Notice of Privacy Policies

NOTICE OF PRIVACY PRACTICES/HIPAA

This notice will describe the ways I may collect, use, and disclose client personal health information (PHI), and certain rights and responsibilities we have regarding the use and disclosure of PHI in this practice under the Health Insurance Portability & Accountability Act of 1996 (HIPAA), state & federal law, and best practice recommendations.

I reserve the right to update and change the terms of this Notice, and such changes will apply to all information I have about clients. The new Notice will be available upon request, in my office, and electronically.

MY PLEDGE REGARDING PROTECTED HEALTH INFORMATION (PHI)

I understand that information about clients and their health care is private and I am committed to protecting it. I create a record of the services clients receive from me, and correspondence related to their treatment, to comply with certain legal and ethical standards of mental health care: typically brief contact and progress notes, scheduling information, treatment plans, billing statements, releases, authorizations, dates of service, others involved in clients' care, and a discharge note at the end of treatment. I use an electronic medical record (EMR), Therapy Notes, Apple products, and Google for electronic communication, and Square for credit card processing, all of which have privacy policies as well. I am the sole proprietor of my business. I will never sell client PHI, nor use it for marketing purposes without written authorization. I will let clients know promptly if a breach occurs that may have compromised the privacy or security of PHI. I typically use or share clients' PHI only to schedule, treat, and bill for services, but other situations, some of which are outlined below, may arise. I am required by law to:

Make sure that PHI that identifies clients is accurate and kept private to the best of my ability.
Give clients this notice of my legal duties and privacy practices with respect to PHI.
Follow the terms of the notice that is currently in effect.

CERTAIN USES AND DISCLOSURES OF PHI REQUIRE CLIENT AUTHORIZATION

Written authorization will be requested upon intake and ongoing, as applicable, for the following purposes:

Processing payment.
Planned instances of involving others in treatment (family, other health providers, case managers, etc).
Having an emergency contact on file.
Release of records that are not court ordered.
For voluntary participation in research.

CERTAIN USES AND DISCLOSURES DO NOT REQUIRE CLIENT AUTHORIZATION

Although my preference is to obtain an authorization in most instances, subject to certain limitations in the law, PHI may be accessed without authorization for the following reasons:

When disclosure is required by state or federal law.
For public health activities, including reporting suspected child, elder, or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety.
For health care and provider oversight activities, including audits, investigations, and provider counsel.
For judicial and administrative proceedings, such as responding to, or complying with, a court order.
For law enforcement purposes, including reporting crimes or concerns occurring on the premises.
To coroners or medical examiners, when such individuals are performing duties authorized by law.
For research purposes, when PHI is de-identified, in accordance with 45 CFR 164.502(d), and 164.514(a)-(c) of the Rule.
For provider supervision & training, in accordance to best practices, when PHI is de-identified.
Specialized government functions, including, ensuring the proper execution of military missions; conducting intelligence or counter-intelligence operations; or, helping to ensure the safety of those working within or housed in correctional institutions.
For workers’ compensation proceedings.

CLIENTS HAVE RIGHTS WITH RESPECT TO THEIR PHI

I may consider & provide a response within 30 days of receiving a request and proper authorization, may charge a reasonable fee, and reserve the right to limit information in certain instances. Client PHI will remain on file for 10 years, or as legally required.

The right to ask me not to use or disclose certain PHI for treatment, payment, or health care operations purposes.
The right to request involvement, or to not involve, others in their care. I reserve the right to use professional discretion if asked to involve others in treatment who appear to be potentially, or have reportedly been, unsafe, abusive, or otherwise unsupportive of a client's consent to treatment and goals.
The right to pay for services out of pocket in full and request that I not bill, or otherwise release PHI, to their health insurance company.
The right to request to be contacted in a specific way (phone/text/e-mail/postal mail), and make changes to that information as needed. These request may be made verbally, in writing, by action, or, in some cases, through the Client Portal. While I take reasonable steps to protect PHI, I can not guarantee that information will remain confidential once it has been released.
The right to request an electronic or paper copy of PHI created in this practice. I reserve the right to provide a Treatment Summary in lieu of records per T.C.A. §§ 4-5-202, 63-2-101 and 63-2-102.
The right to request a list of instances in which I have disclosed PHI regarding treatment, payment, or health care operations.
The right to request that PHI be updated, added, or, if believed to be in error, corrected.
The Right to file a complaint if they feel their rights have been violated. Letters of complaint may be sent to the US Department of Health and Human Services Office for Civil Rights, 200 Independence Ave, SW, Washington, DC 20201, calling 1-877-696-6775, or visiting www.hhs.gov/orc/privacy/hippa/complaints/.
The Right to Get a Paper or Electronic Copy of this Notice.

For more information: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

https://www.gpo.gov/fdsys/pkg/CFR-2003-title45-vol1/xml/CFR-2003-title45-vol1-sec164-508.xml