top of page

Privacy Policy

Vitruvian Behavioral Health, PC
Effective Date: 2/1/2023
Last Updated: 2/1/2026

​

Vitruvian Behavioral Health, PC (“VBH,” “we,” “our,” or “us”) is a telehealth-only mental health practice providing psychotherapy, psychiatric services, and related behavioral health treatment to patients physically located in states where our clinicians are licensed, including Massachusetts and New Hampshire.

We are committed to protecting your privacy and safeguarding your Protected Health Information (“PHI”) in compliance with:

  • The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

  • The HITECH Act

  • Massachusetts privacy laws (including M.G.L. c. 93H and 201 CMR 17.00)

  • New Hampshire medical privacy laws (including RSA 332-I and RSA 318-B, where applicable)

This Privacy Policy explains how we collect, use, disclose, and protect information obtained through our website and telehealth services.

​

1. Scope of This Policy

​

This policy applies to:

  • Our public website

  • Online intake forms

  • Telehealth services

  • Secure patient portal communications

  • Electronic billing and payment systems

This policy does not replace our Notice of Privacy Practices (NPP), which is provided to patients at intake and describes in detail how PHI may be used and disclosed.

​

2. Information We Collect

​

A. Personal Information

When you contact us or request services, we may collect:

  • Full name

  • Date of birth

  • Residential address

  • State of physical location

  • Email address

  • Phone number

  • Insurance information

  • Emergency contact information

 

B. Protected Health Information (PHI)

If you become a patient, we collect health information necessary to provide telehealth services, including:

  • Mental health history

  • Diagnoses

  • Medication history

  • Treatment plans

  • Session notes

  • Payment and insurance information

All PHI is maintained in a HIPAA-compliant electronic health record (EHR) system.

​

C. Technical Information

When visiting our website, we may collect:

  • IP address

  • Device and browser type

  • Website usage data

  • Cookies and analytics information

Website analytics do not collect clinical information.

​

3. Telehealth-Specific Privacy Practices

​

VBH operates exclusively via telehealth. To protect privacy:

  • All telehealth sessions are conducted using HIPAA-compliant, encrypted platforms.

  • Clinicians confirm and document the patient’s physical location at each session.

  • Services are only provided to patients physically located in states where our clinicians are licensed at the time of service.

  • Sessions are not recorded without explicit written consent.

  • Patients are encouraged to attend sessions from a private, secure location.

If a patient is located outside an authorized jurisdiction, clinical services will not be rendered.

​

4. How We Use and Disclose Information

​

We use PHI only as permitted under HIPAA and applicable state law for:

​

Treatment

Providing psychotherapy, psychiatric evaluation, medication management, and related services.

​

Payment

Submitting insurance claims, processing payments, and managing billing operations.

​

Healthcare Operations

Quality assurance, training, compliance monitoring, and administrative activities.

We may disclose information:

  • To insurance providers for reimbursement

  • To business associates under HIPAA-compliant agreements

  • As required by Massachusetts or New Hampshire law (e.g., mandatory reporting obligations)

  • To prevent serious harm when legally permitted or required

We do not sell personal information or Protected Health Information.

​

5. Massachusetts & New Hampshire Compliance

Massachusetts (M.G.L. c. 93H & 201 CMR 17.00)

VBH maintains a written information security program (WISP) designed to:

  • Protect personal information of Massachusetts residents

  • Safeguard against unauthorized access

  • Encrypt personal data transmitted electronically

  • Restrict access to authorized personnel only

 

New Hampshire

VBH complies with applicable New Hampshire confidentiality statutes governing mental health records and controlled substance prescribing (when applicable), including secure electronic prescribing requirements.

​

6. Data Security Safeguards

VBH implements administrative, technical, and physical safeguards including:

  • HIPAA-compliant EHR systems

  • Encrypted telehealth platforms

  • Role-based access controls

  • Workforce privacy training

  • Secure password policies

  • Business Associate Agreements (BAAs) with vendors

  • Encrypted data transmission where appropriate

While we use industry-standard protections, no system can guarantee absolute security.

​

7. Website Cookies & Tracking

Our website may use cookies and analytics tools to improve user experience and monitor website performance.

  • We do not use cookies to collect clinical information.

  • We do not sell website visitor data.

  • You may disable cookies through your browser settings.

 

8. Payment Processing

Payments are processed through secure, encrypted third-party payment processors that comply with applicable financial security standards.

VBH does not store full credit card numbers on its servers.

​

9. Your Privacy Rights

Under HIPAA and applicable Massachusetts and New Hampshire laws, patients have the right to:

  • Access their health records

  • Request corrections to records

  • Request restrictions on certain disclosures

  • Request confidential communications

  • Receive an accounting of disclosures

  • File a complaint without retaliation

To exercise these rights, contact us using the information below.

You may also file a complaint with:

U.S. Department of Health and Human Services
Office for Civil Rights
https://www.hhs.gov/ocr

​

10. Minors

For patients under 18, parental or legal guardian consent is obtained in accordance with Massachusetts and New Hampshire law. Certain minor confidentiality protections may apply depending on the service provided and applicable state regulations.

​

11. Compliance Statement

Vitruvian Behavioral Health operates in compliance with:

  • Federal and state licensure requirements

  • HIPAA and HITECH privacy standards

  • Telehealth practice regulations in Massachusetts and New Hampshire

We only provide services within jurisdictions where our clinicians are appropriately licensed and authorized to practice. We do not prescribe controlled substances outside the scope permitted by state and federal law.

​

12. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be posted on this page with a revised effective date.

​

13. Contact Information

Vitruvian Behavioral Health, PC
100 Cummings Center Ste 207P
Beverly, MA 01915
Phone: 978-791-3879
Email: info@vitruvianhealth.org

​

For privacy concerns or to exercise your rights, please contact our Privacy Officer at the information above.

​

bottom of page