NOTICE OF PRIVACY RIGHTS AND PRACTICES
In late 2002, the federal government passed a law entitled the Health Insurance Portability and Accessibility Act (“HIPAA”). This law defined certain rights for health care clients regarding privacy of, and access to, information regarding them which is obtained or transmitted in health care practices or institutions.
I. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
II. I HAVE A LEGAL DUTY TO SAFEGUARD YOUR PROTECTED HEALTH INFORMATION (PHI)
I am legally required to protect the privacy of your PHI, which includes information that can be used to identify you that I have created or received about your past, present, or future health or condition, the provision of health care to you, or the payment of this health care. I must provide you with this notice about my privacy practices, and such notice must explain how, when, and why I will “use” and “disclose” your PHI. A “use” of PHI occurs when I share, examine, utilize, apply, or analyze such information within my practice; PHI is “disclosed” when it is released, transferred, has been given to, or is otherwise divulged to a third party outside of my practice. With some exceptions, I may not use or disclose any more of your PHI than is necessary to accomplish the purpose for which the use or disclosure is made; however, I am legally required to follow the privacy practices described in this notice. I am also required to notify you of any breach of your PHI.
III. HOW I MAY USE AND DISCLOSE YOUR PHI
I will use and disclose your PHI for many different reasons. For some of these uses or disclosures, I will need your prior authorization; for others, however, I do not. Listed below are the different categories of uses and disclosures along with some examples of each category.
A. Uses and Disclosures Relating to Treatment, Payment, or Health Care Operations Do Not Require Your Prior Written Consent. I may use and disclose your PHI without your consent for the following reasons listed below. However, I will only use and disclose the minimally necessary information and, in most cases, I would attempt to discuss the need for the disclosure with you in advance.
- For treatment. I may disclose your PHI to physicians, psychiatrists, psychologists, and other licensed health care providers who provide you with health care services or are involved in your care. For example, if you are being treated by a psychiatrist, I may disclose your PHI to your psychiatrist in order to coordinate your care.
- For health care operations. I may disclose your PHI to operate my practice. For example, I might use your PHI to evaluate the quality of health care services that you received. I may also provide your PHI to my accountants, attorneys, consultants, and others to make sure I am complying with applicable laws.
- To obtain payment for treatment. I can use and disclose your PHI to bill and collect payment for the treatment and services provided by me to you. For example, I might send your PHI to your insurance company or health plan to get paid for the health care services that I have provided to you. I may also provide your PHI to my business associates, such as billing companies, claims processing companies, and others that process my health care claims for my office.
- Other disclosures. I may also disclose your PHI to others without your consent in certain situations. For example, your consent is not required if you need emergency treatment, as long as I try to get your consent after treatment is rendered, or if I try to get your consent but you are unable to communicate with me (for example, if you are unconscious or in severe pain) and I think that you would consent to such treatment if you were able to do so.
B. Certain Uses and Disclosures Do Not Require Your Consent. I can use and disclose your PHI without your consent or authorization for the following reasons:
- To avoid harm. I may provide PHI to law enforcement personnel or persons able to prevent or mitigate a serious threat to the health or safety of a person or the public.
- If disclosure is mandated by the California Child Abuse and Neglect Reporting Law or the California Elder/Dependent Adult Abuse Reporting Law. For example, if I have reasonable suspicion of child or elder abuse or neglect.
- If disclosure is compelled or permitted by the fact that you are in such a mental or emotional state to be dangerous to yourself or to the person or property of others, and if I determine that disclosure is necessary to prevent the threatened danger.
- If disclosure is compelled or permitted by the fact that you tell me of a serious/imminent threat of physical violence by you against a reasonably identifiable victim(s).
- When disclosure is required by federal, state or local law; judicial or administrative proceedings; or, law enforcement. For example, I may make a disclosure to applicable officials when a law requires me to report information to government agencies and law enforcement personnel or when ordered in a judicial or administrative proceeding.
- If disclosure is required by a search warrant lawfully issued by a governmental law enforcement agency.
- If you are legally under the guardianship of a conservator or legal guardian and the guardian/conservator legally compels disclosure by a court order.
- For public health activities. For example, in the event of your death, if disclosure is permitted or compelled, I may need to give the county coroner information about you.
- For health oversight activities. For example, I may have to provide information to assist the government when it conducts an investigation or inspection of a health care provider or organization.
- To collect payment. If you become seriously behind in your payments for treatment and do not respond to my attempts to arrange payment or a payment plan with you, I may notify you that should you continue to fail to make payments, I would be turning the account over to a collection agency.
- For specific government functions. I may disclose PHI of military personnel and veterans in certain situations. Also, I may disclose PHI for national security purposes, such as protecting the President of the United States or conducting intelligence operations.
- For workers’ compensation purposes. I may provide PHI in order to comply with workers’ compensation laws.
- Appointment reminders and health related benefits or services. I may use PHI to provide appointment reminders or give you information about treatment alternatives, or other health care services or benefits I offer.
C. Certain Uses and Disclosures Require You to Have the Opportunity to Object.
- Disclosures to family, friends, or others. I may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations.
D. Other Uses and Disclosures Require Your Prior Written Authorization. In any other situation not described in sections IIIA, IIIB, and IIIC above, I will ask for your written authorization before using or disclosing any of your PHI. If you choose to sign an authorization to disclose your PHI, you can later revoke such authorization in writing to stop any future uses and disclosures (assuming that I have not taken any action in reliance on such authorization) of your PHI by me.
IV. WHAT RIGHTS YOU HAVE REGARDING YOUR PHI
A. The Right to See and Get Copies of Your PHI. In general, you have the right to look at or get copies of your PHI that is in my possession, but you must make the request in writing. I will respond to you within 30 days of receiving your written request. In certain situations, I may deny your request. If I do, I will tell you, in writing, my reasons for the denial and explain your right to have my denial reviewed. If you request copies of your PHI, I will charge you no more than $.25 for each page. Instead of providing the PHI you requested, I may provide you with a summary or explanation of the PHI as long as you agree to that and to the cost in advance.
B. The Right to Request Limits on Uses and Disclosures of Your PHI. You have the right to ask that I limit how I use and disclose your PHI. While I will consider your request, I am not legally bound to agree. If I accept your request, I will put any limits in writing and abide by them except in emergency situations. You may not limit the uses and disclosures that I am legally required or allowed to make.
C. The Right to Choose How I Send PHI to You. You have the right to ask that I send information to you to at an alternate address (for example, sending information to your work address rather than your home address) or by alternate means (for example, e-mail instead of regular mail). I am obliged to agree to your request providing that I can give you the PHI, in the format requested, without undue inconvenience.
D. The Right to Get a List of the Disclosures I Have Made. You have the right to get a list of instances in which I have disclosed your PHI. The list will not include uses or disclosures that you have already consented to, such as those made for treatment, payment, or health care operations, directly to you, or to your family. The list also will not include uses and disclosures made for national security purposes, to corrections or law enforcement personnel, or disclosures made before April 15, 2003. I will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list I will give you will include disclosures made in the last six years unless you request a shorter time. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. I will provide the list to you at no charge, but if you make more than one request in the same year, I will charge you a reasonable cost based fee for each additional request.
E. The Right to Amend Your PHI. If you believe that there is some error in your PHI or that important information is missing, you have the right to request that I correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. I will respond within 60 days of receiving your request to correct or update your PHI. I may deny your request in writing if the PHI is (i) correct and complete, (ii) not created by me, (iii) not allowed to be disclosed, or (iv) not part of my records. My written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you do not file one, you have the right to request that your request and my denial be attached to all future disclosures of your PHI. If I approve your request, I will make the change to your PHI, tell you that I have done it, and tell others that need to know about the change to your PHI.
F. The Right to Get This Notice by E-Mail. You have the right to get a copy of this notice by e-mail. Even if you have agreed to receive the notice via e-mail, you also have the right to request a paper copy of it.
V. INFORMATION SPECIFIC TO THIS PRACTICE’S PRIVACY POLICIES
A. Please note that I reserve the right to change the terms of this notice and my privacy policies at any time. Any changes will apply to PHI on file with me already. Before I make any important changes to my policies, I will promptly change this notice and post a new copy of it in my office. You can also request a copy of this notice from me.
B. Both California Law and the standards of my profession require that I keep appropriate records of services provided. I utilize electronic health records and they are closely safeguarded. When I am not using them, client files are kept in a secure and locked location. Client records are not left in places where others will see the contents.
C. When I participate in conversations regarding confidential material (e.g., if your treatment is allotted by a managed care insurance company which requires treatment information for authorization of sessions), these conversations will take place in an area and a manner where they will not be overheard by others.
D. By law, I maintain client records for at least 7 years from the date of last treatment session. With respect to records of a minor, I keep those records until the client is 25 years old. When records are destroyed due to the number of years following client termination of treatment, they are destroyed and discarded in a fashion which protects client privacy and confidentiality.
VI. HOW TO COMPLAIN ABOUT MY PRIVACY PRACTICES
If you think that I may have violated your privacy rights, or you disagree with a decision I made about access to your PHI, you may file a complaint with me, Dr. Greg. You also may send a written complaint to the Secretary of the Department of Health and Human Services at 200 Independence Avenue S.W., Washington, D.C. 20201. If you file a complaint about my privacy practices, I will take no retaliatory action against you. If you have any questions about this notice or any complaints about my privacy practices, or would like to know how to file a complaint with the Secretary of the Department of Health and Human Services, please contact me at:
Dr. Danielle Greg
23801 Calabasas Rd. Ste. 1003
Calabasas, CA 91302
VII. EFFECTIVE DATE OF THIS NOTICE
This notice went into effect on April 14, 2003.