Privacy & Data Security Policy
Your privacy is the foundation of our work together. This page explains how Pacific Pines Counseling LLC protects your personal information, how we use data to run our practice, and specifically which technologies we use in your care.
This notice applies to all services provided by Pacific Pines Counseling LLC. It serves as both our HIPAA Notice of Privacy Practices (required by federal law) and our Consumer Health Data Privacy Policy (required by Washington State Law, RCW 19.373).
Last Updated: April 3, 2026
Our Promise: No Training AI in Your Sessions
1
We believe that the therapeutic relationship requires human connection, empathy, and confidentiality. To protect you, we have a strict policy regarding technology:
No AI is trained on your Personal Health Information — We do not use Artificial Intelligence (AI) tools to write clinical notes or your progress notes. Documentation referencing your personal health information (PHI) is written by licensed mental health professionals who know your story personally. If we ever reference an AI resource to improve your clinical care, it is done so in a general way, without disclosing your personal health information (e.g., we might use OpenEvidence, a HIPAA-compliant medical research AI tool, partnered with the New England Journal of Medicine et al., as a resource to stay up-to-date on the leading edge of clinical mental health counseling research).
No Recording Devices in Sessions — We do not permit the use of recording devices during client sessions, including AI-powered voice recorders on phones, laptops, or other devices. This policy applies to both our clinicians and you, the client. [The only time a session may be recorded is when your clinician is undergoing supervision or professional training for their own development, and *only after* you have signed a specific, separate consent form authorizing that recording. You have the right to revoke this authorization at any time, except where we have already acted in reliance on it. If you sign this form, you retain full control over your decision.]
Why do we have this policy? AI tools and recording devices often process data on third-party servers outside of our HIPAA-compliant environment and outside our control. By restricting these technologies, we ensure that what is said in our office remains strictly confidential between us, protecting your privacy and the integrity of your therapy.
How We Use Your Information
2
We collect information only when necessary to provide you with quality care, manage your payments, and improve our services.
For Treatment & Care — A client’s health information (Protected Health Information or PHI) includes any information related to their health condition, treatment, or payment that can identify the client. PHI may be stored in electronic, paper, or verbal form and is protected under this policy.
Your PHI may be used and disclosed to: coordinate your care with other healthcare providers (e.g., psychiatrists, primary care doctors), consult with supervisors or colleagues to ensure high-quality treatment, manage your appointments and send reminders, and for internal quality assessments and compliance audits to ensure we meet all legal standards.
For Payment & Operations — To run our practice and ensure you receive services, we use specific tools:
Payment Processing: We use Stripe, via SimplePractice, to process payments securely. Stripe is a HIPAA-compliant business associate that encrypts your financial data. They do not store your health information; they only handle the transaction.
Electronic Health Records (EHR): We use SimplePractice as our EHR, a secure, cloud-based system to maintain your records safely behind firewalls and encryption.
For Website Analytics & Affiliate Links — Our website uses technology to understand how visitors use our site and to support our community:
Google Analytics: We use Google Analytics to collect anonymous data about how people find and navigate our website (e.g., which pages are visited, how much time is spent). This tool does not collect your name, health information, or private messages. It helps us make the website easier for you to use.
Affiliate Links: We occasionally provide links to books on BookShop.org. These links support local independent bookstores and may earn our local bookstore a small commission if you purchase a book. This is an ethical choice to support our local Tacoma community, not a monetization of your health data.
Your Rights Under Washington State Law
3
Under the Washington My Health My Data Act, you have specific rights regarding your consumer health data. You may exercise these rights at any time:
Right to Access — You can request a copy of your records or a list of who we share your data with.
Right to Delete — You can request that we delete your consumer health data from our active systems (subject to certain legal retention requirements for clinical records).
Right to Limit Sharing — You can restrict how we share your information, including limiting sharing with third parties not essential to your care.
Right to Opt-Out — You can opt-out of the sale or sharing of your data for marketing purposes (we do not sell your data).
To request access, deletion, or restrictions, please contact our Privacy Officer at privacy@pacificpines.com or call us at 253-540-5358. We will respond within 45 days.
When We Must Disclose Information (Exceptions)
4
While we protect your privacy fiercely, there are specific situations where we are required by law or allowed to disclose information to avoid harm and ensure ethical care:
Mandatory Reporting — If there is a suspicion of abuse or neglect of a child, elder, or dependent adult.
Duty to Protect — If you express an imminent intent to harm yourself or others.
Supervision & Quality Care — To ensure the highest standard of care, we may discuss your case (using minimal necessary details) with clinical supervisors or consultants. This is a required part of professional training and the quality assurance process to support our therapists and protect you.
Legal Orders — If a court issues a valid order or subpoena (though we will strive to notify you first).
Health Oversight — To government agencies investigating our compliance with laws, including audits of our practice.
Our entire team is trained in strict confidentiality protocols, and we hold all staff members accountable for protecting your information. We employ industry-standard security measures to protect your data:
Encryption — All sensitive data is encrypted in transit and at rest.
Access Controls — Only authorized staff members have access to your records, and they are trained in confidentiality.
Physical Security — Physical files, if any exist, are stored in locked cabinets. Staff avoid discussing client information in public areas or non-secure settings.
Client Communication — Email communication with clients is reserved solely for scheduling. Secure, encrypted messaging is available in your client portal. If you wish to send us sensitive details or documents, please confirm the preferred method first.
In Case of a Security Incident — While we take every precaution to secure your data, in the unlikely event of a breach involving your Protected Health Information, we will notify you immediately as required by HIPAA and Washington State law. We are committed to transparency and corrective action.
If you have questions about this policy or believe your privacy rights have been violated:
Contact Our Privacy Officer:
Emily Ann Peterson
privacy@pacificpines.com
(253) 540-5358
Mailing Address:
522 W Riverside Ave, Ste N
Spokane, WA 99201
Filing a Complaint — You may file a complaint with us, the Washington State Attorney General's Consumer Protection Division, or the U.S. Department of Health and Human Services (HHS). We will not retaliate against you for filing a complaint.
We are committed to transparency and your safety. By reviewing this notice, you are confirming that you understand how we handle your data, our strict policies on technology in therapy, and your rights under Washington State law.
Please acknowledge the following by checking the box in the form below:
I have received and read this Privacy & Data Security Notice.
I understand that no AI tools are used to write my clinical notes and that recording devices are not permitted during sessions to ensure confidentiality.
I understand that, while we use secure third-party tools (e.g., Stripe for payments and Google Analytics for website usage), these tools do not access my private health information without safeguards.
I understand that my information is protected by strict staff protocols regarding physical security and verbal confidentiality in public areas.
I am aware of my rights, including the right to access, delete, or restrict my data under Washington State law.
I understand that I may file a complaint if I believe my privacy has been violated.