HIPAA Notice of Privacy Practices

1. Our Role

Tmind AI is a clinical training and matching platform for mental health professionals. Tmind AI is not a healthcare provider and does not provide clinical treatment or therapy to patients.

Tmind AI operates as a Business Associate under HIPAA where applicable, supporting the following functions:

• AI-simulated clinical training for therapists and social workers
• Supervisor-supervisee matching for clinical oversight and professional development
• Therapist-patient matching, where licensed therapists may access matched patient profile information within the platform

In connection with these functions, Tmind AI may receive, process, or transmit Protected Health Information (PHI) on behalf of covered entities, including therapists, supervisors, and affiliated institutions.

2. What Counts as Protected Health Information (PHI)

PHI is any individually identifiable health information that relates to a person's past, present, or future physical or mental health condition, provision of healthcare, or payment for care. Within the Tmind AI platform, PHI may include:

• Patient profile information made available to matched therapists, including clinical history, presenting concerns, or care preferences
• Case notes or session-related information shared between supervisees and supervisors as part of clinical supervision workflows
• Any health-related information submitted during account setup or intake processes

AI simulation sessions use synthetic, non-identifiable scenarios and do not constitute PHI unless real patient data is knowingly introduced by the user.

3. How We Use and Disclose PHI

Tmind AI uses PHI only for the purposes described in this Notice, or as otherwise required or permitted by law. Permitted uses include:

Platform Operations

• Facilitating therapist access to matched patient profiles for the purpose of initiating care
• Supporting clinical supervision by enabling supervisees to share session-related information with their assigned supervisor
• Generating session summaries and performance data within supervised training workflows

Legal and Security Obligations

• Maintaining the security and integrity of the platform
• Complying with applicable federal and state laws
• Responding to valid legal processes, such as court orders or subpoenas

We do not sell PHI. We do not use PHI for advertising, marketing, or any purpose unrelated to the delivery of our Services.

4. Supervisor-Supervisee Workflow

When Tmind AI is used to facilitate clinical supervision, the following PHI handling practices apply:

• Supervisees may share client-related case information with their assigned supervisor through the platform
• Supervisors can access relevant session notes and case summaries for the purpose of providing clinical oversight
• Access is role-restricted: supervisors can only view information for supervisees assigned to them
• All supervision-related PHI is handled in accordance with applicable professional and legal standards for clinical supervision

Both supervisors and supervisees are responsible for ensuring that any real patient information shared through the platform is disclosed in compliance with their own professional obligations and applicable state law.

5. Therapist-Patient Matching

When Tmind AI facilitates matching between therapists and prospective patients, the following applies:

• Patient profile information (which may include PHI) is only made visible to therapists who have been matched through the platform
• Therapist access to patient profiles is limited to the information necessary to evaluate the match and initiate a care relationship
• Patients retain the right to request restrictions on how their profile information is shared within the matching process
• Therapist access to patient information does not constitute a treatment relationship until one is formally established outside the platform

6. Your Rights Under HIPAA

If Tmind AI processes your PHI, you have the following rights:

• Right to Access - Request a copy of your PHI that we maintain
• Right to Amend - Request corrections to inaccurate or incomplete PHI
• Right to Restrict - Request limits on how we use or disclose your PHI
• Right to an Accounting of Disclosures - Receive a list of instances where your PHI was shared
• Right to Confidential Communications - Request that we communicate with you through alternative means or at a different address
• Right to a Paper Copy of This Notice - Available upon request at any time

To exercise any of these rights, please contact us at hi@tmind.ai. We will respond within the timeframe required by applicable law (generally 30 days).

7. Our Responsibilities

Tmind AI is required by law to:

• Maintain the privacy and security of your PHI
• Provide you with this Notice of Privacy Practices
• Follow the terms of the Notice currently in effect
• Notify you promptly in the event of a breach that may have compromised your PHI

We will not use or share PHI in ways not described in this Notice without obtaining your written authorization first. If you provide authorization, you may revoke it at any time in writing.

8. Safeguards

Tmind AI implements the following safeguards to protect all PHI processed through the platform:

• Administrative - Workforce privacy training, designated compliance oversight, and documented access policies
• Technical - AES-256 encryption at rest, TLS encryption in transit, role-based access controls, and audit logging
• Physical - Secure cloud infrastructure (Google Cloud Platform) with controlled access to systems handling PHI

Safeguards are reviewed and updated regularly in accordance with evolving HIPAA Security Rule requirements.

9. Changes to This Notice

Tmind AI reserves the right to update this Notice of Privacy Practices at any time. The revised Notice will be effective upon posting, and the effective date at the top of this document will be updated accordingly. Material changes will be communicated to affected users directly.

10. Contact Us

Email: hi@tmind.ai
Website: https://tmind.ai