Book Consultation

  • 450 E. 22nd Street,
    Ste. 158,
    Lombard, IL 60148 United States

Book Consultation

Privacy & Policy

Confidentiality & Privacy Policy

The law protects the relationship between a client and a psychotherapist, and information cannot be disclosed without written permission.

Exceptions include:

  • Suspected child abuse or dependant adult or elder abuse, for which we are required by law to report this to the appropriate authorities immediately.
  • If a client is threatening serious bodily harm to another person/s, we must notify the police and inform the intended victim.
  • If a client intends to harm himself or herself, we will make every effort to enlist their cooperation in ensuring their safety. If they do not cooperate, we will take further measures without their permission that are provided to us by law in order to ensure their safety.

Privacy Policy

Effective Date: January 1, 2026 

Madrigal Consulting & Counseling, LLP (“we,” “us,” or “our”) is a psychological and  behavioral counseling practice located in Illinois. We are committed to protecting the privacy and  confidentiality of your personal and health information. This Privacy Policy describes how we  collect, use, disclose, and safeguard your information when you receive services from us or  interact with us, including through our phone and text messaging services powered by  Phone.com. Where applicable, we comply with the Health Insurance Portability and  Accountability Act (“HIPAA”) and relevant Illinois laws. 

1. Information We Collect 

We may collect the following categories of information about you when you seek or receive  services, contact us, or otherwise interact with our practice: 

• Identifying information: Name, date of birth, address, phone number, email address,  emergency contact information, and other contact details. 

• Health information (Protected Health Information or PHI): Mental health history,  diagnoses, treatment plans, session notes, medications, and other information related to  your care. 

• Insurance and financial information: Health insurance details, policy numbers, billing  records, and payment history. 

• Appointment and scheduling information: Dates and times of appointments, preferred  contact methods, and attendance history. 

• Communications with us: Messages you send via phone, voicemail, text message (SMS),  or email (where appropriate), including limited information that may be included in text  messages. 

• Website and technical data (if applicable): If we operate a website or online services, we  may collect IP address, general location, device identifiers, and usage data. 

2. How We Use Your Information 

We use your information as permitted by law, including HIPAA, primarily for treatment,  payment, and health care operations (“TPO”), as well as for other purposes with your  authorization or as allowed or required by law. 

a. Treatment 

We use your information to provide, coordinate, and manage counseling and related  services, including: 

• Assessing your needs and developing a treatment plan. 

• Communicating with you about your treatment and appointments. 

• Consulting with other providers involved in your care (with your consent where  required).

b. Payment 

We use your information to obtain payment for the services we provide, including: 

• Verifying insurance coverage and eligibility. 

• Submitting claims to your insurance carrier or other payors. 

• Billing you directly and processing payments or refunds. 

c. Health Care Operations 

We use your information for internal operations, such as: 

• Quality assessment and improvement activities. 

• Supervisory, training, and clinical consultation (with appropriate safeguards). • Licensing, accreditation, auditing, and compliance activities. 

• Practice management and general administrative functions. 

d. Communications (including SMS/Phone.com) 

We use your contact information to communicate with you about your care and our  services, including through phone calls, voicemail, and text messaging via our third-party  communications provider, Phone.com. 

Specifically: 

• We may use Phone.com to send and receive non-emergency, primarily administrative  text messages, such as appointment reminders, scheduling updates, brief logistical  messages, and practice announcements. 

• Text messages may include your name, appointment date/time, and our practice  contact information. We work to limit PHI in text messages and ask that you do not  send detailed clinical information (for example, symptoms, full histories, or crisis  information) by text. 

• You may opt in to receive text messages and may opt out at any time by following the  instructions we provide (for example, replying “STOP”) or by contacting us directly. As a HIPAA-covered entity, we treat Phone.com as a Business Associate when it  handles PHI on our behalf. Phone.com is subject to a Business Associate Agreement  that requires it to protect PHI and maintain appropriate privacy and security  safeguards consistent with HIPAA. 

e. Other Uses Permitted or Required by Law 

We may also use your information: 

• To contact you with information about treatment alternatives or health-related  services that may be of interest to you, as permitted by law. 

• To manage our practice, maintain legal and regulatory compliance, and respond to  audits or quality concerns. 

• For other purposes disclosed to you at the time of collection, with your authorization  as needed.

We will obtain your written authorization before using or disclosing your information for  marketing (as defined by HIPAA), sale of PHI, or other purposes requiring authorization.  You may revoke that authorization at any time in writing, except to the extent we have  already relied on it. 

3. Disclosure of Your Information 

We may disclose your information as described below or as otherwise permitted or required by  law. We use or disclose the minimum necessary information required for that purpose. 

a. Disclosures for Treatment, Payment, and Health Care Operations 

We may disclose your information: 

• To other health care providers involved in your treatment for consultation,  coordination of care, or referrals. 

• To your health plan or insurer for payment, authorization, or case management. • Within Madrigal Consulting & Counseling, LLP to staff and contractors who need the  information to assist with treatment, billing, scheduling, and operations. 

b. Disclosures to Business Associates (including Phone.com) 

We may disclose PHI to third-party vendors (Business Associates) who perform services  on our behalf and require access to PHI. These may include billing services, IT and  security providers, electronic record or portal providers (if used), and Phone.com for phone and SMS communications. 

Phone.com may receive and store your phone number, call metadata (date, time,  duration), voicemail content, and text message content that you or we send through our  practice phone numbers. 

c. Disclosures to You or Your Personal Representative 

We may disclose your information to you or to a personal representative who is legally  authorized to act on your behalf, consistent with applicable law. 

d. Disclosures Required by Law 

We may disclose your information when required by federal, state, or local law, including  Illinois law, such as: 

• Reporting suspected abuse, neglect, or exploitation. 

• Responding to court orders, subpoenas, or other lawful processes where appropriately  authorized. 

• Reporting to governmental authorities for public health or law enforcement purposes  as allowed by HIPAA and Illinois statutes. 

e. Public Health and Safety 

We may disclose information to authorized entities for public health activities, including:

• Reporting certain diseases or conditions. 

• Notifying individuals of potential exposure to communicable disease. 

• Preventing or reducing a serious and imminent threat to the health or safety of a  person or the public, consistent with ethical and legal standards. 

f. Health Oversight Activities 

We may disclose information to health oversight agencies for activities authorized by law,  including audits, investigations, inspections, licensure, and disciplinary actions. 

g. Judicial and Administrative Proceedings 

We may disclose information in response to court or administrative orders, or, in certain  cases, in response to subpoenas, discovery requests, or other lawful processes, subject to  the protections required by HIPAA and Illinois law. 

h. Law Enforcement 

We may disclose information to law enforcement officials in limited circumstances, such  as to comply with reporting obligations, locate or identify a suspect, or respond to a crime  occurring on our premises, where permitted by law. 

i. Other Uses and Disclosures with Your Authorization 

Uses and disclosures not described in this Privacy Policy or in applicable law will be  made only with your written authorization. You may revoke such authorization at any  time in writing, except to the extent we have already acted in reliance on it. 

4. Communications 

We may communicate with you in various ways about your care, scheduling, and our services,  including in person, by mail, by telephone, by voicemail, by text message (SMS) via Phone.com,  and, if available, by secure electronic means. 

a. Phone and Voicemail 

We may call you to confirm or reschedule appointments, discuss billing or insurance  matters, or address clinically appropriate concerns. If we are unable to reach you, we may  leave a voicemail at the numbers you have provided, subject to any communication  preferences you have requested. 

b. Text Messaging (SMS) via Phone.com 

We offer the option to receive limited, non-emergency text messages related to your care,  such as: 

• Appointment reminders and confirmations. 

• Scheduling updates or brief logistical messages (for example, clinician running  late, office closures). 

• Administrative follow-up messages (for example, instructions to call the office). Important details about SMS:

• SMS messaging is provided through Phone.com, our third-party communications  provider. Phone.com processes and stores text messages and related metadata as  our Business Associate under HIPAA. 

• We strive to minimize PHI in text messages. Typically, messages include your  name, appointment date/time, and our practice contact details. 

• We ask that you do not send detailed clinical or diagnostic information by text. If  you choose to send such information, it may be stored in Phone.com’s system as  part of your communications history. 

• SMS is not appropriate for emergencies or urgent clinical matters. In an  emergency, call 911 or your local emergency number, or go to the nearest  emergency room. For urgent but non-emergency matters, please call our office  instead of texting. 

• By opting in to SMS, you acknowledge that text messaging may carry some  privacy and security risks (for example, messages visible on your phone’s lock  screen or accessible to someone who has your device). 

You may opt out of SMS communications at any time by following the instructions in our  messages (such as replying “STOP”) or by contacting our office directly. Opting out of  SMS will not affect your ability to receive services; we will use other communication  methods as appropriate. 

No mobile cellular information will be shared with third parties/affiliates for  marketing/promotional purposes. All the above categories exclude text messaging  originator opt-in data and consent; this information will not be shared with any third  parties. You can opt out at any time by replying “STOP”. Message and data rates may  apply. 

c. Email and Secure Electronic Communication 

If we use email or any online platform (such as a secure portal or secure messaging  system) for communication, we will describe the available options and any associated  risks. Standard email may be used for limited purposes with your informed consent,  understanding that it may carry additional security risks. 

d. Communication Preferences 

You may inform us of your preferred contact methods and any restrictions you wish to  place on how and where we contact you (for example, “Do not leave voicemail at work,”  or “Use text only for reminders”). We will make reasonable efforts to honor your  preferences consistent with legal and operational requirements. 

5. How We Protect Your Information 

We use administrative, physical, and technical safeguards designed to protect your information  from unauthorized access, use, or disclosure. 

These safeguards may include: 

• Securing paper and electronic records in controlled areas. 

• Role-based access controls and authentication for systems containing PHI. • Encryption for data in transit and at rest where appropriate, including within  communications and record systems. 

• Staff training on privacy and security responsibilities. 

• Policies, procedures, and auditing to support compliance and respond to potential  incidents. 

If a breach of unsecured PHI occurs, we will notify you and any applicable authorities as  required by law. 

6. Your Privacy Rights 

Under HIPAA and Illinois law, you may have certain rights regarding your information,  including the right to: 

• Access and obtain a copy of your health information, subject to limited exceptions. • Request amendments to information you believe is incorrect or incomplete. • Request restrictions on certain uses or disclosures of your information (though we are not  always required to agree). 

• Request confidential communications, such as specifying an address or phone number  where we may contact you. 

• Obtain an accounting of certain disclosures of your PHI. 

• Receive a paper or electronic copy of this Privacy Policy upon request. 

To exercise any of these rights, please contact us using the information below. We may require  your request in writing and may charge a reasonable fee for copies, as permitted by law. 

7. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, legal  requirements, or technology. The Effective Date at the top of this notice indicates the last  revision date. When we make material changes, we will post the updated notice and, where  required, provide additional notice. 

Your continued use of our services after changes become effective indicates your acceptance of  the updated Privacy Policy. 

8. Contact Us 

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or have  concerns about our privacy practices, please contact: 

Madrigal Consulting & Counseling, LLP 

450 E. 22nd Street/Ste 158

Lombard, Illinois 60148 

Phone: 630-474-3900

Fax: 630-474-3903

Email: [email protected]

Lombard

450 E. 22nd Street,
Ste. 158,
Lombard, IL 60148

(630) 474-3900

Shorewood

220 Channahon Street,
Shorewood, IL 60404

San Antonio

15150 Blanco Road,
San Antonio, TX 78232

Contact Us Today

!
!
!

Please do not submit any Protected Health Information (PHI).

Hours of Operation

Monday  

9:00 am - 8:00 pm

Tuesday  

9:00 am - 8:00 pm

Wednesday  

9:00 am - 8:00 pm

Thursday  

9:00 am - 8:00 pm

Friday  

9:00 am - 8:00 pm

Saturday  

9:00 am - 8:00 pm

Sunday  

9:00 am - 8:00 pm

450 E 22nd Street, Suite 158, Lombard, IL 60148

220 Channahon Street, Shorewood, IL 60404

15150 Blanco Road, San Antonio, TX 78232

(630) 474-3900

[email protected]