Privacy Notice for Practices

Privacy Notice for Practices

Last Edited 11.1.24

Contact Information:

106 Starret Street #100

Lancaster, OH 43130

(740) 687-0042

info@mopsohio.com

Table of Contents

CONFIDENTIALITY AND PRIVACY NOTICE FOR PRACTICES

Uses and Disclosures for Treatment, Payment, and Health Care Operations

Uses and Disclosures Requiring Authorization

Personal Information We Collect About You

Uses and Disclosures with Neither Consent nor Authorization

Client Rights and Provider’s Duties Regarding PHI

Client Choices

HIPAA Breaches

Questions and Complaints

Effective Date, Restrictions and Changes to Privacy Policy

 

 

 

 

CONFIDENTIALITY AND PRIVACY NOTICE FOR PRACTICES

 

The law protects the privacy of communication between a client and a mental health treatment provider.  In most situations, agency staff can only release information about your treatment to others if you sign a written authorization form that meets certain legal requirements imposed by HIPAA and the Ohio Department of Mental Health and Addiction Services.  There are other situations that require only that you provide written, advanced consent.  Your signature on this Acknowledgement and Authorization for Services provides consent for those activities, and how you can get access to this information, please review it carefully.

 

Uses and Disclosures for Treatment, Payment, and Health Care Operations   

 

This agency may use or disclose your protected health information (PHI), for treatment, payment, and health care operations purposes with your consent. To help clarify these terms, here are some definitions:

 

PHI refers to information in your record that could identify you.

 

Treatment is when this agency provides, coordinates, or manages your care and other services related to your health care. An example of treatment would be when staff consult with another health care provider, such as your primary care provider or another mental health provider.

 

Payment is when this agency obtains reimbursement for your care.  Examples of payment are when staff disclose your PHI to your insurer to obtain reimbursement for your care or to determine eligibility or coverage.

 

Health Care Operations are activities that relate to the performance and operation of this practice.  Examples of health care operations are quality assessment and improvement activities, business-related matters such as audits and administrative services, and case management and care coordination.

 

Use applies only to activities within this agency such as sharing, employing, applying, utilizing, examining, and analyzing information that identifies you.

 

Disclosure applies to activities outside of this agency, such as releasing, transferring, or providing access to information about you to other parties.

 

Uses and Disclosures Requiring Authorization  

This agency may use or disclose PHI for purposes outside of treatment, payment, and health care operations when your appropriate authorization is obtained. An “authorization” is written permission above and beyond the general consent that permits only specific disclosures.  In those instances when the agency asked for information for purposes outside of treatment, payment and health care operations, we will obtain an authorization from you before releasing this information.

 

The following use and disclosures of PHI will only be made if we receive a written authorization from you:

 

  • Most disclosures of psychotherapy records
  • Uses and disclosures of PHI for marketing purposes
  • Sale of PHI under HIPAA
  • Other uses and disclosures not described in this notice.

 

You may revoke all such authorizations at any time, provided each revocation is in writing. You may not revoke an authorization to the extent that (1) the agency has relied on that authorization, meaning this does not impact any information released prior to the revocation; or (2) if the authorization was obtained as a condition of obtaining insurance coverage, and the law provides the insurer the right to contest the claim under the policy.

 

Consultations: Agency staff may occasionally find it helpful to consult other health and mental health professionals about a case.  During a consultation, agency staff make every effort to avoid revealing the identity of our clients.  The other professionals are also legally bound to keep the information confidential.  If you don’t object, agency staff will not tell you about these consultations unless agency staff feel that it is important to our work together.  Agency staff will note all consultations in your client record (which is called “PHI” in our Privacy Notice).   Clinicians who are not independently licensed are under the direct clinical supervision of their supervisor and must review all clinical information including progress in therapy with their supervisors.  Clinician and supervisor meet on a regular basis to review client information, discuss treatment planning, and to ensure that the needs of each client are being met in a satisfactory manner.   Clinical supervisors are ultimately responsible for the welfare of the clients.  If you have  questions or concerns regarding services, you are receiving you may contact the clinician’s supervisor at 740-687-0042.  A list of clinicians and clinical supervisors’ contact information can be found on our website at: List of Clinicians and Supervisors

 

Records: You should be aware that this agency utilizes support/administrative staff that may have access to your records.  In most cases, clinical staff need to share protected information with these individuals for both clinical and administrative purposes, such as scheduling, billing, and quality assurance.  All mental health professionals are bound by the same rules of confidentiality.  All staff members have been given training in protecting your privacy and have agreed not to release  information outside of the practice without the permission of a client and/or guardian.

 

Confidentiality of alcohol and drug abuse/substance use disorder client records maintained by this program is protected by Federal law and regulations.  Generally, the AOD/SUD program will not convey to a person outside the AOD/SUD program that a client attends or receives services from the program or disclose  information identifying the client as an alcohol or drug abuser unless: disclosure is expressly permitted in writing, the disclosure is allowed by court order, the disclosure is made to medical personnel in a medical emergency, or the disclosure is made to qualified personnel for research, audit, or program evaluation.  Violation of the Federal law and regulations by this program is a crime and suspected violations may be reported to appropriate authorities in accordance with Federal regulations.  Federal law and regulations do not protect  information about a suspected child abuse or neglect from being reported under State law to appropriate State or local authorities.  See 42 U.S.C. 290 DD-3 and 42 U.S.C. 290 EE-3 for Federal Laws and CFR Part 2 for Federal Regulations.

 

Mental Health Boards: This agency also has contracts with Mental Health Boards and other payer sources and is certified by several organizations.  As required by HIPAA, this agency has a formal business associate contract with these businesses, in which they promise to maintain the confidentiality of this data except as specifically allowed in the contract or otherwise required by law.  If you wish, we can provide you with the names of these organizations and/or a blank copy of this contract.

 

Insurance and Collection Agency: Disclosures required by health insurers or to collect overdue fees are discussed elsewhere in this Handbook under Billing and Payments.

 

Personal Information We Collect About You

We may collect the following types of information about you which are described in more detail below:

Personal Information you provide to us, which may include your name, address, telephone, location, gender, mental health information, year of birth, educational data, email address, and payment information;

Personal Information we may automatically collect

All of the information listed above is detailed below and referred to as “Personal Information.”

Personal Information You Provide to Us:

In using our Services, you may provide us with Personal Information, including, without limitation, the list below. You may provide us with this Personal Information when you interact with our website, make a payment or donation online, complete forms online, or submit or provide other documentation and information to us.

  • Identifiers
    • First and last name, email address, name, gender, home, or work address, date of birth, social security identification, state identification number, and telephone number
  • Background Information
    • Occupation
    • Race, Ethnicity, and Nationality
    • Mental health and other health-related information
    • Military service record information
    • Hobbies or other background information
    • Professional Licensure Number
    • State of Residence
  • Other Persons’ Information
    • Emergency contact information or parent, guardian, relatives or other person’s Personal Information
  • Financial Information
    • Health Insurance Card
    • Income documents such as pay stubs, W-2s
  • Credentials/Account Log-In Information
    • Account username and log in credentials, including unique identifiers such as username and password
  • Comments and Opinions
    • Survey or content submissions
    • Reasons why you have selected or heard about our Services
    • When you contact us directly, by email, phone, mail, text, chat, when you post on message boards, blogs or complete an online form, we may record your comments and opinions
  • Marketing and Event Information
    • Participation and registration in events and seminars, opt-in marketing selection, and document or resource download references
  • Commercial Information
    • Products and Services purchased, transaction information and other data obtained or considered or other purchasing or consuming histories or tendencies
  • Sensitive Information
    • Such as age, gender, country, language preferences, religious or political views or membership, health-related data, criminal history
  • Job Applicant and Employee Information
    • Resume, occupation, residency for the last five years, work samples, benefits, competition requirements, educational history, convictions, certifications, protected classifications (e.g., age, race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, and veteran or military status) , or other information provided in applications for employment
    • This may also include information about your employing entity, business unit, manager and management reporting structure, job title, function and the nature of your duties and responsibilities, and non-publicly available education information
  • Communications
    • Preferences for communications and Services, chats, posts, or interactions and communications with us or our third-party providers
  • Preferences
    • Information derived from other Personal Information about you, which could include your preferences, interests, and other information used to personalize your experience
    • Preferences set for notifications, marketing communications and how our website is displayed
  • Consent
    • Additional information as otherwise described to you at the point of collection or pursuant to your consent
  • Other
    • Any other information you choose to directly provide to us in connection with your use of the Services

You are responsible for ensuring the accuracy of the Personal Information you submit to us. Submitting inaccurate Personal Information or failing to maintain the accuracy of Personal Information that changes (for example, a change of email address) may disrupt your ability to use our Services, may affect the information you receive from us, and may impact our ability to contact you. You can update your Personal Information at any time by logging into and visiting the Client Portal or Contact Us.

Personal Information We May Automatically Collect About You:

Our Services may automatically collect certain Personal Information. We may collect Personal Information automatically through your use of our Services, including the website, such as through the use of cookies, or through security monitoring and recording at our offices and facilities, on phone calls, and through third parties. We use this information to help us design our Services to better suit our users’ needs and for other business purposes as described in this Privacy Notice.

This Personal Information may include:

  • System and Device Information
    • Information about the computer, tablet, smartphone, or other electronic device you use to connect to our Services.
    • Every computer on the Internet has a unique address called an Internet Protocol Address (“IP Address”). An IP Address is just like a telephone number in that it is a long string of numbers. IP Addresses are automatically assigned to all Internet Users by their Internet Service Providers (“ISP”). However, since it would be difficult to remember everyone’s IP Address, the Internet allows you to type in an easy to remember name, i.e., a domain name or email address which corresponds to the IP Address. When you use the Internet, your IP Address, as well as other information, is automatically logged by web servers.
    • Along with your IP Address, we collect browser type and language; operating system; platform type; device type; software and hardware attributes; and unique device, and app identifiers.
    • Internet or other electronic network activity information, including browser and app logs, content you view or engage with, and app, browser, and device information.
    • Domain server from which you are using our Services.
    • Type of computer, web browsers, software, search engine used, operating system, or platform you use.
    • Mobile device information, including the type of device you use, operating system version, your device’s telephone number (if it has one), the device identifier (or “UDID”). This also includes behavior, use, and aggregated usage, performance data, and data from where the application was downloaded.
    • Location information related to the IP address of devices used to access the Services, type of browser software, operating system, or mobile device in use, associated region or location data, Internet domain and service provider used, and referring/exit pages from which you linked to our Services.
  • Date and Time
    • Date and time of your visit or use of our Services.
  • Activity
    • Data identifying the website pages you visited prior to and after visiting our website or use of our Services.
    • Your movement and activity within the website, which is aggregated with other information.
    • For example, the website from which you came and the website to which you are going when you leave our website, how frequently you access the Services, the time you access the Services and how long you use them, whether you open emails or click the links contained in emails, whether you access the Services from multiple devices, interaction with email content, access times, error logs, and other similar information, and other actions you take on the Services. Information about files you download, domain names, landing pages, browsing activity, content or ads viewed and clicked, dates and times of access, pages viewed, forms you complete or partially complete, search terms, uploads or downloads, the URL that referred you to our Services.
  • Location Related Information
    • Location data generally, or with your consent, your precise GPS location.
  • Social Media
    • Information provided by social networks connected to the Services, in accordance with your privacy settings on the social media platform. The connected social network may provide us with information such as your name, ID, profile picture, network, gender, username, user ID, email address, friend list, age or age range, language, country, friends list, follower list, photos, location, generated contact, and any other information you have agreed it can share or that the social network provides to us. It also includes information you provide to us directly through our Services on social media networking and blogging platforms (e.g., Facebook, Instagram, YouTube, and Twitter).
    • Inferences drawn from any of the information identified above reflecting your preferences and characteristics.

 

 

Uses and Disclosures with Neither Consent nor Authorization  

There are some situations where this agency is permitted or required to disclose information without either your consent or authorization:

Judicial or Administrative Court Proceedings: If you are involved in a court proceeding and a request is made for information concerning your assessment, diagnosis, or treatment, such information is protected by the clinician-client privilege law.  Agency staff cannot provide any information without your (or your personal or legal representative’s) written authorization, or a court order.  If you are involved in or contemplating litigation, or have engaged in criminal activity, you should consult with your attorney to determine whether a court would be likely to order this agency to disclose information.

Government Agency: If a government agency is requesting information for health oversight activities and for special government functions such as military, national security, and presidential protective services this agency may be required to provide it for them.  If you are a member of the armed forces, we may release your medical information as required by military command authorities or to the Department of Veterans Affairs.  We may also disclose your medical information to authorized federal officials for intelligence and national security purposes to the extent authorized by law.

 

Compliant or Lawsuit: If a client files a complaint or lawsuit against the agency or agency staff, we may disclose relevant information regarding that client to defend ourselves.

 

Worker’s Compensation: If a client files a worker’s compensation claim, the client must execute a release so that the agency may release the information, records, or reports relevant to the claim.

 

Law enforcement, compliance with the law and other government requests:   We can use or share information for law enforcement purposes or with a law enforcement officials, with health oversight agencies for activities authorized by state and federal laws, and for special government functions such as military, national security, and presidential protective services or other important officials, including with the Department of Health and Human Services if it wants to see that we are complying with federal privacy law. By law we cannot reveal when we have disclosed such information to the government.  If you are or become an inmate of a correctional institution or are in the custody of a law enforcement official, we may disclose to the institution or law enforcement official information necessary for the provision of health services to you, your health and safety, the health and safety of other individuals and law enforcement on the premises of the institution and the administration and maintenance of the safety, security and good order of the institution.

 

Disaster Relief Efforts: We may use or disclose your medical information to an authorized public or private entity to assist in disaster relief efforts.  You may have the opportunity to object unless it would impede our ability to respond to emergency circumstances.

 

Evaluations: If you are involved in a court proceeding and a request is made for information about your evaluation, diagnosis and treatment and the records thereof, such information is privileged under state law and agency staff will not release this information without written authorization from you or your personal or legally appointed representative, or a court order.  The privilege does not apply when you are being evaluated for a third party or where the evaluation is court ordered. You will be informed in advance if this is the case.  A court may also order the release of your PHI, and we must comply with court orders.

 

Respond to Organ and Tissue Donation Requests:  We can share information about you with organ procurement organizations.

 

Work with Coroners, Medical Examiner, or Funeral Director:  We can share information with a coroner, medical examiner, or funeral director when an individual dies.

 

There are some situations in which agency staff are legally obligated to take actions, which we believe are necessary to attempt to protect others from harm and we may have to use or disclose PHI without your consent or authorization in the following circumstances:

 

Child Abuse: If in a professional capacity agency staff know or suspect that a child under 18 years of age or an intellectually disabled, developmentally disabled, or physically impaired child under 21 years of age has suffered or faces a threat of suffering any physical or mental wound, injury, disability, or condition of a nature that reasonably indicates abuse or neglect of the child, the law requires that agency staff immediately file a report with the appropriate government agency, usually the  children services agency, developmental disabilities agency, and/or adult protective services with jurisdiction.  Once such a report is filed, agency staff may be required to provide additional information.

 

Elder Abuse: If agency staff have reasonable cause to believe that an elderly person is being abused, neglected, or exploited, or is in a condition which is the result of abuse, neglect, or exploitation, the law requires that agency staff immediately report such belief to the county Department of Job and Family Services.  Once such a report is filed, agency staff may be required to provide additional information.

 

Domestic Violence: If agency staff know or have reasonable cause to believe that a client has been the victim of domestic violence, agency staff must note that knowledge or belief and the basis for it in the client records.

 

Serious Threat to Health or Safety: If agency staff believes that you pose a clear and substantial risk of imminent serious harm to yourself, another person, or property, agency staff may disclose your relevant confidential information to public authorities, the potential victim, other professionals, and/or your family to protect against such harm.  If you communicate to agency staff an explicit threat of inflicting imminent and serious physical harm or causing the death of one or more clearly identifiable victims, and agency staff believe you have the intent and ability to carry out the threat, then agency staff are required by law to take one or more of the following actions in a timely manner: 1) take steps to hospitalize you on an emergency basis, 2) establish and undertake a treatment plan calculated to eliminate the possibility that you will carry out the threat, and initiate arrangements for a second opinion risk assessment with another mental health professional, 3) communicate to a law enforcement agency  and, if feasible, to the potential victim(s), or victim’s parent or guardian if a minor, all of the following information: a) the nature of the threat, b) your identity, and c) the identity of the potential victim(s).

 

Developmental Disabilities Board: If you are involved with the Developmental Disabilities board, we may be contractually required to report issues of potential abuse.

 

Mandated Treatment: If you are mandated for treatment, there may be limitations to confidentiality.  You have the right to refuse services; if you do refuse it is recommended that the consequences, be discussed with your clinician and your mandated authority.

 

Reckless Behavior: If agency staff are made aware that you have been shot or have engaged in fire setting behavior, we must report this information to the local law enforcement agency.

 

Animal Abuse: If agency staff has knowledge or reasonable cause to suspect animal abuse or neglect, the law requires that agency report such belief to a law enforcement officer, humane society agent, or animal control professional.

 

Criminal Offense: If you report the commission of a criminal offense, the clinician may choose to share this information with the appropriate law enforcement agency.

 

If we are required to disclose information for any of the above situations (with the exception of those prohibited by law), agency staff will make  effort to  discuss it with you before taking  action and agency staff will limit their disclosure to what is necessary.

 

While this written summary of exceptions to confidentiality should prove helpful in informing you about potential problems, it is important that we discuss  questions or concerns that you may have now or in the future.  The laws governing confidentiality can be quite complex, and we are not attorneys.  In situations where specific advice is required, formal legal advice may be needed.

 

How else can we use or share your health information? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

 

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
  • We must follow the duties and privacy practices described in this notice and give you a copy of it.
  • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

 

Client Rights and Provider’s Duties Regarding PHI: 

 

Right to Request Restrictions: You have the right to ask us not to use or share certain protected health information about you for treatment, payment, or our operations. However, agency staff are not required to agree to a restriction you request.  If you pay for a service out-of-pocket in full, you can ask us in writing to not share that information for the purpose of payment or our operations with your health insurer, this includes Medicare and Medicaid.  We will agree unless a law requires us to share that information.

 

Right to Receive Confidential Communications by Alternative Means and at Alternative Locations: You have the right to request and receive confidential communications of PHI by alternative means and at alternative locations. (For example, you may not want a family member to know that you are seeing us.  Upon your request, agency staff will send your bills to another address.)

 

Right to Inspect and Copy of your paper or electronic records: You have the right to inspect or obtain a copy (or both) of PHI and psychotherapy notes in agency mental health and billing records used to make decisions about you for as long as the PHI is maintained in the record.  Agency staff may deny your access to PHI under certain circumstances, but in some cases, you may have this decision reviewed.  On your request, agency staff will discuss with you the details of the request process.  It may take several days to arrange for the inspection of your records and/or to copy your records.  A fee may be associated with the copying of your records.

 

Right to Amend: You have the right to request an amendment of PHI for as long as the PHI is maintained in the record. Agency staff may deny your request.  On your request, agency staff will discuss with you the details of the amendment process.

 

Right to a List of Those with Whom We’ve Shared Your information: You generally have the right to receive an accounting of disclosures of PHI for six years prior to your request for which you have neither provided consent nor authorization, who we shared it with and why (as described in Section III of this Notice).  On your request, agency staff will discuss with you the details of the accounting process.   We will provide one accounting per year for free but will charge a reasonable fee if you request for another one within 12 months.

 

Right to a Paper Copy: You have the right to obtain a paper copy of the notice from this agency upon request, even if you have agreed to receive the notice electronically.

 

Right to Choose Someone to Act for You: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.  We will make sure the person has the authority and can act for you before we take  action.

 

Client Choices: 

For certain health information, you can tell us your choices about what we share, in the following cases you have both the right and choice to tell us to:

 

  • Share information with your family, close friends, or others involved in your care.
  • Share information in a disaster relief situation.

 

Mental Health Provider’s Responsibilities: 

  • We are required by law to maintain the privacy of PHI and to provide you with a notice of our legal duties and privacy practices with respect to PHI.
  • We reserve the right to change the privacy policies and practices described in this notice and notify you of such changes, however, we are required to abide by the terms of the notice currently in effect.
  • The agency will not use or share your information other than as described here unless you tell us we can in writing.  If you tell us we can, you may change your mind at any time, notifying us in writing.

 

HIPAA Breaches: 

In the event of a breach, the agency will notify clients by written notice within 60 days of the date that the breach is discovered.  Notices will be mailed to the last known address of the client.

 

Questions and Complaints 

If you have questions about confidentiality, disagree with a decision agency staff make about access to your records, or have other concerns about your privacy rights, you may contact the client rights officer.  If you believe that your privacy rights have been violated and wish to file a complaint with this agency, you may send your written complaint to:

 

Client Right’s Officer 

Mid-Ohio Psychological Services 

106 Starret Street, Suite 100 

Lancaster, Ohio 43130  

 

You have specific rights under the Privacy Rule.  Agency staff will not retaliate against you for exercising your right to file a complaint.

 

You may also send a written complaint to the Secretary of the U.S. Department of Health and Human Services or by visiting http://www.hhs.gov/ocr/privacy/.  Additionally, the person listed above can provide you with the appropriate address upon request.

 

Effective Date, Restrictions and Changes to Privacy Policy 

This notice will go into effect on the date listed at the top of the document.

 

Revisions of these policies and procedures, will be posted on the agency website: www.mopsohio.com. This agency reserves the right to change the terms of this notice and to make the new notice provisions effective for all PHI that maintained.