Privacy Policy

Effective Date: 2/24/2025
Ubora Health and Wellness PLLC
Address: Tewksbury, MA 01844
Phone: (978) 566-6747
Email: info@uborahealthservices.com

1. Introduction

Ubora Health and Wellness PLLC (“Ubora Health,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the confidentiality and security of your personal and health information. This Privacy Policy explains how we collect, use, disclose, and protect your information in accordance with the Health Insurance Portability and Accountability Act (HIPAA), New Hampshire SB 255, the Telephone Consumer Protection Act (TCPA), and other applicable federal and state laws governing privacy and data protection.

By using our services, website, or communicating with us, you agree to the terms of this Privacy Policy.

2. Information We Collect

We may collect the following types of information:

A. Protected Health Information (PHI) (HIPAA Compliance)

Ubora Health is a Covered Entity under HIPAA, and we collect, use, and protect Protected Health Information (PHI) in compliance with HIPAA Privacy and Security Rules. This includes:

• Personal Identification Information: Name, date of birth, address, phone number, email.
• Health Information: Diagnosis, treatment plans, medications, mental health history, and related medical records.
• Payment & Insurance Information: Insurance provider, billing details, and financial information for processing payments.

B. Personal & Non-Health Information

• Website & Online Data: When you visit our website, we may collect cookies, IP addresses, browsing history, and other metadata for analytics and security purposes.
• Communication Data: Call logs, emails, and messages exchanged with Ubora Health for customer service and appointment scheduling.

C. Information Collected Under NH SB 255 (New Hampshire Data Privacy Law)

As required under NH SB 255, we ensure that:

• Personal data is collected only when necessary for providing healthcare services.
• Patients have the right to request access to, update, or delete their personal data, subject to regulatory compliance.

D. Information Collected Under TCPA Compliance (Phone & Text Communications)

To ensure compliance with the Telephone Consumer Protection Act (TCPA):

• We obtain your prior express consent before sending marketing or automated text messages.
• You have the right to opt out of promotional texts at any time by replying “STOP.”
• Our communications regarding appointments, billing, or healthcare services are not considered marketing and do not require prior consent.

3. How We Use Your Information

Ubora Health uses collected data to:

• Provide mental health and psychiatric services.
• Schedule, confirm, and manage appointments.
• Process payments and work with insurance providers.
• Conduct HIPAA-compliant telehealth sessions.
• Respond to patient inquiries and requests.
• Improve website functionality and security.
• Comply with legal and regulatory obligations.

We DO NOT sell, rent, or trade your personal information for marketing purposes.

4. Disclosure of Information

Ubora Health only shares your information as permitted by law or with your explicit consent in the following cases:

A. HIPAA-Compliant Disclosures

We may share your PHI with:

• Your healthcare providers for coordinated care.
• Insurance companies for billing and claims processing.
• Law enforcement or public health authorities, if required by law.
• Business associates (such as electronic medical record vendors) who adhere to HIPAA regulations.

B. Compliance with NH SB 255

• We will not disclose non-PHI personal data to third parties without your written consent, except as required by law.

C. Compliance with TCPA

• We do not send automated messages without your prior consent.
• You can opt out of non-essential communications at any time.

5. Your Rights Under HIPAA & NH SB 255

As a patient, you have the following rights:

• Access Your Health Records: Request a copy of your medical records.
• Correct Your Records: Request updates to inaccurate or incomplete information.
• Request Confidential Communications: Choose how you wish to be contacted (e.g., phone, email).
• Restrict Information Sharing: Request limits on how we share your PHI.
• File a Complaint: If you believe your privacy rights have been violated, you can contact us or file a complaint with the U.S. Department of Health and Human Services (HHS).

To exercise any of these rights, contact info@uborahealthservices.com.

6. Data Security Measures

Ubora Health implements robust HIPAA-compliant security measures to protect your information:

• Encryption: All electronic PHI is encrypted.
• Secure Access Controls: Multi-factor authentication is used for access to sensitive data.
• Regular Compliance Audits: We conduct periodic security audits.
• Confidentiality Training: Staff undergoes HIPAA and data protection training.

7. Third-Party Services & External Links

Our website may contain links to third-party websites (e.g., insurance providers, telehealth platforms). We are not responsible for the privacy practices of these external sites. Please review their privacy policies separately.

8. Retention of Records

Ubora Health retains health records in accordance with HIPAA retention guidelines and state medical record retention laws:

• Adult Medical Records: Retained for at least 7 years.
• Minor Medical Records: Retained until the patient is at least 21 years old.
• Billing & Insurance Records: Retained for minimum 7 years as required by law.

We securely dispose of records when retention periods expire.

9. Updates to This Privacy Policy

Ubora Health may update this Privacy Policy to reflect changes in HIPAA, NH SB 255, TCPA, or other regulations. We will notify patients of significant changes via email or website updates.

The most current version of this policy will always be available at:
https://www.uborahealthservices.com/privacy-policy

10. Contact Information

For questions about this Privacy Policy, data access requests, or HIPAA rights, please contact:

📍 Ubora Health and Wellness PLLC
📍 Tewksbury, MA 01844
📞 Phone: (978) 566-6747
📧 Email: info@uborahealthservices.com

If you believe your privacy rights have been violated, you may also file a complaint with the U.S. Department of Health & Human Services (HHS) at:
🔗 https://www.hhs.gov/hipaa/filing-a-complaint/index.html

Ubora Health will not retaliate against you for filing a privacy complaint.

Final Note:

This Privacy Policy is designed to comply with HIPAA, NH SB 255, TCPA, and other applicable privacy laws. By using our services, you acknowledge that you understand and agree to the terms outlined in this policy.

📌 Last Updated: [Insert Date]

‍