NOTICE OF PRIVACY POLICIES
As a psychologist, I am committed to protecting your privacy and confidentiality to the full extent of the law. This notice describes how psychological and medical information about you may be used and disclosed and how you can get access to this information. This notice conforms to the Federal Health Insurance Portability and Accountability Act (HIPAA) effective April 14, 2003. It also conforms to the health care privacy laws of California. Please read it carefully.
Dr. V. I. Piccirillo (“Dr. V. I. Piccirillo“) operates mhccla.com and may operate other websites. It is Dr. Piccirillo’s policy to respect your privacy regarding any information we may collect while operating our websites.
Like most website operators, Dr. V. I. Piccirillo collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Dr. Piccirillo’s purpose in collecting non-personally identifying information is to better understand how Dr. Piccirillo’s visitors use its website. From time to time, Dr. V. I. Piccirillo may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of its website.
Dr. V. I. Piccirillo also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on mhccla.com blogs/sites. Dr. V. I. Piccirillo only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that commenter IP addresses and email addresses are visible and disclosed to the administrators of the blog/site where the comment was left.
Gathering of Personally-Identifying Information
Certain visitors to Dr. Piccirillo’s websites choose to interact with Dr. V. I. Piccirillo in ways that require Dr. V. I. Piccirillo to gather personally-identifying information. The amount and type of information that Dr. V. I. Piccirillo gathers depends on the nature of the interaction. For example, we ask visitors who sign up atmhccla.com to provide a username and email address. Those who engage in transactions with Dr. V. I. Piccirillo are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, Dr. V. I. Piccirillo collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with Dr. V. I. Piccirillo. Dr. V. I. Piccirillo does not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.
Dr. V. I. Piccirillo may collect statistics about the behavior of visitors to its websites. Dr. V. I. Piccirillo may display this information publicly or provide it to others. However, Dr. V. I. Piccirillo does not disclose personally-identifying information other than as described below.
Protection of Certain Personally-Identifying Information
Dr. V. I. Piccirillo discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Dr. Piccirillo’s behalf or to provide services available at Dr. Piccirillo’s websites, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors and affiliated organizations may be located outside of your home country; by using Dr. Piccirillo’s websites, you consent to the transfer of such information to them. Dr. V. I. Piccirillo will not rent or sell potentially personally-identifying and personally-identifying information to anyone. Other than to its employees, contractors and affiliated organizations, as described above, Dr. V. I. Piccirillo discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when Dr. V. I. Piccirillo believes in good faith that disclosure is reasonably necessary to protect the property or rights of Dr. V. I. Piccirillo, third parties or the public at large. If you are a registered user of an Dr. V. I. Piccirillo website and have supplied your email address, Dr. V. I. Piccirillo may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with Dr. V. I. Piccirillo and our products. If you send us a request (for example via email or via one of our feedback mechanisms), we reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users. Dr. V. I. Piccirillo takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.
If Dr. V. I. Piccirillo, or substantially all of its assets, were acquired, or in the unlikely event that Dr. V. I. Piccirillo goes out of business or enters bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Dr. V. I. Piccirillo may continue to use your personal information as set forth in this policy.
PHI (Patient Health Information)
The services you are receiving here concern your psychological status, a most private and intimate component of your life. Therefore, protecting your privacy is of utmost importance. The ensuing paragraphs explain how, when and why I may use and/or disclose your records which are known under the HIPAA legislation as “Protected Health Information” (PHI). Your PHI consists of individually identifiable information about your past, present, or future health or condition and the provision of and payment for health care to you. I may also receive your PHI from other sources, i.e. other health care providers, attorneys, etc. You and your PHI receive certain protections under the law. Except in specified circumstances, I will not release your PHI to anyone. When disclosure is necessary under the law, I will only use and/or disclose the minimum amount of your PHI necessary to accomplish the purpose of the use and/or disclosure.
USE AND DISCLOSURE OF PHI
If you are receiving any type of psychotherapy service, your PHI is typically limited to basic billing information placed in a file in my office. Clinical notes taken after sessions are known as Psychotherapy Notes and are not part of your PHI. Except in unusual, emergency situations, such as child abuse, homicidal or suicidal intention, your PHI will only be released with your specific Authorization.
In accordance with the HIPAA act and its Privacy Rule (Rule), your PHI may be used and disclosed for a variety of reasons. Again, however, every effort is made to prevent its dissemination. For most other uses and/or disclosures of your PHI, you will be asked to grant your permission via a signed Authorization which is a separate form. However, the Rule allows for certain specified uses and/or disclosures of your PHI. These consist of the following:
- Uses and Disclosures Not Requiring Your Authorization nor your Consent (The Rule provides that I may use and/or disclose your PHI without your Authorization in the following circumstances)
- Uses and/or disclosures related to your treatment (T), the payment for services you receive (P), or for health care operations (O):
- For treatment (T): I might conceivably use and/or disclose your PHI to psychologists, psychiatrists, physicians, nurses, and other health care personnel involved in providing health care services to you – but only with your specific Authorization. The only conceivable reason that a specific Authorization might not be obtained would be in the case of a medical emergency.
- For payment (P): I may use and/or disclose your PHI for billing and collection activities without your specific Authorization.
- Health care operations (O): Health Care Operations are activities that relate to the performance and operation of my practice. I may use or disclose, as needed, your protected health information in support of business activities. For example, when I review an administrative assistant’s performance, I may need to review what that employee has documented in your record.
- When required by law: I may use and/or disclose your PHI when existing law requires that I report information including but not limited to each of the following areas:
- Reporting abuse, neglect or domestic violence: I may use and/or disclose your PHI in cases of suspected abuse, neglect, or domestic violence including reporting the information to social service agencies.
- Judicial and administrative proceedings: I may use and/or disclose your PHI in response to an order of a court or administrative tribunal, a warrant, subpoena, discovery request, or other lawful process.
- To avert a serious threat to health or safety: I may use and/or disclose your PHI in order to avert a serious threat to health or safety. For example, if I believed you were at imminent risk of harming a person or property, or of hurting yourself, I may disclose your PHI to prevent such an act from occurring.
- Your information may not be privileged if you are seeking therapy to avoid jail or commit a crime.
- Health Oversight – If a complaint is filed against me with the California Board of Psychology,the Board has the authority to subpoena confidential mental health information from me relevant to that complaint.
- Worker’s Compensation – I may disclose PHI as authorized by, and to the extent necessary to comply with, laws relating to worker’s compensation or other similar programs, that provide benefits for work-related injuries or illness without regard to fault.
Uses and/or disclosures requiring your Authorization
- Generally, my use and/or disclosure of your PHI for any purpose that falls outside of the definitions of treatment, payment and health care operations identified above will require your signed Authorization. If you grant your permission for such use and/or disclosure of your PHI, you retain the right to revoke your Authorization at any time except to the extent that a disclosure might already have been made.
PATIENT’S RIGHTS AND PSYCHOLOGIST’S DUTIES
- The HIPAA Privacy Rule grants you the following individual rights:
- Right to Request Restrictions – You have the right to request restrictions on certain uses/disclosures of PHI. However, I am not required to agree to the request.
- In general, you have the right to view your PHI that is in my possession or to obtain copies of it. You must request it in writing. You will receive a response from me within five if you decide to access your records, fifteen days if you want a copy of your records and, depending on its length, between ten and thirty days if you request a summary of your records of my receiving your written request. Under certain circumstances, such as if I fear the information may be harmful to you, I may deny your request. If your request is denied, you will be given in writing the reasons for the denial. I will also explain your right to have my denial reviewed. If you ask for copies of your PHI, I will charge you not more than $.25 per page. I may see fit to provide you with a summary or explanation of the PHI, but only if you agree in advance to it, as well as to the cost.
- You have the right to ask that I limit how I use and disclose you PHI. While I will consider your request, I am not legally bound to agree. If I do agree to your request, I will put those limits in writing and abide by them except in emergency situations. You do not have the right to limit the uses and disclosures that I am legally required or permitted to make.
- It is your right to ask that your PHI be sent to you at an alternate address or by an alternate method, e.g., email. I am obliged to agree to your request providing that I can give you the PHI in the format you requested without undue inconvenience.
- You are entitled to a list of disclosures of your PHI that I have made. The list will not include uses or disclosures to which you have already consented, e.g., those for treatment, payment, or health care operations. I will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list will include the date of the disclosure, to whom PHI was disclosed (including their address if known), a description of the information disclosed, and the reason for the disclosure. I will provide the list to you at no cost, unless you make more than one request in the same year, in which case I will charge you a reasonable fee for each additional request.
- If you believe that there is some error in your PHI or that important information has been omitted, it is your right to request that I correct the existing information or add the missing information. Your request and the reason for the request must be made in writing. You will receive a response within 60 days of my receipt of your request. I may deny your request in writing if I find that the PHI is: (a) correct and complete, (b) forbidden to be disclosed, (c) not part of my records, or (d) written by someone other me. My denial must be in writing and must state the reasons for the denial. It must also explain your right to file a written statement objecting to the denial. If you do not file a written objection, you still have the right to ask that your request and my denial be attached to any future disclosures of your PHI. If I approve your request, I will make the change(s) to your PHI. Additionally, I will tell you that the changes have been made, and I will advise all others who need to know about the change(s) to your PHI.
- You have the right to get this notice by email if your chose so. You have the right to request a paper copy of it as well.
If you believe that I may have violated your individual privacy rights, or if you object to a decision I made about access to your PHI, you are entitled to file a complaint by submitting a written complaint to me. Your written complaint must describe the acts and/or omissions you believe to be in violation of the Rule or the provisions outlined in this Privacy Practices section. If you prefer, you may file your written complaint with the Secretary of the U.S. Department of Health and Human Services (Secretary) at 200 Independence Avenue S.W., Washington, D.C., 20201. However, any complaint you file must be received by me, or filed with the Secretary, within 180 days of when you knew, or should have known, that the act or omission occurred. I will take no retaliatory action against you if you make such complaints.
I understand that Federal regulations (HIPAA) allow health service providers to disclose my Protected Health Information (PHI) from your records in order to provide you treatment services, obtain payment for the services provided, or for other professional activities known as “health care operations”. How, why, and where I might release your PHI was described above. I consent to the use or disclosure of my Protected Health Information as specified. This consent is voluntary and you may refuse to sign it now or revoke your consent later.