Clearbook
Sign in →

HIPAA Notice of Privacy Practices

This notice describes how Protected Health Information (PHI) about therapy clients may be used and disclosed through Clearbook, and how to protect that information.

Effective date: July 1, 2026

Important: Roles Under HIPAA

The therapist (licensed mental health professional) is the Covered Entity under HIPAA. Clearbook is a Business Associate— a technology vendor that processes PHI on the therapist's behalf. Clients should direct privacy questions to their therapist, not to Clearbook directly.

1. What Is Protected Health Information (PHI)?

PHI is individually identifiable health information — including a client's name, contact details, appointment history, and any notes that link a person to their mental health care. Under HIPAA, PHI is entitled to heightened privacy protection.

2. What Information Clearbook Handles

Through the Clearbook platform, therapists may process the following types of PHI on behalf of their clients:

Clearbook is designed for scheduling and practice management. It is not intended to be used as a clinical record system. Therapists should maintain clinical notes, diagnoses, and treatment plans in a separate, HIPAA-compliant EHR system.

3. How PHI May Be Used and Disclosed

As a Business Associate, Clearbook uses PHI only as directed by the therapist and as permitted by the BAA and applicable law:

Permitted uses:

Required disclosures:

What we will NOT do:

4. Safeguards We Maintain

Clearbook implements HIPAA-required technical, physical, and administrative safeguards:

5. Business Associate Agreement (BAA)

HIPAA requires that Covered Entities have a signed BAA in place with any Business Associate that handles PHI. Clearbook will execute a BAA with any therapist account upon request.

To request a BAA, email getclearbook@gmail.com with the subject line "BAA Request." We will respond within 5 business days.

6. Breach Notification

In the event of a breach of unsecured PHI, Clearbook will notify affected therapists without unreasonable delay and no later than 60 days after discovery, as required by the HIPAA Breach Notification Rule. The notice will include the nature of the breach, the types of PHI involved, steps taken to mitigate harm, and recommended steps for therapists and their clients.

7. Therapist Responsibilities

Therapists using Clearbook remain independently responsible for their HIPAA compliance, including:

8. Clients' Right to Access Their Information

Under HIPAA, clients have the right to access PHI held by their therapist (the Covered Entity). Because Clearbook is a Business Associate, client access requests should be directed to the therapist. Therapists must respond to such requests in accordance with HIPAA's access rules.

If a client needs help identifying which therapist to contact, they may email getclearbook@gmail.com and we will assist in directing their request appropriately.

9. Retention and Deletion

Clearbook retains PHI for the duration of the therapist's account and for up to 7 years after account closure, consistent with common healthcare record-retention standards. Therapists may request deletion of specific records, subject to applicable legal retention requirements.

10. Changes to This Notice

We may update this HIPAA Notice of Privacy Practices. Material changes will be communicated by email. The current version is always available at useclearbook.app/hipaa.

11. Contact

HIPAA questions, BAA requests, or suspected incidents: email getclearbook@gmail.com.