Privacy Policy


Lola Therapy

Effective Date: Aug 14, 2025
Last Updated: Aug 14, 2025


Contact Information


Practice Name: Lola Therapy
Therapist: Lisa Kelleher, LPC
Address: 3600 Chain Bridge Road, Suite #200, Fairfax, VA 22030
Phone: (703) 609-1690
Email: lisa@lola-therapy.com
Privacy Officer: Lisa Kelleher, LPC
Location/Jurisdiction: Virginia, United States
Regulatory Body: Virginia Board of Counseling


Introduction


At Lola Therapy, we are committed to protecting your privacy and maintaining the confidentiality of your personal and health information. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or communicate with us. This policy complies with applicable federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), Virginia state regulations, and other relevant privacy laws.


Information We Collect


Personal Information


We collect the following types of information:

  • Contact Information: Name, email address, phone number, mailing address
  • Appointment Information: Scheduling preferences, session dates and times, appointment history
  • Health Information: Mental health symptoms, treatment history, therapy goals, progress notes, diagnoses, treatment plans
  • Payment Information: Billing address, payment method details (processed securely through third-party payment processors)
  • Communication Records: Emails, phone conversations, text messages, session recordings (if applicable)
  • Emergency Contact Information: Names and contact details of emergency contacts
  • Insurance Information: Insurance provider details, policy numbers, authorization information


Technical Information

  • Website Usage Data: IP address, browser type, pages visited, time spent on pages
  • Cookies and Tracking Data: Session cookies, analytics data, website performance metrics
  • Device Information: Device type, operating system, screen resolution


How We Collect Information


We collect information through various methods:


  • Online Forms: Contact forms, appointment scheduling forms, intake questionnaires
  • Direct Communication: Phone calls, emails, text messages, video calls
  • In-Person Sessions: During therapy sessions and consultations
  • Electronic Health Records (EHR): SimplePractice platform for client management
  • Website Analytics: Google Analytics and similar tools
  • Telehealth Platform: Video conferencing software for virtual sessions
  • Third-Party Integrations: Online scheduling systems, payment processors


How We Use Your Information


We use your information for the following purposes:


Primary Treatment Purposes

  • Providing mental health counseling and therapy services
  • Developing and implementing treatment plans
  • Monitoring your progress and adjusting treatment as needed
  • Coordinating care with other healthcare providers (with your consent)
  • Maintaining accurate clinical records


Administrative Purposes

  • Scheduling and managing appointments
  • Processing payments and billing
  • Communicating about your care and services
  • Sending appointment reminders and follow-up messages
  • Managing our practice operations


Legal and Compliance

  • Complying with state and federal regulations
  • Responding to legal requests and court orders
  • Protecting against fraud and ensuring practice security
  • Meeting professional licensing requirements


Quality Improvement

  • Analyzing website usage to improve user experience
  • Evaluating service effectiveness
  • Enhancing security measures


Information Sharing and Disclosure


We maintain strict confidentiality of your information and only share it in specific circumstances:


With Your Written Consent

  • Coordinating care with other healthcare providers
  • Sharing information with family members or support persons you designate
  • Providing information to insurance companies for payment purposes


Third-Party Service Providers


We share limited information with trusted vendors who assist with our operations:

  • SimplePractice: Electronic health records management and client portal
  • Payment Processors: Secure payment processing (credit card information is not stored on our systems)
  • IT Support Providers: Website maintenance and technical support
  • Analytics Providers: Google Analytics for website performance (anonymized data)
  • Telehealth Platforms: Video conferencing services for virtual sessions

All third-party providers are required to maintain the confidentiality and security of your information through written agreements.


Legal Requirements


We may disclose information without your consent when required by law:

  • Court orders or subpoenas
  • Mandatory reporting of child or elder abuse
  • Threats of harm to self or others
  • Public health emergencies
  • Professional licensing board investigations


Data Retention Policy


We retain your information according to the following schedule:

  • Clinical Records: Maintained for 7 years after the last date of service (or longer if required by law)
  • Financial Records: Retained for 7 years for tax and audit purposes
  • Minor Client Records: Retained until 3 years after the client reaches age 18, or 7 years from last service date, whichever is longer
  • Website Analytics: Anonymized data retained for 2 years
  • Communication Records: Email and phone records retained for the duration of the therapeutic relationship plus 7 years


Secure Deletion

When retention periods expire, we securely delete or destroy information using industry-standard methods to prevent unauthorized recovery.


Security Measures


We implement comprehensive security measures to protect your information:


Technical Safeguards

  • Encryption: All data transmitted and stored is encrypted using industry-standard protocols
  • Secure Servers: Information stored on HIPAA-compliant, encrypted servers
  • Access Controls: Multi-factor authentication and role-based access restrictions
  • Regular Updates: Software and security systems regularly updated and patched
  • Backup Systems: Secure, encrypted offsite backups with restricted access


Physical Safeguards

  • Secure Facilities: Locked offices and filing cabinets for physical records
  • Controlled Access: Limited access to areas containing confidential information
  • Disposal Protocols: Secure shredding and disposal of physical documents


Administrative Safeguards

  • Staff Training: Regular privacy and security training for all personnel
  • Policies and Procedures: Comprehensive privacy and security policies
  • Incident Response: Established procedures for responding to security incidents
  • Business Associate Agreements: Contracts with all third-party vendors requiring HIPAA compliance


Your Privacy Rights


As our client, you have the following rights regarding your personal information:


Access Rights

  • Request copies of your health records and personal information
  • Review your information maintained in our systems
  • Obtain a list of disclosures made of your information


Amendment Rights

  • Request corrections to inaccurate or incomplete information
  • Add statements to your record if you disagree with our assessment


Restriction Rights

  • Request limitations on how we use or disclose your information
  • Ask that we not share information with specific individuals or organizations


Confidential Communication

  • Request that we communicate with you through specific methods or locations
  • Ask that appointment reminders be sent in particular ways


Opt-Out Rights

  • Decline to receive marketing communications
  • Opt out of non-essential website tracking (see Cookie Policy below)
  • Refuse participation in quality improvement activities


Complaint Rights

  • File complaints about our privacy practices with our Privacy Officer
  • Submit complaints to the U.S. Department of Health and Human Services

To exercise any of these rights, please contact our Privacy Officer at lisa@lola-therapy.com or (703) 609-1690.


Data Breach Notification

In the unlikely event of a data breach that affects your personal information:

  • Immediate Response: We will take immediate steps to contain the breach and assess its scope
  • Investigation: Conduct a thorough investigation to determine the cause and extent of the breach
  • Notification Timeline: You will be notified within 60 days of discovery of the breach
  • Notification Method: Notification will be provided by email, phone, or written notice
  • Information Provided: Description of the breach, types of information involved, steps taken to address the breach, and recommended actions for you
  • Regulatory Reporting: We will report the breach to appropriate authorities as required by law


Cookies and Website Tracking


Our website uses various tracking technologies to improve your experience:


Types of Cookies Used

  • Essential Cookies: Required for website functionality and security
  • Analytics Cookies: Google Analytics to understand website usage patterns
  • Performance Cookies: Monitor website speed and performance
  • Preference Cookies: Remember your settings and preferences


Third-Party Services

  • Google Analytics: Tracks website usage with anonymized data
  • SimplePractice Portal: Session cookies for secure client portal access


Your Cookie Choices

  • Browser Settings: You can disable cookies through your browser settings
  • Opt-Out Tools: Use Google Analytics opt-out browser add-on
  • Limited Functionality: Note that disabling cookies may limit website functionality


Accessibility Technology


We use UserWay's Accessibility Widget to ensure our website is accessible to all users, including those with disabilities. This service may collect the following information to provide accessibility features:

  • Usage Data: How you interact with accessibility features
  • Device Information: Screen reader compatibility and settings
  • Preference Data: Your accessibility customization choices

UserWay's privacy practices are governed by their own privacy policy. The accessibility widget helps us comply with ADA requirements and provides features such as:

  • Screen reader compatibility
  • Keyboard navigation support
  • Visual adjustments for users with visual impairments
  • Text-to-speech functionality


HIPAA Notice of Privacy Practices


Protected Health Information (PHI)

This notice describes how medical information about you may be used and disclosed and how you can access this information. We are required by law to:

  • Maintain the privacy of your protected health information
  • Provide you with this notice of our legal duties and privacy practices
  • Follow the terms of this notice currently in effect


Uses and Disclosures for Treatment, Payment, and Operations

We may use and disclose your PHI for:

  • Treatment: Providing, coordinating, or managing your healthcare
  • Payment: Billing and collecting payment for services
  • Healthcare Operations: Quality assessment, training, and business operations


Special Situations

We may use or disclose your PHI without your authorization in certain circumstances:

  • As required by law
  • For public health activities
  • To report abuse, neglect, or domestic violence
  • For health oversight activities
  • In response to legal proceedings
  • For law enforcement purposes
  • To prevent serious threats to health or safety


Updates to This Privacy Policy


We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. When we make changes:

  • Notification Method: We will post the updated policy on our website and notify you by email
  • Advance Notice: Significant changes will be communicated at least 30 days before taking effect
  • Effective Date: The date of the most recent update will be clearly displayed
  • Your Continued Use: Continued use of our services after updates take effect constitutes acceptance of the new terms


We encourage you to review this policy periodically to stay informed about how we protect your information.


Contact Us for Privacy Concerns

If you have questions, concerns, or complaints about this Privacy Policy or our privacy practices, please contact:

Privacy Officer: Lisa Kelleher, LPC
Email: lisa@lola-therapy.com
Phone: (703) 609-1690
Address: 3600 Chain Bridge Road, Suite #200, Fairfax, VA 22030

Response Time: We will respond to privacy inquiries within 5 business days.

External Complaints: You also have the right to file a complaint with:

  • U.S. Department of Health and Human Services, Office for Civil Rights
  • Virginia Board of Counseling
  • Virginia Attorney General's Office


Filing a complaint will not affect your access to our services or result in any retaliation.


Acknowledgment


By using our services, visiting our website, or providing us with your personal information, you acknowledge that you have read, understood, and agree to this Privacy Policy. You also acknowledge receiving our HIPAA Notice of Privacy Practices.


For questions about this Privacy Policy or to exercise your privacy rights, please contact us using the information provided above.

This Privacy Policy is effective as of Aug 14, 2025 and replaces all previous versions.