Legal Notices

THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

​I. DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

I may use or disclose your Protected Health Information (PHI), for certain treatment, payment, and health care operations purposes without your authorization.  In certain circumstances I can only do so when the person or business requesting your PHI gives me a written request that includes certain promises regarding protecting the confidentiality of your PHI. To help clarify these terms, here are some definitions: 

“HIPAA” refers to Health Insurance Portability and Accountability Act, a federal law that provides privacy protections and patient rights with regard to the use and disclosure of your Protected Health Information (PHI) used for the purpose of treatment, payment, and health care operations.

“PHI” refers to information in your health record that could identify you. 

“Treatment” is when I provide, or another healthcare provider, diagnoses or treats you. An example of treatment would be when I consult with another health care provider, such as your family physician, psychiatrist, or another psychologist, regarding your treatment.

“Health Care Operations” is when I disclose your PHI to your health care service plan (for example your health insurer), or to your other health care providers contracting with your plan, for administering the plan, such as case management and care coordination.  

“Use” applies only to activities within my office such as sharing, employing, applying, utilizing, examining, and analyzing information that identifies you.

“Disclosure” applies to activities outside of my office, such as releasing, transferring, or providing access to information about you to other parties. 

“Authorization” means written permission for specific uses or disclosures.

​​

II. IT IS MY LEGAL DUTY TO SAFEGUARD YOUR PHI

By law I am required to ensure that your PHI is kept private. PHI constitutes information created or noted by me that can be used to identify you. It contains data about your past, present, or future health or condition, the provision of health care services to you, or the payment for such health care. I am required to provide you with this Notice about my privacy procedures. This Notice must explain when, why, and how I would use and/or disclose your PHI. PHI is disclosed when I release, transfer, give, or otherwise reveal it to a third party outside this practice. With some exceptions, I may not use or disclose more of your PHI than is necessary to accomplish the purpose for which the use or disclosure is made; however, I am always legally required to follow the privacy practices described in this Notice.

Please note that I reserve the right to change the terms of this Notice and my privacy policies at any time as permitted by law. Any changes will apply to PHI already on file with me. Before I make any important changes to my policies, I will immediately change this Notice and post a new copy of it in my office and on my website. You may also request a copy of this Notice from me, or you can view a copy of it in my office or on my website.

​

III. HOW I WILL USE AND DISCLOSE YOUR PHI

I will use and disclose your PHI for many different reasons. Some of the uses or disclosures will require your prior written authorization; others, however, will not. Below you will find the different categories of my uses and disclosures, with some examples. 

​

1. Uses and Disclosures Related to Treatment, Payment, or Health Care Operations Do Not Require Your Prior Written Consent. I may use and/or disclose your PHI without your consent for the following reasons: 

   1. For Treatment. I can use your PHI within this practice to provide you with mental health treatment, including discussing or sharing your PHI with trainees and interns. I may disclose your PHI to physicians, psychiatrists, psychologists, and other licensed health providers who provide you with health care services or are otherwise involved in your care. Example: If a psychiatrist is treating you, I may disclose your PHI to him/her in order to coordinate your care. 

   2. For health care operations. I may disclose your PHI to facilitate the efficient and correct operation of this practice. Example: Quality control - I might use your PHI in the evaluation of the quality of health care services that you have received. I may also provide your PHI to my attorneys, accountants, consultants, and others to make sure that I am in compliance with applicable laws. 

   3. To obtain payment for treatment. I may use and disclose your PHI to bill and collect payment for the treatment and services I have provided to you. Example: I might send your PHI to your insurance company or health plan in order to get payment for the health care services that I have provided to you. I could also provide your PHI to business associates, such as billing companies, claims processing companies, and others that process health care claims for my office. 

   4. Other disclosures. Example: Your consent is not required if you need emergency treatment provided that I attempt to get your consent after treatment is rendered. In the event that I try to get your consent and you are unable to communicate with me (for example, if you are unconscious or in severe pain), but I think that you would consent to such treatment if you could, I may disclose your PHI.​

2. Certain Other Uses and Disclosures that Do Not Require Your Consent. I may use and/or disclose your PHI without your consent or authorization for the following reasons:

   1. When disclosure is required by federal, state, or local law: judicial, board, or administrative proceedings, or, law enforcement. If you are involved in a court proceeding and a request is made about the professional services that I have provided you, I must not release your information without 1) your written authorization or the authorization of your attorney or personal representative; 2) a court order; 3) a subpoena duces tecum (a subpoena to produce records signed by a court clerk, lawyer, prosecutor, or other authorized person) where the party seeking your records provides me with a showing that you or your attorney have been served with a copy of the subpoena, affidavit and the appropriate notice, and you have not notified me that you are bringing a motion in the court to quash (block) or modify the subpoena; or 4) an administrative subpoena, summons, investigative demand, or similar process authorized by law where the party seeking your records confirms for me that the information being sought is relevant and material to a legitimate law enforcement inquiry, the request is specific and limited to the extent reasonably necessary for the purpose of the request, and de-identified information could not reasonably be used. The privilege does not apply when you are being evaluated for a third party or where the evaluation is court-ordered. I will inform you in advance if this is the case.

   2. If disclosure is compelled by a party to a proceeding before a court of an administrative agency pursuant to its lawful authority. 

   3. If disclosure is required by a search warrant lawfully issued to a governmental law enforcement agency. 

   4. If disclosure is compelled by the patient or the patient’s representative pursuant to Maine or federal laws or regulations, such as the Privacy Rule that requires this Notice. 

   5. To avoid harm. I may provide PHI to law enforcement personnel or persons able to prevent or mitigate a serious threat to the health or safety of a person or the public (e.g., adverse reaction to medications). 

   6. If disclosure is compelled or permitted by the fact that you are in such mental or emotional condition as to be dangerous to yourself or the person or property of others, and if I determine that disclosure is necessary to prevent the threatened danger. 

   7. If disclosure is mandated by the Maine Child Abuse and Neglect Reporting law. Whenever I, in my professional capacity, have knowledge of or observe a child I know or reasonably suspect, has been the victim of child abuse or neglect, I must immediately report such to a police department or sheriff’s department, county probation department, or county welfare department. Also, if I have knowledge of or reasonably suspect that mental suffering has been inflicted upon a child or that his or her emotional well-being is endangered in any other way, I may report such to the above agencies.

   8. If disclosure is mandated by the Maine Elder/Dependent Adult Abuse Reporting law. If I, in my professional capacity, have observed or have knowledge of an incident that reasonably appears to be physical abuse, abandonment, abduction, isolation, financial abuse or neglect of an elder or dependent adult, or if I am told by an elder or dependent adult that he or she has experienced these or if I reasonably suspect such, I must report the known or suspected abuse immediately to the local ombudsman or the local law enforcement agency. I do not have to report such an incident if:

      • I have been told by an elder or dependent adult that he or she has experienced behavior constituting physical abuse, abandonment, abduction, isolation, financial abuse or neglect;    

      • I am not aware of any independent evidence that corroborates the statement that the abuse has occurred;    

      • the elder or dependent adult has been diagnosed with a mental illness or dementia, or is the subject of a court-ordered conservatorship because of a mental illness or dementia; and   

      • in the exercise of clinical judgment, I reasonably believe that the abuse did not occur.

   9. If disclosure is compelled or permitted by the fact that you tell me of a serious/imminent threat of physical violence by you against a reasonably identifiable victim or victims. If you communicate to me a serious threat of physical violence against an identifiable victim, I must make reasonable efforts to communicate that information to the potential victim and the police.  If I have reasonable cause to believe that you are in such a condition, as to be dangerous to yourself or others, I may release relevant information as necessary to prevent the threatened danger.  

   10. For public health activities. Example: In the event of your death, if a disclosure is permitted or compelled, I may need to give the county coroner information about you.

   11. For health oversight activities. Examples: I may be required to provide information to assist the government in the course of an investigation or inspection of a health care organization or provider. If a complaint is filed against me with the Maine Board of Examiners of Psychologists, the Board has the authority to subpoena confidential mental health information from me relevant to that complaint.

   12. For specific government functions. Example: I may disclose PHI of military personnel and veterans under certain circumstances. I may disclose PHI in the interests of national security, such as protecting the President of the United States or assisting with intelligence operations. 

   13. For research purposes. In certain circumstances, I may provide PHI in order to conduct medical or psychological research. 

   14. For Workers’ Compensation purposes. If you file a Workers’ Compensation claim, I must furnish a report to your employer, incorporating my findings about your injury and treatment, within five working days from the date of the your initial examination, and at subsequent intervals as may be required by the administrative director of the Workers’ Compensation Commission in order to determine your eligibility for Workers’ Compensation.

   15. Appointment reminders and health related benefits or services. Examples: I may use PHI to provide appointment reminders. I may use PHI to give you information about alternative treatment options, or other health care services or benefits I offer. 

   16. If an arbitrator or arbitration panel compels disclosure, when arbitration is lawfully requested by either party, pursuant to a subpoena duces tecum or any other provision authorizing disclosure in a proceeding before an arbitrator or arbitration panel. 

   17. If disclosure is required or permitted to a health oversight agency for oversight activities authorized by law. Example: When compelled by U.S. Secretary of Health and Human Services to investigate or assess my compliance with HIPAA regulations. 

   18. If disclosure is otherwise specifically required by law. 

1. Certain Uses and Disclosures Require You to Have the Opportunity to Object. 

   1. Disclosures to family, friends, or others. I may provide your PHI to a family member, friend, or other individual who you indicate is involved in your care or responsible for the payment of your health care, unless you object in whole or in part. Retroactive consent may be obtained in emergency situations. 

   2. Other Uses and Disclosures Require Your Prior Written Authorization. In any other situation not described in Sections IIIA, IIIB, and IIIC above, I will request your written authorization before using or disclosing any of your PHI. I will also need to obtain an authorization before releasing your psychotherapy notes. “Psychotherapy notes” are notes I have made about our conversation during a private, group, joint, or family therapy session.  These notes are given a greater degree of protection than PHI. Even if you have signed an authorization to disclose your PHI, you may later revoke that authorization, in writing, to stop any future uses and disclosures (assuming that I have not taken any action subsequent to the original authorization) of your PHI by me. 

​IV. YOUR RIGHTS REGARDING YOUR PHI

1. The Right to See and Get Copies of Your PHI. In general, you have the right to see your PHI that is in my possession, or to get copies of it: however, you must request it in writing. If I do not have your PHI, but I know who does, I will advise you how you can get it. You will receive a response from me within 30 days of me receiving your written request. Under certain circumstances, I may feel that your request should be denied, but if I do, I will give you, in writing, the reasons for the denial. I will also explain your right to have my denial reviewed. If you ask for copies of your PHI, I will charge you no more than $.25 per page. I may see fit to provide you with a summary of explanation of the PHI, but only if you agree to it, as well as to the cost, in advance. 

2. The Right to Request Limits on Uses and Disclosures of Your PHI. You have the right to ask that I limit how I use and disclose your PHI. While I will consider your request, I am not legally bound to agree. If I do agree to your request, I will put those limits in writing and abide by them except in emergency situations. You do not have the right to limit the uses and disclosures that I am legally required or permitted to make.

3. The Right to Choose How I Send Your PHI to You. It is your right to ask that your PHI be sent to you at an alternate address (for example, sending information to your work address rather than your home address) or by an alternate method (for example, via email instead of by regular mail). I am obliged to agree to your request providing that I can give you the PHI, in the format you requested, without undue inconvenience. I may not require an explanation from you as to the basis of your request as a condition of providing communications on a confidential basis. 

4. The Right to Get a List of the Disclosures I Have Made. You are entitled to a list of disclosures of your PHI that I have made. The list will not include uses or disclosures to which you have already consented, i.e., those for treatment, payment, or health care operations, sent directly to you, or to your family: neither will the list include disclosures made for national security purposes, to corrections or law enforcement personnel, or disclosures made before April 15, 2003. After April 15, 2003, disclosure records will be held for six years. I will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list I give you will include disclosures made in the previous six years (the first six year period being 2003-2009) unless you indicate a shorter period. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. I will provide the list to you at no cost, unless you make more than one request in the same year, in which case I will charge you a reasonable sum based on a set fee for each additional request. 

5. The Right to Amend Your PHI. If you believe that there is some error in your PHI or that important information has been omitted, it is your right to request that I correct the existing information or add the missing information. Your request and the reason for the request must be made in writing. You will receive a response within 60 days of my receipt of your request. I may deny your request, in writing, if I find that the PHI is: (a) correct and/or complete, (b) forbidden to be disclosed, (c) not part of my records, or (d) written by someone other than me. My denial must be in writing and must state the reasons for the denial. It must also explain your right to file a written statement objecting to the denial. If you do not file a written objection, you still have the right to ask that your request and my denial be attached to any future disclosures of your PHI. If I approve your request, I will make the change(s) to your PHI. Additionally, I will tell you that the changes have been made, and I will advise all others who need to know about the change(s) to your PHI. 

6. The Right to Get This Notice by Email. You have the right to get an electronic copy of this Notice by email. You have the right to request a paper copy of it, as well. 

​V. COMPLAINTS ABOUT MY PRIVACY PRACTICES AND POINTS OF CONTACT

If you are concerned that I have violated your privacy rights, disagree with a decision that I made about access to your PHI, have any questions about this Notice, or have any complaints about my privacy practices, please contact the privacy official of this office: Noelle Deckman, Ph.D., 949-689-3229, noelle@drdeckman.com.

You can also file a formal complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201; calling 1-877-696-6775; or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/

If you file a complaint about my privacy practices, I will not take any retaliatory action against you. 

VI. EFFECTIVE DATE, RESTRICTIONS, AND CHANGES TO PRIVACY POLICY

This Notice went into effect on March 5, 2021. 

Provider’s Duties:

1. I am required by law to maintain the privacy of PHI and to provide you with a Notice of my legal duties and privacy practices with respect to PHI.

2. I will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

3. I reserve the right to change the privacy policies and practices described in this Notice and to make the new Notice provisions effective for all PHI that I maintain. Unless I notify you of such changes, however, I am required to abide by the terms currently in effect. 

4. If I revise my policies and procedures, I will notify you in writing by U.S. mail or in person.

5. For more information: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html