Lynn McGregor, PLLC
MSW-LCSW
1557 North Ogden Street, Suite 8, Denver, CO 80218
610-733-1400
lynn@lmcgregor.com
NOTICE OF PRIVACY POLICIES AND PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL AND MENTAL HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY
Given the nature of Lynn McGregor, PLLC’s (hereinafter “Lynn McGregor”) work, it is imperative that it maintains the confidence of client information that it receives in the course of its work. Lynn McGregor is a mental health counseling practice that provides mental health services. The practice works solely to provide the best counseling treatment options to its clients. Lynn McGregor prohibits the release of any client information to anyone outside the company except in limited circumstances in accordance with this Notice of Privacy Policies and Practices. Discussions or disclosures of protected health information (“PHI”) within the organization are limited to the minimum necessary that is needed for the recipient of the information to perform his/her job. Please review this Notice of Privacy Policies and Practices (“Notice of Privacy Policies”). It is the policy of Lynn McGregor to:
1. fully comply with the requirements of the HIPAA General Administrative Requirements, the Privacy and Security Rules;
2. provide every client who receives services from Lynn McGregor with a copy of this Notice of Privacy Policies;
3. ask the client to acknowledge receipt when given a copy of this Notice of Privacy Policies;
4. ensure the confidentiality of all client records transmitted by facsimile;
5. obtain from each client an informed Authorization for Release of Protected Health Information form when required.
Lynn McGregor is required to follow all state and federal statutes and regulations including Federal Regulation 42 C.F.R. Part 2 and Title 25, Article 4, Part 14 and Title 25, Article 1, Part 1, CRS and the Health Insurance Portability and Accountability Act (HIPAA), 45 C.F.R. Parts 142, 160, 162 and 164, governing testing for and reporting of TB, HIV AIDS, Hepatitis, and other infectious diseases, and maintaining the confidentiality of PHI.
PHI refers to any information that Lynn McGregor creates or receives, and relates to an individual’s past, present, or future physical or mental health or conditions and related care services or the past, present, or future payment for the provision of health care to an individual; and identifies the individual or there is a reasonable basis to believe the information can be used to identify the individual.
PHI includes any such information described above that Lynn McGregor transmits or maintains in any form, this includes Psychotherapy Notes. HIPAA and federal law regulate the use and disclosure of PHI when transmitted electronically.
YOUR RIGHTS AS A CLIENT:
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your mental health record
• You can ask to see or get an electronic or paper copy of your mental health record and other health information we have about you. Ask us how to do this.
• We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee to fulfill your request.
• If we deny your request, in whole or in part, we will let you know why in writing and whether you have the option of having the decision reviewed by an independent third-party.
Ask us to correct your mental health record
• You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
• We may say “no” to your request, but we’ll tell you why in writing within 60 days.
Request confidential communications
• You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
• We will say “yes” to all reasonable requests.
• Please review the Consent For Communication Of Protected Health Information By Non-Secure Transmissions
• You are required to “opt-in” to receive communications electronically as set-forth in the Consent for Communication of Protected Health Information by Non-Secure Transmissions. If you choose not to “opt-in” to receive electronic communications, we will not communicate with you via electronic means.
Ask us to limit what we use or share
• You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
• If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information. Get a list of those with whom we’ve shared information
• You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
• We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice
electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
• If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
• We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
• You can complain if you feel we have violated your rights by contacting us using the information on page 1.
• You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
• We will not retaliate against you for filing a complaint.
• You may also file a complaint with the Colorado Department of Regulatory Agencies, Division of Professions and Occupations, Mental Health Section; 1560 Broadway, Suite 1350, Denver, Colorado, 80202, 303-894-2291; DORA_Mentalhealthboard@state.co.us. Please note that the Department of Regulatory Agencies may direct you to file your complaint with the U.S. Department of Health and Human Services Office for Civil Rights listed above and may not be able to take any action on your behalf.
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
A use of PHI occurs within a covered entity (i.e., discussions among staff regarding treatment). A disclosure of PHI occurs when Lynn McGregor reveals PHI to an outside party (i.e., Lynn McGregor provides another treatment provider with PHI, or shares PHI with a third party pursuant to a client’s valid written authorization).
Lynn McGregor may use and disclose PHI, without an individual’s written authorization, for the following purposes:
1. Treatment: disclosing and using your PHI by those who are involved in your care for the purpose of providing, coordinating, or managing your health care treatment and related services. This includes consultation with clinical supervisors or other treatment team members and for coverage arrangements during your therapist’s absence, and for sending appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.
2. Payment: disclosing and using your PHI so that Lynn McGregor can receive payment for the treatment services provided to you, such as: making a determination of eligibility or coverage for insurance benefits, processing claims with your insurance company, reviewing services provided to you to determine medical necessity, or undertaking utilization of review activities.
3. Health Care Operations: disclosing and using your PHI to support Lynn McGregor’s business operations which may include but not be limited to: quality assessment activities, licensing, audits, and other business activities.
Uses and disclosures for payment and health care operations purposes are subject to the minimum necessary requirement. This means that Lynn McGregor may only use or disclose the minimum amount of PHI necessary for the purpose of the use or disclosure (i.e., for billing purposes, a therapist would not need to disclose a client’s entire medical record in order to receive reimbursement. A therapist would likely only need to include a service code and/or diagnosis etc.). Uses and disclosures for treatment purposes are not subject to the minimum necessary requirement.
Lynn McGregor is required to promptly notify you of any breach that may have occurred and/or that may have compromised the privacy or security of your PHI. Confidentiality of client records and substance abuse client records maintained are protected by federal law and regulations. It is Lynn McGregor’s policy that a client must complete an Authorization for Release of Protected Health Information provided by Lynn McGregor, prior to disclosing health information to another individual and/or entity for any purpose, except for treatment, payment, or health care operations in accordance with this Notice of Privacy Policies. Absent the above referenced form, other than for treatment, payment, or health care operations purposes, Lynn McGregor is prohibited from disclosing or using any PHI outside of or within the organization, including disclosing that the client is in treatment without written authorization, unless one of the following exceptions arises:
1. Responding to lawsuit and legal actions (Disclosure by a court order, in response to a complaint filed against a counselor of Lynn McGregor, etc. This does not include a request by you or another party for your records).
2. Disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit or program evaluation.
3. Help with public health and safety issues (Client commits or threatens to commit a crime either at Lynn McGregor or against any person who works for Lynn McGregor; A minor or elderly client reports having been abused or there is reasonable suspicion that abuse has or will take place; Client is planning to harm another person, including but not limited to the harm of a child or at-risk elder; Client is imminently dangerous to self or others).
4. Address workers’ compensation, law enforcement, and other government requests.
5. Respond to organ and tissue donation requests.
6. In compliance with other state and/or federal laws and regulations.
The above exceptions are subject to several requirements under the Privacy Rule, including the minimum necessary requirement and applicable federal and state laws and regulations. See 45 C.F.R. § 164.512. Before using or disclosing PHI for one of the above exceptions, Lynn McGregor’s staff must consult its Privacy Officer (Lynn McGregor, 610-733-1400, lynn@lmcgregor.com) to ensure compliance with the Privacy Rule. Violation of these federal and state guidelines is a crime carrying both criminal and monetary penalties. Suspected violations may be reported to appropriate authorities, as listed above in the “Client Rights” section, in accordance with federal and state regulations. Know that Lynn McGregor will never market or sell your personal information without your permission.
SPECIAL AUTHORIZATIONS
Certain categories of information have extra protections by law, and thus require special written authorizations for disclosures.
Psychotherapy Notes: Lynn McGregor may keep and maintain “Psychotherapy Notes”, which may include but are not limited to notes your primary therapist has made about your conversation during a private, group, joint, or family counseling session, which is kept separately from the rest of your record. These notes are given a greater degree of protection than PHI. These are not considered part of your “client record.” Lynn McGregor will obtain a special authorization before releasing your Psychotherapy Notes.
HIV Information: Special legal protections apply to HIV/AIDS related information. Lynn McGregor will obtain a special written authorization from you before releasing information related to HIV/AIDS.
Alcohol and Drug Use Information: Special legal protections apply to information related to alcohol and drug use and treatment. Lynn McGregor will obtain a special written authorization from you before releasing information related to alcohol and/or drug use/treatment.
You may revoke all such authorizations to release information (PHI, Psychotherapy Notes, HIV information, and/or Alcohol and Drug Use Information) at any time, provided each revocation is in writing, signed by you, and signed by a witness. You may not revoke an authorization to the extent that (1) Lynn McGregor has relied on that authorization; or (2) if the authorization was obtained as a condition of obtaining insurance coverage, the law provides the insurer the right to contest the claim under the policy.
As a covered entity under the Privacy and Security Rules, Lynn McGregor is required to reasonably safeguard PHI from impermissible uses and disclosures. Safeguards may include, but are not limited to the following:
1. Not leaving test results unattended where third parties without a need to know can view them.
2. Any PHI received as a Lynn McGregor employee, intern, or volunteer about a client or potential client, may not be used or disclosed for non-work purposes or with unauthorized individuals. Lynn McGregor may only use and disclose such PHI as described above.
3. When speaking with a client about his or her PHI where third parties could possibly overhear, the conversation will be moved to a private area.
4. Seeking legal counsel in uncertain situations and/or incidences.
5. Obtaining a Business Associates Agreement with those third-parties that have access to and/or store client information. Some of the functions of the practice may be provided by contracts with business associates. For example, some of the billing, legal, auditing, and practice management services may be provided by contracting with outside entities to perform those services.
6. Implementing FAX security measures
7. Obtaining your consent prior to sending any PHI by non-secure electronic transmissions
8. Providing information on Lynn McGregor’s electronic record-keeping.
YOUR CHOICES:
For certain health information, you can tell us (verbal authorization) your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions. We may request you sign a separate document if you authorize us to share certain PHI. You may revoke that authorization at anytime for future disclosure.
In these cases, you have both the right and choice to tell us to:
• Share information with your family, close friends, or others involved in your care
• Share information in a disaster relief situation
• Include your information in a hospital directory
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and
share your information if we believe it is in your best interest and for your care/treatment. We may also
share your information when needed to lessen a serious and imminent threat to public health or safety.
In these cases we never share your information unless you give us written permission:
• Marketing purposes
• Sale of your information
• Most sharing of psychotherapy notes
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.
This notice is effective February, 2016.
Lynn McGregor
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html