Mental Health Resources, PLLC Policy & Procedures-HIPAA Compliance
Our policies and procedures for HIPAA compliance are contained in our Notification of Patient Rights Document, customary administrative paperwork, consent to care forms, and the other administrative forms attached with this document. All of our privacy policies and procedures are embedded in these documents. Additionally, this policy and procedures document is provided to reaffirm the privacy operations of our practice.
I. Use and Disclosure of PHI
- While we are permitted by HIPAA to use PHI for treatment, payment, and healthcare operations, we only do so with a consent to care signed by the patient.
- We do not treat minors without parental consent.
- For disclosure of patient information outside “TPO” purposes, we first secure the specified authorization in writing, using our authorization PHI forms.
- In the event psychotherapy notes are ever shared, we secure an authorization form and provide the patient informed consent on these matters.
- All of our authorization forms comply with HIPAA regulations.
II. Use & Disclosure of PHI – Minimum and Necessary Disclosure
In our multidisciplinary practice, other licensed clinicians, therapists and physicians may have access to the protected mental health record of patients when clinically necessary, such as in the case of an emergency.
We attempt to disclose the minimum and necessary information necessary for the requested task. For example, we prefer to send a summary of the clinical record and try not to release the clinical record unless specifically required to do so and the patient has been informed of their rights in this matter.
When we receive an authorization that seems “above and beyond what is minimum and necessary”, we first call the patient to inform them of their rights and attempt to modify any authorization so that it is consistent with the minimum and necessary requirement.
III. Nonauthorized Disclosures
Nonauthorized disclosures are made in accordance with state and federal law and our patients are notified of these occurrences as specified in my Notification of Patient Rights Statement.
IV. Notification of Patient Rights Statement
All patients receive the Notification of Patient Rights Statement at the beginning of their care to review and their signature is obtained to indicate receipt of this document. The document clearly outlines their various rights including but not limited to the right to inspect, copy and amend records, confidential handling of materials, restrictions on disclosures and other matters reviewed in those documents. Copies of all of the forms used to enact these administrative operations are attached which clearly outline the procedures we follow to protect the privacy rights of patients.
V. Business Associates
We have a contract with all individuals who may have reason to come in contact with PHI. This includes all clerical staff, employees, contractors and clinicians. Our contract helps augment privacy practices for our patients. We provide the training for these Business Associates on these important privacy matters.
VI. Privacy Officer & Complaints
Each patient’s therapist serves as the Privacy Officer for their patient. Patients are encouraged to talk to their therapists about any real or perceived compromises of their privacy rights. Patients have been informed that they can contact the Dept of Human Services, Office of Civil Rights, Washington, D.C. if they prefer to file a complaint at that office rather than talking with their therapist directly about these matters. We review any complaint in detail and strive to arrive at a resolution satisfactory to the patient. In the event we are uncertain how to proceed, we seek consultation from other informed colleagues on this subject or the legal staff of the American Psychological Association’s Practice Organization or other professionals as needed.