Notice of Privacy Practices

About This Notice & Our Practice

The Foval Group LLC dba Reset. Transform. RISE! Life Transformation and Coaching Services ("we," "us," "our," or "the Practice") is a hybrid private practice providing mental health therapy, addiction counseling, life coaching, and business consulting services. Services are delivered in-person at third-party private locations and via HIPAA-compliant telehealth technology.

We are a Covered Entity and/or Business Associate as defined under HIPAA. We are required by law to: (1) maintain the privacy of your Protected Health Information (PHI); (2) provide you with notice of our legal duties and privacy practices; (3) notify you in the event of a breach of unsecured PHI; and (4) follow the terms of the Notice currently in effect.

We are also subject to the requirements of 42 C.F.R. Part 2 with respect to records related to substance use disorder (SUD) treatment provided under our Minnesota LADC licensure and 245G program authorization. These records carry additional, more stringent protections than HIPAA alone.

Protected Health Information (PHI)

Protected Health Information (PHI) means individually identifiable health information that is created, received, maintained, or transmitted by our Practice in any form — electronic, paper, or oral. PHI includes, but is not limited to:

• Your name, address, date of birth, Social Security number, or other demographic identifiers
• Information about your past, present, or future physical or mental health conditions
• Substance use disorder treatment records maintained under our 245G program
• Information about healthcare services provided to you, including session notes, assessments, treatment plans, and diagnoses
• Information about payment for healthcare services, including insurance billing information
• Electronic PHI (ePHI) transmitted through secure telehealth platforms, patient portals, or encrypted email
• Business consulting client records (where a therapeutic or coaching relationship exists)

How We May Use and Disclose Your PHI

A. Uses and Disclosures Requiring Your Written Authorization

Except as described below, we will use and disclose your PHI only with your prior written authorization. You may revoke any authorization at any time, in writing, except where we have already acted in reliance on your authorization. Authorization must be specific, time-limited, and signed. We will not use PHI for marketing purposes, sell PHI, or use psychotherapy notes for any purpose without separate explicit written authorization.

B. Uses and Disclosures for Treatment

We may use and disclose your PHI to provide, coordinate, or manage your mental health treatment, addiction counseling, coaching, or other healthcare services. For example, we may share information with:

• Your supervising licensed professional (as required for pre-licensed practice under MN-BBHT supervision)
• Referring providers, primary care physicians, or specialists when clinically appropriate and authorized
• Substitute clinicians or clinical supervisors who cover treatment in the provider's absence
• Other treating professionals with whom you have authorized coordination

C. Uses and Disclosures for Payment

We may use and disclose your PHI to obtain payment for services. This may include submitting claims to your health insurance company, verifying insurance coverage, or pursuing collection of balances owed. We may disclose PHI to a collection agency or attorney if necessary for unpaid balances; however, substance use disorder records under 42 C.F.R. Part 2 may never be disclosed to a third-party debt collector without your specific written consent.

D. Uses and Disclosures for Healthcare Operations

We may use or disclose PHI for our internal operations, including:

• Quality assessment and improvement activities
• Clinical supervision and training of student interns (with appropriate confidentiality agreements)
• Compliance with HIPAA, 42 C.F.R. Part 2, and applicable licensing board requirements
• Business planning and development (using de-identified data only)
• Legal and risk management activities

Disclosures Permitted Without Your Authorization

Applicable federal and Minnesota law permit or require us to disclose PHI without your consent in specific circumstances:

Special Categories Receiving Enhanced Protection

Mental Health Records (Minn. Stat. § 144.293 – § 144.295)

Minnesota law provides that mental health records — including psychotherapy notes, diagnostic and treatment information — may not be disclosed without your specific written consent, except as otherwise provided by law. These protections are more stringent than general HIPAA requirements and are strictly observed by this practice.

Substance Use Disorder Records (42 C.F.R. Part 2)

Records relating to your participation in our substance use disorder (SUD) treatment and addiction counseling program are protected by federal law under 42 C.F.R. Part 2. These records may not be disclosed without your specific written consent, except:

• To medical personnel in a bona fide medical emergency
• To qualified personnel for research, audit, or program evaluation (with appropriate data protections)
• As ordered by a court for good cause
• To report suspected child abuse or neglect (disclosure limited to the report itself)
• To a crime victim if you threaten them in the treatment program

Federal law prohibits unauthorized disclosure of SUD records in criminal, civil, administrative, or legislative proceedings. This prohibition is strictly enforced.

HIV/AIDS Status

Information relating to HIV/AIDS status is subject to enhanced protections under Minn. Stat. § 144.7408 and may not be disclosed without specific written consent except in narrowly defined circumstances.

Genetic Information

Genetic information is protected under the Genetic Information Nondiscrimination Act (GINA), 42 U.S.C. § 2000ff, and Minn. Stat. § 144.7751 et seq. We will not use or disclose genetic information for underwriting purposes.

Telehealth Services, Technology & ePHI Security

HIPAA-Compliant Telehealth Platforms

All telehealth services are delivered exclusively through HIPAA-compliant platforms with end-to-end encryption and signed Business Associate Agreements (BAAs). Consumer applications (standard Skype, FaceTime, regular Zoom without BAA) are not used for clinical services. Approved platforms include those compliant with HHS guidance at 45 C.F.R. § 164.312 (Technical Safeguards).

Minnesota Telehealth Law Compliance

We comply with Minnesota telehealth statutes including:

• Minn. Stat. § 62A.672 — Definitions of telehealth and interactive video
• Minn. Stat. § 62A.673 — Insurance coverage parity for telehealth services
• DHS Telehealth Provider Assurance Statement (DHS-6806) — Required for Medical Assistance billing
• Place-of-service code 02 (non-home telehealth) and code 10 (patient home) for billing purposes
• Minn. Stat. § 147.032 — Licensing requirements for out-of-state providers

Inherent Risks of Telehealth

While we use best-practice technology safeguards, telehealth carries inherent risks including: potential technology failures; possible interception during data transmission despite encryption; the possibility of unauthorized access to your device; and limitations in emergency response if you are not in our immediate geographic area. We document telehealth consent and these risk disclosures in your client record as required by Minnesota BBHT guidelines.

Electronic Communications

All client communications via email are conducted through encrypted platforms (e.g., ProtonMail — RTRCounseling@proton.me). Standard unencrypted email is not used to transmit PHI. If you initiate communication through unencrypted channels, we will respond securely but note in your record that you were advised of this preference.

Data Storage and Security

Electronic PHI is stored on HIPAA-compliant platforms with appropriate administrative, physical, and technical safeguards per 45 C.F.R. §§ 164.308–164.316. We conduct regular risk assessments and maintain a Security Rule compliance program. In the event of a breach of unsecured PHI affecting you, we will notify you without unreasonable delay and within sixty (60) days, consistent with 45 C.F.R. § 164.404.

Minor Clients

In Minnesota, minors under age 18 generally require parental or guardian consent for mental health treatment. However, under Minn. Stat. § 144.341–144.347, a minor may independently consent to certain mental health services and substance use disorder treatment in specific circumstances. Where applicable:

• Minors age 16 and older may consent to outpatient mental health treatment under Minn. Stat. § 253B.04, subd. 2
• Minors may independently consent to substance use disorder evaluation and treatment
• Disclosure of a minor's independently consented-to treatment records to parents is limited by statute
• Parental access to minor records will be addressed in the initial informed consent process

We will inform you at the outset of services if a minor-specific confidentiality arrangement applies to your situation.

Your Privacy Rights

You have the following rights with respect to your PHI. To exercise any of these rights, please submit a written request to our Privacy Contact (see Section 11).

Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint with us or directly with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). We will not retaliate against you for filing a complaint.

Complaint to Our Practice

Submit complaints in writing to our Privacy Contact: Scott B. Foval at RTRCounseling@proton.me or by mail to 131 Continental Drive, Suite 305, Newark, DE 19713.

Complaint to HHS / OCR

You may file a complaint with the HHS Office for Civil Rights at: U.S. Department of Health and Human Services, 200 Independence Avenue SW, Washington, D.C. 20201, or electronically at ocrportal.hhs.gov. Complaints must be filed within 180 days of when you knew or should have known of the alleged violation.

Complaint to Minnesota BBHT

You may also file a complaint with the Minnesota Board of Behavioral Health and Therapy (BBHT) regarding the conduct of licensed providers: 335 Randolph Ave., Suite 217, St. Paul, MN 55102 | Phone: (651) 201-2210.

Complaint Regarding 42 C.F.R. Part 2

For complaints regarding substance use disorder records, you may contact the Substance Abuse and Mental Health Services Administration (SAMHSA): 1-877-SAMHSA-7 (1-877-726-4727).

Changes to This Notice

We reserve the right to change this Notice at any time. Changes will apply to PHI we already have about you as well as PHI we receive in the future. The most current Notice will always be posted on our website at resettransformrise.com and made available in hard copy upon request. The effective date of the current Notice is shown at the top of this document.

Contact Information & Supervision Disclosure

Special Notice: 42 C.F.R. Part 2 — Substance Use Disorder Records

Acknowledgment of Receipt

Your signature on our intake and informed consent documents constitutes your acknowledgment that you have received and had an opportunity to review this Notice of Privacy Practices. You are not required to sign an acknowledgment of receipt to receive treatment; however, we are required by law to document our good-faith effort to provide you with this Notice.

If you have questions about this Notice, please contact us at the information provided in Section 11 above. We are committed to protecting your privacy and welcome your questions at any time.