Privacy Policy

Being Whole Privacy Policy – HIPAA Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

Your health record contains personal information about you and your health. This information about you that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services is referred to as Protected Health Information (“PHI”). This Notice of Privacy Practices describes how we may use and disclose your PHI in accordance with applicable law, including the Health Insurance Portability and Accountability Act (“HIPAA”), regulations promulgated under HIPAA, including the HIPAA Privacy and Security Rules, and state statutes and regulations. It also describes your rights regarding how you may gain access to and control your PHI.

  1. USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

We may use or disclose your PHI for treatment, payment and health care operations purposes without consent or authorization as discussed below:

For Treatment. Your PHI may be used and disclosed by those who are involved in your care for the purpose of providing, coordinating, or managing your health care treatment and related services. This includes consultation with clinical supervisors or other treatment team members. An example of treatment would be when we consult with another health care provider, such as a family physician or another mental health provider. We may disclose PHI to any other third-party only with your authorization.

For Payment. We may use and disclose PHI so that we can bill and collect payment for the treatment services provided to you. Examples of payment-related activities are making a determination of eligibility or coverage for insurance benefits, processing claims with your insurance company, reviewing services provided to you to determine medical necessity, or undertaking utilization review activities. If it becomes necessary to contact a third party responsible for payment or collection processes due to lack of payment for services, we will only disclose the minimum amount of PHI necessary for purposes of collection.

For Health Care Operations. We may use and disclose your PHI in connection with our healthcare operations. Healthcare operations include quality assessment and improvement activities, arranging for legal services, conducting training programs, reviewing the competence and qualifications of healthcare professionals, licensing activities, and coordinating care with other healthcare providers. We may also use your PHI to notify you about our health-related products and services, to recommend possible treatment options or alternatives that may be of interest to you, to send you patient satisfaction surveys and online review requests, or to send you appointment reminders. We may make incidental disclosures of limited PHI, such as by using sign-in sheets in our waiting rooms or calling out names in our waiting rooms when calling back patients for their appointments. We may share your PHI with third parties that perform various business activities (e.g., billing or mailing services) provided we have a written contract with the business that requires it to safeguard the privacy of your PHI. 

 

  1. USES AND DISCLOSURES REQUIRING AUTHORIZATION

Uses and disclosures not specifically permitted by applicable law will be made only with your written authorization, which may be revoked at any time, except to the extent that we have already made a use or disclosure based upon your authorization. The following uses and disclosures will be made only with your written authorization:

  • most uses and disclosures of psychotherapy notes which are separated from the rest of your medical record;

  • most uses and disclosures of PHI for marketing purposes, including subsidized treatment communications;

  • disclosures that constitute a sale of PHI; and

  • other uses and disclosures not described in this Notice of Privacy Practices.

III. USES AND DISCLOSURES WITH NEITHER CONSENT NOR AUTHORIZATION

We may use or disclose PHI without your consent or authorization in the following circumstances:

  • Child Abuse. If we, in our professional capacity, have reasonable cause to believe that a minor child is suffering physical or emotional injury resulting from abuse inflicted upon him or her which causes harm or substantial risk of harm to the child’s health or welfare (including sexual abuse), or from neglect, including malnutrition, we must immediately report such condition to the state Department of Children and Families.

  • Elder Abuse. If we have reasonable cause to believe that an elderly person (age 60 or older) is suffering from or has died as a result of abuse, we must immediately make a report to the state Department of Elder Affairs.

  • Abuse of a Disabled Person. If we have reasonable cause to suspect abuse of an adult (ages 18-59) with mental or physical disabilities, we must immediately make a report to the state Disabled Persons Protection Commission.

  • Health Oversight. Professional licensing boards have the power, when necessary, to subpoena relevant records should we be the focus of an inquiry.

  • Judicial or Administrative Proceedings. If you are involved in a court proceeding and a request is made for information about your diagnosis and treatment and the records thereof, such information is privileged under state law and we will not release information without written authorization from you or your legally appointed representative, or a court order. The privilege does not apply when you are being evaluated for a third party or where the evaluation is court-ordered. You will be informed in advance if this is the case.

  • Serious Threat to Health or Safety. If you communicate to us an explicit threat to kill or inflict serious bodily injury upon an identified person and you have the apparent intent and ability to carry out the threat, we must take reasonable precautions. Reasonable precautions may include warning the potential victim, notifying law enforcement, or arranging for your hospitalization. We must also do so if we know you have a history of physical violence, and we believe there is a clear and present danger that you will attempt to kill or inflict bodily injury upon an identified person. Furthermore, if you present a clear and present danger to yourself and refuse to accept further appropriate treatment, and we have a reasonable basis to believe that you can be committed to a hospital, we must seek said commitment and may contact members of your family or other individuals if it would assist in protecting you.

  • Worker’s Compensation. If you file a workers’ compensation claim, your records relevant to that claim will not be confidential to entities such as your employer, the insurer and the Division of Worker’s Compensation.

  • Specialized Government Functions. We may review requests from U.S. military command authorities if you have served as a member of the armed forces, authorized officials for national security and intelligence reasons and to the Department of State for medical suitability determinations, and disclose your PHI based on your written consent, mandatory disclosure laws and the need to prevent serious harm.

  • Public Health. If required, we may use or disclose your PHI for mandatory public health activities to a public health authority authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, or if directed by a public health authority or a government agency that is collaborating with that public health authority.

  1. YOUR RIGHTS AND OUR OBLIGATIONS

Patient’s Rights:

You have the following rights regarding PHI we maintain about you:

  • Right of Access to Inspect and Copy. You have the right to inspect or obtain a copy (or both) of PHI and psychotherapy notes in our mental health and billing records used to make decisions about you for as long as the PHI is maintained in the record. Your access may be denied in certain circumstances, but in some cases, you may be able to have this decision reviewed. On your request, we will discuss with you the details of the request and denial process. We may charge a reasonable, cost-based fee for copies. If your records are maintained electronically, you may also request an electronic copy of your PHI. You may also request that a copy of your PHI be provided to another person.

  • Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information although we are not required to agree to the amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy. On your request, we will provide you with details of the amendment process.

  • Right to an Accounting of Disclosures. You have the right to request an accounting of PHI for which you have neither provided authorization nor consent. On request, we will discuss with you the details of the accounting process. We may charge you a reasonable fee if you request more than one accounting in any 12-month period.

  • Right to Request Restrictions. You have the right to request a restriction or limitation on the use or disclosure of your PHI for treatment, payment, or health care operations. We are not required to agree to your request unless the request is to restrict disclosure of PHI to a health plan for purposes of carrying out payment or health care operations, and the PHI pertains to a health care item or service that you paid for out of pocket. In that case, we are required to honor your request for a restriction.

  • Communication and Confidentiality Preferences. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. By providing your phone number(s), you explicitly grant consent to receive telephone calls and/or SMS text messages from us, our agents, and representatives using automated dialing systems, computer-assisted technology, or prerecorded messages, for various purposes, including but not limited to appointment and follow-up healthcare reminders, scheduling, patient satisfaction surveys and online review requests, patient accounts, assignment of benefits, and financial responsibilities. Depending on your phone plan, you may incur charges for these calls or text messages. You have the right to update your phone number(s), mailing address, and communication preferences if they change at any time. We may require additional information, but we will not ask you for an explanation of why you are making the request. We will accommodate reasonable requests.

  • Breach Notification. If there is a breach of unsecured PHI concerning you, we may be required to notify you of this breach, including what happened and what you can do to protect yourself.

  • Right to a Paper Copy of this Notice. You have the right to a paper copy of this notice upon request, even if you have agreed to receive the notice electronically.

Our Obligations:

  • We are required by law to maintain the privacy of PHI and to provide you with a notice of our legal duties and privacy practices with respect to PHI.

  • We are required to abide by the terms of this Notice of Privacy Practices.

  • We reserve the right to change the privacy practices described in this Notice.

  • If we revise our privacy practices, we will update the notice on our website and make a version available upon request by mail or at your next appointment.

  1. COMPLAINTS

If you believe we have violated your privacy rights or disagree with a decision we made about access to your records, you may contact the Clinic Director at your service location. You may also send a written complaint to the Office for Civil Rights, 200 Independence Avenue, S.W. Washington, D.C. 20201 or by calling (800) 368-1019. We will not retaliate against you for filing a complaint.

  1. EFFECTIVE DATE OF PRIVACY PRACTICES

This notice will go into effect on 1/31/24.