Legal

Privacy Policy

How Now & Zen Wellness collects, uses, and protects your information — and your rights under Florida and federal law.

Last Updated: April 23, 2025

Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. HIPAA & Protected Health Information
  5. Florida Privacy Laws
  6. Information Sharing & Disclosure
  7. Cookies & Website Tracking
  8. Data Security
  9. Your Rights
  10. Minors
  11. Changes to This Policy
  12. Contact Us

Plain-language summary: We are a licensed mental health practice. We collect only what is necessary to provide you with care. Your health information is protected by HIPAA and Florida law. We do not sell your data. You have meaningful rights over your information.

1. Who We Are

Now & Zen Wellness is a private mental health practice owned and operated by Douglas Carmody, LCSW, a Licensed Clinical Social Worker licensed in the State of Florida (License #SW24424). Our office is located at 14021 N Dale Mabry Hwy, Tampa, FL 33618.

This Privacy Policy applies to information collected through this website (nowandzenwellness.com), through our contact forms, and through the initiation of a therapeutic relationship. It does not apply to information collected through our electronic health records or practice management system, which is governed by a separate Notice of Privacy Practices provided to all clients at the start of treatment.

For questions about this policy, contact us at: douglascarmody@nowandzenwellness.com or (656) 789-3112.

2. Information We Collect

Information You Provide Directly

When you contact us, complete a form, or initiate a consultation, we may collect:

  • Your name, email address, and phone number
  • General information about what you are seeking help with
  • Insurance provider information
  • Preferred appointment times and communication preferences
  • Any other information you voluntarily provide in your message

Information Collected Automatically

When you visit our website, standard web server logs and analytics tools may collect:

  • Your IP address and general geographic location (city/region level)
  • Browser type and operating system
  • Pages visited and time spent on each page
  • Referring website or search query that brought you to our site
  • Date and time of your visit

This information is collected in aggregate and is not used to identify you personally.

Information Collected During Treatment

Once a therapeutic relationship begins, we collect clinical information necessary to provide care. This information is Protected Health Information (PHI) under HIPAA and is governed by our Notice of Privacy Practices, not this website privacy policy.

3. How We Use Your Information

We use the information we collect only for the following purposes:

  • Responding to inquiries. To answer your questions and schedule consultations.
  • Providing services. To deliver therapy, coordinate care, and manage appointments.
  • Billing and insurance. To process payments and submit insurance claims when applicable.
  • Legal compliance. To meet our obligations under HIPAA, Florida law, and professional licensing requirements.
  • Website improvement. To understand how visitors use our site and improve our content.
  • Safety. To prevent, investigate, or respond to fraud, security threats, or illegal activity.

We do not use your information for marketing, advertising targeting, or any automated profiling. We do not sell, rent, or trade your personal information to any third party.

4. HIPAA & Protected Health Information

As a licensed mental health provider, Now & Zen Wellness is a HIPAA-covered entity subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Your Notice of Privacy Practices

At the beginning of treatment, you will receive — and be asked to acknowledge — our Notice of Privacy Practices (NPP). The NPP explains in full detail:

  • How we may use and disclose your Protected Health Information (PHI)
  • Your rights regarding your health information
  • Our duties to protect your information
  • How to file a complaint if you believe your privacy rights have been violated

Mandatory Disclosures

Florida law and the ethical standards of licensed clinical social workers require us to disclose confidential information — without your consent — in the following circumstances:

  • When there is a credible threat of harm to yourself or an identifiable third party
  • When there is reasonable suspicion of child abuse, elderly abuse, or abuse of a vulnerable adult (Florida Statutes §39.201, §415.1034)
  • When ordered by a court of competent jurisdiction
  • When required by the Florida Department of Health for licensing investigations
  • When you are a danger to yourself and emergency intervention is required under the Baker Act (Florida Statutes §394.463)

Telehealth

Telehealth services are provided through HIPAA-compliant, encrypted video platforms. Your consent to telehealth treatment, including its benefits and limitations, is obtained separately before services begin.

5. Florida Privacy Laws

In addition to HIPAA, our practice is governed by several Florida-specific statutes that protect your privacy and define our obligations:

Florida Mental Health Act (Baker Act) — §394.451 et seq.

Governs voluntary and involuntary mental health treatment, including when confidentiality may be overridden for emergency safety reasons.

Florida Marchman Act — §397.301 et seq.

Governs substance abuse treatment and related confidentiality protections, which in some cases are stricter than HIPAA requirements.

Florida Confidentiality of Communications with Psychotherapist — §90.503

Establishes a psychotherapist-patient privilege protecting communications between a licensed mental health professional and their patient from compelled disclosure in legal proceedings, with defined exceptions.

Florida Social Work Practice Act — §491

Establishes confidentiality obligations for Licensed Clinical Social Workers and the circumstances under which disclosure is permitted or required.

Florida Child Abuse Reporting — §39.201

Requires mandatory reporting of known or reasonably suspected child abuse, abandonment, or neglect. As a mandated reporter, we are legally required to report such suspicions to the Florida Department of Children and Families (DCF).

Florida Adult Protective Services Act — §415.1034

Requires mandatory reporting of known or reasonably suspected abuse, neglect, or exploitation of vulnerable adults (persons 18 or older who are unable to protect their own interests).

Florida Information Protection Act (FIPA) — §501.171

Requires businesses that collect personal information about Florida residents to implement reasonable security measures and notify affected individuals in the event of a data breach. If a security breach occurs that affects your personal information, we will notify you as required by FIPA within the legally required timeframe.

Note: The Florida Digital Bill of Rights (SB 262, effective July 2023) primarily applies to large commercial data controllers with annual revenue exceeding $1 billion. As a small private practice, we are not subject to that statute; however, we voluntarily uphold its core principles of transparency, data minimization, and individual rights.

6. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share limited information only in the following circumstances:

Treatment, Payment, and Healthcare Operations

As permitted by HIPAA, we may share your Protected Health Information with other treating providers, insurance companies for billing purposes, and within our practice for administrative purposes. Any such disclosure is governed by our Notice of Privacy Practices.

Service Providers

We use a small number of third-party service providers to operate our website and practice, including:

  • Practice management / EHR software — for scheduling, billing, and clinical notes (HIPAA Business Associate Agreement in place)
  • Secure video platform — for telehealth sessions (HIPAA-compliant)
  • Website hosting — for serving this website (no health information stored)
  • Email service — for responding to general inquiries (do not include clinical information)

All service providers with access to Protected Health Information have signed a HIPAA Business Associate Agreement (BAA).

Legal Requirements

We may disclose your information if required by law, court order, subpoena, or government investigation, to the extent required and no more.

Emergency Situations

In life-threatening emergencies, we may disclose necessary information to emergency services or healthcare providers to protect your life or the life of another person.

7. Cookies & Website Tracking

Our website uses minimal tracking technology:

Essential Cookies

We may use session cookies necessary for the website to function properly. These expire when you close your browser and contain no personal information.

Analytics

We may use basic analytics tools to understand how visitors use our site (pages visited, time on site, referral source). This data is collected in aggregate and is not linked to your identity. We do not use it to build advertising profiles.

No Third-Party Advertising Trackers

We do not use Facebook Pixel, Google Ads tracking, or other advertising trackers on this website. We do not use your visit data for retargeted advertising.

Your Browser Controls

You can control or disable cookies through your browser settings. Disabling cookies will not affect your ability to use this website or contact us.

8. Data Security

We take reasonable and appropriate technical, administrative, and physical safeguards to protect the information we collect, including:

  • SSL/TLS encryption for all data transmitted through this website
  • HIPAA-compliant systems for all clinical and health information
  • Secure, encrypted telehealth platforms for video sessions
  • Access controls limiting who can access client information
  • Regular review of our security practices

No method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you as required by the Florida Information Protection Act (§501.171) and HIPAA Breach Notification Rule (45 CFR §164.400 et seq.).

Important: Please do not send sensitive clinical information (diagnoses, medication details, detailed mental health history) via the contact form or email. For secure clinical communication, we will provide you with a HIPAA-compliant method after your care begins.

9. Your Rights

Rights Regarding Your Health Information (HIPAA)

As a patient or prospective patient, you have the following rights regarding your Protected Health Information:

  • Right to Access. Request a copy of your health records in a readable format.
  • Right to Amend. Request corrections to information you believe is inaccurate or incomplete.
  • Right to an Accounting of Disclosures. Request a list of disclosures we have made of your health information.
  • Right to Request Restrictions. Request restrictions on how we use or disclose your health information (we may not always be able to agree, but we will consider all requests).
  • Right to Confidential Communications. Request that we contact you by specific means or at a specific location.
  • Right to a Paper Copy of the Notice of Privacy Practices. Available upon request at any time.

Rights Regarding Website Information

  • Right to Know. You have the right to know what personal information we have collected about you through this website.
  • Right to Delete. You may request deletion of personal information we collected through website contact forms, subject to legal retention requirements.
  • Right to Opt Out. You may opt out of any analytics tracking by using browser privacy settings or a privacy-focused browser extension.

Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with:

You will not be retaliated against for filing a complaint.

10. Minors

This website is not directed toward children under the age of 13. We do not knowingly collect personal information from children under 13 through this website. If you believe a child under 13 has provided us with personal information, please contact us immediately so we can delete it.

For clients between the ages of 13 and 17, Florida law (§394.4615 and §490.0147) grants minors certain rights regarding the confidentiality of mental health treatment, and we take those rights seriously. Parents or guardians of minor clients will receive specific information about consent and confidentiality at the start of treatment.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page.

We encourage you to review this policy periodically. Continued use of our website after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the handling of your information, please contact us:

We will respond to all privacy-related requests within 30 days of receipt, as required by applicable law.

Questions about your privacy?

We're here to answer them — before, during, or after care. Transparency is part of how we practice.

Contact Us Directly