HIPAA Notice



Effective date: May 25, 2018.


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides standards for how medical information should be used and disclosed by healthcare providers, health plans, and other covered entities. We provide each of our users with this information and ask each of our users to acknowledge receipt of our HIPAA Notice of Privacy Practices for Lyra Clinical Associates P.C., which discloses our practices for personal information gathering and dissemination. Please note that by using the website (the “Site”) or the services provided by Lyra Health, Inc., Lyra Behavioral Health, Inc., Lyra Clinical Associates P.C., together with any independent contracted affiliates (together “Lyra”, “we”, “our” or “us”), you accept the practices described in this Notice of Privacy Practices. If you do not agree to this Notice, please do not use the Site or Lyra’s services. IF YOU ARE UNDER 13 YEARS OF AGE OR RESIDE OUTSIDE OF THE UNITED STATES, PLEASE DO NOT USE OR ACCESS OUR SITE.

What information do we collect from users and how is it used?

Registration. Before using some of our services, we need you to register with the Site and provide your name, email address, a password, and other personal details. We request this information for identification purposes, to communicate with you, and to improve the functioning of certain services. By providing us with your email address, you consent to receiving information from us through the email you provide us, including protected health information which is private to you and protected by HIPAA. For more information on the information we collect, you can also review our Terms of Use (www.lyrahealth.com/terms-of-use/), Privacy Policy (www.lyrahealth.com/privacy-policy/), and Consent to Use Personal Email (www.lyrahealth.com/email-consent/). You may also be asked to complete other forms (e.g. intake forms, informed consent, etc.) depending on the services you choose.

Forms. To fully use our offerings, you may need to fill out forms that ask for or contain personal information such as your name, contact information, health, and other personal information. By providing us with your mobile phone number, you consent to receiving information from us by text or voicemail, including in the case of voicemail, protected health information.

Medical Records. In order for us to get you the best care, we may ask you to provide us with your medical records, for which we will obtain a signed authorization from you. In order to support your care, we may also ask you for a description of symptoms, a medical history, lifestyle descriptions and information on the progress of your treatment from your provider either over the phone, by email, or through our Site.

Correspondence. If you correspond with us via email or text, we may gather in a file specific to you the information that you submit.

Recordings. If you contact our care team by videoconference, phone or by email, we may record and retain copies of the interaction for, among other things, quality assurance purposes. If you access any apps or other services we offer, we may record your interactions with our software or our providers. We will inform you if we are recording your interactions with our care team or providers and, if you do not wish to be recorded, you can let the care team or provider know at that time.

Outcomes. We may periodically send you surveys to collect your feedback on the outcomes of your therapy. Understanding outcomes is central to our mission of providing effective, evidence-based care, and data can help inform Lyra’s approach to treatment and assessment of progress. In addition, Lyra uses outcomes data to provide our customers with insight into how their employees are coping better with stressors, functioning at a higher level, and becoming more psychologically flexible. Please note, outcomes data will only be shared as de-identified aggregate data. We anonymize and convert individual outcome scores into improvement levels, and then aggregate those in reporting across an employer’s entire population.

We will store the above described categories of information for as long as needed to provide our services, and as recommended to comply with our legal obligations (including those under HIPAA), resolve potential or actual disputes, improve the quality of our services, or enforce our agreements.

In addition, your individual Lyra provider may capture independent clinical and psychotherapy notes, which would be subject to his or her separate HIPAA privacy practices.

How does Lyra use and disclose protected health information about you that we collect?

Lyra will collect protected health information (“PHI”), which includes your name, age, gender, contact information, problems you are seeking help for, and progress and outcomes of your treatment, from you and will use or share it for the following purposes:

Treatment. We can use your PHI and share it with other professionals or programs that are treating you, such as when you are referred to another mental health professional for further treatment. By using our services, you hereby explicitly consent to the sharing of information like your name, age, gender, problems you are seeking help for, including alcohol and substance use, care preferences, health plan coverage, and progress of your treatment with current and potential therapists to promote good outcomes.

Business Operations. We can use and share your PHI to run our practice, improve our offerings to clients, improve your care and the coordination of your care, and contact you when necessary, such as using your PHI to manage your treatment and services.

Billing and Payment. We may use and share your PHI to confirm eligibility for services and to ensure proper payment to providers. For example, we may request your PHI from your health plan or employer in order to confirm eligibility for services.

Lyra is also permitted and/or required to use and disclose your PHI for: public health and safety issues; health research; mandatory reporting requirements; compliance with law enforcement; responses to lawsuits and legal actions or legal requests; organ and tissue donation requests; work with medical examiners or funeral directors; statistical analysis (Lyra will de-identify and/or aggregate your PHI for statistical analysis, and in these situations, we do not disclose any information that can personally identify you); and when we use third-party contractors in order to provide certain services or to complete or confirm a transaction that you conduct with us.

You have both the right and the choice to tell us to share your PHI with your family, close friends, or others involved in your care; share your PHI in a disaster relief situation; and whether to contact you for fundraising efforts. If you are not able to tell us your preference, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

We will never share your PHI, unless you give us written permission to, for marketing purposes, for sale of your information, and for any sharing of most psychotherapy notes. You may revoke or restrict the authorization to disclose your PHI for these purposes at any time.

Lyra reserves the right to release collected information to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate. If you use our Site outside of the United States, you consent to the transfer and processing of your information out of your locale, to servers inside the United States and maintained pursuant to this Notice of Privacy Practices.

What are your rights regarding your protected health information?

You have certain rights regarding protected health information that we maintain about you, including rights to:

  • Get an electronic or paper copy of your medical record. You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Contact us at the information below to ask us how to do this. We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
  • Ask us to correct your medical and other records. You can ask us to correct health or other information about you that you think is incorrect or incomplete. Contact us at the information below to ask us how to do this. We may say “no” to your request, but we’ll tell you why in writing within 60 days.
  • Request confidential communications. You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. We will say, “yes” to all reasonable requests.
  • Ask us to limit what we use or share. You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
  • Get a list of those with whom we’ve shared information. You can ask for a list (accounting) of the times we’ve shared your health information for 6 years prior to the date you ask, who we shared it with, and why. We will include all disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
  • Get a copy of this privacy notice. You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
  • File a complaint if you feel your rights are violated. You can complain if you feel we have violated your rights by contacting us using the information below. You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

What are Lyra’s responsibilities with my information?

We are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your protected health information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

How will I know about changes in the Notice of Privacy Practices?

Lyra reserves the right to update this Notice of Privacy Practices from time to time. Please visit this page periodically so that you will be apprised of any changes. The policies indicated in this Notice will remain effective, even if you are no longer using our Site or services.

How to contact us?

If you have questions, or need to reach us for any other reason, you may contact the Chief Privacy Officer at (800) 505-5972 or at privacy@lyrahealth.com.