Notice of HIPAA Privacy Practices

Last updated: September 18, 2024

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices (the “Notice”) describes how your information is used. Specifically, how Mindful Mental Wellness medical group to which it provides certain support services, (collectively “MMW”) may use and disclose your protected health information to carry out treatment, payment, or business operations and for other legally permissible purposes.

If you receive, or attempt to receive, medical care through the medical groups supported by MMW, you may share certain protected health information (“PHI”) about yourself. PHI may include, without limitation, demographic information that may identify you and that relates to your past, present, or future physical or mental health or condition, treatment, or payment for health care services. This Notice also describes your rights to access and control your PHI.

USES AND DISCLOSURES OF PHI:

Your PHI may be used and disclosed by our health care providers, our staff, and others outside of our office who are involved in your care and treatment for the purpose of providing health care services to you, to support our business operations, to obtain payment for your care, respond to regulators or law enforcement inquiries, and any other use authorized or required by law.

TREATMENT:

We will use and disclose your PHI to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party.  For example, your PHI may be provided to a health care provider to whom you have been referred to ensure the necessary information is accessible to diagnose or treat you.

PAYMENT:

Your PHI may be used to bill or obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for your services, such as: making a determination of eligibility or coverage for insurance benefits and reviewing services provided to you for medical necessity.

HEALTH CARE OPERATIONS:

We may use or disclose, as needed, your PHI in order to support our business activities. These activities include, but are not limited to, improving quality of care, providing information about treatment alternatives or other health-related benefits and services, development or maintaining and supporting computer systems, legal services, and conducting audits and compliance programs

USES AND DISCLOSURES THAT DO NOT REQUIRE YOUR AUTHORIZATION:

To comply with applicable law, we may use or disclose your PHI in the following situations without the need to obtain your authorization. These situations include the following uses and disclosures: as required by law; for public health activities; for health care oversight activities; pursuant to Food and Drug Administration requirements; for abuse, neglect, or domestic violence reporting; for judicial and administrative proceedings; for law enforcement purposes; to coroners and medical examiners, funeral directors and organ donation agencies; for certain research purposes; to avert serious threat to health or safety; for specialized government functions; for certain criminal activities; for workers’ compensation reporting; relating to certain inmate reporting; and other required uses and disclosures. Under the law, we must make certain disclosures to you upon your request, and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of the Health Insurance Portability and Accountability Act (“HIPAA”).  State laws may further restrict these disclosures.

This Notice was originally published and effective on October 26, 2023.

USES AND DISCLOSURES THAT REQUIRE YOUR AUTHORIZATION:

Other permitted and required uses and disclosures will be made only with your consent, authorization, or opportunity to object unless permitted or required by law. Without your authorization, we are expressly prohibited from using or disclosing your PHI for marketing purposes. We may not sell your PHI without your authorization. Your PHI will not be used for fundraising. We will not use or disclose your psychotherapy notes without your authorization, except as permitted by law. If you provide us with an authorization for certain uses and disclosures of your information, you may revoke such authorization, at any time, in writing. Such revocation does not apply, however, to authorized disclosures that occurred before such revocation.

YOUR RIGHTS WITH RESPECT TO YOUR PHI:

• You have the right to inspect and copy your PHI in a form consistent with applicable law.
• You have the right to request to receive confidential communications from us by alternative means or at an alternate location. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications.
• You have the right to request an amendment of your PHI. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to our statement and we will provide you with a copy of any such rebuttal.
• You have the right to receive an accounting of certain disclosures of your PHI that we have made, paper or electronic, except for certain disclosures which were pursuant to an authorization, for purposes of treatment, payment, healthcare operations or for certain other purposes.
• You have the right to obtain a paper copy of this Notice, upon request, even if you have previously requested its receipt electronically by e-mail.

REVISIONS TO THIS NOTICE:

We reserve the right to revise this Notice and to make the revised Notice effective for PHI we already have about you as well as any information we receive in the future. You are entitled to a copy of the Notice currently in effect. Any material changes to this Notice will be posted on our website. You then have the right to object or withdraw as provided in this Notice.

BREACH OF HEALTH INFORMATION:

We will notify you if a reportable breach of your unsecured PHI is discovered. Notification will be made to you no later than 60 days from the breach discovery and will include a brief description of how the breach occurred, the PHI involved, contact information for you to ask questions, and any other information required by applicable law.

COMPLAINTS:

Complaints about this Notice or how we handle your PHI should be directed to our HIPAA Privacy Officer via www.getmindfulhealth.com. If you are not satisfied with the manner in which a complaint is handled you may submit a formal complaint to the Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

We must follow the duties and privacy practices described in this Notice. We will maintain the privacy of your PHI and to notify affected individuals following a breach of unsecured PHI. If you have any questions about this Notice, please email us at www.getmindfulhealth.com.