Privacy Practices

HIPAA Notice of Privacy Practices

This notice describes how psychological and medical information about you may be used and disclosed and how you can get access to this information.

Please review the below carefully and completely.

HIPAA Notice of Privacy Practices

This notice describes how psychological and medical information about you may be used and disclosed and how you can get access to this information.

Please review the below carefully and completely.

I. Uses and Disclosures Not Requiring Your Authorization

Your Provider may use or disclose your protected health information (PHI) for certain treatment, payment, and operational purposes without your consent or authorization. These disclosures require written assurances regarding confidentiality from the requesting party. Key terms include:

  • PHI: Protected Health Information in your record that can identify you.
  • Use: Activities involving PHI within the Provider’s organization.
  • Disclosure: PHI shared outside the Provider’s organization.
  • Authorization: Your written permission to release PHI.
  • Treatment: Coordination or management of your health care.
  • Payment: Activities to obtain payment for services.
  • Health Care Operations: Internal activities supporting treatment and payment.

II. Uses and Disclosures Requiring Your Authorization

Your Provider must obtain your explicit permission to disclose PHI for purposes beyond treatment, payment, or health care operations. Special authorizations are required for:

  • Psychotherapy Notes: Informal notes from counseling sessions (see definition).
  • HIV/AIDS Information: Requires written consent due to heightened protections.
  • Alcohol/Drug Use Information: Protected under 42 CFR Part 2.

You may revoke authorizations in writing at any time.

III. Uses and Disclosures Requiring Neither Your Consent Nor Authorization

PHI may be used/disclosed without your authorization in these cases:

  • Child Abuse: Mandatory reporting of suspected abuse or neglect.
  • Elder/Dependent Adult Abuse: Reporting required unless specific clinical exceptions apply.
  • Health Oversight: Compliance with regulatory investigations.
  • Judicial/Administrative Proceedings: Disclosure permitted with proper legal process.
  • Serious Threat: To prevent imminent harm to self or others.
  • Workers’ Compensation: To comply with applicable laws.

Learn more at HHS.gov HIPAA Disclosures.

IV. Patient’s Rights and Provider’s Duties

Patient’s Rights:

  • Request Restrictions on uses/disclosures.
  • Confidential Communications: Request alternative methods or locations.
  • Inspect and Copy PHI: View or obtain your health records.
  • Amend PHI: Request corrections.
  • Accounting of Disclosures: Track disclosures made without your authorization.
  • Paper Copy: Request a physical copy of this notice.

Provider’s Duties:

  • Maintain the privacy of PHI.
  • Inform you of privacy policies.
  • Update you regarding any policy changes.

V. Questions and Complaints

Contact your Provider via their Provider Profile if you have concerns.

To file a HIPAA complaint:

  • Mail:
    Centralized Case Management Operations
    U.S. Department of Health and Human Services
    200 Independence Avenue, S.W.
    Room 509F HHH Bldg.
    Washington, D.C. 20201
  • Email: OCRComplaint@hhs.gov
  • Online: OCR Complaint Portal

HIPAA Complaint Info

Your Provider will not retaliate for filing a complaint.

VI. Effective Date and Changes

Effective Date: October XX, 2017
Your Provider may revise this notice and will notify you in advance of any changes.

HIPAA Notice of Privacy Practices
For more information on your rights, visit the U.S. Department of Health and Human Services HIPAA site.