Child Guidance Center
525 N. Cabrillo Park Drive, Suite 300
Santa Ana, CA 92701
Telephone: (714) 953-4455
Contact Person: Tay Sandoz, Psy.D., Clinical Program Director
HIPAA Privacy Procedures and Policies
(The Health Insurance Portability and Accountability Act of 1996 [HIPAA])
The effective date of this NOTICE is April 14, 2003. Revised May 2020
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. The privacy of your health information is important to Child Guidance Center, Inc.
LEGALLY DEFINED DUTY OF CHILD GUIDANCE CENTER, INC.
Child Guidance Center, Inc. (CGC) is required by legal statute to protect the privacy of your health information. This “personal health information” is defined as that health information that can be used to identify you, has been created by CGC, or has been received from another office or entity. It applies to past, present and future health or condition, your treatment, payment for services, and other health practices which will be explained to you.
CGC has the duty to provide you with this NOTICE, which contains a description of how your health information will be used and disclosed for purposes of treatment, payment, and other health practices. The “use” of this information applies to the sharing, utilization, examination, or analysis of this information within this treatment facility. Your health information is “disclosed” when it is released or transferred out of this office to another party or entity. These practices will be explained to you in this NOTICE. CGC has the legal duty, with some exceptions, to disclose or use only the necessary information to accomplish the task at hand. Additionally, CGC is legally required to apply and follow the practices described in this NOTICE.
CGC has the right to change the privacy practices as describe in this NOTICE at any time, as permitted by law. The changes will apply to your health information held by this office. You will receive an updated copy of the NOTICE and it will be posted in this office. You can request a copy of this NOTICE at any time by notifying our CONTACT OFFICER at the address and telephone number located at the end of this NOTICE.
USE AND DISCLOSURE OF YOUR HEALTH INFORMATION
CGC is permitted to use and disclose your health information for the purposes of providing treatment, payment for services rendered, and healthcare operations. Some of these require your authorization and others do not.
Some examples that do not require your authorization include:
- Treatment: In order to coordinate your treatment and/or to meet administrative requirements set forth under the terms of the agreement between CGC and the County of Orange, through which you receive these services, CGC may disclose your health information to: another CGC physician, psychiatrist, or other mental heath clinician providing treatment to you; to a County of Orange Health Care Agency or County Contracted Agency physician, psychiatrist, other mental heath clinician; or to Orange County Health Care Agency, Children and Youth Services administrative staff, and their Contracted Service Providers.
- Payment: CGC may use and disclose your health information to obtain payment for services provided to you. The disclosure may be to your health insurance company or health plan. If CGC uses a third party for billing services, we will make sure they comply with the safe management of your health information.
- Healthcare Operations: CGC may disclose and use your health information for the purpose of maintaining and running this office. This includes quality assessment protocols reviewing the competence of clinicians providing treatment, or conducting training, certification or licensing activities. In addition, we may disclose your health information to other staff or business associates who perform billing, consulting, auditing, licensing, accreditation, investigatory, and other services for Child Guidance Center.
- Business Associates: Some services are provided through the use of contracted entities called “business associates.” We may contract with business associates to perform certain functions or activities on our behalf such as payment, health care operations and/or treatment services. These business associates must agree to safeguard your PHI. We release the minimum amount of PHI necessary so that the business associate can perform the identified services. We require business associates to appropriately safeguard your information. Examples of business associates include subcontractors that create, receive, maintain or transmit PHI for or on behalf of Child Guidance Center, billing companies, E-Prescribing Gateways, Health Information Exchanges, behavioral health service providers and Electronic and Personal Health Record Vendors.
- Public Health Activities: We may use and disclose your protected health information to public health authorities or government agencies for reporting certain diseases, injuries, conditions, illnesses, and events as required by law. For example, we may disclose your medical information to a local government agency in order to assist the agency during the investigation of an outbreak of disease in the area or to comply with state laws that govern workplace safety.
- Federal, State, Local, or Administrative Law: CGC may use or disclose your health information when mandated by law. This includes reporting child and/or elder/dependent abuse, harm to self or others, when required by judicial or administrative actions, or when required by government agencies such as a county coroner or workers’ compensation laws.
- Lawsuits and Legal Actions: We may use and disclose your protected health information in response to a court or administrative order, certain subpoenas, or other legal process. We may also use and disclose PHI to the extent permitted by law without your authorization such as defending against a lawsuit or arbitration.
- Law Enforcement: We may disclose your protected health information to help locate or identify a missing person, suspect, or fugitive, when there is suspicion that death has occurred as a result of criminal conduct, to report a crime that happens at our clinics or offices, or to report certain types of wounds, injuries, or deaths that may be the result of a crime to authorized officials such as the police, sheriff, or FBI for law enforcement purposes and in response to legal processes, such as a search warrant or court order.
- Coroners, Medical Examiners, and Funeral Director:s: We may disclose your protected health information to funeral directors, coroners, and medical examiners to permit identification of a body, determine what caused the death, or for other official duties.
- Organ and Tissue Donation: We may use or disclose your protected health information to organizations that take care of organ, eye, or tissue donations and transplants.
- Research: We may use and disclose your protected health information for research, if approved by an Institutional Review Board (IRB). An IRB is a committee responsible for reviewing the research proposal and establishing protocols to ensure the privacy of your protected health information.
- Emergency Situations: CGC may use and disclose your health information to emergency personnel in case a situation warrants such treatment.
- Military Activity and National Security: We may use or disclose the PHI of armed forces personnel to the applicable military authorities when they believe it is necessary to properly carry out military missions. We may also disclose your PHI to authorized federal officials as necessary for national security and intelligence activities or for the protection of the president and other government officials and dignitaries.
- Disclosures in Case of Disaster Relief: We may disclose your name, city of residence, age, gender, and general condition to a public or private disaster relief organization to provide needed medical care or to help you find members of your family.
- Disclosures to Parents as Personal Representatives of Minors: In most cases, we may disclose your minor child’s PHI to you. In some situations, however, we are permitted and sometimes required by law to deny you access to your minor child’s PHI. An example of when we must deny such access, based on the type of health care, is when a minor who is 12 years old or older seeks care for a communicable disease or condition. Another situation when we must deny access to parents is when minors have adult rights to make their own health care decisions. These minors include, for example, minors who, were or are married or who have a declaration of emancipation from a court.
- Appointment Reminders and Other Communications: CGC, at times, may use or disclose your health information to provide you with appointment reminders, appointment changes, or other office communications. These may include voicemail messages, letters, or E-mails.
- Electronic Health Records: We may use an electronic health record to store and retrieve your health information. One of the advantages of the electronic health record is the ability to share and exchange health information among personnel and other community health care providers who are involved in your care. When we enter your information into the electronic health record, we may share that information by using shared clinical databases or health information exchanges. We may also receive information about you from other health care providers in the community who are involved with your care by using shared databases or health information exchanges. If you have any questions or concerns about the sharing or exchange of your information, please discuss them with your provider.
- Communications with Family and Others When you are Present: Sometimes a family member or other person involved in your care will be present when we are discussing your PHI with you. If you object, please tell us and we won’t discuss your PHI while that person is present.
Authorization: CGC may obtain your written authorization for use or disclosure of your health information for situations not listed above. You may give CGC your written authorization for use of your health information or to disclose it to anyone for any purpose as defined by the written AUTHORIZATION TO USE AND DISCLOSE PROTECTED HEALTH INFORMATION. You may revoke your authorization in writing at any time.
Psychotherapy Notes: On rare occasions, we may ask for your authorization to use and disclose “psychotherapy notes”. Federal privacy law defines “psychotherapy notes” very specifically to mean notes made by a mental health professional recording conversations during private or group counseling sessions that are maintained separately from the rest of your medical record. Generally, we do not maintain psychotherapy notes, as defined by federal privacy law.
Uses and Disclosures of HIV/AIDS Information
California law gives heightened protections to HIV/AIDS information. Generally, we must obtain your written authorization specifically permitting a disclosure of the results of an HIV/AIDS test for each separate disclosure made. We may disclose your HIV/AIDS test results without your authorization and as required under State reporting laws for purposes of public health investigation, control, or surveillance. Additionally, disclosures to a health care provider may be made without specific patient authorization for the direct purposes of diagnosis, care, or treatment of the patient. Your physician who orders an HIV test on your behalf may disclose the result of your HIV test to your health care providers for purposes related to your diagnosis, care, or treatment.
Uses and Disclosures of Your Substance and Alcohol Use Disorder Records
The confidentiality of your substance and alcohol use disorder records are protected by 42 USC 290dd-2 and the Department of Health and Human Services (HHS) regulations at 42 CFR Part 2 – Confidentiality of Substance Use Disorder Patient Records. Generally, we are not allowed to disclose your participation in the program or identify you as having an alcohol or drug abuse problem to an outside person unless:
(1) You consent in writing;
(2) The disclosure is to prevent multiple 42 CFR Part 2 program enrollments;
(3) The disclosure is allowed by a court order;
(4) The disclosure is made to medical personnel to the extent necessary to meet a bona fide medical emergency;
(5) The disclosure is for the purpose of conducting scientific research; or
(6) The disclosure is made for certain audit and/or evaluation purposes.
Federal law and regulations allow communication of personally identifying information about you by our program to law enforcement agencies or officials about a crime committed by you either at our program or against any person who works for the program premises or about any threat to commit such a crime. Federal laws and regulations allow our program to report under state law personally identifying information about you in connection with incidents of suspected child abuse or neglect to appropriate State or local authorities. If you believe that the privacy of your information protected by 42 USC 290dd-2 and 42 CFR Part 2 has been violated, you may contact the U.S. Attorney’s Office, Central District of California, Santa Ana Branch Office at 411 W. Fourth Street, Suite 8000, Santa Ana, CA 92701 or by phone at (855) 898-3957.
YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION
Access To Your Health Information: You have the right to examine or obtain copies of your health information, with some limited exceptions. CGC will attempt to comply with the requested format, unless we are unable to do so. The request must be made in writing and we will comply within 30 days of receiving your written request. You will be charged $0.25 per page. We may choose to provide you with a summary or synopsis of your health information if you agree. Should CGC deny your request, you will be provided a reason in writing and an explanation of your rights to initiate a review of the denial.
Requesting Limits on Uses and Disclosures of Your Health Information: You have the right to request limitation on the use and disclosure of your health information. CGC will review your request and may choose not to accept it, except to the extent that you request a restriction on disclosures to a health plan or insurer for payment or health care operations purposes and the items or services have been paid for out of pocket in full. If your request is accepted, a written format will be included in your records and this office will abide by the request. The request may not interfere with the legally defined uses and disclosures of your health information.
Receiving Health Information: You may request that health information be sent to you to a specific location and by specific means such as E-mail. CGC will attempt to comply as long as it is feasible.
Accounting for Disclosures: You have the right to request and receive a list of disclosures made on your behalf by CGC for reasons other than treatment, payment, or healthcare operations. The request is valid for the last six years from the date of your request. You may make one such request every year. The list will not include disclosures based on your written authorization; to receive payment for your treatment; to family members or friends involved in your treatment; or for reasons related to legal actions. There will be a reasonable charge for additional requests made in one 12-month period.
The Right to Amend Your Health Information: You have the right to request an amendment or correction to your health information. The request must be made in writing and a reason for your request must also be included. CGC must respond to your request within 60 days of the request. The request will be granted or denied. If your request is granted, the appropriate changes will be made, you will be informed of the changes made and third parties needing to know about the changes will be notified.
CGC can deny your request if the information is complete and correct, it was not created by CGC, not part of the office records, or cannot be disclosed. You will receive a written statement stating the reason for a denial. You will be provided with the format to file a written disagreement with the denial. You also have the right to request that your original request and our denial be attached to all future disclosures of your health information.Breach Notification: In the event of a breach of your unsecured protected health information, CGC will notify you of the circumstances of the breach. Electronic Notification: You have the right to receive this NOTICE by E-mail or in written format.
Should you require additional information, please contact Tay Sandoz, Psy.D. at: (714) 953-4455 ext 635
Should you believe that CGC has violated your privacy rights; you disagree with a decision made about access to your health information; you disagree with a response to your request to amend or restrict the use or disclosure of you health information; or disagree with our decision to contact you via a specific method or location, you may complain to our CONTACT OFFICER at (714) 953-4455 and/or submit a written complaint to the United States Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C., 20201. This office will not retaliate against you in any way should you choose to file a complaint.
Contact Officer: Tay Sandoz, Psy.D.
Telephone: (714) 953-4455 ext. 635
Fax: (714) 542-2793
525 N. Cabrillo Park Drive, Suite 300
Santa Ana, CA 92701
(This material is adapted from “HIPAA Made Easy: A Workbook for Mental Health Clinicians”. It is used with written permission from the author, Federico C. Grosso, PhDHIPAA Notice of Privacy Practices, Policy & Procedures, v.2