Privacy Policy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.

NOTICE OF PRIVACY PRACTICES

The following is the Notice of Privacy Practices of Jill Dyszel, LMHC. HIPAA is a federal law that requires me to maintain the privacy of your protected health information and to provide you with notice of my legal duties and privacy policies with respect to your protected health information. I am required by law to abide by the terms of this Notice of Privacy Practices.

Your Protected Health Information

Your “protected health information” (PHI) broadly includes any health information, oral, written or recorded, that is created or received by myself, other healthcare providers, and health insurance companies or plans, that contains data, such as your name, address, social security or patient identification number, and other information, that could be used to identify you as the individual patient who is associated with that health information.

Rules on How I May Use or Disclosure Your Protected Health Information

Generally, I may not “use” or “disclose” your PHI without your permission, and must use or disclose your PHI in accordance with the terms of your permission. “Use” refers generally to activities within my office. “Disclosure” refers generally to activities involving parties outside of my office. The following are the circumstances under which I am permitted or required to use or disclose your PHI. In all cases, I am required to limit such uses or disclosures to the minimal amount of PHI that is reasonably required.

Without Your Written Authorization, Treatment, Payment and Health Operations

Without your written authorization, I may use within my office, or disclose to those outside my office, your PHI in order to provide you with the treatment you require or request, to collect payment for our services, and to conduct other related health care operations as follows:

Treatment activities include: (a) use within my office by professional staff for the provision, coordination, or management of your health care at my office; and (b) contacting you to provide appointment reminders or information about treatment alternatives or other health-related services that may be of interest to you.

Payment activities include: (a) if you initially consent to treatment using the benefits of your contract with your health insurance plan, I will disclose to your health plans or plan administrators, or their appointed agents, PHI for such plans or administrators to determine coverage, for their medical necessity reviews, for their appropriateness of care reviews, for their utilization review activities, and for adjudication of health benefit claims; (b) disclosures for billing for which I may utilize the services of outside billing companies and claims processing companies with which we have Business Associate Agreements that protect the privacy of your PHI; and (c) disclosures to attorneys, courts, collection agencies and consumer reporting agencies, of information as necessary for the collection of unpaid fees, provided that I notify you in writing prior to making collection efforts that require disclosure of your PHI. Health care operations include: (a) use within my office for general administrative activities such as filing, typing, etc.; and (b) disclosures to my attorney, accountant, bookkeeper and similar consultants to my healthcare operations, provided that I shall have entered into Business Associate Agreements with such consultants for the protection of your PHI.

PLEASE NOTE THAT UNLESS YOU REQUEST OTHERWISE, AND WE AGREE TO YOUR REQUEST, WE WILL USE OR DISCLOSE YOUR PERSONAL HEALTH INFORMATION FOR TREATMENT ACTIVITIES, PAYMENT ACTIVITIES, AND HEALTHCARE OPERATIONS AS SPECIFIED ABOVE, WITHOUT WRITTEN AUTHORIZATION FROM YOU.

Without Your Written Authorization, Special Situations and As Required By Law

In limited circumstances, I may use or disclose your PHI without your written authorization and in accord with HIPAA or as required by law. Examples include: (a) disclosures regarding reports of child abuse or neglect, including reporting to social service or child protective services agencies; (b) disclosures to State authorities of imminent risk of danger presented by patients to self or others for the purpose of restricting patient access to firearms; (c) health oversight activities including audits, civil, administrative, or criminal investigations, inspections, licensure or disciplinary actions, or civil, administrative, or criminal proceedings or actions, or other activities necessary for appropriate oversight of government benefit programs; (d) judicial and administrative proceedings in response to an order of a court or administrative tribunal, or other lawful process; I to the extent necessary to protect you or others from a serious imminent risk of danger presented by you; (f) for worker’s compensation claims, (g) as required by the Secretary of Health and Human Services to investigate or determine my compliance with federal regulations, including those regarding government programs providing public benefits, (h) for research projects where your PHI has been de-identified, that it no longer identifies you by name or any distinguishing marks, and cannot be associated with you, (i) to a public or private entity to assist in disaster relief efforts authorized by law, (j) to family members, friends and others involved in your care, but only if you are present and give oral permission

Minimum Necessary Rule: I will use or disclose your PHI without your authorization for the above purposes only to the extent necessary, and will release only the minimum necessary amount of PHI to accomplish the purpose.

All Other Situations, With Your Specific Written Authorization

Except as otherwise permitted or required as described above, I may not use or disclose your PHI without your written authorization. Written authorization is required, among other uses and disclosures, for (1) most uses and disclosures of Psychotherapy Notes, (2) uses and disclosures for marketing purposes, (3) uses and disclosures that involve the sale of PHI and (4) other uses and disclosures not described in this Notice. Further, I am required to use or disclose your PHI consistent with the terms of your authorization. You may revoke your authorization to use or disclose any PHI at any time, except to the extent that I have taken action in reliance on such authorization, or, if you provided the authorization as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy. We will not sell your PHI or use your PHI for paid marketing or fundraising purposes without your written authorization; we do not plan to use your PHI in marketing or fundraising.

Special Handling of Psychotherapy Notes

“Psychotherapy Notes” are defined as records of communications during individual or family counseling which may be maintained in addition to and separate from medical or healthcare records. Psychotherapy Notes are only released with your specific written authorization except in limited instances, including: (a) if you sue or place a complaint, I may use Psychotherapy Notes in my defense; (b) to the United States Department of Health and Human Services in an investigation of compliance with HIPAA; (c) to health oversight agencies for a lawful purpose related to oversight of my practice; and (d) to the extent necessary to protect you or others from a serious imminent risk of danger presented by you. Health insurers may not condition treatment, payment, enrollment, or eligibility for benefits on obtaining authorization to review, or on reviewing, Psychotherapy Notes.

Your Rights With Respect to Your Protected Health Information

Under HIPAA, you have certain rights with respect to your PHI. The following is an overview of your rights and my duties with respect to enforcing those rights.

Right To Request Restrictions On Use Or Disclosure

You have the right to request restrictions on certain uses and disclosures of your PHI. While I am not required to agree to any requested restriction, if agreed to a restriction, I am bound not to use or disclose your protected healthcare information in violation of such restriction, except in certain emergency situations. I will not accept a request to restrict uses or disclosures that are otherwise required by law. If you have paid for services in full yourself, out-of-pocket, then I must comply with your request to restrict those disclosures of your PHI that would otherwise be made for payment or healthcare operations, that are unnecessary because of your manner of payment. I require that all requests for restrictions be in writing and specify (1) the information to be restricted, (2) the type of restriction being requested, and (3) to whom the limits apply. You must also state a reason for the request. I will respond in writing to all requests within 30 days of receipt.

Right To Receive Confidential Communications By Alternative Means And At Alternative Locations

I must permit you to request and must accommodate reasonable requests by you to receive communications of PHI by alternative means or at alternative locations. I will ask you how you wish me to communicate with you. I must agree to your request if you inform me that certain means of communicating with you will place you in danger.

Right To Inspect and Copy Your Protected Health Information, Including In Electronic Format

You have the right of access in order to inspect, and to obtain a copy of your PHI, including any PHI maintained in electronic format, except for (a) personal notes and observations of the treating provider, (b) information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, (c) health information maintained to the extent to which the provision of access to you is at my discretion, and I exercise my professional judgment to deny you access, and (d) health information maintained by me to the extent to which the provision of access to you would be prohibited by law. I require written requests for copies of your PHI; they should be sent to our Privacy-Security Officer at the mailing address below. You may request your PHI in the format of your choice, and where feasible, I will comply. If you request a copy of your PHI, I will charge a fee for copying, or for electronic records, for labor and supplies. I reserve the right to deny you access to and copies of all or certain PHI as permitted or required by law. Upon denial of a request for access or request for information, I will provide you with a written denial specifying the basis for denial, a statement of your rights, and a description of how you may file an appeal or complaint.

Right To Amend Your Protected Health Information

You have the right to request that I amend your PHI, for as long as your medical record is maintained by me. I have the right to deny your request for amendment. I require that you submit written requests and provide a reason to support the requested amendment. If I deny your request, I will provide you with a written denial stating the basis of the denial, your right to submit a written statement disagreeing with the denial, and a description of how you may file a complaint with me and/or the Secretary of the U.S. Department of Health and Human Services (DHHS). If I accept your request for amendment, I will make reasonable efforts to provide the amendment within a reasonable time to persons identified by you as having received PHI of yours prior to amendment and persons that we know have the PHI that is the subject of the amendment and that may have relied, or could foreseeably rely, on such information to your detriment. All requests for amendments shall be sent to our Privacy-Security Officer at the mailing address below.

Right To Receive An Accounting Of Disclosures Of Your PHI And Electronic Health Records

You have the right to receive a written accounting of all disclosures of your PHI for which you have not provided an authorization that I have made within the six (6) year period immediately preceding the date on which the accounting is requested. You may request an accounting of such disclosure for a period of time less than six (6) years from the date of the request. I require that you request an accounting in writing on a form that I will provide to you. The accounting of disclosures will include the date of each disclosure, the name and, if known, the address of the entity or person who received the information, a brief description of the information disclosed, and a brief statement of the purpose and basis of the disclosure or, instead of such statement, a copy of your written authorization or written request for disclosure pertaining to such information. I am not required to provide accountings of disclosures for the following purposes: (a) treatment, payment, and healthcare operations, (b) disclosures pursuant to your authorization, (c) disclosures to you, (d) to other healthcare providers involved in your care, (e) for national security or intelligence purposes, (f) to correctional institutions. I reserve the right to temporarily suspend your right to receive an accounting of disclosures to health oversight agencies or law enforcement officials, as required by law. I will provide the first accounting to you in any twelve (12) month period without charge, but will impose a reasonable cost-based fee for responding to each subsequent request for accounting within that same twelve (12) month period. All requests for an accounting shall be sent to our Privacy-Security Officer at the mailing address below. If I maintain any PHI in electronic form, then you may also request and receive an accounting of any disclosures of your electronic health records made for purposes of treatment, payment and health operations during the prior three (3) year period. Upon request, one list will be provided for free every twelve (12) months.

Right To Notification If There Is A Breach of Your Protected Health Information

If there is a breach in our protecting your PHI, I will follow HIPAA guidelines to evaluate the circumstances of the breach, document investigation, retain copies of the evaluation, and where necessary, report breaches to DHHS. Where a report is required to DHHS, I will also give you notification of any breach.

Business Associate Rule

Business Associates are entities that in the course of my business with them will obtain access to your PHI. They may use, transmit, or view your PHI on our behalf. Business Associates are prohibited from re-disclosing your PHI without your written consent, or unless disclosure is required by law. I enter into confidentiality agreements with our Business Associates called Business Associate Agreements, and they in turn enter into confidentiality agreements with their subcontractors, if any.

Complaints

You may file a complaint with me and with the Secretary of DHHS if you believe that your privacy rights have been violated. Please submit any complaint to me in writing by mail to our Privacy-Security Officer at the mailing address below. A complaint must name the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable requirements of HIPAA or this Notice of Privacy Practices. A complaint must be received by me or filed with the Secretary of DHHS within 180 days of when you knew or should have known that the act or omission complained of occurred. You will not be retaliated against for filing any complaint. To file a complaint with the Secretary of DHHS, write or call:

The US Department of Health & Human Services

Office of Civil Rights

200 Independence Avenue, SW

Washington, DC 20201

877-696-6775

Amendments to this Notice of Privacy Practices

I reserve the right to revise or amend this Notice of Privacy Practices at any time. These revisions or amendments may be made effective for all PHI I maintain even if created or received prior to the effective date of the revision or amendment. Upon your written request, we will provide you with notice of any revisions or amendments to this Notice of Privacy Practices, or changes in the law affecting this Notice of Privacy Practices, by mail or electronically within 60 days of receipt or your request.

Ongoing Access to Notice of Privacy Practices

I will provide you with a copy of the most recent version of this Notice of Privacy Practices at any time upon your written request sent to our Privacy-Security Officer at the mailing address below. For any other requests or for further information regarding the privacy of your PHI, and for information regarding the filing of a complaint, please contact me at the address, telephone number, or e-mail address listed below.

Contact Information

This is the contact information referred to above.

Privacy-Security Officer: Jill Dyszel, LMHC

Mailing address: 1121 Walt Whitman Road – Suite 305 – Melville, NY 11747

Telephone number: 516-202-5202

Email address: jilldyszel@gmail.com