident response and breach notification procedures
TELEHEALTH SECURITY:
All virtual therapy sessions are conducted using HIPAA-compliant, encrypted telehealth platforms. You should ensure you are in a private location during sessions and use a secure internet connection.
LIMITATIONS:
While we implement strong security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but maintain safeguards that meet or exceed industry standards.
9. DATA BREACH NOTIFICATION
In the unlikely event of a data breach involving your information, we will:
1. INVESTIGATE: Immediately investigate the incident to determine the scope and cause
2. CONTAIN: Take steps to contain the breach and prevent further unauthorized access
3. NOTIFY: Provide notification as required by law:
- Individual Notification: If your unsecured PHI is breached, we will notify you within 60 days by mail or email
- Media Notification: If the breach affects 500 or more individuals in a state or jurisdiction, we will notify prominent media outlets
- HHS Notification: Report the breach to the U.S. Department of Health and Human Services as required
- Law Enforcement: Notify appropriate authorities if required
4. REMEDIATE: Take corrective action to prevent future breaches
5. DOCUMENT: Maintain records of the breach and response actions
WHAT YOU CAN DO:
If you believe your information has been compromised, please contact us immediately at teresagrechenkov25@rootstorisecounseling.com or (574) 465-6996.
10. YOUR PRIVACY RIGHTS
You have the following rights regarding your personal and health information:
RIGHT TO ACCESS:
You have the right to inspect and obtain a copy of your PHI in our designated record set (your clinical record). To request access:
- Submit a written request to Teresa Grechenkov, LCSW
- We will respond within 30 days (with possible 30-day extension if needed)
- We may charge a reasonable, cost-based fee for copying and mailing
- We may deny access in limited circumstances as permitted by law (e.g., if access would endanger you or another person)
RIGHT TO REQUEST AMENDMENTS:
If you believe information in your record is incorrect or incomplete, you may request an amendment:
- Submit a written request explaining what you want changed and why
- We may deny the request if the information is accurate, complete, and created by us
- If denied, you may submit a statement of disagreement that will be included in your record
- If approved, we will make the amendment and notify relevant parties
RIGHT TO AN ACCOUNTING OF DISCLOSURES:
You may request a list of certain disclosures we have made of your PHI:
- The accounting covers up to six years prior to your request
- The first accounting in a 12-month period is free; subsequent requests may incur a fee
- The accounting does not include disclosures for treatment, payment, healthcare operations, or those made with your authorization
RIGHT TO REQUEST RESTRICTIONS:
You may request restrictions on how we use or disclose your PHI:
- We are not required to agree to your request
- If we agree, we will comply unless the information is needed for emergency treatment
- We must agree to restrict disclosures to health plans if you pay out-of-pocket in full for services and the disclosure is not required by law
RIGHT TO REQUEST CONFIDENTIAL COMMUNICATIONS:
You may request that we communicate with you in a specific way or at a specific location:
- For example, you may request we contact you only via email or at a work phone number
- We will accommodate reasonable requests without requiring an explanation
- Submit your request in writing
RIGHT TO RECEIVE A PAPER COPY OF THIS NOTICE:
You have the right to receive a paper copy of this Privacy Policy at any time, even if you have received it electronically. Contact us to request a paper copy.
RIGHT TO REVOKE AUTHORIZATION:
You may revoke any authorization you have given us for uses or disclosures of your information:
- Revocation must be in writing
- Revocation does not apply to information already disclosed based on your authorization
RIGHT TO FILE A COMPLAINT:
If you believe your privacy rights have been violated, you may file a complaint:
- With the Practice: Contact Teresa Grechenkov at teresagrechenkov25@rootstorisecounseling.com
- With the Government: File a complaint with the U.S. Department of Health and Human Services Office for Civil Rights at www.hhs.gov/ocr/privacy/hipaa/complaints/
- You will not be penalized or retaliated against for filing a complaint
RIGHT TO OPT-OUT OF NON-ESSENTIAL COMMUNICATIONS:
You may opt out of non-essential communications (such as newsletters or practice updates) at any time by:
- Clicking "unsubscribe" in any email communication
- Contacting us at teresagrechenkov25@rootstorisecounseling.com
- Calling (574) 465-6996
Note: You cannot opt out of essential communications related to appointments, billing, or your treatment.
11. COOKIES AND TRACKING TECHNOLOGIES
WHAT ARE COOKIES:
Cookies are small text files placed on your device when you visit our website. They help us understand how you use our site and improve your experience.
TYPES OF COOKIES WE USE:
Essential Cookies (Required):
- Session management
- Security features
- Basic website functionality
- These cookies are necessary for the website to function and cannot be disabled
Analytics Cookies (Optional):
- Google Analytics (if used): Tracks website traffic, page views, and user behavior
- Helps us understand which content is most useful
- Data is anonymized and aggregated
Preference Cookies (Optional):
- Remember your settings and preferences
- Improve your experience on future visits
Accessibility Cookies:
- UserWay accessibility widget uses cookies to remember your accessibility preferences
- Helps maintain your selected accessibility settings across visits
MANAGING COOKIES:
You can control cookies through your browser settings:
- Most browsers allow you to refuse or delete cookies
- Disabling cookies may affect website functionality
- Instructions for managing cookies vary by browser; consult your browser's help section
DO NOT TRACK:
Our website does not currently respond to "Do Not Track" signals from browsers, as there is no universal standard for how to respond to such signals.
12. WEBSITE PRIVACY AND SECURITY
WEBSITE ACCESS:
- Our website (www.rootstorisecounseling.com) uses SSL/TLS encryption to protect data transmitted between your browser and our server
- Look for "https://" in the URL and a padlock icon in your browser
CONTACT FORMS:
- Information submitted through website contact forms is transmitted securely
- We do not collect PHI through website forms
- Contact form submissions may be retained as part of our business records
CLIENT PORTAL (When Available):
- If using our online client portal through SimplePractice, you will need to create a secure login
- Never share your portal credentials
- Use a strong, unique password
- Log out after each session
EMAIL COMMUNICATION:
- Standard email is not secure and should not be used to discuss sensitive clinical information
- We may use email for appointment reminders, billing questions, and general inquiries
- If you email us about sensitive matters, please be aware of the risks
THIRD-PARTY LINKS:
- Our website may contain links to third-party websites
- We are not responsible for the privacy practices of other websites
- We encourage you to review the privacy policies of any third-party sites you visit
13. TELEHEALTH PRIVACY CONSIDERATIONS
As a virtual-only practice, all therapy services are provided through secure telehealth platforms. Additional privacy considerations include:
YOUR RESPONSIBILITIES:
- Ensure you are in a private location during sessions
- Use headphones to maintain confidentiality
- Use a secure internet connection (avoid public Wi-Fi)
- Keep your device and accounts secure
- Close other programs and notifications during sessions
OUR SAFEGUARDS:
- Use of HIPAA-compliant, encrypted telehealth platforms
- No recording of sessions without explicit consent
- Secure storage of any session-related documentation
TECHNOLOGY LIMITATIONS:
- Technical difficulties may occur during virtual sessions
- We will establish backup communication methods
- We cannot guarantee the security of your home network or personal devices
14. CHILDREN'S PRIVACY
Our services are designed for adult women (ages 35-55) and families. We do not knowingly collect information from children under 13 through our website without parental consent.
If providing family therapy services to minors:
- We will obtain appropriate parental/guardian consent
- Parents/guardians have the right to access their minor child's PHI
- Indiana law provides minors with certain confidentiality rights for mental health treatment
- We will discuss confidentiality boundaries with families at the outset of treatment
15. STATE-SPECIFIC PRIVACY RIGHTS
INDIANA RESIDENTS:
As a practice located in Indiana, we comply with Indiana state laws regarding:
- Mental health record confidentiality (IC 16-39-4)
- Mandatory reporting requirements
- Minor consent for mental health services
- Record retention requirements
SERVING INDIANA RESIDENTS IN MULTIPLE COUNTIES:
We provide services to residents throughout Indiana, including Kosciusko County (Warsaw), Allen County (Fort Wayne), Hamilton County (Carmel), and Marion County (Indianapolis). All clients receive the same privacy protections regardless of location within Indiana.
16. CHANGES TO THIS PRIVACY POLICY
RIGHT TO REVISE:
We reserve the right to revise this Privacy Policy at any time. Changes may be necessary to comply with new laws or regulations, reflect changes in our practices, or improve our services.
NOTICE OF CHANGES:
- The "Last Updated" date at the top of this policy will be revised
- Material changes will be communicated by:
- Posting the updated policy on our website
- Email notification to active clients
- Providing a copy during your next session
- Posting a notice in our virtual waiting room
EFFECTIVE DATE OF CHANGES:
- Changes apply to all information we maintain, including information collected before the revision date
- By continuing to use our services after changes are made, you accept the updated policy
ACCESSING CURRENT POLICY:
The current version of this Privacy Policy is always available:
- On our website at www.rootstorisecounseling.com/privacy-policy
- Upon request via email or phone
- During your intake session
17. CONTACT INFORMATION AND PRIVACY CONCERNS
PRACTICE CONTACT INFORMATION:
Roots to Rise Counseling, LLC
3600 Commerce Drive, U.S. Hwy 30 #1041
Warsaw, IN 46580
Teresa Grechenkov, LCSW
Owner and Licensed Clinical Social Worker
Phone: (260) 222-7247
Email: teresagrechenkov25@rootstorisecounseling.com
Website: www.rootstorisecounseling.com
HOURS OF OPERATION:
Monday: 9:00 AM – 3:00 PM
Tuesday: 9:00 AM – 3:00 PM
Wednesday: 9:00 AM – 3:00 PM
Thursday: 9:00 AM – 3:00 PM
Friday: 9:00 AM - 12:00 PM
Saturday: Closed
Sunday: Closed
RESPONSE TIME:
Please allow at least 24 hours to receive a response. We will make every effort to respond to privacy concerns and requests promptly.
PRIVACY OFFICER:
Teresa Grechenkov serves as the Privacy Officer for Roots to Rise Counseling. All privacy-related questions, concerns, or requests should be directed to her using the contact information above.
QUESTIONS OR CONCERNS:
If you have questions about this Privacy Policy or concerns about how your information is handled, please:
- Email: teresagrechenkov25@rootstorisecounseling.com
- Call: (574) 465-6996
- Write: Teresa Grechenkov, 3600 Commerce Drive, U.S. Hwy 30 #1041, Warsaw, IN 46580
TO EXERCISE YOUR RIGHTS:
Submit requests to access, amend, or obtain an accounting of disclosures in writing to the address above or via email.
FILING COMPLAINTS:
If you believe your privacy rights have been violated:
- Contact us directly using the information above
- File a complaint with the U.S. Department of Health and Human Services:
Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints/
You will not face retaliation for filing a complaint.
18. ACKNOWLEDGMENT AND CONSENT
FOR NEW CLIENTS:
During your intake session, you will be asked to sign an acknowledgment form confirming that you have:
- Received this Privacy Policy and Notice of Privacy Practices
- Had the opportunity to ask questions
- Understand your privacy rights
- Understand how your information may be used and disclosed
Your signature acknowledges receipt of this notice and does not constitute consent for any particular use or disclosure of your information.
SPECIAL AUTHORIZATIONS:
Separate, specific authorizations will be obtained for:
- Releasing information to third parties
- Communication with other healthcare providers
- Any uses or disclosures not covered by this notice
EFFECTIVE DATE: This Notice of Privacy Practices is effective as of 1/9/2026 and applies to all information we maintain about you.
IMPORTANT NOTICE
Roots to Rise Counseling is not a crisis center and does not provide crisis services. If you are experiencing a mental health emergency, please:
- Call 911
- Go to your nearest emergency room
- Call the National Suicide Prevention Lifeline: 988
- Text HOME to 741741 (Crisis Text Line)
WEBSITE ACCESSIBILITY STATEMENT
Roots to Rise Counseling is committed to ensuring digital accessibility for people with disabilities. We are continually improving the user experience for everyone and applying the relevant accessibility standards. Our website uses Accessibility by UserWay to provide enhanced accessibility features. If you encounter any accessibility barriers or have suggestions for improvement, please contact us at teresagrechenkov25@rootstorisecounseling.com.
Last Updated: 1/9/2026
© 2025 Roots to Rise Counseling, LLC. All rights reserved.