Sign Up> My Account>
Logo
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Privacy Policy

Wave Image Bottom

Theryo Privacy Policy and Data Protection Framework

Effective Date: February 2025

Comprehensive Table of Contents

  1. Introduction and Legal Framework
  2. Definitions and Key Terms
  3. Scope of This Privacy Policy
  4. Information Collection and Categories
  5. Artificial Intelligence Implementation and Data Processing
  6. Information Usage and Processing Activities
  7. Data Sharing and Third-Party Relationships
  8. Security Framework and Data Protection Measures
  9. User Rights and Control Mechanisms
  10. Mental Health Data Special Protections
  11. Regulatory Compliance Framework
  12. Platform-Specific Privacy Considerations
  13. International Data Transfer and Processing
  14. Research and Development Activities
  15. Incident Response and Breach Notification
  16. Policy Updates and Communication
  17. Contact Information and Support

Introduction and Legal Framework

A. Purpose and Intent

This Privacy Policy and Data Protection Framework ("Policy") serves as the comprehensive governing document for all data collection, processing, and protection activities conducted by Theryo ("we," "us," "our," or "the Company") through our AI-enhanced mental health platform ("Platform"). This Policy has been meticulously developed to align with and exceed the requirements set forth in:

  1. The Health Insurance Portability and Accountability Act (HIPAA)
  2. The Health Information Technology for Economic and Clinical Health (HITECH) Act
  3. The 21st Century Cures Act
  4. State-specific mental health privacy regulations
  5. Applicable international data protection regulations
B. Regulatory Foundation

This Policy is specifically structured to address the requirements outlined in Section 2012 of the 21st Century Cures Act regarding Privacy Protection for Human Research Subjects, while incorporating additional protections mandated by Section 4003 regarding Interoperability and Section 4004 concerning Information Blocking.

C. Policy Application

This Policy applies to all interactions with the Theryo Platform, including but not limited to:

  1. Web-based application access and usage
  2. Mobile applications (iOS and Android)
  3. Voice-to-text transcription services
  4. AI-powered analytics and insights
  5. Provider-client communications
  6. Research activities and data analysis
  7. Third-party integrations and services

Definitions and Key Terms

A. Platform-Specific Terminology
  1. Theryo Platform : The complete ecosystem of mental health services, including:
    • Web-based application interface
    • Mobile applications
    • Provider dashboard and tools
    • Client interface and features
    • Administrative systems and controls
    • AI processing and analysis systems
  2. AI-Enhanced Services :
    • Native voice-to-text transcription
    • Session analysis and summarization
    • Treatment effectiveness monitoring
    • Progress tracking and visualization
    • Clinical insight generation
    • Care plan recommendations
  3. User Categories :
    • Individual Providers
    • Group Practice Administrators
    • Clinical Support Staff
    • Individual Clients
    • Research Partners
    • Platform Administrators
B. Technical Terminology
  1. Data Categories :
    • Protected Health Information (PHI)
    • Personally Identifiable Information (PII)
    • De-identified Health Information
    • Aggregate Statistical Data
    • AI-Generated Insights
    • Technical Metadata
  2. Security Terms :
    • End-to-End Encryption
    • Multi-Factor Authentication
    • Role-Based Access Control
    • Audit Logging
    • Security Incident
    • Data Breach
  3. Processing Activities :
    • Data Collection
    • AI Analysis
    • Information Storage
    • Data Transmission
    • Information Sharing
    • Data Deletion
C. Regulatory Terminology
  1. Compliance Terms :
    • Business Associate Agreement (BAA)
    • Notice of Privacy Practices
    • Authorization Form
    • Consent Documentation
    • Data Use Agreement
    • Research Protocol
  2. Legal Standards :
    • Minimum Necessary Standard
    • Information Blocking Rules
    • Interoperability Requirements
    • Security Rule Standards
    • Privacy Rule Requirements
    • Breach Notification Rules

Scope of This Privacy Policy

A. Covered Entities and Individuals
  1. Primary Covered Parties :
    • Licensed Mental Health Providers
    • Registered Clients
    • Practice Administrators
    • Support Staff
    • Platform Developers
    • Research Partners
  2. Secondary Covered Parties :
    • Technology Vendors
    • Service Providers
    • Business Associates
    • Research Collaborators
    • Educational Institutions
    • Healthcare Organizations
B. Geographic Coverage
  1. United States Operations :
    • Federal Regulation Compliance
    • State-Specific Requirements
    • Interstate Data Transfer
    • Multi-Jurisdiction Operations
  2. International Considerations :
    • Cross-Border Data Flows
    • International Privacy Standards
    • Global Data Protection Requirements
    • Regional Privacy Frameworks
C. Technical Scope
  1. Platform Components :
    • Web Application
    • Mobile Applications
    • API Integrations
    • Database Systems
    • AI Processing Systems
    • Analytics Tools
  2. Data Processing Activities :
    • Collection Methods
    • Storage Systems
    • Processing Operations
    • Transmission Protocols
    • Deletion Procedures
    • Archival Processes

Information Collection and Categories

A. Clinical Information
  1. Mental Health Records :
    • Diagnostic Information
    • Treatment Plans
    • Progress Notes
    • Session Transcripts
    • Assessment Results
    • Medication Records
  2. Client-Generated Content :
    • Journal Entries
    • Progress Reports
    • Self-Assessments
    • Feedback Responses
    • Communication Logs
    • Resource Usage Data
  3. Provider Documentation :
    • Clinical Notes
    • Treatment Recommendations
    • Progress Evaluations
    • Care Plan Updates
    • Professional Observations
    • Intervention Records
B. Technical Data
  1. Device Information :
    • Hardware Identifiers
    • Operating System Details
    • Browser Information
    • Network Data
    • Location Information
    • Device Settings
  2. Usage Analytics:
    • Access Logs
    • Feature Utilization
    • Session Duration
    • Navigation Patterns
    • Error Reports
    • Performance Metrics
  3. Security Data:
    • Authentication Records
    • Access Attempts
    • Security Logs
    • Encryption Keys
    • Certificate Data
    • Audit Trails

C. Administrative Information

  1. Account Data:
    • Registration Information
    • Profile Details
    • Credentials
    • Payment Information
    • Subscription Status
    • Account Settings
  2. Professional Information:
    • Provider Credentials
    • Practice Information
    • Insurance Details
    • Billing Records
    • Administrative Documents
    • Compliance Records

Artificial Intelligence Implementation and Data Processing

A. AI System Architecture

  1. Core AI Components:
    • Claude 3.5 Integration
    • Natural Language Processing
    • Machine Learning Models
    • Pattern Recognition Systems
    • Predictive Analytics
    • Real-time Processing
  2. AI Processing Controls:
    • Model Validation
    • Bias Detection
    • Quality Assurance
    • Performance Monitoring
    • Error Handling
    • Version Control

B. AI Data Usage

  1. Input Processing:
    • Text Analysis
    • Voice Processing
    • Pattern Recognition
    • Context Analysis
    • Sentiment Evaluation
    • Behavioral Assessment
  2. Output Generation:
    • Clinical Insights
    • Treatment Recommendations
    • Progress Analysis
    • Risk Assessments
    • Intervention Suggestions
    • Documentation Support

C. AI Safety and Ethics

  1. Ethical Framework:
    • Fairness Principles
    • Bias Mitigation
    • Transparency Requirements
    • Accountability Measures
    • Privacy Protection
    • User Control
  2. Safety Measures:
    • Clinical Validation
    • Output Review
    • Risk Management
    • Quality Control
    • User Feedback
    • Continuous Monitoring

Information Usage and Processing Activities

A. Clinical Data Processing

  1. Treatment Activities:
    • Session Documentation Processing
    • Care Plan Development
    • Progress Tracking
    • Outcome Assessment
    • Clinical Decision Support
    • Quality of Care Monitoring
  2. Administrative Processing:
    • Appointment Scheduling
    • Billing Operations
    • Insurance Processing
    • Resource Allocation
    • Practice Management
    • Compliance Documentation
  3. Research Activities:
    • De-identified Data Analysis
    • Treatment Effectiveness Studies
    • Population Health Research
    • Clinical Outcome Evaluation
    • Quality Improvement Studies
    • Trend Analysis

B. Technical Processing

  1. Platform Operations:
    • User Authentication
    • System Maintenance
    • Performance Optimization
    • Feature Updates
    • Security Monitoring
    • Error Resolution
  2. AI Operations:
    • Model Training
    • Algorithm Optimization
    • Pattern Recognition
    • Natural Language Processing
    • Voice Recognition
    • Insight Generation
  3. Analytics Processing:
    • Usage Analysis
    • Performance Metrics
    • User Behavior Analysis
    • System Health Monitoring
    • Security Analysis
    • Quality Assurance

Data Sharing and Third-Party Relationships

A. Authorized Data Sharing

  1. Healthcare Operations:
    • Treatment Providers
    • Healthcare Organizations
    • Insurance Companies
    • Clinical Supervisors
    • Emergency Services
    • Professional Consultants
  2. Technical Operations:
    • Cloud Service Providers
    • Security Services
    • Analytics Providers
    • Maintenance Services
    • Development Partners
    • Quality Assurance Teams
  3. Research Partners:
    • Academic Institutions
    • Research Organizations
    • Clinical Trial Partners
    • Public Health Agencies
    • Quality Assessment Organizations
    • Statistical Analysis Partners

B. Data Sharing Controls

  1. Authorization Requirements:
    • Written Consent Protocols
    • Authorization Verification
    • Access Control Systems
    • Sharing Restrictions
    • Purpose Limitations
    • Duration Controls
  2. Documentation Requirements:
    • Sharing Agreements
    • Business Associate Agreements
    • Data Use Agreements
    • Confidentiality Agreements
    • Security Assessments
    • Compliance Certifications

Security Framework and Data Protection Measures

A. Technical Security

  1. Infrastructure Security:
    • AWS Cloud Security
    • Network Protection
    • Firewall Systems
    • Intrusion Detection
    • Vulnerability Management
    • Security Monitoring
  2. Data Protection:
    • Encryption Standards
    • Access Controls
    • Data Backup
    • Disaster Recovery
    • Business Continuity
    • Data Retention
  3. Application Security:
    • Secure Development
    • Code Review
    • Penetration Testing
    • Security Updates
    • Version Control
    • Change Management

B. Administrative Security

  1. Policy Framework:
    • Security Policies
    • Procedure Documentation
    • Training Programs
    • Compliance Monitoring
    • Audit Procedures
    • Incident Response
  2. Personnel Security:
    • Background Checks
    • Security Training
    • Access Management
    • Confidentiality Agreements
    • Performance Monitoring
    • Disciplinary Procedures

User Rights and Control Mechanisms

A. Access Rights

  1. Information Access:
    • Record Request Procedures
    • Access Timeline Requirements
    • Format Specifications
    • Verification Methods
    • Documentation Requirements
    • Response Protocols
  2. Modification Rights:
    • Amendment Procedures
    • Correction Protocols
    • Update Requirements
    • Version Control
    • Change Documentation
    • Notification Systems

B. Control Mechanisms

  1. Privacy Controls:
    • Sharing Preferences
    • Consent Management
    • Authorization Settings
    • Access Restrictions
    • Communication Preferences
    • Profile Management
  2. Technical Controls:
    • Security Settings
    • Device Management
    • Authentication Options
    • Notification Controls
    • Data Export Tools
    • Account Management

Mental Health Data Special Protections

A. Clinical Safeguards

  1. Treatment Protection:
    • Confidentiality Measures
    • Clinical Privacy
    • Provider Controls
    • Session Security
    • Record Protection
    • Communication Security
  2. Special Categories:
    • Substance Use Data
    • Genetic Information
    • Minor Records
    • Family History
    • Sensitive Diagnoses
    • Treatment Plans

B. Research Protections

  1. Study Controls:
    • Research Privacy
    • Data Anonymization
    • Study Protocols
    • Participant Protection
    • Consent Management
    • Results Privacy
  2. Quality Measures:
    • Outcome Privacy
    • Assessment Security
    • Progress Protection
    • Evaluation Security
    • Reporting Privacy
    • Analysis Protection

Regulatory Compliance Framework

A. HIPAA Compliance

  1. Privacy Rule:
    • Use and Disclosure
    • Minimum Necessary
    • Patient Rights
    • Administrative Requirements
    • Documentation
    • Training Requirements
  2. Security Rule:
    • Administrative Safeguards
    • Physical Safeguards
    • Technical Safeguards
    • Organizational Requirements
    • Policies and Procedures
    • Documentation

B. 21st Century Cures Act

  1. Information Blocking:
    • Access Requirements
    • Exchange Protocols
    • Use Standards
    • Exception Management
    • Documentation Requirements
    • Compliance Monitoring
  2. Interoperability:
    • Technical Standards
    • Exchange Framework
    • API Requirements
    • Security Protocols
    • Privacy Protection
    • Data Standards

Contact Information and Support

A. Privacy Office

  1. Primary Contacts:
    • Chief Privacy Officer: [Name and Contact Details]
    • Data Protection Officer: [Name and Contact Details]
    • Privacy Team Email: [email protected]
    • Emergency Contact: [24/7 Privacy Incident Hotline]
  2. Support Channels:

B. Regulatory Compliance Contacts

  1. Compliance Team:
    • Chief Compliance Officer: [Name and Contact Details]
    • Regulatory Affairs Director: [Name and Contact Details]
    • Legal Department: [email protected]
    • Compliance Hotline: [Toll-Free Number]
  2. Reporting Channels:

Last Updated: February 2025 Version: 1.0

Our Newsletter

Get valuable insights via infrequently sent newsletters.

Sign up

Ready To Check It Out?

Contact us to request a demo of Theryo today.

Request a Demo
© 2025 Theryo - All Rights Reserved