Privacy Policy
Effective Date: January 1, 2025
1. Introduction
At NeuroSynchrony Health, we are committed to protecting your privacy and safeguarding your protected health information (PHI). This Privacy Policy explains how we collect, use, store, and disclose your information in accordance with HIPAA, the HITECH Act, Connecticut law, and other applicable regulations.
2. Information We Collect
- Personal identifiers: name, date of birth, contact details, insurance information
- Health information: diagnoses, medications, treatment plans, clinical notes, EEG/TMS data
- Billing information: insurance claims, payment methods
- Technology metadata: IP address, device/browser type, usage history
3. Use of Information
We use your information only as permitted by law for treatment, payment, healthcare operations, appointment reminders, and legal compliance. We do not sell your information or use it for marketing without written consent.
4. Disclosure of Information
- To other providers involved in your care
- To insurance companies for billing and authorization
- To business associates under HIPAA-compliant agreements
- As required by law or court order
- With your written authorization for any other disclosures
5. Your Rights
- Access your health record
- Request corrections
- Receive an accounting of disclosures
- Request restrictions or confidential communications
- File a complaint without retaliation
6. Data Security
- Access your health record
- Request corrections
- Receive an accounting of disclosures
- Request restrictions or confidential communications
- File a complaint without retaliation
6. Data Security
We use encrypted records, access controls, secure telehealth platforms, and staff training to protect your data. Despite best efforts, electronic communication always carries some residual risk.
7. Electronic Communication
By opting in, you acknowledge that email, voicemail, and text may not be encrypted. You may revoke consent to any method at any time.
8. Minors
Minors may have confidentiality rights under Connecticut law. We comply with legal guidelines for youth access to care and parental involvement.
9. Data Retention
We retain records for 6–10 years as required by law and clinical guidelines.
10. Changes to This Policy
We reserve the right to update this policy. Changes will be posted on our website and in our office.
11. Contact Information
Privacy Officer: Gregg Pauletti
Phone: 203-363-4296
Email: gpauletti@neurosynchronyhealth.com
Address: 100 Melrose Ave, STE 101, Greenwich, CT 06830
12. Connecticut-Specific Legal Requirements
Behavioral Health Confidentiality
Under CGS § 52-146f, behavioral health and substance use records require written consent before being shared—even for care coordination—except in limited circumstances such as imminent harm or court order.
Evidentiary Privilege
Mental health records are privileged. We do not release them based on subpoenas alone. A Connecticut court order is required.
Minor Consent for Treatment
Minors may consent to mental health care without parental involvement under Connecticut law. We respect these rights and inform youth of their privacy protections.
Connecticut Data Privacy Act (CTDPA)
- We obtain opt-in consent before collecting or using sensitive health data.
- We do not use location-based geofencing around our clinics.
- You have the right to access, correct, delete, or opt out of data processing.
Public Access Requirement
This policy is available on our website and in our office, per CGS § 42-471. We do not disclose sensitive data such as Social Security numbers without explicit authorization or legal necessity.