Privacy Policy

Your privacy and the security of patient health information is our top priority.
HIPAA Compliant
SOC 2 Type II
256-bit Encryption

Last updated: Jul 19, 2025

HIPAA Business Associate Agreement

Good Thinker LLC operates as a HIPAA Business Associate, implementing comprehensive safeguards to protect Protected Health Information (PHI) in accordance with federal healthcare privacy regulations.

1. Information We Collect

As a healthcare management platform, we collect and process the following types of information:

Protected Health Information (PHI):
  • Patient demographics and contact information
  • Medical record numbers and identifiers
  • Treatment plans and therapy notes
  • Insurance information and authorization details
  • Billing and claims data
  • Session schedules and attendance records
User Account Information:
  • Healthcare provider credentials and licenses
  • Practice and organization details
  • System usage logs and access records
  • Communication preferences

2. How We Use Your Information

We use collected information exclusively for healthcare management purposes:

  • Processing insurance claims and authorizations
  • Managing patient schedules and treatment records
  • Generating reports for healthcare providers
  • Facilitating communication between care teams
  • Ensuring billing accuracy and revenue cycle management
  • Maintaining compliance with healthcare regulations

3. Data Security Measures

We implement industry-leading security measures to protect your data:

Encryption

256-bit AES encryption for data at rest and TLS 1.3 for data in transit

Access Controls

Multi-factor authentication and role-based access permissions

Audit Logging

Comprehensive logging of all system access and data modifications

Secure Infrastructure

SOC 2 Type II certified cloud infrastructure with regular security assessments


4. Information Sharing

We may share PHI only in the following circumstances:

  • With your explicit written authorization
  • As required by law or court order
  • For treatment, payment, and healthcare operations as permitted by HIPAA
  • To prevent serious harm to health or safety
  • With business associates under signed agreements

We never sell or use PHI for marketing purposes without explicit consent.


5. Your Rights

Under HIPAA, you have the right to:

  • Access and obtain copies of your health information
  • Request amendments to your health records
  • Request restrictions on use and disclosure
  • Request confidential communications
  • File complaints regarding privacy practices
  • Receive notice of privacy practices

6. Data Retention

We retain health information as required by applicable laws and regulations, typically for a minimum of 6 years after the last service date. Upon termination of service, we provide secure data export options and ensure proper data destruction according to HIPAA requirements.


7. Breach Notification

In the unlikely event of a security breach involving PHI, we will notify affected individuals and relevant authorities within the timeframes required by HIPAA (typically within 60 days of discovery).


8. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Officer

Good Thinker LLC
1721 Morningside way
Bloomfield Hills, MI 48302
Phone: 248-747-4887
Email: privacy@goodthinkerllc.com