Privacy Policy
Stewart Psychological Services, LLC
Kathleen J. Stewart, Psy.D., Licensed Psychologist
NOTICE OF PRIVACY PRACTICES [NPP]
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION/PHI (Protected Health Information) ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY
Privacy is a very important concern for all those who come to my practice. It is also complicated because of the many federal and state laws and my professional ethics. Because the rules are so complicated some parts of this Notice are very detailed and you probably will have to read them several times to understand them. If you have any questions, I will be happy to help you understand my procedures and your rights.
A. INTRODUCTION
This Notice will tell you how I handle your medical information. It tells how I use this information here in this office, how I share it with other professionals and organizations, and how you can see it. I want you to know all of this, so that you can make the best decisions for yourself and your family. If you have any questions or want to know more about anything in this Notice, please ask me for more explanations or more details.
B. WHAT I MEAN BY “YOUR MEDICAL INFORMATION” OR “PHI” OR “PROTECTED HEALTH INFORMATION”
Each time you visit me or any doctor’s office, hospital, clinic, or any other “healthcare providers,” information is collected about you and your physical and mental health. It may be information about your past, present or future health or conditions, or the tests and treatment you got from us or from others, or about payment for healthcare. The information I collect from you is called, in the law, PHI which stands for Protected Health Information. This information goes into your medical or healthcare record or file at the office.
In this office this PHI is likely to include these kinds of information:
- Your personal history (that might include marital/work/educational history, etc.)
- Reasons you came for treatment. Your problems, complaints, symptoms, needs, or hopes for treatment.
- Diagnoses. Diagnoses are the medical terms for your problems or symptoms.
- A treatment plan: a list of the treatments & services which I think will be best to help you.
- Progress notes. Each time you come in I write down some things about how you are doing, what I notice about you, and what you tell me.
- Records I get from others who treated you or evaluated you.
- Psychological test scores, school records, and other reports.
- Information about medications you took or are taking.
- Legal matters
- Billing and insurance information
This list is just to give you an idea and there may be other kinds of information that go into your healthcare record here.
I use this information for many purposes. For example, I may use it:
- To plan your care and treatment.
- To decide how well my treatments are working for you.
- When I talk with other healthcare professionals who are also treating you such as your family doctor or the professional who referred you to me.
- To show that you actually received the services from me which I billed to you or to your health insurance company.
- To improve the way I do my job by measuring the results of my work.
When you understand what is in your record and for what it is used, you can make better decisions about who, when, and why others should have this information.
Although your health record is the physical property of the healthcare practitioner or facility that collected it, the information belongs to you. You can read it, and if you want a copy I can make one for you (this will involve a charge for the costs of copying and mailing, if you want it to be mailed to you). In some very rare situations you cannot see all of what is in your records. If you find anything in your records that you think is incorrect or believe that something important is missing you can ask me to amend (add information to) your record, although in some rare situations I don’t have to agree to do that. If you have any further questions about this, please, do not hesitate to ask me about this.
C. PRIVACY AND THE LAWS
I am also required to tell you about privacy because of the privacy regulations of a federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
The HIPAA law requires me to keep your Protected Healthcare Information (or PHI) private and to give you this notice of my legal duties and my privacy practices which is called the Notice of Privacy Practices (or NPP). I will obey the rules of this notice as long as it is in effect, but if I change it, the rules of the new NPP will apply to all the PHI I keep. If I change the NPP, you will be provided with a copy.
D. HOW YOUR PROTECTED HEALTH INFORMATION (PHI) CAN BE USED & SHARED
When your information is read by me and is used by me to make decisions about your care that is called, in the law, “use.” If the information is shared with or sent to others outside this office, that is called, in the law, “disclosure.” Except in some special circumstances, when I use your PHI here or disclose it to others, I share only the minimum necessary PHI needed for those other people to do their jobs. The law gives you rights to know about your PHI, how it is used, and to have a say in how it is disclosed (shared), and so I will tell you more about what I do with your information.
I use and disclose PHI for several reasons. Mainly, I will use and disclose it for routine purposes and I will explain more about these below. For other uses, I must tell you about them and have a written Authorization form unless the law lets or requires me to make the disclosure without your authorization. However, the law also says that there are some uses and disclosures that don’t need your consent or authorization.
1. Uses & Disclosures of PHI in Healthcare That Require Your Consent
After you have read this Notice you will be asked to sign a separate Consent form to allow me to use and share your PHI. In almost all cases I intend to use your PHI here or share your PHI with other people or organizations to provide treatment to you, arrange for payment for my services, or some other business functions called health care operations. Together these routine purposes are called TPO and the Consent form allows us to use and disclose your PHI for TPO. Take a minute to re-read that last sentence until it is clear because it is very important. Next I will tell you more about TPO.
1a. For treatment, payment, or health care operations.
I need information about you and your condition to provide care to you. You have to agree to let me collect the information and to use it and share it to care for you properly. Therefore, you must sign the Consent form before I begin to treat you, because if you do not agree and consent I cannot treat you.
When you come to see me, I will collect information about you and all of it may go into your healthcare records here. Generally, I may use or disclose your PHI for three purposes: treatment, obtaining payment, and what are called healthcare operations. Let’s see what these mean.
For treatment
I use your medical information to provide you with psychological treatments or services. These might include individual, family, or group therapy, psychological, educational, or vocational testing, treatment planning, or measuring the benefits of my services.
I may share or disclose your PHI to others who provide treatment to you. I am likely to share your information with your personal physician. I may refer you to other professionals or consultants for services I cannot provide. When I do this, I need to tell them some things about you and your conditions. I will get back their findings and opinions and those will go into your records here. If you receive treatment in the future from other professionals, I can also share your PHI with them. These are some examples so that you can see how I use and disclose your PHI for treatment.
For payment
I may use your information to bill you, your insurance, or others so I can be paid for the treatments I provide to you. I may contact your insurance company to check on exactly what your insurance covers. I may have to tell them about your diagnoses, what treatments you have received, and the changes I expect in your conditions. I will need to tell them about when we met, your progress, and other similar things.
For health care operations
There are a few other ways I may use or disclose your PHI for what are called health care operations. For example, I may use your PHI to see where I can make improvements in the care and services I provide. I may be required to supply some information to some government health agencies, so they can study disorders and treatment and make plans for services that are needed. If I do, your name and personal information will be removed from what I send.
1b. Other Uses in Healthcare
Scheduling. I may use and disclose medical information to schedule and/or reschedule our appointments. If you want me to call you only at your home or your work or prefer some other way of reaching you, I usually can arrange that. Just tell me.
Business Associates. There are some jobs I hire other businesses to do for me. In the law, they are called my Business Associates. Examples include if I would use a copy service to make copies of your health records or a billing service who figures out, prints, and mails my bills. These business associates need to receive some of your PHI to do their jobs properly. To protect your privacy they must agree in their contract with me to safeguard your information.
2. Uses & Disclosures That Require Your Authorization
[Any Unanticipated Use of PHI That Is Not Described in this NPP]
I will also obtain an authorization from you before using or disclosing PHI (your Protected Health Information) in a way that is not described in this Notice.
To clarify, if I want to use your information for any purpose besides the TPO (treatment, payment, operations) or those I described above, I need your permission on an Authorization form. I don’t expect to need this very often.
If you do authorize me to use or disclose your PHI, you can revoke (cancel) that permission, in writing, at any time. After that time I will not use or disclose your information for the purposes that I agreed to. Of course, I cannot take back any information I had already disclosed with your permission or that I had used in my office.
3. Uses & Disclosures of PHI from Mental Health Records That Do Not Require Your Consent or Authorization
The laws let me use and disclose some of your PHI without your consent or authorization in some cases. Here are examples of when I might have to share your information.
When required by law
There are some federal, state, or local laws which require me to disclose PHI.
• If I have a reasonable cause to suspect abuse of children with whom I come into directcontact in a professional capacity, I am mandated by law to report this to the PennsylvaniaDepartment of Public Welfare.
• If you are involved in a lawsuit or legal proceeding and I receive a subpoena, discovery request, or other lawful process I may have to release some of your PHI. I will only do so aftertrying to tell you about the request, consulting a lawyer, or trying to get a court order to protect the information they requested.
• I have to disclose some information to the government agencies which check on me to seethat I am obeying the privacy laws.
Additional Causes to Disclose Without Consent
When the use and disclosure without your consent or authorization is allowed under other sections of Section 164.512 of the Privacy Rule and the state’s confidentiality law. This includes certain narrowly-defined disclosures to law enforcement agencies, to a health oversight agency (such as HHS or a state department of health), to a coroner or medical examiner, for public health purposes relating to disease or FDA-regulated products, or for specialized government functions such as fitness for military duties, eligibility for VA benefits, and national security and intelligence.
For Law Enforcement Purposes: I may release medical information if asked to do so by a law enforcement official to investigate a crime or criminal.
For Public Health Activities: I might disclose some of your PHI to agencies which investigate diseases or injuries.
Relating to Decedents: I might disclose PHI to coroners, medical examiners or funeral directors, and to organizations relating to organ, eye, or tissue donations or transplants.
For Specific Government functions: I may disclose PHI of military personnel and veterans to government benefit programs relating to eligibility and enrollment. I may disclose your PHI to Workers Compensation and Disability programs, to correctional facilities if you are an inmate, and for national security reasons.
To Prevent a Serious Threat to Health or Safety: If I come to believe that there is a serious threat to your health or safety or that of another person or the public I can disclose some of your PHI. I will only do this to persons who can prevent the danger.
4.Uses & Disclosures Where You Have an Opportunity to Object
I can share some information about you with your family or close others. I will only share information with those involved in your care and anyone else you choose such as close friends or clergy. I will ask you about who you want me to tell what information about your condition or treatment. You can tell me what you want and I will honor your wishes, as long as it is not against the law.
If it is an emergency – so I cannot ask if you disagree – I can share information if I believe that it is what you would have wanted and if I believe it will help you if I do share it. If I do share information, in an emergency, I will tell you as soon as I can. If you don’t approve I will stop, as long as it is not against the law.
5. An Accounting of Disclosures
When I disclose your PHI I may keep some records of to whom I sent it, when I sent it, and what I sent. You can get an accounting (a list) of many of these disclosures.
E. YOUR RIGHTS REGARDING YOUR PHI
- You can ask me to communicate with you about your health and related issues in a particular way or at a certain place which is more private for you. For example, you can ask me to call you at home, and not at work to schedule or cancel an appointment. I will try mybest to do as you ask.
- You have the right to ask me to limit what I tell people involved in your care or the payment foryour care, such as family members and friends. While I don’t have to agree to your request, if I do agree, I will keep my agreement except if it is against the law, or in an emergency, orwhen the information is necessary to treat you.
- You have the right to look at the health information I have about you such as your medicaland billing records. You can even get a copy of these records but there will be a processing/administrative charge involved (commensurate to my labor costs as determined by my hourly fees). Contact me to arrange how to see your records.
- If you believe the information in your records is incorrect or missing important information you can ask me to make some kinds of changes (called amending) to your healthinformation. You have to make this request in writing. You must tell me the reasons you wantto make the changes.
- You have the right to a copy of this notice. If I change this NPP, I will post the new version in my waiting area and you can always get a copy of the NPP.
- You have the right to file a complaint if you believe your privacy rights have been violated. Youcan file a complaint with me and with the Secretary of the Department of Health and HumanServices. All complaints must be in writing. Filing a complaint will not change the health care I provide to you in any way.
- Right to Restrict Disclosures When You Have Paid for Your Care Out-of-Pocket. You have the right to restrict certain disclosures of PHI to a health plan when you pay out-of-pocket in full for my services.
- Right to Be Notified if There is a Breach* of Your Unsecured PHI. You have a right to be notified if: (a) there is a breach (a use or disclosure of your PHI in violation of the HIPAA Privacy Rule) involving your PHI; (b) that PHI has not been encrypted to government standards; and (c) my Risk Assessment fails to determine that there is a low probability that your PHI has been compromised.
*Breach Defined:
The HITECH Act added a requirement to HIPAA that psychologists (and other covered entities) must give notice to patients and to HHS if they discover that “unsecured” Protected Health Information (PHI) has been breached. A “breach” is defined as the acquisition, access, use or disclosure of PHI in violation of the HIPAA Privacy Rule.
Breach Notification Addendum to Policies & Procedures:
Also, you may have other rights which are granted to you by the laws of this state and these may be the same or different from the rights described above. I will be happy to discuss these situations with you now or as they arise.
F. IF YOU HAVE QUESTIONS
If you need more information or have questions about the privacy practices described above, please ask me for clarification. If you have a problem with how your PHI has been handled or if you believe your privacy rights have been violated, please, bring it to my attention. You have the right to file a complaint with me and with the Secretary of the federal Department of Health and Human Services. I promise that I will not in any way limit your care here or take any actions against you if you complain.