CarePaths Privacy Policy

This Privacy Policy has important information on policies, procedures, and practices regarding the collection, use, and disclosure of any information on this Platform on which behavioral health services are offered (referred to as the “Platform”, “us”, “we” or “our”).

The therapists, counselors, and/or other professionals who use Platform in the course of providing healthcare services(referred to as “Provider” or “Providers”) and the recipients or potential recipients of healthcare services who use the Platform (referred to as “user”, “you” or “your”) all agree to this Privacy Policy. The Platform may be provided, be accessible, and/or be available on multiple websites, devices, platforms, and other means, whether owned and/or operated by CarePaths, Inc. or by third parties, including without limitation, the website and

We divided this document into three sections:

• The first, “Platform Privacy”, deals with privacy on the platform, such as the information you share when you setup an account and interact with your Provider.

• The second section, “Rights Regarding Healthcare Records”, addresses user rights with respect to a healthcare record.

• And the third section, “General Internet Privacy”, covers issues that apply to any website and our company communications.

It is up to you to decide what, if any, information you share on this Platform, but some Platform functions may not be available without you providing us certain information. When you use the Platform, you accept and agree to this Privacy Policy. If you do not agree to be bound to this Privacy Policy, you should stop using the Platform immediately.

Platform Privacy

Personal Information. The type of infomation we ask for will depend on the services you wish ot access.   We may ask you for certain personally identifiable information ("Personal Information"). The Personal Information can be used to contact and/or identify you, and it may include, but is not be limited to, your name, email, phone number, address, and credit card information. We may use the Personal Information, either by itself or in conjunction with other information, for the following purposes:

• Create your account on the Platform, let you log in to the account, administer your account, monitor your account, provide Personal Information to customer service, and/or contact you with information, alerts, and/or suggestions related to your account.

• Billing, payment processing, and/or other billing-related issues.

• Find a Provider qualified to provide services in your state.

Profile Information

We may ask you questions about yourself and your needs ("Profile Information"). We may use the Profile Information, either by itself and/or in conjunction with other information, for the following purposes:

• Match you with a Provider

• Help your Provider to get to know you and your needs

• Collect and analyze statistical or aggregated information which is not personally identifiable

• To the extent necessary to comply with applicable laws, including, without limitation, mandatory reporting laws and regulations.

Assessment and Progress Monitoring

When you sign up on the Platform, and periodically thereafter, you will be asked to complete various assessments and questionnaires that give you and your Provider information about how you are doing ("Assessments”). The Assessments may be used, either by themselves and/or in conjunction with other information, for the following purposes:

• Give the Provider a better understanding of your concerns so they can provide you with better services

• Enable the Provider to evaluate your progress

• Allow us to evaluate the overall effectiveness of online treatment

Session Content

While using the Platform, you and your Provider may communicate through text-based messages, audio/video communication, and/or other media ("Session Content"). The Session Content may be used, either by itself and/or in conjunction with other information, for the following purposes:

• Enable you and your Provider to develop a therapeutic relationship

Log Data

When you use the Platform, our servers and/or servers of third party service providers acting on our behalf, automatically record information that your browser sends ("Log Data"). This Log Data may include, but is not limited to, information such as your computer, Internet Protocol address ("IP"), pages that you visit, the time spent on those pages, actions that you take, and/or other statistics. We may use this information, either by itself and/or in conjunction with other information for the following purposes:

• Monitor, analyze, and/or improve the use and functionality of the Platform, the Platform's technical operation, and/or the match of the Platform functionality to your needs and preferences

Children's Privacy

We do not knowingly collect or solicit any information from anyone under the age of 18 or knowingly allow such persons to become our users. The Platform is not directed toward and not intended to be used by children under the age of 18.

HIPAA Protection of Personal Health Information

Personal Information, Profile Information, Assessments, and Session Content is considered Protected Health Information for the purposes of the HIPAA law (45 CFR Part 160 and 164).

Rights Regarding Healthcare Records

The Personal Information, Profile Information, Assessments, Session Data, and/or other information your Provider may add to the Platform are part of your health and the healthcare services you receive (“Healthcare Record”). You have specific rights and your Provider has specific responsibilities regarding your Healthcare Record. We maintain these Healthcare Records for you and your Provider. If you want to exercise any of your rights regarding your Healthcare Record, you should contact your Provider.

Your rights include:

• Getting a copy of your Healthcare Record. You may ask your provider to see or get an electronic or paper copy of your Healthcare Record. The Provider should respond within 30 days. A reasonable, cost-based fee can be charged for this.

• Ask your Provider to correct your record if you think it has information that is incorrect and/or incomplete. The Provider should respond within 60 days. If the Provider cannot comply with your request, he or she will give you a written explanation.

• Request confidential communications. You can ask the Provider to contact you in a specific way.

• Ask the Provider to limit what he or she uses or shares

• Get a list of those with whom the Provider has shared information with

• Get a paper copy of this Privacy Policy.

• Choose someone to act for you. If you have given someone medical power of attorney or have a legal guardian, they can exercise your rights and/or make choices regarding health information.

• If you feel your rights regarding your healthcare information have been violated you may (1) contact your Provider, (2) contact us, or (3) you can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting

Your Provider will not retaliate against you and we will not retaliate.

General Internet Privacy

Cookies and Web Beacons. Like many websites, we use "cookies" and "web beacons" to collect information. A "cookie" is a small data file that is transferred to your computer's hard disk for record-keeping purposes. A "web beacon" is a tiny image, placed on a web page or e-mail that can report your visit or use. We use cookies and web beacons to enable the technical operation of the Platform, to administer your log-in to your account and to collect the Log Data.

You can change your browser's settings so it will stop accepting cookies or to prompt you before accepting a cookie. However, if you do not accept cookies you may not be able to use the Platform. The Platform may also include the use of cookies and web beacons of services owned or provided by third parties that are not covered by our privacy policy and we do not have access or control over these cookies and web beacons.

Social & General Information Tools

We may use publicly-available tools and information exchange resources, such as but not limited to a blog, a Facebook page, a Twitter account, and/or others ("Social and General Information Tools"). Social and General Information Tools are not part of the Platform and information you provide or share on Social and General Information Tools may be read, accessed, collected, and/or used by others. Social and General Information Tools are governed by their own privacy policies and are not covered by this Privacy Policy.


Online identity theft and account hacking, including the practice currently known as "phishing", are of great concern. You should always be careful when you are asked for your account information and should only provide such information in our secure system. We will never request your login information, your credit card information, in a non-secure or unsolicited communication (e-mail, phone or otherwise.

Aggregate Information & Non-Identifying Information

We may share aggregated information that does not include any Personal Information with third parties for purposes, including but not limited to industry analysis, research, business transactions, and/or public relations. We will not sell or disclose any Personal Information or information that can be identified as coming from you.


The Platform may contain links to other websites, services or offers which are owned, operated or maintained by third parties. If you click on a third-party link, you will be directed to that third-party website or service. The fact that we link to a website or service is not an endorsement, authorization or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not have control over third party websites and services, or their privacy policies and terms of use.

Transfer of Business

We may sell or transfer some or all of our assets, including your Personal Information, in connection with a merger, acquisition, consolidation, joint venture, reorganization, and/or sale of assets. Such transactions would be covered by a confidentiality agreement.

Service Providers

We may employ third party companies or individuals to perform certain tasks which are related to the Platform or to provide audit, legal, operational or other services for us. These tasks include, but not limited to, customer service, technical maintenance, monitoring, email management and communication, database management, billing and payment processing, reporting and analytics. When needed we may disclose information, including Personal Information, to such third parties but we will try to limit the Personal Information disclosed to the minimum necessary to perform their task. All service providers are required to comply with HIPAA law (45 CFR Part 160 and 164) and acknowledge that responsibility by signing a business associate agreement.

International Transfer

Your information may be transferred to, and maintained on, computers located outside of your state, province, country and/or other governmental jurisdiction where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, we may transfer Personal Information to the United States and processes it there. If you are located in the United States and choose to provide information to us, we may also transfer some Personal Information outside of the US and processes it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to such transfers.

Compliance with Laws and Law Enforcement

We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information, including Personal Information, to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process (including but not limited to subpoenas), to protect the property and rights of ourselves or a third party, to protect the safety of the public or any person, or to prevent or stop activity we may consider to be, or to pose a risk of being, illegal, unethical or legally actionable. You should also be aware that Providers may be obliged to disclose information to law enforcement or other authorities to conform to their professional and legal responsibilities. Specifically, and without limitation, you should be aware that the law requires mental health professionals to disclose information and/or take action in the following cases: (a) reported or suspected abuse of a child or vulnerable adult, (b) serious suicidal potential, (c) threatened harm to another person, and/or (d) court-ordered presentation of treatment.


We are concerned about safeguarding your information. The security of your Personal Information is very important to us. Therefore, we employ measures to protect this information from unauthorized access, use, and disclosure. However, the confidentiality of any communication transmitted through the Platform or stored with us cannot be guaranteed. Please remember that no method of electronic transmission over the Internet or method of storage can be 100% secure. You acknowledge and agree that you share and transmit the information at your own risk, as further detailed in our terms of use. If you have reason to believe that there has been of security, including but limited to "hacking" to your account, you must notify us immediately.

Company Communications

Personally identifiable information (such as your name, email address, and/or other demographic information) that you voluntarily give to us when you register as a practitioner for our software products (or demos) might be used for company communications. Company communications are not sent to care recipients or users of our software products, with exceptions described in the aforementioned “Platform Privacy” and/or “Rights Regarding Healthcare Records” policy sections. You are under no obligation to provide us with any information of any kind. However, your refusal to do so may prevent you from using certain features of our site and/or obtain company communications. To opt-out of receiving all company communications, please contact

Changes to the Privacy Policy

We may update this privacy statement at our sole discretion. The date of the last revision of this policy appears at the end of this page. We encourage you to periodically review this page for the latest information on our privacy policy and to carefully review updates. We will make best efforts to inform Providers and Users of changes to this Privacy Policy. By accessing and using our Platform you affirm that you accept the current Privacy Policy.

Contacting us

If you have any questions or concerns about this Privacy Policy or our privacy-related practices, please contact us by clicking the Contact link at the bottom of any page in our website or by emailing

Updated: October 31, 2023

See How our Pricing Compares to the Competition

ONC Certified
Drummond Logo
HIPAA Compliant
EMR Direct Logo
CarePaths is Direct-Ready
Security Metrics Credit Card Safe