Privacy Policy (HIPAA & GDPR Compliant)

Practice Name: Parker Bowling, LLC
Contact Information: James Parker Bowling

Address: 3234 Todds Point Road, Simpsonville, Kentucky 40067, USA

Email: parker@parkerbowling.com
Data Controller (GDPR): Parker Bowling, LLC
HIPAA Covered Entity: Parker Bowling, LLC
Data Protection Officer / HIPAA Privacy Officer: James Parker Bowling. Email: parker@parkerbowling.com

1. Introduction

This Privacy Policy explains how I, James Parker Bowling of Parker Bowling, LLC, as a licensed psychotherapist, collect, use, and protect your personal health information in compliance with both:

• The Health Insurance Portability and Accountability Act (HIPAA) for US clients

• The General Data Protection Regulation (GDPR) for clients in the UK and European Union

By using my services, you acknowledge that you have read and understood this policy.

2. Information I Collect

I may collect:

• Personal details (name, date of birth, contact information, emergency contact and other information in informed consent paperwork)
  

• Health and mental health information relevant to therapy, counseling and any other services
  

• Session notes and clinical records
  

• Responses to online forms, assessments or evaluations

3. How I Use Your Information

Your information is used to:

• Provide psychotherapy, counseling and other mental health and wellbeing services as agreed upon
  

• Maintain accurate health records as required by law and professional ethics
  

• Communicate with you about appointments, emergencies, or service-related matters
  

• Fulfill legal, regulatory, and insurance obligations

4. Lawful Basis for Processing (GDPR)

For UK/EU clients, I rely on the following lawful bases:

• Provision of health care services (GDPR Art. 6(1)(b), Art. 9(2)(h))
  

• Legal obligations (GDPR Art. 6(1)(c))
  

• Explicit consent for telehealth and electronic communication (GDPR Art. 6(1)(a))

5. HIPAA Uses and Disclosures

For US clients, HIPAA permits me to use or disclose your Protected Health Information (PHI) for:

• Treatment – to provide, coordinate, or manage your care
  

• Payment – to bill and receive payment for services
  

• Health Care Operations – for practice management, quality improvement, or compliance
  

• When required by law – e.g., safeguarding, risk of harm, legal proceedings

• I will not use or disclose your PHI for other purposes without your written authorization.

6. Sharing of Data

I may share your data only when necessary and only with:

• IT/telehealth providers acting as data processors/business associates, bound by confidentiality agreements
  

• Legal, insurance, or regulatory authorities when required by law
  

• Emergency services if there is a serious and imminent risk of harm
  

• Third parties only with your explicit written consent

7. International Data Transfers (GDPR)

Because Parker Bowling, LLC is legally based in the United States, your data may be transferred outside the EU/UK.

• Transfers will be made only to platforms/providers with GDPR-compliant safeguards (e.g., Standard Contractual Clauses, UK adequacy decisions).
  

• You may request further details on these safeguards.

8. Data Retention

• Clinical psychotherapy records are stored for 7 years after therapy ends, or longer if required by law

• After this period, records will be securely destroyed.

• Other types of voluntarily provided data will be retained for as long as is necessary to fulfill agreed upon services; please notify the data protection officer if you would like any type of data securely destroyed.

9. Security

I use strict technical and organizational measures to protect your data, including:

• Encrypted, password-protected storage systems
  

• Telehealth platforms with end-to-end encryption
  

• Limited access to records on a need-to-know basis

10. Your Rights (GDPR)

If you are a UK/EU client, you have the right to:

• Access your data
  

• Request correction of inaccurate data
  

• Request erasure of your data (where legally possible)
  

• Restrict or object to processing
  

• Data portability (transfer of your data)
  

• Withdraw consent at any time (without affecting prior lawful processing)
  

• Lodge a complaint with your national Data Protection Authority (e.g., ICO in the UK)

11. Your Rights (HIPAA)

If you are a US client, you have the right to:

• Request access to your medical record

• Request an amendment to your record if you believe it is inaccurate

• Receive an accounting of disclosures of your PHI
  

• Request restrictions on how your PHI is used or shared
  

• Request confidential communications (e.g., email vs. phone)
  

• Receive a paper copy of this Privacy Policy at any time

12. Supervisory Authorities

• UK Clients: Information Commissioner’s Office (ICO) – www.ico.org.uk
  

• EU Clients: Your national Data Protection Authority – https://edpb.europa.eu/about-edpb/about-edpb/members_en
  

• US Clients (HIPAA): You may file a complaint with the US Department of Health & Human Services, Office for Civil Rights – www.hhs.gov/ocr

13. Updates to This Policy

This Privacy Policy may be updated to reflect legal or practice changes. You will be notified of any significant updates.

14. Contact

For questions, concerns, or to exercise your rights under GDPR or HIPAA, please contact:

James Parker Bowling

Parker Bowling LLC

parker@parkerbowling.com

3234 Todds Point Road

Simpsonville, KY 40067, USA