Data Protection & Security Statement

1. Commitment to Data Protection

Mend the Minds is committed to maintaining the confidentiality, integrity, and availability of all client information. Our data protection practices comply with:

  • HIPAA (Health Insurance Portability and Accountability Act)

  • Texas Medical Records Privacy Act (TMPRA)

  • Texas Health & Safety Code

  • Applicable federal and state behavioral health regulations

2. Data Governance

We maintain a structured data governance framework that includes:

  • Role‑based access controls

  • Minimum necessary access standards

  • Secure data retention and destruction policies

  • Vendor and business associate oversight

  • Annual risk assessments

3. Technical Safeguards

We implement industry‑standard security measures, including:

  • Encryption of data at rest and in transit

  • Secure servers and firewalls

  • Multi‑factor authentication for staff

  • Encrypted email or secure portals for PHI transmission

  • Continuous monitoring for unauthorized access

4. Administrative Safeguards

Our staff undergoes:

  • HIPAA and privacy training

  • Annual compliance refreshers

  • Incident response and breach‑prevention training

  • Confidentiality agreements as a condition of employment

5. Physical Safeguards

We protect physical records and systems through:

  • Locked file storage

  • Restricted office access

  • Secure disposal of paper records

  • Surveillance and facility controls (where applicable)

6. Data Retention

We retain records in accordance with:

  • Texas Health & Safety Code requirements

  • HIPAA retention standards

  • Professional licensing board guidelines

Records are securely destroyed when retention periods expire.

7. Breach Notification

In the event of a data breach involving PHI, we will:

  • Investigate promptly

  • Mitigate potential harm

  • Notify affected individuals as required by HIPAA and Texas law

  • Report to regulatory authorities when applicable

8. Client Responsibilities

Clients are encouraged to:

  • Use secure communication channels when possible

  • Notify us of changes to contact or insurance information

  • Report suspected privacy concerns immediately

9. Contact for Data Protection Concerns

For questions or concerns about data protection practices:

Data Protection Officer

LaShaun Barnes, Mend the Minds

713-569-8834