/* global React */ function PrivacyPage({ navigate }) { const sections = [ { id: "introduction", h: "Introduction", body: ( <>

I.O.U. Counseling Services ("we," "us," or "our") is a Maryland-based mental health counseling practice operated by Gene Groves, LCPC, NCC, a Licensed Clinical Professional Counselor regulated by the Maryland Board of Professional Counselors and Therapists. We are committed to protecting your privacy and the confidentiality of your protected health information (PHI) as required by federal and Maryland law.

This Privacy Policy describes how we collect, use, share, and safeguard information when you visit our website, contact us, or engage in counseling services. It is designed to comply with the Health Insurance Portability and Accountability Act (HIPAA), the Maryland Confidentiality of Medical Records Act (MCMRA, Md. Code Ann., Health-Gen. §§ 4-301 et seq.), the Maryland Personal Information Protection Act (MPIPA, Md. Code Ann., Com. Law §§ 14-3501 et seq.), and the regulations governing Maryland-licensed clinical professional counselors (COMAR 10.58).

By using this website or our services, you agree to the practices described in this policy. If you do not agree, please do not use the site or submit any information through it.

) }, { id: "scope", h: "Scope of This Policy", body: ( <>

This Privacy Policy applies to information collected through this website and through our intake, scheduling, and counseling processes. It works alongside, but does not replace, our HIPAA Notice of Privacy Practices, which is provided separately at the start of services and governs the use and disclosure of your protected health information once you become a client. Where Maryland law (including the MCMRA) provides greater protection than HIPAA, Maryland law controls.

) }, { id: "information", h: "Information We Collect", body: ( <>

We may collect the following categories of information:

Information you provide directly: name, email, phone number, mailing address, reason for inquiry, and any details included in contact or intake forms.
Health and mental health information: once you become a client, we collect health, mental health, and treatment-related information necessary to provide counseling services. This information is treated as a "medical record" under the MCMRA and as PHI under HIPAA.
Personal information protected under Maryland law: Social Security numbers, government-issued ID numbers, financial account information, health insurance identifiers, and biometric information, where collected, are treated as "personal information" under MPIPA and protected accordingly.
Payment information: billing details collected through a secure third-party payment processor. We do not store full credit card numbers on our systems.
Automatically collected data: device type, browser, IP address, pages viewed, and approximate location, collected through standard web analytics and cookies.
Communications: emails, voicemails, and form submissions you send to us.

) }, { id: "use", h: "How We Use Your Information", body: ( <>

We use the information we collect to:

Respond to inquiries and schedule consultations.
Provide, coordinate, and document counseling services.
Process payment and manage billing.
Comply with legal, ethical, and regulatory obligations applicable to licensed mental health professionals.
Maintain and improve the security and functionality of our website.
Send service-related communications (e.g., appointment reminders or policy updates).

We do not sell your personal information, and we do not use protected health information for marketing without your written authorization.

) }, { id: "sharing", h: "How We Share Information", body: ( <>

Under the Maryland Confidentiality of Medical Records Act, your medical record may not be disclosed without your written authorization except in narrowly defined circumstances. Consistent with the MCMRA, HIPAA, and applicable counselor licensure regulations, we share information only as necessary and as permitted by law, including:

Treatment, payment, and operations: with insurers, billing services, or other providers as part of your care, consistent with HIPAA and MCMRA § 4-305.
Service providers: vetted vendors who support our practice (e.g., HIPAA-compliant electronic health records, telehealth platforms, scheduling tools, and payment processors). These vendors are bound by confidentiality and Business Associate Agreements where required.
Court orders, subpoenas, and legal process: in response to a valid court order, or, where permitted, a subpoena accompanied by required notice or authorization, in the manner specified by Maryland law.
Mandated reporting and safety obligations: to report suspected child abuse or neglect (Md. Code Ann., Fam. Law § 5-704) or suspected abuse of a vulnerable adult (Md. Code Ann., Fam. Law § 14-302), and to take protective steps where there is a serious and imminent threat of harm to you or an identifiable person, consistent with our duty to warn or protect.
Public health and regulatory authorities: when required by law (e.g., communicable disease reporting under Md. Code Ann., Health-Gen. § 18-201).
Insurance fraud and audits: as required by insurers, regulators, or auditors, consistent with applicable law.
With your written authorization: for any purpose you specifically authorize in writing, which you may revoke at any time except to the extent action has already been taken in reliance on it.

Maryland law affords heightened protection to certain categories of information, including mental health records, HIV/AIDS status, and substance use disorder records (the latter also protected by 42 C.F.R. Part 2). Disclosures of these records require specific authorization or a recognized legal exception.

We do not sell your personal information.

) }, { id: "telehealth", h: "Telehealth & Electronic Communication", body: ( <>

Counseling sessions are provided via secure, HIPAA-compliant telehealth platforms, and we follow the Maryland Board of Professional Counselors and Therapists' telehealth standards (COMAR 10.58.16) and applicable Maryland telehealth statutes. Telehealth services are generally available to clients physically located in states where the provider is licensed; please confirm your location at the start of each session.

While we use reasonable safeguards to protect electronic communications, no method of transmission over the internet is fully secure. Email, text, and contact-form messages should not be used to share sensitive clinical information or in any urgent or emergency situation. If a session is interrupted by a technology failure, we will follow up by phone using the contact information on file.

) }, { id: "cookies", h: "Cookies & Analytics", body: ( <>

Our website may use cookies and similar technologies to remember preferences, understand site traffic, and improve performance. You can disable cookies through your browser settings; some site features may not function correctly without them. We do not knowingly use tracking technologies to identify visitors as clients or to share PHI with third-party advertisers.

) }, { id: "security", h: "Data Security & Breach Notification", body: ( <>

We use administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your information, including encrypted storage, access controls, and HIPAA-compliant vendors. No system is perfectly secure; we cannot guarantee absolute security.

In the event of a security breach involving unencrypted personal information protected under the Maryland Personal Information Protection Act, we will notify affected Maryland residents as soon as reasonably practicable, and in any event consistent with the timing requirements of Md. Code Ann., Com. Law § 14-3504, and will notify the Maryland Office of the Attorney General when required. Breaches involving PHI will additionally be handled in accordance with the HIPAA Breach Notification Rule.

) }, { id: "retention", h: "Data Retention", body: ( <>

Clinical records of adult clients are retained for at least the period required by Maryland law and the regulations of the Maryland Board of Professional Counselors and Therapists, currently a minimum of seven (7) years from the date of last contact for adult clients. For clients who were minors at the time of service, records are retained for at least seven (7) years from the date of last contact or until three (3) years after the client reaches the age of majority, whichever is later. Some records (e.g., billing records) may be retained longer where required by tax, insurance, or other applicable law.

Inquiry-only information not associated with a client relationship is retained only as long as needed to respond to your request, then securely disposed of in a manner consistent with Md. Code Ann., Com. Law § 14-3502 (secure destruction of personal records).

) }, { id: "rights", h: "Your Rights Under Maryland & Federal Law", body: ( <>

As a Maryland resident and/or client, you may have the right to:

Inspect and obtain a copy of your medical record, in accordance with the MCMRA (Md. Code Ann., Health-Gen. § 4-304) and HIPAA. Maryland law generally requires us to respond within 21 working days for in-state requests and 30 working days for out-of-state requests, and limits copying fees to amounts set by statute and updated annually by the Maryland Health Care Commission.
Request that information you believe is inaccurate be amended (Health-Gen. § 4-304).
Request restrictions on certain uses or disclosures of your PHI.
Receive an accounting of certain disclosures of your PHI.
Request confidential communications at an alternate address or by alternate means.
Withdraw a previously granted authorization, in writing, at any time, except to the extent action has already been taken in reliance on it.
Receive a paper copy of our HIPAA Notice of Privacy Practices upon request.
File a complaint with us, with the U.S. Department of Health & Human Services Office for Civil Rights, with the Maryland Board of Professional Counselors and Therapists, or with the Maryland Office of the Attorney General. We will not retaliate against you for filing a complaint.

Detailed information about your rights as a client is provided in our HIPAA Notice of Privacy Practices, which is delivered at intake.

) }, { id: "minors", h: "Minors", body: ( <>

Maryland law (Md. Code Ann., Health-Gen. § 20-104) permits a minor to consent to certain mental health services without parental consent under specified conditions. Where a minor has lawfully consented to treatment, the minor's records are treated with the confidentiality protections required by Maryland law. Where a parent or guardian has consented to a minor's treatment, access to records is governed by the MCMRA and HIPAA.

This website is intended for adults. We do not knowingly collect information from children under 13 through this website. If you believe a child has provided information through the site, please contact us so we can remove it.

) }, { id: "links", h: "Third-Party Links", body: ( <>

Our site may contain links to external websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party site you visit.

) }, { id: "changes", h: "Changes to This Policy", body: ( <>

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page reflects the most recent revision. Material changes will be communicated through the website or, where appropriate, directly to active clients.

) }, { id: "contact", h: "Contact & Complaints", body: ( <>

For questions about this Privacy Policy, to exercise your rights, or to request a copy of our HIPAA Notice of Privacy Practices, please contact:

Practice I.O.U. Counseling Services

Provider Gene Groves, LCPC, NCC

Email gene.groves@ioucounselingservices.com

Phone 202-286-8811

You may also file a complaint with:

Maryland Board of Professional Counselors and Therapists: 4201 Patterson Avenue, Baltimore, MD 21215.
Maryland Office of the Attorney General, Consumer Protection Division: for concerns regarding personal information or breach handling.
U.S. Department of Health & Human Services, Office for Civil Rights: for HIPAA-related concerns.

) } ]; return (

{/* Hero */}

Legal & Privacy

Privacy Policy

Last updated: April 2026

Your privacy is foundational to the work we do together. This policy explains what information we collect, how it's used, and the safeguards in place to protect it.

{/* Body */}

{/* TOC */} {/* Content */}

{sections.map((s) => (

{s.h}

{s.body}

))}

This Privacy Policy is provided for informational purposes and is not a substitute for legal advice or for the HIPAA Notice of Privacy Practices, which governs the use and disclosure of your protected health information once you become a client and is delivered at intake. Where Maryland law (including the Maryland Confidentiality of Medical Records Act) provides greater protection than HIPAA, Maryland law controls.

{e.preventDefault();navigate("/contact");}}> Contact Gene

); } window.PrivacyPage = PrivacyPage;