THIS NOTICE DESCRIBES HOW MENTAL HEALTH AND MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Practice Information: Catalyss Counseling, LLC, Privacy Officer: Shannon Heers, MA, LPC.
750 W. Hampden Avenue, Suite 215, Englewood, CO 80110, 303/578-6318.
In the course of providing services to you, Catalyss Counseling will obtain, record, and use mental health and medical information about you that is considered Protected Health Information, or “PHI.” PHI is defined as “individually identifiable health information” that is created or received by a healthcare provider and which relates to past, present, or future health, provision of healthcare, or payment for provision of healthcare and that either identifies the individual or could be used to identify the individual. HIPAA and other laws regulate the use and disclosure of PHI when it is transmitted electronically. This Notice describes Catalyss Counseling’s policies related to the use and disclosure of your PHI.
YOUR RIGHTS AS A CLIENT:
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
You can ask to inspector get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
Ask us to correct your medical record
You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
We may say “no” to your request, but we’ll tell you why in writing within 60 days.
Request confidential communications
You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
We will say “yes” to all reasonable requests.
Please review the Electronic Communication Policy
Your consent is required before we can send you communications electronically, as set forth in the Electronic Communication Policy. You are not required to consent to receive electronic communications, and if you choose not to consent to receive electronic communications, we will not communicate with you via electronic means.
Ask us to limit what we use or share
You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
Get a list of those with whom we’ve shared information
You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
You can complain if you feel we have violated your rights by contacting the Privacy Officer using the information on page 1.
You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
We will not retaliate against you for filing a complaint.
You may also file a complaint with the Colorado Department of Regulatory Agencies, Division of Professions and Occupations, Mental Health Section; 1560 Broadway, Suite 1350, Denver, Colorado, 80202, 303-894-2291; DORA_Mentalhealthboard@state.co.us. Please note that the Department of Regulatory Agencies may direct you to file your complaint with the U.S. Department of Health and Human Services Office for Civil Rights listed above and may not be able to take any action on your behalf.
For certain health information, you can tell us (verbal authorization) your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
Share information with your family, close friends, or others involved in your care
Share information in a disaster relief situation
Include your information in a hospital directory
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
In these cases we never share your information unless you give us written permission:
Sale of your information
Most sharing of psychotherapy notes
In the case of fundraising:
We may contact you for fundraising efforts, but you can tell us not to contact you again.
OUR USES AND DISCLOSURES
How do we typically use or share your health information?
We are permitted use or share your health information without your explicit consent in the following ways.
Treatment: We can use your health information and share it with other professionals who are treating you. This includes consultation with clinical supervisors or other treatment team members and for coverage arrangements during your therapist’s absence.
Example: A doctor treating you for an injury asks another doctor about your overall health condition.
Health Care Operations: We can use and share your health information to run our practice, improve your care, and contact you when necessary.
Example: We use health information about you to manage your treatment and services.
Payment: We can use and share your health information to bill and get payment from health plans or other entities including a determination of eligibility or coverage for insurance benefits, processing claims with your insurance company, reviewing services provided to you to determine medical necessity, or undertaking utilization of review activities.
Example: We give information about you to your health insurance plan so it will pay for your services.
Uses and disclosures for payment and health care operations purposes are subject to the minimum necessary requirement. This means that Catalyss Counseling, LLC may only use or disclose the minimum amount of PHI necessary for the purpose of the use or disclosure Uses and disclosures for treatment purposes are not subject to the minimum necessary requirement.
How else can we use or share your health information?
We are allowed or required to share your information without your authorization or consent in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
We may use or disclose PHI without your consent or authorization in certain circumstances, including, but not limited to:
• Child or At-Risk Adult Abuse: If we have reasonable cause to know or suspect that a child has been subjected to abuse or neglect or an at-risk adult has been mistreated, self-neglected, or financially exploited or is at imminent risk of mistreatment, self-neglect, or financial exploitation, then we must report this to the appropriate authorities.
• Health Oversight Activities: If the Colorado state licensing board or an authorized professional review committee is reviewing my services, we may disclose PHI to that board or committee.
• Judicial and Administrative Proceedings: If you are involved in a court proceeding where you are being evaluated for a third party or where the evaluation is court ordered, we may disclose PHI to the court. You will be informed in advance if this is the case.
• Serious Threat to Health or Safety: If you communicate to a provider a serious threat of imminent physical violence against a specific person or persons, including those identifiable by association with a specific place, we have a duty to notify any person or persons specifically threatened, as well as a duty to protect by taking other appropriate action. If we believe that you are at imminent risk of inflicting serious harm on yourself, we may disclose information necessary to protect you. In either case, we may disclose information in order to initiate hospitalization.
• Business Associates: Catalyss Counseling may enter into contracts with business associates to provide billing, legal, auditing, and practice management services that are outside entities. In those situations, protected health information will be provided to those contractors as is needed to perform their contracted tasks. Business associates are required to enter into an agreement maintaining the privacy of the protected health information released to them.
• In Compliance with Other State/Federal Laws and Regulations: When the use and disclosure is allowed under other sections of Section 164.512 of the Privacy Rule and the state’s confidentiality law - This includes certain narrowly-defined disclosures to law enforcement agencies, to a health oversight agency (such as HHS), to a medical examiner, for public health purposes relating to disease or FDA-regulated products, or for specialized government functions (fitness for military duties, eligibility for VA benefits, etc.)
Certain categories of information have extra protection by law, and thus require special written authorizations for disclosures.
Psychotherapy notes: We will obtain a special authorization before releasing your Psychotherapy Notes and test results. “Psychotherapy notes” are notes we have made about our conversation during a private, group, joint, or family counseling session, which have been kept separate from the rest of your record. These notes are given a greater degree of protection than PHI. These are not considered part of your “client record”.
HIV Information: Special legal protections apply to HIV/AIDS related information. We will obtain a special written authorization from you before releasing information related to HIV/AIDS.
Alcohol and Drug Use Information: Special legal protections apply to information related to alcohol and drug use and treatment. We will obtain a special written authorization from you before releasing information related to alcohol and/or drug use/treatment.
We will also obtain an authorization from you before using or disclosing PHI in a way that is not described in this Notice. You may revoke all such authorizations at any time, provided each revocation is in writing. You may not revoke an authorization to the extent that (1) we have relied on that authorization; or (2) if the authorization was obtained as a condition of obtaining insurance coverage, law provides the insurer the right to contest the claim under the policy.
As a mental health provider, we have certain duties to you related to your PHI. These are described below.
• We are required by law to maintain the privacy of PHI and to provide you with a notice of our legal duties and privacy practices with respect to PHI.
• We are required to notify you if: (a) there is a breach (a use or disclosure of your PHI in violation of the HIPAA Privacy Rule) involving your PHI; (b) that PHI has not been encrypted to government standards; and (c) a risk assessment fails to determine that there is a low probability that your PHI has been compromised.
• We reserve the right to change the privacy policies and practices described in this notice. Unless we notify you of such changes, however, we are required to abide by the terms currently in effect.
• If we revise our policies and procedures, we will send a revised Notice of Privacy Practices by mail or email to the address we have in your record.
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.
This notice is effective March, 2019.