Privacy Policy

		
			
				
				Privacy Policy

				
					
ijayMD Mental Health & Wellness Care, doing business as ijayMD.com
Effective Date: October 31st, 2025
Version: 1.0
Important Safety Note: ijayMD provides scheduled telepsychiatry care and is not an emergency service. If you are in crisis, call 911 or 988.



At‑a‑Glance

 	We provide telepsychiatry services to adults and adolescents in Maryland.
 	We collect clinical intake information (PHI) on our website and in our EMR. We treat all such information as Protected Health Information (PHI) under HIPAA.
 	We own and operate the CliniClark EMR connector as applicable.
 	Live video visits may occur via Zoom, Google Meet, or Whereby using HIPAA‑eligible business services with Business Associate Agreements (BAAs) and with recording disabled by default.
 	Payments (deposits and session balances) are processed through Stripe. We do not accept insurance.
 	For site visitors, we use limited cookies/analytics.
 	Questions or privacy requests: 200 Washington Avenue, Floor 5 PMB 1003, Towson, MD 21204 • 443-371-3181 • support@ijayMD.com. Privacy Officer: privacyofficer@ijayMD.com.




1) Who We Are
This Privacy Policy explains how ijayMD Mental Health & Wellness Care ("ijayMD") handles information when you visit ijayMD.com (the "Site"), submit clinical intake through the Site, use our patient portal(s), or otherwise interact with our services. We are a HIPAA covered entity when providing health care services. This Policy covers: (a) Website Data (non‑PHI) and (b) PHI collected for care.
2) What We Collect
A. PHI (Clinical)
We collect PHI that you provide to establish and deliver care, such as:

 	Identification and demographics; emergency contacts.
 	Medical/psychiatric history, medications, allergies, screening tools (e.g., PHQ‑9/PHQ‑A, GAD‑7, SCARED, Vanderbilt).
 	Visit logistics (location verification each telehealth visit, preferred pharmacy).
 	Payment and billing details associated with care (excluding full card numbers which are processed by Stripe).
 	ROI (Release of Information) preferences for coordination with other providers/schools/OB.

PHI may be captured (i) on secure intake forms hosted on ijayMD.com that are integrated with our EMR; (ii) directly in the EMR portal(s); and (iii) during telehealth sessions.
B. Website Data (Non‑PHI)

 	Device/usage data (IP address, browser type, pages viewed, timestamps).
 	Cookie/analytics data (see §10).
 	General inquiries (name/contact) when you reach out for non‑clinical questions.

3) How We Use Information
For PHI (subject to HIPAA and our NPP)

 	Treatment: evaluation, diagnosis, prescribing/medication management, coordination with other providers with your authorization where required.
 	Payment: if enabled on the Site, payment details are processed by Stripe, Square, Zelle, Cash App, and/or PayPal. We do not store full card numbers; processors may store tokenized details to keep a card on file. Deposits and session payments; receipts/statements for self‑pay; Good Faith Estimate process.
 	Health Care Operations: quality improvement (Measurement‑Based Care), scheduling, auditing, compliance, security, and training.

For Website Data

 	Operate, secure, and improve the Site and CliniClark connector.
 	Respond to non‑clinical inquiries and manage appointment logistics.
 	Analyze aggregated content performance and detect/prevent fraud or abuse.

4) Where We Store and Process PHI

 	CliniClark EMR.
 	Encrypted backups and secure infrastructure with role‑based access, least‑privilege, MFA for workforce users, and audit logging/log scrubbing consistent with our incident response plan.
 	We do not store full payment card numbers; Stripe is our processor for card data.

5) Telehealth Platforms
We may conduct visits via Zoom, Google Meet, or Whereby using HIPAA‑eligible enterprise services with BAAs in place and recording disabled by default. You agree to join from a private, quiet location, use up‑to‑date software, and not record sessions without our written consent. If a platform outage occurs, we may switch platforms or reschedule.
6) Disclosures of Information
We may share information as follows:

 	Service Providers/Processors: hosting, security/CDN, email/SMS logistics, video platforms, eFax, analytics, and payment processing, under contracts and (where applicable) BAAs.
 	Care Coordination: with your authorization (ROI) or as permitted by law (e.g., emergencies, threats to safety).
 	Legal/Regulatory: to comply with law, respond to lawful requests, or protect rights, safety, and security.
 	Business Operations: professional advisors (legal, accounting) under confidentiality.
We do not sell personal information.

7) Data Retention

 	PHI: retained per HIPAA and state law medical record requirements.
 	Payments/Accounting: typically 7 years.
 	Server/ Security Logs: typically 30–180 days.
 	Cookies/Analytics: per tool defaults; see §10 and our Cookie Disclosure.

8) Security Measures
We employ administrative, technical, and physical safeguards appropriate to PHI and website data, including TLS (HTTPS), encryption at rest where supported, MFA, role‑based access, routine patching, vulnerability management, workforce training, and vendor management with BAAs where applicable. No system can be 100% secure, but we continuously improve our controls.
9) Your Rights

 	PHI Rights (HIPAA): access/copies, amendments, restrictions, confidential communications, accounting of disclosures, right to receive a paper copy of the Notice of Privacy Practices (NPP), and right to file a complaint without retaliation. Requests must be made through the EMR/Privacy Officer.
 	Website Data: depending on your jurisdiction, you may have rights to access, correct, or delete certain personal data; contact our Privacy Officer.

10) Cookies & Tracking
We use: (a) strictly necessary cookies (security/session), (b) functional cookies (preferences), and (c) analytics cookies to understand aggregated usage. Optional advertising/retargeting pixels are used only with your opt‑in and never based on PHI. Manage preferences via our cookie banner and browser settings. We currently do not respond to "Do‑Not‑Track" signals.
11) Children’s Privacy
We provide services for adolescents through their caregivers. We do not knowingly collect Website Data from children under 13 without parental involvement. Clinical services for minors require appropriate guardian consent and minor assent under Maryland law.
12) International Visitors
We primarily serve individuals located in Maryland via telehealth. If you access from outside the U.S., your information will be processed in the U.S. and subject to U.S. law.
13) Communications

 	Care communications occur via our EMR portal(s) and secure channels.
 	Email/SMS logistics (e.g., reminders) are kept free of PHI where feasible unless you consent to secure alternatives.
 	Marketing is sent only with your explicit opt‑in and can be withdrawn at any time.

14) Breach Notification
If we discover a breach of unsecured PHI, we will provide notifications as required by HIPAA and applicable state law, including to you, HHS, and (if required) the media.
15) Limitations of Liability (Privacy Context Only)
To the maximum extent permitted by law, ijayMD and its officers, employees, and agents shall not be liable for: (a) losses arising from your failure to follow your obligations (e.g., joining visits from non‑private locations, sharing your device, or forwarding links), (b) events beyond our reasonable control (internet/hosting outages, third‑party network failures), or (c) your installation/use of unpatched or insecure software/hardware. Nothing in this Policy limits liability for willful misconduct, gross negligence, or obligations we cannot disclaim under HIPAA or Maryland law. Broader limitations of liability and dispute terms are set out in our Terms of Use, which govern your use of the Site.
16) Your Responsibilities
You agree to:

 	Provide accurate information and avoid including PHI in unencrypted email/SMS.
 	Use only our designated secure forms/portals for clinical matters and payment.
 	Join telehealth sessions from a private location and with a reliable connection.
 	Keep your portal credentials confidential and notify us of suspected unauthorized access.

17) Changes to This Policy
We may update this Policy from time to time. The Effective Date and Version above show the latest revision. Material changes will be posted on this page and, when appropriate, communicated by reasonable means (e.g., banner notice). Continued use of the Site after posting means you accept the updated Policy.
18) Contact Us
ijayMD Mental Health & Wellness Care d/b/a ijayMD.com
Address: 200 Washington Avenue, Floor 5 PMB 1003, Towson, MD 21204
Phone: 443-371-3181
Email: support@ijayMD.com
Privacy Officer: privacyofficer@ijayMD.com



Cross‑References

 	Notice of Privacy Practices (NPP) (controls PHI rights and HIPAA uses/disclosures).
 	Terms of Use (website governance, broader limitation of liability, governing law: Maryland).
 	Telepsychiatry Consent
 	Financial Policy
 	Messaging & Communications Policy
 	Cookie & Tracking Disclosure.

 				
				
					You are agreeing to version: 1.0				
				
				

				
					Full Name *
					
				
				
				
					Email Address *
					
				

				
					Title *
					
				

				
					Practice / Clinic Name (Optional)
					
				

				
					
					By checking this box, I confirm that I have read, understood, and agree to be bound by the terms of the Privacy Policy listed above. *
At‑a‑Glance

1) Who We Are

2) What We Collect

A. PHI (Clinical)

B. Website Data (Non‑PHI)

3) How We Use Information

For PHI (subject to HIPAA and our NPP)

For Website Data

4) Where We Store and Process PHI

5) Telehealth Platforms

6) Disclosures of Information

7) Data Retention

8) Security Measures

9) Your Rights

10) Cookies & Tracking

11) Children’s Privacy

12) International Visitors

13) Communications

14) Breach Notification

15) Limitations of Liability (Privacy Context Only)

16) Your Responsibilities

17) Changes to This Policy

18) Contact Us

Cross‑References

Pages

Services

Get Care
