Notice of Privacy Practices
Last updated: February 1st, 2026
​
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.
Practice Name: Agave Medical NY, P.C. (“Agave Medical”)
Effective Date of This Notice: February 1, 2026
Our Legal Duties
HIPAA is a federal law that requires us to maintain the privacy and security of your Protected Health Information, including electronic Protected Health Information (“PHI” and “ePHI”), and to provide you with notice of our legal duties and privacy practices. We are required by law to follow the terms of this Notice currently in effect. We are a “covered entity” under HIPAA. This means we must comply with the HIPAA Privacy Rule, Security Rule, and Breach Notification Rule with respect to PHI and ePHI, including by limiting uses and disclosures as permitted by HIPAA, maintaining reasonable safeguards, providing this Notice, and providing breach notification when required.
Scope of This Notice
This Notice applies only to patients receiving clinical mental health services from the Agave Medical and to Protected Health Information and electronic Protected Health Information (“PHI” and “ePHI”) created or received in connection with those clinical services. This Notice does not apply to coaching, wellness, educational content, or other non-clinical services offered through the Agave Health App. If you are using the Agave Health App solely for coaching or other non-medical services, your information is governed by the Agave Health App’s Privacy Policy and Terms of Use. If information from coaching or other non-clinical services is shared with a treating clinician and incorporated into your clinical record, it may become PHI or ePHI, and under those circumstances, will be handled in accordance with this Notice of Privacy Practices in accordance with HIPAA.
New York State Confidentiality Protections
In addition to HIPAA, we comply with New York State confidentiality laws, including but not limited to, New York Mental Hygiene Law §§ 33.13 and 33.16, New York Public Health Law § 18, New York Civil Practice Law and Rules § 4508 (psychotherapist-patient privilege), and applicable provisions of New York Education Law and professional regulations. Where New York law provides greater protection than HIPAA, we apply the more protective standard.
Telehealth and Electronic Communications
As an online psychotherapy practice, Agave Medical may communicate with you and maintain PHI and ePHI electronically through secure telehealth platforms, patient portals, and electronic health record systems. We use reasonable administrative, technical, and physical safeguards; however, no electronic system can be guaranteed to be 100% secure. At the clinician’s discretion and as required by law, email or text messages may be considered part of the clinical record. Email and text messages are not protected from discovery in litigation and may be sought and disclosed as required by law in New York.
How We May Use or Disclose Your PHI
Generally, Agave Medical may not use or disclose PHI or ePHI without your permission except as described below. Uses and disclosures are limited to the minimum necessary to accomplish their purpose, as applicable under HIPAA.
Treatment, Payment, and Health Care Operations
HIPAA permits us to use and disclose PHI and ePHI for treatment, payment, and health care operations (“TPO”). See 45 C.F.R. §§ 164.501 and 164.506(a). These uses and disclosures support the delivery and administration of services through the app platform.
Treatment activities include providing, coordinating, or managing your care, including communicating with you about appointments and clinically appropriate treatment alternatives, and coordinating care with other providers or referrals you request. Where required by law or clinically appropriate, we may request your written consent to communicate with or release information to another provider.
Payment activities include verifying coverage and benefits when you use insurance, submitting claims and supporting documentation, responding to utilization review or other payment-related requests, and collecting amounts owed. If collection efforts require disclosure of PHI, we will provide advance notice consistent with applicable law.
Health care operations include quality assessment and improvement, documentation review for compliance and quality, training, credentialing, security monitoring and risk management, internal administrative activities necessary to operate the Practice and the app-based clinical services, and consultations with attorneys, accountants, and other advisors or vendors under appropriate written agreements.
PLEASE NOTE THAT UNLESS YOU REQUEST OTHERWISE, WE WILL USE OR DISCLOSE YOUR PERSONAL HEALTH INFORMATION FOR TREATMENT ACTIVITIES, PAYMENT ACTIVITIES, AND HEALTHCARE OPERATIONS AS SPECIFIED ABOVE, WITHOUT WRITTEN AUTHORIZATION FROM YOU.
​
Special Situations and Disclosures Required by Law
Health Information Exchanges and TEFCA (If Applicable)
If we participate in a health information exchange (“HIE”) or exchange PHI under the Trusted Exchange Framework and Common Agreement (“TEFCA”), we may electronically access, request, or share PHI for TPO purposes with other participating providers and organizations, as permitted by HIPAA and applicable New York law. If New York law or the rules of a particular exchange require an opt-in or permit an opt-out, we will make available the applicable process through the app or by contacting the Privacy Officer.
We may disclose PHI without authorization as required or permitted by law, including reports of child abuse or neglect, serious and imminent threats to health or safety, health oversight activities, judicial or administrative proceedings, workers’ compensation claims, disaster relief efforts, and disclosures to the U.S. Department of Health and Human Services.
Psychotherapy Notes
Psychotherapy Notes receive special protection under HIPAA and may also be subject to heightened confidentiality requirements under New York law. “Psychotherapy Notes,” as defined by HIPAA, are the personal notes of a mental health professional documenting or analyzing the contents of counseling sessions that are kept separate from the rest of the clinical record. Psychotherapy Notes are not part of the designated record set and are generally not available to you as part of a routine request for access to your medical record. We will not use or disclose Psychotherapy Notes without your specific written authorization, except as permitted or required by law. Permitted uses or disclosures may include use or disclosure for our defense in a legal action or other proceeding brought by you, disclosure to the U.S. Department of Health and Human Services (“DHHS”) for purposes of determining our compliance with HIPAA, disclosures required for lawful health oversight activities, disclosures to avert a serious and imminent threat to health or safety, and disclosures otherwise required by law.
Your Rights
You have the right to request restrictions, receive confidential communications, inspect and obtain copies of your PHI (including electronic records), request amendments, receive an accounting of disclosures, and receive notification of breaches of unsecured PHI. Requests must be made in writing.
Business Associates
We may share PHI with Business Associates who assist us in operations, such as companies that provide secure technology, hosting, claims support, payment processing support, and customer support related to clinical services. Business Associates may access PHI only as necessary to perform services on our behalf and are required by contract to safeguard PHI and to notify us of any breach of unsecured PHI as required by law.
Portal-Only Delivery and Acknowledgment
This Notice is provided electronically through our secure patient portal. We make a good-faith effort to obtain electronic acknowledgment of receipt as permitted and required under HIPAA and New York State law.
Right To Receive an Accounting of Disclosures of Your PHI And Electronic Health Records
You have the right to receive a written accounting of all disclosures of your PHI for which you have not provided an authorization that we have made within the six (6) year period immediately preceding the date on which the accounting is requested. You may request an accounting of such disclosure for a period of time less than six (6) years from the date of the request. We require that you request an accounting in writing on a form that we will provide to you.
The accounting of disclosures will include the date of each disclosure, the name and, if known, the address of the entity or person who received the information, a brief description of the information disclosed, and a brief statement of the purpose and basis of the disclosure or, instead of such statement, a copy of your written authorization or written request for disclosure pertaining to such information. We are not required to provide accountings of disclosures for the following purposes: (a) treatment, payment, and healthcare operations, (b) disclosures pursuant to your authorization, (c) disclosures to you, (d) to other healthcare providers involved in your care, (e) for national security or intelligence purposes, (f) to correctional institutions, and (g) with respect to disclosures occurring prior to 4/14/2003. We reserve the right to temporarily suspend your right to receive an accounting of disclosures to health oversight agencies or law enforcement officials, as required by law. We will provide the first accounting to you in any twelve (12) month period without charge, but will impose a reasonable cost-based fee for responding to each subsequent request for accounting within that same twelve (12) month period. All requests for an accounting shall be sent to our Privacy-Security Officer at the mailing address below.
If we maintain any PHI in electronic form, then you may also request and receive an accounting of any disclosures of your electronic health records made for purposes of treatment, payment and health operations during the prior three (3) year period. Upon request, one list will be provided for free every twelve (12) months.
Complaints
You may file a complaint with us and/or with the Secretary of DHHS if you believe that your privacy rights have been violated. Please submit any complaint to us in writing by mail to our Privacy-Security Officer at the mailing address below. A complaint must name the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable requirements of HIPAA or this Notice of Privacy Practices. A complaint must be received by us or filed with the Secretary of DHHS within 180 days of when you knew or should have known that the act or omission complained of occurred. You will not be retaliated against for filing any complaint.
Amendments to this Notice of Privacy Practices
We reserve the right to revise or amend this Notice of Privacy Practices at any time. These revisions or amendments may be made effective for all PHI we maintain even if created or received prior to the effective date of the revision or amendment. Upon your written request, we will provide you with notice of any revisions or amendments to this Notice of Privacy Practices, or changes in the law affecting this Notice of Privacy Practices, by mail or electronically within 60 days of receipt or your request.
Ongoing Access to Notice of Privacy Practices
We will provide you with a copy of the most recent version of this Notice of Privacy Practices at any time upon your written request sent to our Privacy-Security Officer at the mailing address below. For any other requests or for further information regarding the privacy of your PHI, and for information regarding the filing of a complaint, please contact us at the address, telephone number, or e-mail address listed above.
To Contact Us
This is our contact information referred to above:
Our Privacy-Security Officer is: Eve Mamane. Our mailing address is: 359 5th Street Unit 3 Jersey City, NJ 07302. Our Officer's email address is: eve@agavehealth.com