PRIVACY POLICY
The Rose Colored Couch
Dr. Najwa Mohamed, PsyD — Licensed Clinical Psychologist
Effective Date: February 17, 2026
Last Updated: February 17, 2026
1520 Belle View Blvd, Suite #5688
Alexandria, VA 22307
Website: www.therosecoloredcouch.com
Email: najwa.mohamed@therosecoloredcouch.com
---------------------------------------------------------------
INTRODUCTION
The Rose Colored Couch ("we," "us," "our," or "the Practice"), operated by Dr. Najwa Mohamed, PsyD, is committed to protecting the privacy and confidentiality of all individuals who visit our website, inquire about services, or receive therapy through our practice. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you interact with us through our website (www.therosecoloredcouch.com), email, phone, telehealth sessions, or any other communication channel.
We comply with all applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act (HIPAA), Virginia state privacy regulations, and the Psychology Interjurisdictional Compact (PSYPACT) requirements for interstate telehealth services. Because we provide virtual therapy to clients across multiple states through PSYPACT, additional state-specific privacy protections may apply depending on your location.
By using our website, contacting us, or engaging in therapy services with The Rose Colored Couch, you acknowledge that you have read and understood this Privacy Policy. If you have questions or concerns about your privacy, please contact us using the information provided at the end of this document.
---------------------------------------------------------------
INFORMATION WE COLLECT
We collect personal information in several categories depending on your interaction with our practice.
Personal Identifying Information: This includes your full name, email address, phone number, mailing address, date of birth, and emergency contact information. We collect this information when you reach out to schedule a consultation, fill out intake forms, or otherwise communicate with us.
Health and Clinical Information: As a psychotherapy practice, we collect sensitive health information necessary for providing clinical care. This includes your mental health history, current symptoms and concerns, therapy session notes, treatment plans, diagnoses, assessment results, and any other information you share during the course of treatment. This information is classified as Protected Health Information (PHI) under HIPAA.
Payment and Insurance Information: We collect payment details including credit or debit card information, insurance policy numbers, and billing addresses. If you use insurance (Aetna, Sentara, or Anthem), we collect the information necessary to process your claims. For clients using out-of-network benefits, we collect the information needed to generate a superbill.
Website and Communication Data: When you visit our website, we may automatically collect certain technical data such as your IP address, browser type, device type, pages viewed, time spent on pages, and referring URLs. This information is collected through cookies, analytics tools, and similar technologies as described in the Cookies and Tracking section of this policy.
Email Marketing Information: If you sign up for our free guide ("Breaking the Cycle of Overthinking") or subscribe to our mailing list through our email marketing platform (Flodesk), we collect your name and email address. This information is used solely for sending you the requested content and, if you opt in, periodic communications related to our services and resources.
Contact Form Submissions: When you submit an inquiry through our website contact form, we collect your name, email address, and the content of your message.
---------------------------------------------------------------
HOW WE COLLECT YOUR INFORMATION
We collect information through the following methods.
Website Forms: Our website includes a contact form where you can submit your name, email address, and a message to inquire about services or ask questions.
Direct Communication: We collect information when you contact us via email, phone, or video call, including during initial consultations and ongoing therapy sessions.
Telehealth Platform: All therapy sessions are conducted virtually through a secure, HIPAA-compliant telehealth platform. Your session data, including audio and video, is transmitted through encrypted channels.
Intake and Consent Forms: Before beginning therapy, you complete intake documents that gather your personal, medical, and insurance information.
Payment Processing: Payment information is collected at the time of service through our secure online payment system.
Email Marketing Platform: If you choose to download our free guide or subscribe to updates, your email information is collected through Flodesk, our third-party email marketing service.
Cookies and Analytics: Our website uses cookies and analytics tools to gather non-identifiable data about website usage. See the Cookies and Tracking section below for details.
Website Platform: Our website is hosted on the Duda platform, which may collect standard server logs and website usage data.
---------------------------------------------------------------
WHY WE COLLECT YOUR INFORMATION
We collect and use your personal information for the following purposes.
Providing Clinical Services: Your health and personal information is essential for providing safe, effective therapy services. We use this data to conduct assessments, develop treatment plans, deliver therapy sessions, track your progress, and coordinate care when clinically appropriate.
Appointment Management: We use your contact information to schedule, confirm, reschedule, or cancel appointments and to send appointment reminders.
Communication: We use your contact information to respond to inquiries, follow up on consultations, and maintain contact during the course of treatment.
Payment and Billing: We use your financial and insurance information to process payments, submit insurance claims, provide superbills for out-of-network reimbursement, and manage billing records.
Legal and Regulatory Compliance: We may use and retain your information as required by federal and state laws, including HIPAA, Virginia Board of Psychology regulations, and PSYPACT requirements.
Marketing and Education: If you opt in, we use your email address to send educational content, practice updates, new resources, and information about services. You may opt out of marketing emails at any time by clicking the unsubscribe link in any email or by contacting us directly.
Website Improvement: We use non-identifiable website data to analyze how visitors interact with our site, improve user experience, and optimize content.
---------------------------------------------------------------
WHO WE SHARE YOUR INFORMATION WITH
We take your privacy seriously and limit sharing of your information to what is necessary and permitted by law. We may share your information with the following parties.
Insurance Companies: If you use insurance (Aetna, Sentara, or Anthem), we share the minimum necessary information required to process and submit claims, including your diagnosis, dates of service, and treatment codes.
Payment Processors: We use a secure, third-party online payment processor to handle credit card and debit card transactions. Your full payment card details are processed directly by this service and are not stored on our systems.
Telehealth Platform Provider: Our HIPAA-compliant telehealth platform facilitates virtual sessions. This provider has signed a Business Associate Agreement (BAA) and is required to protect your information in accordance with HIPAA.
Email Marketing Service: If you subscribe to our mailing list or download our free guide, your name and email are shared with Flodesk, our email marketing provider, solely for the purpose of delivering the content you requested and any communications you have opted into.
Website Hosting Provider: Our website is hosted on the Duda platform, which may process standard technical data associated with your website visit.
Professional Consultants: In some cases, we may consult with other licensed professionals to ensure quality care. When this occurs, your identifying information is removed or minimized to protect your privacy.
Legal Requirements: We may disclose your information when required by law, court order, subpoena, or government regulation. This includes mandatory reporting obligations such as suspected child abuse or neglect, suspected elder or dependent adult abuse, threats of serious harm to yourself or others, and court-ordered disclosures.
With Your Written Consent: We may share your information with other healthcare providers, family members, or other individuals only when you have provided written authorization. You may revoke this authorization at any time in writing.
We do not sell, rent, or trade your personal information to third parties for marketing or commercial purposes.
---------------------------------------------------------------
HOW LONG WE RETAIN YOUR INFORMATION
We retain your information in accordance with applicable laws and professional standards.
Clinical Records: Therapy records, including session notes, treatment plans, assessments, and related clinical documentation, are retained for a minimum of seven (7) years following the date of your last session, or longer if required by Virginia law, PSYPACT regulations, or other applicable state laws. For minor clients, records are retained for at least seven (7) years after the client reaches the age of eighteen (18).
Financial and Billing Records: Payment and billing information is retained for a minimum of seven (7) years to comply with tax and financial regulations.
Website and Marketing Data: Data collected through website analytics and email marketing is retained for as long as it serves a legitimate business purpose or until you request its deletion.
Contact Form Submissions: Information submitted through our website contact form is retained for the duration needed to respond to your inquiry and is then stored securely or deleted in accordance with our data management practices.
When retention periods expire, your information is securely destroyed or de-identified so it can no longer be linked to you.
---------------------------------------------------------------
HOW WE PROTECT YOUR INFORMATION
We implement multiple safeguards to protect your personal information from unauthorized access, use, or disclosure.
Encryption: All data transmitted through our website, telehealth platform, and payment systems is protected using industry-standard encryption (SSL/TLS). Stored data is also encrypted at rest where applicable.
Access Controls: Access to client records and personal information is restricted to authorized personnel only. Dr. Mohamed maintains strict control over who can access your information.
Secure Telehealth Platform: All virtual sessions are conducted through a HIPAA-compliant, encrypted telehealth platform. This platform has executed a Business Associate Agreement (BAA) with our practice.
Secure Payment Processing: Payment card information is processed through a PCI-DSS compliant payment system and is not stored on our servers.
Staff Training: All individuals who may have access to client information are trained on HIPAA privacy and security requirements and are bound by confidentiality obligations.
Physical and Administrative Safeguards: As a fully virtual practice, we maintain strict administrative safeguards including secure passwords, multi-factor authentication, regular software updates, and secure destruction of obsolete records.
Data Breach Procedures: In the event of a data breach that compromises your personal information, we will follow the notification procedures described below.
---------------------------------------------------------------
DATA BREACH NOTIFICATION
In the event of a breach of unsecured Protected Health Information (PHI), we will comply with the HIPAA Breach Notification Rule and any applicable state breach notification laws.
If a breach occurs that affects your personal information, we will notify you in writing without unreasonable delay and no later than sixty (60) days from the date we discover the breach. The notification will include a description of the breach, the types of information involved, the steps we are taking to investigate and mitigate the breach, steps you can take to protect yourself, and contact information for follow-up questions.
If the breach affects more than 500 individuals, we will also notify the U.S. Department of Health and Human Services (HHS) and, where required, local media outlets. For breaches affecting fewer than 500 individuals, we will log the breach and report it to HHS annually as required by law.
---------------------------------------------------------------
YOUR RIGHTS
As a client or website visitor, you have the following rights regarding your personal information.
Right to Access: You have the right to request and receive a copy of your clinical records and other personal information we maintain about you. We will respond to your request within thirty (30) days. A reasonable fee may be charged for copying and mailing.
Right to Amend: If you believe that information in your record is inaccurate or incomplete, you have the right to request an amendment. We will review your request and respond within sixty (60) days. If we deny the request, we will provide a written explanation, and you may submit a statement of disagreement to be included in your record.
Right to Restrict Use and Disclosure: You have the right to request restrictions on how we use or disclose your information. While we will consider your request, please note that we are not required to agree to all restrictions. However, if you pay for services out of pocket in full and request that we not share information with your health plan, we are required to honor that restriction.
Right to an Accounting of Disclosures: You have the right to request a list of certain disclosures we have made of your PHI. This does not include disclosures made for treatment, payment, or healthcare operations, or disclosures you authorized in writing.
Right to Receive Confidential Communications: You have the right to request that we communicate with you at a specific phone number, email address, or mailing address. We will accommodate reasonable requests.
Right to a Copy of This Policy: You have the right to request a paper or electronic copy of this Privacy Policy at any time.
Right to Revoke Authorization: If you have previously signed a written authorization allowing us to share your information, you may revoke that authorization at any time in writing. Revocation does not apply to any disclosures already made based on your prior authorization.
Right to File a Complaint: If you believe your privacy rights have been violated, you have the right to file a complaint with our practice or with the U.S. Department of Health and Human Services Office for Civil Rights. You will not be retaliated against for filing a complaint.
To exercise any of these rights, please contact us using the information provided at the end of this policy.
---------------------------------------------------------------
NOTICE OF PRIVACY PRACTICES (HIPAA)
This section serves as our Notice of Privacy Practices as required under the Health Insurance Portability and Accountability Act (HIPAA).
Uses and Disclosures of Protected Health Information (PHI): We may use and disclose your PHI without your written authorization for the following purposes.
Treatment: We use your PHI to provide, coordinate, and manage your therapy and related services. This includes documenting your care in clinical records and, if appropriate, consulting with other providers involved in your treatment.
Payment: We use your PHI to bill and collect payment for services. This may include submitting claims to your insurance company (Aetna, Sentara, or Anthem), providing superbills for out-of-network reimbursement, and verifying coverage.
Healthcare Operations: We may use your PHI for internal activities such as quality improvement, professional training, compliance audits, and business management.
Required by Law: We may disclose your PHI when required to do so by federal, state, or local law.
Public Health and Safety: We may disclose your PHI to prevent a serious and imminent threat to your health or safety or that of others, to report suspected abuse or neglect, or for public health activities as required by law.
All other uses and disclosures of your PHI require your written authorization. Specifically, we will obtain your written permission before using your PHI for marketing purposes (other than face-to-face communications and promotional gifts of nominal value), selling your PHI, or sharing psychotherapy notes (which receive heightened protection under HIPAA).
Your Psychotherapy Notes: Psychotherapy notes (also known as process notes) are kept separate from your medical record and receive special protection under HIPAA. These notes will not be disclosed without your explicit written authorization, except in limited circumstances permitted by law, such as when required by a court order or to defend against a legal claim.
Minimum Necessary Standard: When using or disclosing your PHI, we apply the minimum necessary standard, meaning we only access, use, or share the least amount of information needed to accomplish the intended purpose.
---------------------------------------------------------------
COOKIES AND TRACKING TECHNOLOGIES
Our website (www.therosecoloredcouch.com) uses cookies and similar tracking technologies to improve your experience and analyze website performance.
What Are Cookies: Cookies are small text files stored on your device when you visit a website. They help the site remember information about your visit, such as your preferences and browsing activity.
Types of Cookies We Use:
Essential Cookies — These are necessary for the basic functioning of the website, such as navigation, loading pages, and submitting forms. These cookies do not collect personal information and cannot be disabled without affecting site functionality.
Analytics Cookies — We may use analytics tools to understand how visitors interact with our website, including which pages are visited most often, how long visitors stay, and how they navigate the site. This information is collected in aggregate and does not personally identify you. It is used solely to improve the website experience.
Third-Party Cookies — Some third-party services integrated into our website, such as our email marketing platform (Flodesk) and website hosting provider (Duda), may place their own cookies on your device. These cookies are governed by the respective third party's privacy policy.
Managing Cookies: You can control and manage cookies through your web browser settings. Most browsers allow you to block or delete cookies, set preferences for specific websites, or browse in a private or incognito mode. Please note that disabling essential cookies may affect the functionality of our website.
We do not use cookies or tracking technologies to collect Protected Health Information (PHI), and no clinical or therapy-related data is collected through our website's tracking tools.
Do Not Track: Some browsers offer a "Do Not Track" (DNT) signal. At this time, there is no universal standard for how websites should respond to DNT signals. Our website does not currently respond to DNT signals, but we encourage you to manage your cookie preferences through your browser settings.
---------------------------------------------------------------
ACCESSIBILITY
We are committed to making our website accessible to all visitors, including individuals with disabilities. Our website uses Accessibility by UserWay, a third-party accessibility widget designed to improve the usability of our website for all users.
The UserWay Accessibility Widget provides a range of features that allow visitors to customize their browsing experience, including text resizing to increase or decrease font sizes for improved readability, color contrast adjustments including invert, dark mode, and smart contrast options to enhance visibility, keyboard navigation enhancements for users who navigate without a mouse, screen reader compatibility that provides auditory feedback for on-screen content, dyslexia-friendly fonts with specialized typefaces designed to improve readability, text spacing adjustments for line height and letter spacing, link highlighting to make clickable elements more visible, a reading guide and reading mask to assist with following lines of text, an option to hide images for a text-focused view, cursor size adjustments including a big cursor option, tooltips that display alt text descriptions when hovering over images, and a dictionary feature for in-page word definitions.
The UserWay Accessibility Widget helps our website work toward compliance with the Americans with Disabilities Act (ADA), Web Content Accessibility Guidelines (WCAG 2.1), Section 508, and European EN 301 549 standards.
UserWay does not collect personal information from users interacting with the widget. For more information about UserWay's privacy practices, please visit userway.org.
If you experience any difficulty accessing content on our website or have suggestions for improving accessibility, please contact us at najwa.mohamed@therosecoloredcouch.com. We welcome your feedback and are committed to providing an inclusive experience for all visitors.
---------------------------------------------------------------
EMAIL MARKETING
If you choose to download our free guide ("Breaking the Cycle of Overthinking") or subscribe to our email list, your information will be processed through Flodesk, our third-party email marketing platform.
We use Flodesk to deliver the content you requested and, if you opt in, to send periodic educational content, practice updates, and information about our services. Your email address will not be sold or shared with any other third party for their marketing purposes.
You may unsubscribe from marketing emails at any time by clicking the "unsubscribe" link included at the bottom of every email, or by contacting us directly at najwa.mohamed@therosecoloredcouch.com. Unsubscribing from marketing emails will not affect any clinical communications related to your care.
---------------------------------------------------------------
TELEHEALTH AND VIRTUAL SERVICES
All therapy sessions at The Rose Colored Couch are conducted virtually. We use a secure, HIPAA-compliant telehealth platform to deliver services. This platform uses end-to-end encryption to protect the confidentiality of your sessions.
Through our PSYPACT membership, we are authorized to provide virtual therapy to clients located in any of the 42+ participating states. Regardless of your location, we maintain the same standards of privacy and confidentiality for all clients.
By participating in telehealth services, you acknowledge that while we take every reasonable measure to protect your privacy and confidentiality, no technology is completely immune to risk. We recommend that you participate in sessions from a private location and use a secure internet connection. You are responsible for ensuring the privacy of your environment during sessions.
---------------------------------------------------------------
SOCIAL MEDIA AND EXTERNAL LINKS
Our website may contain links to third-party websites, including social media platforms. Please be aware that we are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party websites you visit.
If you choose to interact with us through social media, please be mindful that these platforms are not HIPAA-compliant. We strongly advise against sharing any personal or health-related information through social media channels. Any information you share publicly on social media is not protected by this Privacy Policy.
We will never disclose your status as a client through social media or any public forum without your explicit written consent.
---------------------------------------------------------------
CHILDREN'S PRIVACY
Our practice specializes in working with adult women ages eighteen (18) and older. We do not knowingly collect personal information from individuals under the age of eighteen (18) through our website. If we become aware that we have inadvertently collected information from a minor through our website, we will take steps to delete that information promptly.
---------------------------------------------------------------
STATE-SPECIFIC PRIVACY RIGHTS
Depending on your state of residence, you may have additional privacy rights under state law. Because we provide services through PSYPACT across multiple states, we comply with the privacy requirements of each state in which we provide services.
Virginia Residents: Under the Virginia Consumer Data Protection Act (VCDPA), Virginia residents have certain rights regarding their personal data, including the right to access, correct, delete, and obtain a copy of their personal data, as well as the right to opt out of the processing of personal data for targeted advertising. Please note that clinical records maintained for treatment purposes are generally exempt from the VCDPA. For questions about your rights under Virginia law, please contact us.
If you reside in a state with specific privacy laws (such as California, Colorado, Connecticut, or others), please contact us to learn more about your rights and how we comply with your state's requirements.
---------------------------------------------------------------
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. When we make changes, we will update the "Last Updated" date at the top of this document.
If we make significant changes to how we use or share your personal information, we will make reasonable efforts to notify you by posting a notice on our website, sending an email to affected clients, or informing you during a scheduled session.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after changes are posted constitutes your acceptance of the updated policy.
---------------------------------------------------------------
CONTACT US
If you have any questions, concerns, or requests related to this Privacy Policy or your personal information, please contact us.
Dr. Najwa Mohamed, PsyD
The Rose Colored Couch
1520 Belle View Blvd, Suite #5688
Alexandria, VA 22307
Email: najwa.mohamed@therosecoloredcouch.com
Website: www.therosecoloredcouch.com
To file a complaint regarding our privacy practices, you may also contact:
U.S. Department of Health and Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, DC 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy/hipaa/complaints
Virginia Board of Psychology
9960 Mayland Drive, Suite 300
Henrico, VA 23233
Phone: (804) 367-4697
Website: www.dhp.virginia.gov/psychology
---------------------------------------------------------------
By using our website or engaging in services with The Rose Colored Couch, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.
---------------------------------------------------------------
