Legal Notices
The following notices are required to be posted for consumers of psychological services. Please click on the links below to be taken to that section:
For California Residents:
HIPAA Notice of Privacy Practices
Your Information. Your Rights. My Responsibility.
THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS
I may use or disclose your Protected Health Information (PHI), for certain treatment, payment, and health care operations purposes without your authorization. In certain circumstances I can only do so when the person or business requesting your PHI gives me a written request that includes certain promises regarding protecting the confidentiality of your PHI. To help clarify these terms, here are some definitions:
“HIPAA” refers to Health Insurance Portability and Accountability Act, a federal law that provides privacy protections and patient rights with regard to the use and disclosure of your Protected Health Information (PHI) used for the purpose of treatment, payment, and health care operations.
“PHI” refers to information in your health record that could identify you.
“Treatment” is when I provide, or another healthcare provider, diagnoses or treats you. An example of treatment would be when I consult with another health care provider, such as your family physician, psychiatrist, or another psychologist, regarding your treatment.
“Health Care Operations” is when I disclose your PHI to your health care service plan (for example your health insurer), or to your other health care providers contracting with your plan, for administering the plan, such as case management and care coordination.
“Use” applies only to activities within my office such as sharing, employing, applying, utilizing, examining, and analyzing information that identifies you.
“Disclosure” applies to activities outside of my office, such as releasing, transferring, or providing access to information about you to other parties.
“Authorization” means written permission for specific uses or disclosures.
II. IT IS MY LEGAL DUTY TO SAFEGUARD YOUR PHI
By law I am required to ensure that your PHI is kept private. PHI constitutes information created or noted by me that can be used to identify you. It contains data about your past, present, or future health or condition, the provision of health care services to you, or the payment for such health care. I am required to provide you with this Notice about my privacy procedures. This Notice must explain when, why, and how I would use and/or disclose your PHI. PHI is disclosed when I release, transfer, give, or otherwise reveal it to a third party outside this practice. With some exceptions, I may not use or disclose more of your PHI than is necessary to accomplish the purpose for which the use or disclosure is made; however, I am always legally required to follow the privacy practices described in this Notice.
Please note that I reserve the right to change the terms of this Notice and my privacy policies at any time as permitted by law. Any changes will apply to PHI already on file with me. Before I make any important changes to my policies, I will immediately change this Notice and post a new copy of it in my office and on my website. You may also request a copy of this Notice from me, or you can view a copy of it in my office or on my website.
III. HOW I WILL USE AND DISCLOSE YOUR PHI
I will use and disclose your PHI for many different reasons. Some of the uses or disclosures will require your prior written authorization; others, however, will not. Below you will find the different categories of my uses and disclosures, with some examples.
Uses and Disclosures Related to Treatment, Payment, or Health Care Operations Do Not Require Your Prior Written Consent. I may use and/or disclose your PHI without your consent for the following reasons:
-
For Treatment. I can use your PHI within this practice to provide you with mental health treatment, including discussing or sharing your PHI with trainees and interns. I may disclose your PHI to physicians, psychiatrists, psychologists, and other licensed health providers who provide you with health care services or are otherwise involved in your care. Example: If a psychiatrist is treating you, I may disclose your PHI to him/her in order to coordinate your care.
-
For health care operations. I may disclose your PHI to facilitate the efficient and correct operation of this practice. Example: Quality control - I might use your PHI in the evaluation of the quality of health care services that you have received. I may also provide your PHI to my attorneys, accountants, consultants, and others to make sure that I am in compliance with applicable laws.
-
To obtain payment for treatment. I may use and disclose your PHI to bill and collect payment for the treatment and services I have provided to you. Example: I might send your PHI to your insurance company or health plan in order to get payment for the health care services that I have provided to you. I could also provide your PHI to business associates, such as billing companies, claims processing companies, and others that process health care claims for my office.
-
Other disclosures. Example: Your consent is not required if you need emergency treatment provided that I attempt to get your consent after treatment is rendered. In the event that I try to get your consent and you are unable to communicate with me (for example, if you are unconscious or in severe pain), but I think that you would consent to such treatment if you could, I may disclose your PHI.
Certain Other Uses and Disclosures that Do Not Require Your Consent. I may use and/or disclose your PHI without your consent or authorization for the following reasons:
-
When disclosure is required by federal, state, or local law: judicial, board, or administrative proceedings, or, law enforcement. If you are involved in a court proceeding and a request is made about the professional services that I have provided you, I must not release your information without 1) your written authorization or the authorization of your attorney or personal representative; 2) a court order; or 3) a subpoena duces tecum (a subpoena to produce records) where the party seeking your records provides me with a showing that you or your attorney have been served with a copy of the subpoena, affidavit and the appropriate notice, and you have not notified me that you are bringing a motion in the court to quash (block) or modify the subpoena. The privilege does not apply when you are being evaluated for a third party or where the evaluation is court-ordered. I will inform you in advance if this is the case.
-
If disclosure is compelled by a party to a proceeding before a court of an administrative agency pursuant to its lawful authority.
-
If disclosure is required by a search warrant lawfully issued to a governmental law enforcement agency.
-
If disclosure is compelled by the patient or the patient’s representative pursuant to California Health and Safety Codes or to corresponding federal statutes of regulations, such as the Privacy Rule that requires this Notice.
-
To avoid harm. I may provide PHI to law enforcement personnel or persons able to prevent or mitigate a serious threat to the health or safety of a person or the public (e.g., adverse reaction to medications).
-
If disclosure is compelled or permitted by the fact that you are in such mental or emotional condition as to be dangerous to yourself or the person or property of others, and if I determine that disclosure is necessary to prevent the threatened danger.
-
If disclosure is mandated by the California Child Abuse and Neglect Reporting law. Whenever I, in my professional capacity, have knowledge of or observe a child I know or reasonably suspect, has been the victim of child abuse or neglect, I must immediately report such to a police department or sheriff’s department, county probation department, or county welfare department. Also, if I have knowledge of or reasonably suspect that mental suffering has been inflicted upon a child or that his or her emotional well-being is endangered in any other way, I may report such to the above agencies.
-
If disclosure is mandated by the California Elder/Dependent Adult Abuse Reporting law. If I, in my professional capacity, have observed or have knowledge of an incident that reasonably appears to be physical abuse, abandonment, abduction, isolation, financial abuse or neglect of an elder or dependent adult, or if I am told by an elder or dependent adult that he or she has experienced these or if I reasonably suspect such, I must report the known or suspected abuse immediately to the local ombudsman or the local law enforcement agency. I do not have to report such an incident if: I have been told by an elder or dependent adult that he or she has experienced behavior constituting physical abuse, abandonment, abduction, isolation, financial abuse or neglect; I am not aware of any independent evidence that corroborates the statement that the abuse has occurred; the elder or dependent adult has been diagnosed with a mental illness or dementia, or is the subject of a court-ordered conservatorship because of a mental illness or dementia; and in the exercise of clinical judgment, I reasonably believe that the abuse did not occur.
-
If disclosure is compelled or permitted by the fact that you tell me of a serious/imminent threat of physical violence by you against a reasonably identifiable victim or victims. If you communicate to me a serious threat of physical violence against an identifiable victim, I must make reasonable efforts to communicate that information to the potential victim and the police. If I have reasonable cause to believe that you are in such a condition, as to be dangerous to yourself or others, I may release relevant information as necessary to prevent the threatened danger.
-
For public health activities. Example: In the event of your death, if a disclosure is permitted or compelled, I may need to give the county coroner information about you.
-
For health oversight activities. Examples: I may be required to provide information to assist the government in the course of an investigation or inspection of a health care organization or provider. If a complaint is filed against me with the California Board of Psychology, the Board has the authority to subpoena confidential mental health information from me relevant to that complaint.
-
For specific government functions. Example: I may disclose PHI of military personnel and veterans under certain circumstances. I may disclose PHI in the interests of national security, such as protecting the President of the United States or assisting with intelligence operations.
-
For research purposes. In certain circumstances, I may provide PHI in order to conduct medical or psychological research.
-
For Workers’ Compensation purposes. If you file a Workers’ Compensation claim, I must furnish a report to your employer, incorporating my findings about your injury and treatment, within five working days from the date of the your initial examination, and at subsequent intervals as may be required by the administrative director of the Workers’ Compensation Commission in order to determine your eligibility for Workers’ Compensation.
-
Appointment reminders and health related benefits or services. Examples: I may use PHI to provide appointment reminders. I may use PHI to give you information about alternative treatment options, or other health care services or benefits I offer.
-
If an arbitrator or arbitration panel compels disclosure, when arbitration is lawfully requested by either party, pursuant to a subpoena duces tecum or any other provision authorizing disclosure in a proceeding before an arbitrator or arbitration panel.
-
If disclosure is required or permitted to a health oversight agency for oversight activities authorized by law. Example: When compelled by U.S. Secretary of Health and Human Services to investigate or assess my compliance with HIPAA regulations.
-
If disclosure is otherwise specifically required by law.
Certain Uses and Disclosures Require You to Have the Opportunity to Object.
-
Disclosures to family, friends, or others. I may provide your PHI to a family member, friend, or other individual who you indicate is involved in your care or responsible for the payment of your health care, unless you object in whole or in part. Retroactive consent may be obtained in emergency situations.
-
Other Uses and Disclosures Require Your Prior Written Authorization. In any other situation not described in Sections IIIA, IIIB, and IIIC above, I will request your written authorization before using or disclosing any of your PHI. I will also need to obtain an authorization before releasing your psychotherapy notes. “Psychotherapy notes” are notes I have made about our conversation during a private, group, joint, or family therapy session. These notes are given a greater degree of protection than PHI. Even if you have signed an authorization to disclose your PHI, you may later revoke that authorization, in writing, to stop any future uses and disclosures (assuming that I have not taken any action subsequent to the original authorization) of your PHI by me.
IV. YOUR RIGHTS REGARDING YOUR PHI
-
The Right to See and Get Copies of Your PHI. In general, you have the right to see your PHI that is in my possession, or to get copies of it: however, you must request it in writing. If I do not have your PHI, but I know who does, I will advise you how you can get it. You will receive a response from me within 30 days of me receiving your written request. Under certain circumstances, I may feel that your request should be denied, but if I do, I will give you, in writing, the reasons for the denial. I will also explain your right to have my denial reviewed. If you ask for copies of your PHI, I will charge you no more than $.25 per page. I may see fit to provide you with a summary of explanation of the PHI, but only if you agree to it, as well as to the cost, in advance.
-
The Right to Request Limits on Uses and Disclosures of Your PHI. You have the right to ask that I limit how I use and disclose your PHI. While I will consider your request, I am not legally bound to agree. If I do agree to your request, I will put those limits in writing and abide by them except in emergency situations. You do not have the right to limit the uses and disclosures that I am legally required or permitted to make.
-
The Right to Choose How I Send Your PHI to You. It is your right to ask that your PHI be sent to you at an alternate address (for example, sending information to your work address rather than your home address) or by an alternate method (for example, via email instead of by regular mail). I am obliged to agree to your request providing that I can give you the PHI, in the format you requested, without undue inconvenience. I may not require an explanation from you as to the basis of your request as a condition of providing communications on a confidential basis.
-
The Right to Get a List of the Disclosures I Have Made. You are entitled to a list of disclosures of your PHI that I have made. The list will not include uses or disclosures to which you have already consented, i.e., those for treatment, payment, or health care operations, sent directly to you, or to your family: neither will the list include disclosures made for national security purposes, to corrections or law enforcement personnel, or disclosures made before April 15, 2003. After April 15, 2003, disclosure records will be held for six years. I will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list I give you will include disclosures made in the previous six years (the first six year period being 2003-2009) unless you indicate a shorter period. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. I will provide the list to you at no cost, unless you make more than one request in the same year, in which case I will charge you a reasonable sum based on a set fee for each additional request.
-
The Right to Amend Your PHI. If you believe that there is some error in your PHI or that important information has been omitted, it is your right to request that I correct the existing information or add the missing information. Your request and the reason for the request must be made in writing. You will receive a response within 60 days of my receipt of your request. I may deny your request, in writing, if I find that the PHI is: (a) correct and/or complete, (b) forbidden to be disclosed, (c) not part of my records, or (d) written by someone other than me. My denial must be in writing and must state the reasons for the denial. It must also explain your right to file a written statement objecting to the denial. If you do not file a written objection, you still have the right to ask that your request and my denial be attached to any future disclosures of your PHI. If I approve your request, I will make the change(s) to your PHI. Additionally, I will tell you that the changes have been made, and I will advise all others who need to know about the change(s) to your PHI.
-
The Right to Get This Notice by Email. You have the right to get an electronic copy of this Notice by email. You have the right to request a paper copy of it, as well.
V. COMPLAINTS ABOUT MY PRIVACY PRACTICES AND POINTS OF CONTACT
If you are concerned that I have violated your privacy rights, disagree with a decision that I made about access to your PHI, have any questions about this Notice, or have any complaints about my privacy practices, please contact the privacy official of this office: Noelle Deckman, Ph.D., xxx-xxx-xxxx., noelle@drdeckman.com.
You can also file a formal complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201; calling 1-877-696-6775; or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/
If you file a complaint about my privacy practices, I will not take any retaliatory action against you.
VI. EFFECTIVE DATE, RESTRICTIONS, AND CHANGES TO PRIVACY POLICY
This Notice went into effect on May 1, 2020.
Provider’s Duties:
-
I am required by law to maintain the privacy of PHI and to provide you with a Notice of my legal duties and privacy practices with respect to PHI.
-
I will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
-
I reserve the right to change the privacy policies and practices described in this Notice and to make the new Notice provisions effective for all PHI that I maintain. Unless I notify you of such changes, however, I am required to abide by the terms currently in effect.
-
If I revise my policies and procedures, I will notify you in writing by U.S. mail or in person.
-
For more information: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html
For Maine Residents:
HIPAA Notice of Privacy Practices
Your Information. Your Rights. My Responsibility.
THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS
I may use or disclose your Protected Health Information (PHI), for certain treatment, payment, and health care operations purposes without your authorization. In certain circumstances I can only do so when the person or business requesting your PHI gives me a written request that includes certain promises regarding protecting the confidentiality of your PHI. To help clarify these terms, here are some definitions:
“HIPAA” refers to Health Insurance Portability and Accountability Act, a federal law that provides privacy protections and patient rights with regard to the use and disclosure of your Protected Health Information (PHI) used for the purpose of treatment, payment, and health care operations.
“PHI” refers to information in your health record that could identify you.
“Treatment” is when I provide, or another healthcare provider, diagnoses or treats you. An example of treatment would be when I consult with another health care provider, such as your family physician, psychiatrist, or another psychologist, regarding your treatment.
“Health Care Operations” is when I disclose your PHI to your health care service plan (for example your health insurer), or to your other health care providers contracting with your plan, for administering the plan, such as case management and care coordination.
“Use” applies only to activities within my office such as sharing, employing, applying, utilizing, examining, and analyzing information that identifies you.
“Disclosure” applies to activities outside of my office, such as releasing, transferring, or providing access to information about you to other parties.
“Authorization” means written permission for specific uses or disclosures.
II. IT IS MY LEGAL DUTY TO SAFEGUARD YOUR PHI
By law I am required to ensure that your PHI is kept private. PHI constitutes information created or noted by me that can be used to identify you. It contains data about your past, present, or future health or condition, the provision of health care services to you, or the payment for such health care. I am required to provide you with this Notice about my privacy procedures. This Notice must explain when, why, and how I would use and/or disclose your PHI. PHI is disclosed when I release, transfer, give, or otherwise reveal it to a third party outside this practice. With some exceptions, I may not use or disclose more of your PHI than is necessary to accomplish the purpose for which the use or disclosure is made; however, I am always legally required to follow the privacy practices described in this Notice.
Please note that I reserve the right to change the terms of this Notice and my privacy policies at any time as permitted by law. Any changes will apply to PHI already on file with me. Before I make any important changes to my policies, I will immediately change this Notice and post a new copy of it in my office and on my website. You may also request a copy of this Notice from me, or you can view a copy of it in my office or on my website.
III. HOW I WILL USE AND DISCLOSE YOUR PHI
I will use and disclose your PHI for many different reasons. Some of the uses or disclosures will require your prior written authorization; others, however, will not. Below you will find the different categories of my uses and disclosures, with some examples.
-
Uses and Disclosures Related to Treatment, Payment, or Health Care Operations Do Not Require Your Prior Written Consent. I may use and/or disclose your PHI without your consent for the following reasons:
-
For Treatment. I can use your PHI within this practice to provide you with mental health treatment, including discussing or sharing your PHI with trainees and interns. I may disclose your PHI to physicians, psychiatrists, psychologists, and other licensed health providers who provide you with health care services or are otherwise involved in your care. Example: If a psychiatrist is treating you, I may disclose your PHI to him/her in order to coordinate your care.
-
For health care operations. I may disclose your PHI to facilitate the efficient and correct operation of this practice. Example: Quality control - I might use your PHI in the evaluation of the quality of health care services that you have received. I may also provide your PHI to my attorneys, accountants, consultants, and others to make sure that I am in compliance with applicable laws.
-
To obtain payment for treatment. I may use and disclose your PHI to bill and collect payment for the treatment and services I have provided to you. Example: I might send your PHI to your insurance company or health plan in order to get payment for the health care services that I have provided to you. I could also provide your PHI to business associates, such as billing companies, claims processing companies, and others that process health care claims for my office.
-
Other disclosures. Example: Your consent is not required if you need emergency treatment provided that I attempt to get your consent after treatment is rendered. In the event that I try to get your consent and you are unable to communicate with me (for example, if you are unconscious or in severe pain), but I think that you would consent to such treatment if you could, I may disclose your PHI.
-
-
Certain Other Uses and Disclosures that Do Not Require Your Consent. I may use and/or disclose your PHI without your consent or authorization for the following reasons:
-
When disclosure is required by federal, state, or local law: judicial, board, or administrative proceedings, or, law enforcement. If you are involved in a court proceeding and a request is made about the professional services that I have provided you, I must not release your information without 1) your written authorization or the authorization of your attorney or personal representative; 2) a court order; 3) a subpoena duces tecum (a subpoena to produce records signed by a court clerk, lawyer, prosecutor, or other authorized person) where the party seeking your records provides me with a showing that you or your attorney have been served with a copy of the subpoena, affidavit and the appropriate notice, and you have not notified me that you are bringing a motion in the court to quash (block) or modify the subpoena; or 4) an administrative subpoena, summons, investigative demand, or similar process authorized by law where the party seeking your records confirms for me that the information being sought is relevant and material to a legitimate law enforcement inquiry, the request is specific and limited to the extent reasonably necessary for the purpose of the request, and de-identified information could not reasonably be used. The privilege does not apply when you are being evaluated for a third party or where the evaluation is court-ordered. I will inform you in advance if this is the case.
-
If disclosure is compelled by a party to a proceeding before a court of an administrative agency pursuant to its lawful authority.
-
If disclosure is required by a search warrant lawfully issued to a governmental law enforcement agency.
-
If disclosure is compelled by the patient or the patient’s representative pursuant to Maine or federal laws or regulations, such as the Privacy Rule that requires this Notice.
-
To avoid harm. I may provide PHI to law enforcement personnel or persons able to prevent or mitigate a serious threat to the health or safety of a person or the public (e.g., adverse reaction to medications).
-
If disclosure is compelled or permitted by the fact that you are in such mental or emotional condition as to be dangerous to yourself or the person or property of others, and if I determine that disclosure is necessary to prevent the threatened danger.
-
If disclosure is mandated by the Maine Child Abuse and Neglect Reporting law. Whenever I, in my professional capacity, have knowledge of or observe a child I know or reasonably suspect, has been the victim of child abuse or neglect, I must immediately report such to a police department or sheriff’s department, county probation department, or county welfare department. Also, if I have knowledge of or reasonably suspect that mental suffering has been inflicted upon a child or that his or her emotional well-being is endangered in any other way, I may report such to the above agencies.
-
If disclosure is mandated by the Maine Elder/Dependent Adult Abuse Reporting law. If I, in my professional capacity, have observed or have knowledge of an incident that reasonably appears to be physical abuse, abandonment, abduction, isolation, financial abuse or neglect of an elder or dependent adult, or if I am told by an elder or dependent adult that he or she has experienced these or if I reasonably suspect such, I must report the known or suspected abuse immediately to the local ombudsman or the local law enforcement agency. I do not have to report such an incident if:
-
I have been told by an elder or dependent adult that he or she has experienced behavior constituting physical abuse, abandonment, abduction, isolation, financial abuse or neglect;
-
I am not aware of any independent evidence that corroborates the statement that the abuse has occurred;
-
the elder or dependent adult has been diagnosed with a mental illness or dementia, or is the subject of a court-ordered conservatorship because of a mental illness or dementia; and
-
in the exercise of clinical judgment, I reasonably believe that the abuse did not occur.
-
-
If disclosure is compelled or permitted by the fact that you tell me of a serious/imminent threat of physical violence by you against a reasonably identifiable victim or victims. If you communicate to me a serious threat of physical violence against an identifiable victim, I must make reasonable efforts to communicate that information to the potential victim and the police. If I have reasonable cause to believe that you are in such a condition, as to be dangerous to yourself or others, I may release relevant information as necessary to prevent the threatened danger.
-
For public health activities. Example: In the event of your death, if a disclosure is permitted or compelled, I may need to give the county coroner information about you.
-
For health oversight activities. Examples: I may be required to provide information to assist the government in the course of an investigation or inspection of a health care organization or provider. If a complaint is filed against me with the Maine Board of Examiners of Psychologists, the Board has the authority to subpoena confidential mental health information from me relevant to that complaint.
-
For specific government functions. Example: I may disclose PHI of military personnel and veterans under certain circumstances. I may disclose PHI in the interests of national security, such as protecting the President of the United States or assisting with intelligence operations.
-
For research purposes. In certain circumstances, I may provide PHI in order to conduct medical or psychological research.
-
For Workers’ Compensation purposes. If you file a Workers’ Compensation claim, I must furnish a report to your employer, incorporating my findings about your injury and treatment, within five working days from the date of the your initial examination, and at subsequent intervals as may be required by the administrative director of the Workers’ Compensation Commission in order to determine your eligibility for Workers’ Compensation.
-
Appointment reminders and health related benefits or services. Examples: I may use PHI to provide appointment reminders. I may use PHI to give you information about alternative treatment options, or other health care services or benefits I offer.
-
If an arbitrator or arbitration panel compels disclosure, when arbitration is lawfully requested by either party, pursuant to a subpoena duces tecum or any other provision authorizing disclosure in a proceeding before an arbitrator or arbitration panel.
-
If disclosure is required or permitted to a health oversight agency for oversight activities authorized by law. Example: When compelled by U.S. Secretary of Health and Human Services to investigate or assess my compliance with HIPAA regulations.
-
If disclosure is otherwise specifically required by law.
-
-
Certain Uses and Disclosures Require You to Have the Opportunity to Object.
-
Disclosures to family, friends, or others. I may provide your PHI to a family member, friend, or other individual who you indicate is involved in your care or responsible for the payment of your health care, unless you object in whole or in part. Retroactive consent may be obtained in emergency situations.
-
Other Uses and Disclosures Require Your Prior Written Authorization. In any other situation not described in Sections IIIA, IIIB, and IIIC above, I will request your written authorization before using or disclosing any of your PHI. I will also need to obtain an authorization before releasing your psychotherapy notes. “Psychotherapy notes” are notes I have made about our conversation during a private, group, joint, or family therapy session. These notes are given a greater degree of protection than PHI. Even if you have signed an authorization to disclose your PHI, you may later revoke that authorization, in writing, to stop any future uses and disclosures (assuming that I have not taken any action subsequent to the original authorization) of your PHI by me.
-
IV. YOUR RIGHTS REGARDING YOUR PHI
-
The Right to See and Get Copies of Your PHI. In general, you have the right to see your PHI that is in my possession, or to get copies of it: however, you must request it in writing. If I do not have your PHI, but I know who does, I will advise you how you can get it. You will receive a response from me within 30 days of me receiving your written request. Under certain circumstances, I may feel that your request should be denied, but if I do, I will give you, in writing, the reasons for the denial. I will also explain your right to have my denial reviewed. If you ask for copies of your PHI, I will charge you no more than $.25 per page. I may see fit to provide you with a summary of explanation of the PHI, but only if you agree to it, as well as to the cost, in advance.
-
The Right to Request Limits on Uses and Disclosures of Your PHI. You have the right to ask that I limit how I use and disclose your PHI. While I will consider your request, I am not legally bound to agree. If I do agree to your request, I will put those limits in writing and abide by them except in emergency situations. You do not have the right to limit the uses and disclosures that I am legally required or permitted to make.
-
The Right to Choose How I Send Your PHI to You. It is your right to ask that your PHI be sent to you at an alternate address (for example, sending information to your work address rather than your home address) or by an alternate method (for example, via email instead of by regular mail). I am obliged to agree to your request providing that I can give you the PHI, in the format you requested, without undue inconvenience. I may not require an explanation from you as to the basis of your request as a condition of providing communications on a confidential basis.
-
The Right to Get a List of the Disclosures I Have Made. You are entitled to a list of disclosures of your PHI that I have made. The list will not include uses or disclosures to which you have already consented, i.e., those for treatment, payment, or health care operations, sent directly to you, or to your family: neither will the list include disclosures made for national security purposes, to corrections or law enforcement personnel, or disclosures made before April 15, 2003. After April 15, 2003, disclosure records will be held for six years. I will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list I give you will include disclosures made in the previous six years (the first six year period being 2003-2009) unless you indicate a shorter period. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. I will provide the list to you at no cost, unless you make more than one request in the same year, in which case I will charge you a reasonable sum based on a set fee for each additional request.
-
The Right to Amend Your PHI. If you believe that there is some error in your PHI or that important information has been omitted, it is your right to request that I correct the existing information or add the missing information. Your request and the reason for the request must be made in writing. You will receive a response within 60 days of my receipt of your request. I may deny your request, in writing, if I find that the PHI is: (a) correct and/or complete, (b) forbidden to be disclosed, (c) not part of my records, or (d) written by someone other than me. My denial must be in writing and must state the reasons for the denial. It must also explain your right to file a written statement objecting to the denial. If you do not file a written objection, you still have the right to ask that your request and my denial be attached to any future disclosures of your PHI. If I approve your request, I will make the change(s) to your PHI. Additionally, I will tell you that the changes have been made, and I will advise all others who need to know about the change(s) to your PHI.
-
The Right to Get This Notice by Email. You have the right to get an electronic copy of this Notice by email. You have the right to request a paper copy of it, as well.
V. COMPLAINTS ABOUT MY PRIVACY PRACTICES AND POINTS OF CONTACT
If you are concerned that I have violated your privacy rights, disagree with a decision that I made about access to your PHI, have any questions about this Notice, or have any complaints about my privacy practices, please contact the privacy official of this office: Noelle Deckman, Ph.D., 949-689-3229, noelle@drdeckman.com.
You can also file a formal complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201; calling 1-877-696-6775; or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/
If you file a complaint about my privacy practices, I will not take any retaliatory action against you.
VI. EFFECTIVE DATE, RESTRICTIONS, AND CHANGES TO PRIVACY POLICY
This Notice went into effect on March 5, 2021.
Provider’s Duties:
-
I am required by law to maintain the privacy of PHI and to provide you with a Notice of my legal duties and privacy practices with respect to PHI.
-
I will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
-
I reserve the right to change the privacy policies and practices described in this Notice and to make the new Notice provisions effective for all PHI that I maintain. Unless I notify you of such changes, however, I am required to abide by the terms currently in effect.
-
If I revise my policies and procedures, I will notify you in writing by U.S. mail or in person.
-
For more information: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html
CA Board of Psychology
Notice to Consumers
The No Surprises Act (NSA) Notice
Your Rights and Protections Against Surprise Medical Bills
When you get emergency care or are treated by an out-of-network provider at an in-network hospital or ambulatory surgical center, you are protected from balance billing. In these cases, you shouldn’t be charged more than your plan’s copayments, coinsurance and/or deductible.
What is “balance billing” (sometimes called “surprise billing”)?
When you see a doctor or other health care provider, you may owe certain out-of-pocket costs, like a copayment, coinsurance, or deductible. You may have additional costs or have to pay the entire bill if you see a provider or visit a health care facility that isn’t in your health plan’s network.
“Out-of-network” means providers and facilities that haven’t signed a contract with your health plan to provide services. Out-of-network providers may be allowed to bill you for the difference between what your plan pays and the full amount charged for a service. This is called “balance billing. This amount is likely more than in-network costs for the same service and might not count toward your plan’s deductible or annual out-of-pocket limit.
“Surprise billing” is an unexpected balance bill. This can happen when you can’t control who is involved in your care—like when you have an emergency or when you schedule a visit at an in-network facility but are unexpectedly treated by an out-of-network provider. Surprise medical bills could cost thousands of dollars depending on the procedure or service.
You’re protected from balance billing for:
Emergency services
If you have an emergency medical condition and get emergency services from an out-of-network provider or facility, the most they can bill you is your plan’s in-network cost-sharing amount (such as copayments, coinsurance, and deductibles). You can’t be balance billed for these emergency services. This includes services you may get after you’re in stable condition, unless you give written consent and give up your protections not to be balanced billed for these post-stabilization services.
Certain services at an in-network hospital or ambulatory surgical center
When you get services from an in-network hospital or ambulatory surgical center, certain providers there may be out-of-network. In these cases, the most those providers can bill you is your plan’s in-network cost-sharing amount. This applies to emergency medicine, anesthesia, pathology, radiology, laboratory, neonatology, assistant surgeon, hospitalist, or intensivist services. These providers can’t balance bill you and may not ask you to give up your protections not to be balance billed.
If you get other types of services at these in-network facilities, out-of-network providers can’t balance bill you, unless you give written consent and give up your protections.
You’re never required to give up your protections from balance billing. You also aren’t required to get out-of-network care. You can choose a provider or facility in your plan’s network.
When balance billing isn’t allowed, you also have these protections:
• You’re only responsible for paying your share of the cost (like the copayments, coinsurance, and deductible that you would pay if the provider or facility was in-network). Your health plan will pay any additional costs to out-of-network providers and facilities directly.
• Generally, your health plan must:
o Cover emergency services without requiring you to get approval for services in advance (also known as “prior authorization”).
o Cover emergency services by out-of-network providers.
o Base what you owe the provider or facility (cost-sharing) on what it would pay an in-network provider or facility and show that amount in your explanation of benefits.
o Count any amount you pay for emergency services or out-of-network services toward your in-network deductible and out-of-pocket limit.
If you think you’ve been wrongly billed, contact:
For CA Patients: The California Department of Consumer Affairs’ Board of Psychology by emailing bopmail@dca.ca.gov or calling 1-866-503-3221.
For ME Patients, please contact the Maine Board of Examiners of Psychologists, https://www.maine.gov/pfr/professionallicensing/professions/board-examiners-psychologists, or, the Maine Attorney General's consumer protection website, https://www.maine.gov/ag/consumer/index.shtml
Visit www.cms.gov/nosurprises/consumers for more information about your rights under federal law.
Last updated: August 15, 2024
This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy. This Privacy Policy has been created with the help of the Free Privacy Policy Generator.
Interpretation and Definitions
Interpretation
The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.
Definitions
For the purposes of this Privacy Policy:
-
Account means a unique account created for You to access our Service or parts of our Service.
-
Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
-
Application refers to OCD, Anxiety, & Trauma Psychological Services, P.C. , the software program provided by the Company.
-
Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to OCD, Anxiety, & Trauma Psychological Services, P.C. , 1968 S. Coast Hwy. #1171 Laguna Beach, CA 92651.
-
Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
-
Country refers to: California, United States
-
Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
-
Personal Data is any information that relates to an identified or identifiable individual.
-
Service refers to the Application or the Website or both.
-
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
-
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
-
Website refers to OCD, Anxiety, & Trauma Psychological Services, P.C. , accessible from https://www.drdeckman.com
-
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
Collecting and Using Your Personal Data
Types of Data Collected
Personal Data
While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:
-
Email address
-
First name and last name
-
Phone number
-
Usage Data
Usage Data
Usage Data is collected automatically when using the Service.
Usage Data may include information such as Your Device's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:
-
Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
-
Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. Learn more about cookies on the Free Privacy Policy website article.
We use both Session and Persistent Cookies for the purposes set out below:
-
Necessary / Essential Cookies
Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
-
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
-
Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.
Use of Your Personal Data
The Company may use Personal Data for the following purposes:
-
To provide and maintain our Service, including to monitor the usage of our Service.
-
To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
-
For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services You have purchased or of any other contract with Us through the Service.
-
To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
-
To provide You with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
-
To manage Your requests: To attend and manage Your requests to Us.
-
For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by Us about our Service users is among the assets transferred.
-
For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
We may share Your personal information in the following situations:
-
With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
-
For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
-
With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include Our parent company and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with Us.
-
With business partners: We may share Your information with Our business partners to offer You certain products, services or promotions.
-
With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
-
With Your consent: We may disclose Your personal information for any other purpose with Your consent.
Retention of Your Personal Data
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Transfer of Your Personal Data
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.
Delete Your Personal Data
You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.
Our Service may give You the ability to delete certain information about You from within the Service.
You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.
Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.
Disclosure of Your Personal Data
Business Transactions
If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.
Law enforcement
Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Other legal requirements
The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:
-
Comply with a legal obligation
-
Protect and defend the rights or property of the Company
-
Prevent or investigate possible wrongdoing in connection with the Service
-
Protect the personal safety of Users of the Service or the public
-
Protect against legal liability
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
Children's Privacy
Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.
If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.
Links to Other Websites
Our Service may contain links to other websites that are not operated by Us. If You click on a third party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Changes to this Privacy Policy
We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.
We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, You can contact us:
-
By email: [email protected]
-
By visiting this page on our website: https://www.drdeckman.com/legal-notices
-
By phone number: 949.689.3229