Get Started

Privacy Policy

I. Introduction
1. Purpose and Scope
At Blue Sails Counseling and Consulting, Inc. (“Blue Sails”), your privacy is a top priority. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information obtained through our website, telehealth platforms, communications (including phone, email, and text messages), and any other online or offline services we provide. Whether you are engaging in individual therapy, participating in group counseling, receiving psychiatric medication management, or joining our online Intensive Outpatient Program (IOP), this Policy outlines how your information is handled and protected.
This Privacy Policy applies to all visitors, clients, and users of our services, and governs how we manage both personally identifiable information and sensitive health information, including Protected Health Information (PHI), in accordance with applicable laws and ethical standards such as the Health Insurance Portability and Accountability Act (“HIPAA”), state-specific healthcare regulations, and relevant consumer privacy laws.
2. Company Overview
Blue Sails is a mental health practice dedicated to delivering compassionate, evidence-based care. We provide a range of outpatient services, including:
• Individual therapy
• Group therapy
• Psychiatric evaluations and medication management
• Virtual care options, including teletherapy and online IOP
We recognize the sensitivity of mental health information and are committed to maintaining the confidentiality, integrity, and security of the data entrusted to us. Our digital communication methods — such as email, phone, and SMS — are used solely to enhance the quality and continuity of care, and we implement industry-standard practices to ensure their responsible use.
3. Acceptance and Updates
By using our website or engaging with any of our services, you are consenting to the terms of this Privacy Policy, as well as any other applicable policies referenced herein. If you do not agree with our policies and practices, your choice is to not use our services.
We may update this Privacy Policy from time to time to reflect changes in our services, applicable laws, or best practices. When material changes are made, we will notify you through a prominent notice on our website or via email, as appropriate. We encourage you to periodically review this page for the latest information on our privacy practices. The “Last Updated” date at the top of this Policy will indicate when changes were last made.
________________________________________
II. Information We Collect
1. Personal Information
Blue Sails collects various types of information to provide high-quality mental health services, ensure client safety, fulfill legal obligations, and continuously improve our care delivery. The information we collect depends on your relationship with us and the services you use.
1. Personal Information
We may collect the following types of personal information directly from you:
• Contact and Identifying Information: Name, phone number, email address, mailing address, date of birth, and emergency contact information.
• Account Information: Username, password, insurance details, and other account registration data, when applicable.
• Health and Treatment Information: Mental health history, clinical assessments, diagnoses, session notes, medications, appointment records, and other data shared in the context of therapy, group sessions, medication management, or our online IOP.
• Communication Preferences: Consent to receive communications via email, phone, or text message, including for appointment reminders, follow-up care, or care coordination.
This information is generally collected when you fill out intake forms, create an account, contact our team, communicate with a provider, or use our services. Health-related information is managed in accordance with HIPAA and other applicable healthcare privacy laws.
2. Automatic Data Collection / Usage Data
When you visit our website or use our digital services, we may automatically collect information about your device and interactions, including:
• Technical Information: IP address, browser type, operating system, device identifiers, and access times.
• Usage Data: Pages visited, features used, time spent on pages, referral URLs, error logs, and other interaction data.
• Cookies and Similar Technologies: We use cookies and other tracking technologies to enhance user experience, support security, and understand how our services are being used. You can manage your cookie preferences through your browser settings.
This information helps us improve our website performance, troubleshoot issues, and tailor content to better meet client needs. It is typically collected in an aggregated or anonymized format but may be linked to your user account when necessary for service delivery or security.
3. Information from Third Parties
We may receive information about you from third-party sources, such as:
• Healthcare Providers and Affiliates: Referrals, prior medical history, or coordination details from other healthcare entities with your consent or as allowed by law.
• Insurance Companies: Eligibility, claims, or billing-related information for coverage and payment processing.
• Technology and Communication Platforms: Information provided by platforms we use to deliver services, such as telehealth sessions (e.g., Zoom), scheduling tools, or secure messaging platforms.
• Third-Party Consent Tools: If you’ve provided consent to receive communications via text or phone (e.g., by opting in through our website or intake process), those preferences may be recorded by external messaging providers consistent with legal requirements.
All third-party data is used only as needed to provide services to you or fulfill our legal or contractual obligations, and it is treated with the same level of confidentiality as data collected directly from you.
4. Children’s Information
Blue Sails does not knowingly collect personal information directly from individuals under the age of 18 without verified parental or legal guardian consent, in accordance with applicable laws. Our services may be provided to minors only under the supervision and authorization of a parent or guardian.
If we become aware that we have inadvertently collected personal information from a child without appropriate consent, we will take prompt steps to delete such information and take any further action required to comply with applicable laws.
________________________________________
III. How We Use Your Information
Blue Sails uses the information we collect to deliver personalized, effective, and compliant mental health services. Our use of your information is guided by our commitment to privacy, ethical clinical care, and legal standards such as HIPAA and other applicable privacy regulations.
1. To Provide Services
We use your personal and health information to:
• Deliver clinical care through individual therapy, group therapy, psychiatric evaluations, medication management, and our online Intensive Outpatient Program (IOP).
• Manage your relationship with Blue Sails, including creating and maintaining your client record.
• Schedule appointments, process billing, coordinate with insurance providers, and manage treatment logistics.
• Facilitate telehealth services through secure platforms and electronic health records (EHRs).
• Maintain internal clinical documentation and notes in accordance with professional licensing requirements and ethical standards.
All uses of Protected Health Information (PHI) for treatment, payment, or healthcare operations are conducted in accordance with HIPAA.
2. Communication Purposes
We may use your contact information to communicate with you in the following ways:
• Email and Phone Calls: For appointment scheduling, follow-up care, treatment planning, and administrative matters.
• Text Messages (SMS): For appointment reminders, service confirmations, and relevant updates. Text messages are only sent after obtaining your express consent, in accordance with applicable regulations and Zoom’s messaging requirements. Each message will clearly identify Blue Sails as the sender and will provide opt-out instructions (e.g., by replying “STOP”).
• Secure Messaging Tools: For clinical correspondence, care coordination, and secure file exchange when appropriate.
We limit the use of these communication channels to those necessary for delivering or supporting your care, and we implement safeguards to protect confidentiality.
3. Compliance with Laws and Regulations
We may use and disclose your information as required to:
• Comply with federal and state laws, including HIPAA and applicable telehealth and behavioral health regulations.
• Fulfill legal obligations such as responding to subpoenas, court orders, or other lawful government requests.
• Report suspected abuse, neglect, self-harm, or threats to others, as mandated by law and clinical duty.
• Participate in audits, investigations, licensing, and accreditation processes required for healthcare operations.
We disclose only the minimum necessary information to comply with these obligations and will notify you of such disclosures when required by law.
4. Marketing and Informational Outreach
Blue Sails does not sell your personal information or engage in third-party behavioral advertising. We may, however, use your information to:
• Send you updates about new services, practice announcements, or mental health resources, but only if you have opted in to receive such communications.
• Share newsletters, wellness tips, or other informational content related to mental health or the services we offer.
• Conduct satisfaction surveys to help improve our services.
You may opt out of receiving these non-essential communications at any time by using the unsubscribe link included in emails or replying with a recognized opt-out keyword to SMS messages (e.g., “STOP”).
We will not use or disclose your Protected Health Information for marketing purposes without your explicit written authorization, in compliance with HIPAA.
________________________________________
IV. Text Message and Phone Use Policy
Blue Sails uses phone and text message communications to enhance the delivery of our services, including appointment reminders, check-ins, and other important service-related updates. We take privacy and consent seriously, and all such communications are conducted in accordance with applicable federal, state, and carrier regulations, including those established by the Telephone Consumer Protection Act (TCPA), HIPAA, and others.
1. Consent for Messaging Campaigns
Before we send any text messages or initiate non-emergency phone calls, Blue Sails will obtain your explicit, informed consent. This consent:
• Is specific to the type of communication you will receive (e.g., appointment reminders, service updates).
• Applies only to Blue Sails and cannot be transferred or applied to messages from other organizations or unrelated services.
• Must be provided voluntarily and knowingly by the person receiving the communication.
• Is required even if you previously provided your phone number for other purposes (e.g., intake forms or billing).
If a significant amount of time has passed since consent was granted and no messages were sent, we will reconfirm your consent before initiating new messages.
2. Consent Records
Blue Sails maintains detailed records of your consent to receive text messages or automated phone calls. These records are securely stored and may include:
• The date and time your consent was obtained.
• The method through which consent was provided (e.g., online form, verbal confirmation, signed document).
• The specific phone number you provided for receiving communications.
• The type of messages you agreed to receive (e.g., reminders, updates, scheduling notices).
• A record of the confirmation message (if applicable) that acknowledged your opt-in.
These records are retained for at least four (4) years or as otherwise required by applicable law or platform guidelines, such as those established by Zoom and telecom providers.
3. Identification of Sender
Each text message or phone call initiated by Blue Sails will clearly identify us as the sender. For example:
“Blue Sails: Your appointment is confirmed for Wed at 2:00 PM. Reply STOP to opt out.”
This identification ensures that you always know who is contacting you and why.
4. Opt-Out Mechanism
You may revoke your consent and opt out of receiving future text messages or phone calls from Blue Sails at any time using one of the following methods:
• Text Messages: Reply with a recognized opt-out keyword such as “STOP,” “CANCEL,” “UNSUBSCRIBE,” or “QUIT.” These keywords will immediately suppress further communications to that number.
• Phone Calls: Let our staff know during a call, or contact us directly to request that your number be removed from outreach.
• Email: Send an opt-out request to [email protected] or call our office.
You will receive a final confirmation message (if permitted by law) acknowledging that you have unsubscribed. Opting out will not affect your access to clinical care; however, you may no longer receive appointment reminders or scheduling notifications unless you opt back in.
5. Usage and Limitations
We are committed to using phone and SMS communications responsibly and in a manner that protects your privacy:
• Message content will be limited to the purpose you consented to, such as logistical details or administrative communications.
• Protected Health Information (PHI) will not be shared via SMS or voicemail without appropriate safeguards and, when required, additional written authorization.
• No resale or purchase of phone lists: Blue Sails does not buy or sell phone numbers or consents. We do not send messages to contacts obtained from third-party sources.
• If you have consented to messaging through a third party (e.g., via an integrated patient platform), the consent will apply only to Blue Sails and the specified campaign or service.
• Excessive opt-out rates may trigger additional compliance reviews. In such cases, we reserve the right to modify our communication methods to ensure continued compliance with telecom carrier rules and best practices.
________________________________________
V. Disclosure of Information
We value your privacy and maintains strict policies regarding the disclosure of personal and health information. We do not sell or rent your personal information. We only share information when it is necessary to deliver our services, coordinate care, comply with the law, or support core business functions, and we do so in accordance with all applicable privacy and healthcare regulations, including the Health Insurance Portability and Accountability Act (HIPAA).
1. Service Providers
We may disclose limited personal information to trusted third-party service providers who assist us in operating our business and delivering services. These providers may include:
• Electronic health record (EHR) and telehealth platforms
• Billing and payment processors
• Secure messaging and communications platforms
• IT support and hosting services
• Customer service tools and scheduling systems
All service providers are contractually obligated to protect your information, use it only for the purposes specified by Blue Sails, and comply with applicable privacy laws. Where required, we enter into Business Associate Agreements (BAAs) to ensure that protected health information (PHI) is handled appropriately and securely.
2. Healthcare Providers / Coordination of Care
In support of your care, we may share relevant health information with:
• Licensed therapists and psychiatric providers within Blue Sails
• External healthcare providers (e.g., primary care physicians, specialists, pharmacies), with your authorization or as permitted by law
• Emergency contacts or crisis support services, when necessary to prevent harm or respond to an urgent clinical situation
These disclosures are made strictly for treatment, care coordination, or clinical decision-making and are consistent with our professional and legal obligations to safeguard your health information.
3. Legal Requirements
We may disclose your information when we are required to do so by law, including:
• In response to subpoenas, court orders, or other legal processes
• When necessary to comply with federal or state regulatory reporting obligations
• If required to report suspected abuse or neglect, or to respond to a credible threat of harm to self or others
• To cooperate with law enforcement or governmental agencies conducting investigations authorized by law
In all cases, we will limit disclosures to the minimum necessary information required to meet legal obligations, and we will notify you when such disclosures are made, unless prohibited by law.
4. Business Transfers
In the event of a business transition—such as a merger, acquisition, restructuring, or sale of assets—your information may be transferred as part of that transaction. If such a transfer occurs, we will ensure that the successor entity continues to uphold this Privacy Policy or provides a comparable level of privacy protection. We will notify you of any material changes to how your personal data is handled following a transfer.
________________________________________
VI. Data Security and Retention
1. Security Measures
We take reasonable and appropriate steps to protect the information we collect, store, and transmit, including:
• HIPAA-Compliant Systems: All electronic Protected Health Information (ePHI) is stored and transmitted using platforms that meet or exceed HIPAA security standards.
• Encryption: Data is encrypted both at rest and in transit, including communications sent via our client portal and telehealth tools.
• Access Controls: Access to sensitive information is restricted to authorized personnel who require it for treatment, operations, or compliance purposes. Staff are trained in privacy and data security best practices.
• Secure Infrastructure: We host data on secure servers with regularly updated firewalls, anti-malware protection, and monitoring systems.
• Incident Response: We maintain a formal incident response plan in the event of a suspected or confirmed data breach and will notify affected individuals as required by law.
While no system can guarantee absolute security, Blue Sails continually evaluates and enhances its security practices to mitigate potential risks.
2. Retention
We retain personal and health information only as long as necessary to:
• Provide ongoing therapy, psychiatry, and support services;
• Comply with legal, ethical, and regulatory obligations;
• Maintain required business and financial records; and
• Resolve disputes or enforce our agreements.
In general:
• Clinical Records: Client treatment records, including notes, session history, and communications, are retained for a minimum period required by applicable state laws (typically 7–10 years after the last date of service, or longer for minors, depending on state requirements).
• Communication Records: Emails, phone logs, and consent records (including for text messages) are retained in accordance with federal and carrier regulations—typically for at least four (4) years or as otherwise required.
• User Accounts: If you close your account or discontinue services, we may continue to retain relevant information for a limited period to comply with our legal obligations and allow for continuity of care if services resume.
Once data is no longer needed, we securely delete or de-identify it in accordance with industry standards and applicable legal requirements.
________________________________________
VII. Cookies and Online Tracking Technologies
We use cookies and similar tracking technologies to enhance the functionality and security of our website, improve the user experience, and gain insight into how visitors interact with our services. This section explains what these technologies are and how we use them.
1. Use of Cookies
Cookies are small data files stored on your device when you visit a website. They serve various functions, such as enabling website functionality, remembering your preferences, and providing anonymized usage data to help improve performance.
We use the following types of cookies on our website:
• Essential Cookies: These are necessary for basic website functionality and cannot be turned off in our systems. They are typically set in response to actions you take, such as logging in or filling out forms.
• Functional Cookies: These enhance your experience by remembering settings like language preferences or login details (if selected).
• Performance Cookies: These collect anonymous data about how visitors use our website (e.g., pages viewed, time spent, error messages) to help us improve website performance.
• Preference and Consent Cookies: These remember your privacy settings and consent selections related to tracking technologies.
Most web browsers allow you to manage cookies through your settings. Please note that disabling certain types of cookies may limit the functionality of parts of our website.
2. Analytics and Third-Party Tools
We may use third-party analytics tools, such as Google Analytics, Stape.io, or similar services, to help us understand website traffic patterns and user behavior. These tools may collect information such as:
• IP address and browser type
• Device and operating system details
• Pages visited and time spent on each page
• Referring URLs and exit pages
These third parties use cookies or similar technologies to provide their services and may use aggregated data for their own analytics purposes. However, no personally identifiable health information or Protected Health Information (PHI) is shared with these services unless expressly permitted by you and consistent with applicable privacy laws.
You can opt out of certain tracking by:
• Adjusting your browser settings to block cookies;
• Using browser extensions or plug-ins that block trackers;
• Opting out of Google Analytics using their browser add-on (available at: https://tools.google.com/dlpage/gaoptout).
For more information about the specific cookies and tools used on our site, or to update your cookie preferences, please refer to our Cookie Notice or the settings link provided on our website footer.
________________________________________
VIII. Rights and Choices
At Blue Sails, we believe that transparency and user empowerment are essential components of privacy. Whether you are using our services in person or via telehealth, you have rights regarding how your personal and health information is used, shared, and maintained. This section outlines the choices available to you and how to exercise them.
1. Access and Correction
You have the right to request access to the personal and health information we maintain about you. Upon request, and as permitted by law, we will provide you with a copy of your information in a commonly used format.
You also have the right to request that we correct or update inaccurate or incomplete information. Requests for access or correction can be made by contacting our privacy team at [email protected] or by calling our office directly.
In some cases, we may need to verify your identity before fulfilling your request. Certain legal or regulatory limitations may apply, and we will inform you if any restrictions prevent us from fulfilling your request in part or in full.
2. Marketing Opt-Out
Blue Sails may, from time to time, send informational emails about new services, wellness resources, or mental health updates. These communications are optional and distinct from essential service-related messages (such as appointment reminders or clinical updates).
You may opt out of receiving marketing or promotional emails at any time by:
• Clicking the unsubscribe link at the bottom of the message, or
• Contacting us at [email protected].
If you receive SMS text messages from us, you can opt out by replying with a recognized keyword such as “STOP” or “UNSUBSCRIBE.” Your decision to opt out of marketing communications will not affect your access to care or essential communications.
3. Telehealth-Specific Choices
Blue Sails offers a range of telehealth services, including individual therapy, group therapy, and psychiatric medication management via secure video and messaging platforms. You have the right to:
• Choose whether or not to participate in telehealth services;
• Request in-person care when available and clinically appropriate;
• Withdraw consent to telehealth services at any time;
• Choose or update your preferred method of communication (e.g., email, phone, text, secure portal).
Please note that certain communications, especially those involving appointment scheduling or follow-ups, may require specific contact methods to ensure timely care. If you wish to change how we communicate with you, please contact our administrative team.
4. HIPAA-Related Rights
If you are receiving clinical services from Blue Sails, your health information is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Under HIPAA, you have the right to:
• Receive a copy of our Notice of Privacy Practices, which explains how we use and share your health information;
• Request restrictions on how we use or disclose your information for treatment, payment, or healthcare operations;
• Request confidential communications (e.g., to receive communications at a specific phone number or mailing address);
• Receive an accounting of certain disclosures we have made of your health information;
• File a complaint with Blue Sails or with the U.S. Department of Health and Human Services (HHS) if you believe your rights have been violated.
To exercise any of these rights or to receive a copy of our Notice of Privacy Practices, please contact us using the contact information provided in the Contact Us section of this Privacy Policy.
________________________________________
IX. Children’s Privacy
Blue Sails is committed to protecting the privacy of children and complying with all applicable laws, including the Children’s Online Privacy Protection Act (COPPA) and state-specific requirements.
We do not knowingly collect personal information directly from individuals under 18 without verified parental or legal guardian consent. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so we can investigate and take appropriate action, including removing the information.
In situations where services are provided to minors (e.g., adolescent therapy), we collect, use, and disclose information only:
• With verified parental/legal guardian consent;
• In accordance with HIPAA and other relevant privacy laws; and
• For the sole purpose of providing mental health treatment.
Parents and legal guardians have the right to review, update, or request deletion of their child’s information, subject to legal and clinical limitations.

________________________________________
X. Third-Party Links
The Blue Sails website and communications may contain links to third-party websites or resources for your convenience, such as educational tools, community organizations, or partner platforms.
Please be aware:
• These third-party sites are not controlled or operated by Blue Sails;
• We are not responsible for the privacy practices, security policies, or content of any external websites;
• Your interactions with third-party sites are governed by their own privacy policies and terms of use.
We encourage you to review the privacy policies of any third-party site before providing any personal information. Inclusion of a link does not imply endorsement or affiliation.
________________________________________
XI. Changes to this Privacy Policy
Blue Sails may update or revise this Privacy Policy from time to time to reflect changes in our services, legal requirements, technology, or privacy practices.
When we make significant changes:
• We will post the updated Privacy Policy on our website with a revised “Last Updated” date at the top;
• We may also notify you directly via email or through a notice on our homepage or client portal.
We encourage you to periodically review this Policy to stay informed about how we protect your information. Continued use of our services after any updates constitutes your acceptance of the revised Policy.
________________________________________
XII. Contact Information
If you have any questions, concerns, or requests related to this Privacy Policy or how your personal information is handled, please contact us using the information below. We are committed to responding promptly and respectfully to all privacy-related inquiries.
Blue Sails Counseling and Consulting, Inc.
Attn: Privacy Officer
225 Town Square Dr, Suite 3, Lusby, MD 20657
Phone: 410-231-0488
Email: [email protected]
Website: www.bluesailscounseling.com
You may contact us to:
• Request access to or correction of your personal or health information;
• Update your communication preferences;
• Revoke consent for text or phone communications;
• Ask questions about our data practices;
• Submit a privacy complaint or concern.
If your concern involves Protected Health Information (PHI) and is not resolved to your satisfaction, you also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), at www.hhs.gov/ocr/privacy/hipaa/complaints.
Your trust is important to us, and we are committed to protecting your privacy while delivering compassionate, high-quality care.
________________________________________