HIPPA Notice of Privacy Practices

Effective Date: September 23, 2024

This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

I. Introduction

The Health Insurance Portability and Accountability Act of 1996 (HIPPA) Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information. The Privacy Rule also gives you a fundamental right to be informed of my privacy practices as well as your privacy rights with respect to your personal health information.

II. Privacy Rules

HIPPA requires that I must provide you with this Notice of my privacy practices. The Privacy Rule requires that the Notice

  1. describes the ways in which I may use and disclose protected health information,

  2. states my duty to protect your privacy,

  3. reaffirms that I will abide by the terms of the Notice,

  4. describes your rights, including the right to complain to U.S. Department of Health and Human Services and to me if you believe that your privacy rights have been violated, and

  5. includes a point of contact for further information and for making complaints.

III. What is “Protected Health Information” (PHI)?

The HIPAA Privacy Rule requires that I protect your "individually identifiable health information" held or transmitted in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information" (PHI). PHI constitutes information created or noted by me that can be used to identify you. “Individually identifiable health information” is information, including demographic data, that relates to: your past, present or future physical or mental health or condition, the provision of health care to you, or the past, present, or future payment for the provision of health care to you, and that identifies you or for which there is a reasonable basis to believe it can be used to identify you, including many common identifiers (e.g., name, address, birth date, Social Security Number).

IV. It is my legal duty to safeguard your Protected Health Information (PHI)

Your health information is personal and private. By law, I am required to insure that your PHI is kept private. This Notice must explain when, why, and how I would use and/or disclose your PHI. Use of PHI means when I apply, utilize, examine, or analyze information within my practice for the purpose of providing professional services; PHI is disclosed when I release, transfer, give, or otherwise reveal it to a third party outside of my practice. With some exceptions, I may not use or disclose more of your PHI than is necessary to accomplish the purpose for which the use or disclosure is made; however, I am always legally required to follow the privacy practices described in this Notice.

Please note that I reserve the right to change the terms of this Notice and my privacy policies at any time. Any changes will apply to PHI already on file with me. Before I make any important changes to my policies, I will immediately change this Notice and post a new copy of it in my office. You may also request a copy of this Notice from me or you can view a copy on my website or in my office.

V. HOW I WILL USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION

Your privacy is of great importance to me and I pledge to abide by the privacy practices described in this Notice. I will use and disclose PHI for many different reasons. I will routinely use your information to address your symptoms, problems, and personal goals. I may use your information to select methods of treatment, additional services for you, or recommend referrals to other professionals for services I do not provide. I may use your information to review my clinical practices for quality assurance purposes, to evaluate and improve the effectiveness of health care services that you received.

Clinical standards, ethics, and law require appropriate written records of service. I create and retain written records relating to professional service that I provide so that I am better able to assist you with your needs and provide quality service to you. I document services to show that I actually provided services to you for which I bill. Personal information I receive about you may be entered into this record.

I may be required by clinical standards, professional ethics, or law to disclose limited information to specific professionals or agencies. Some of the uses or disclosures will require your prior written authorization, whereas, other circumstances will not. Below you will find the different categories of my uses and disclosures, with some examples. To respect your privacy, I will try to limit the amount of information that I use or disclose to that which is the “minimum necessary” to accomplish the purpose of the use or disclosure.

A. I am permitted to use or disclose your PHI without consent or authorization for the following reasons:

  1. For treatment. In the event of an emergency, or with written release from you, I may disclose your PHI to physicians, psychiatrists, psychologists, and other licensed health care providers who provide you with health care services or are otherwise involved in your care. For example, your PHI may be shared with outside entities performing ancillary services Page 2 of 4 From the office of Santhi Periasamy, Ph.D., P.L.L.C. (2013) relating to your treatment, such as psychiatrists or others involved in the provision or coordination of your care.

  2. For health care operations. I may use/disclose your PHI to facilitate the efficient and correct operation of my practice. For example, I may use/disclose your PHI in order to evaluate the quality of health care services that you have received or to evaluate the performance of the health care professionals who provided you with these services.

  3. To obtain payment for treatment. I may use and disclose your PHI in order to bill and collect payment for the treatment and services I provided you. I could also provide your PHI to business associates, such as billing companies, claims processing companies, and others that process health care claims for my office. If you fail to assume financial responsibility for your bill, limited personal information may be disclosed for purposes of debt collection, such as your name, nature of services you have received, and the amount due.

  4. To Prevent a Serious Threat to Health or Safety. I may use and disclose your PHI when necessary to prevent or lessen a serious and imminent (i.e. ready to take place) threat to a person or the public. However, any such disclosure will only be to someone who is believed to be able to help prevent the threat, such as law enforcement, or to a potential victim.

  5. Treatment Emergencies. Your consent is not required for the disclosure of PHI to health care providers in order to protect you from immediate physical harm. In the event that I try to get your consent, but you are unable to communicate with me (e.g., if you are unconscious or in severe pain), but I think that you would consent to such treatment if you could, I may disclose your PHI.

  6. If disclosure is compelled or permitted by the fact that you are in such mental or emotional conditions as to be dangerous to yourself or the person or property of others, and if I determine that disclosure is necessary to prevent the threatened danger.

  7. If disclosure is legally mandated by the Texas Family Code regarding child abuse and neglect (e.g., I have knowledge of, or reasonable suspicion of child abuse or neglect).

  8. If disclosure is legally mandated by the Texas Human Resources Code regarding abuse, neglect, or exploitation of elderly or disabled persons (e.g., I have knowledge of, or reasonable suspicion of elder, disabled/dependent adult abuse).

  9. If disclosure is compelled or permitted by the fact that you, your child, or someone in a close relation to you (e.g., spouse, parent, sibling) tells me of a serious/imminent threat of physical violence by you against a reasonably identifiable victim or victims.

  10. If disclosure is legally mandated by the Texas Civil Practice and Remedies Code regarding sexual exploitation by mental health service providers (e.g., I have knowledge or, or reasonable suspicion of sexual exploitation; however alleged victim may remain anonymous)

  11. When disclosure is required by federal, state, or local law; judicial, board, or administrative proceedings; or law enforcement. I may make a disclosure to the appropriate officials when law requires me to report information to government agencies, law enforcement personnel, and/or in an administrative proceeding.

  12. If disclosure is compelled by a party to a proceeding before a court of an administrative agency pursuant to its lawful authority.

  13. If disclosure is required by a search warrant lawfully issued by a governmental law enforcement agency.

  14. If disclosure is compelled by the patient or the patient’s representative pursuant to Texas Health and Safety Codes or to corresponding federal statutes or regulations, such as the Privacy Rule that requires this Notice.

  15. Decedents. If a disclosure if permitted or compelled, I may disclose PHI to funeral directors as needed, and to coroners or medical examiners to identify a deceased person and perform other functions authorized by law.

  16. For health oversight activities. I may be required to provide information to assist the government in the course of an investigation or audit of a health care system.

  17. For Worker’s Compensation purposes. I may provide PHI in order to comply with Worker’s Compensation laws.

  18. Disclosures compelled by a court order or an order of an arbitration panel or administrative agency, when arbitration is lawfully requested by either party, pursuant to subpoena duces tectum (e.g., a subpoena for mental health records) or any other provision authorizing disclosure in a proceeding before an arbitrator or arbitration panel.

  19. To contact you, without your prior authorization, to schedule appointments or provide appointment reminders or information about alternative or other health-related benefits and services that may be of interest to you.

  20. If disclosure is required or permitted by a health oversight agency for oversight activities authorized by law. When compelled by U.S. Secretary of Health and Human Services to investigate or assess my compliance with HIPAA regulations.

  21. If disclosure is otherwise specifically required by federal, state, or local laws that are not specifically mentioned in this Notice.

B. Uses and Disclosures Requiring You to Have an Opportunity to Agree or Object

Disclosures to family, friends, or others. I may provide your PHI to a family member, friends or other individuals who you indicate are involved in your care or responsible for the payment of your health care, unless you object in whole or in part. Retroactive consent may be obtained in emergency situations.

C. Other Uses and Disclosures of PHI Requiring Your Prior Written Authorization

All other disclosures of your PHI will only be made with your written consent. Beyond the exceptions above, I will request your written authorization before using or disclosing any of your PHI. I will not even disclose the fact that you are (or were) a client to any third party without your consent. Even if you have signed an authorization to disclose your PHI, you may Page 3 of 4 From the office of Santhi Periasamy, Ph.D., P.L.L.C. (2013) later revoke that authorization, in writing, to stop any future uses and disclosures, except to the extent that I have already undertaken an action in reliance upon your authorization, of your PHI by me.

VI. Your rights regarding your Protected Health Information (PHI)

You have the following rights with respect to your PHI

  1. The Right to See and Get Copies of Your Record
    In general, you, or your patient representative, have the right to inspect and obtain a copy of your treatment records that are in my possession; however, you must request it in writing. In general, the time between receiving the written request and fulfilling it may vary depending on the nature of the request (e.g., inspection, copies) and the length of the treatment record. Under certain circumstances, I may feel I must deny your request, but if I do, I will document the date of the request and the reasons, including the anticipated adverse consequences, for refusing to permit inspection or provide copies of the record. I will also explain your right to have my denial reviewed. In the case that your request is denied I shall permit inspection of your treatment records by, or provide copies to, another licensed health care provider designated by your written authorization. If you ask for copies of your records, I will charge you not more than $0.25 per page. I may see fit to provide you with a summary or explanation of the records, but only if you agree to it, as well as to the cost, in advance.

  2. The Right to Request Limits on Uses and Disclosures of Your PHI
    You have the right to ask that I limit how I use or disclose your PHI. Requests for restrictions must be in writing. While I will consider your request, I am not legally bound to agree to the restriction. To the extent that I do agree to any restrictions on my use/disclosure of your PHI, I will put the agreement in writing and abide by it except in emergency situations. I cannot agree to limit uses/disclosures that are required by law.

  3. The Right to Choose How I Contact You and/or Send Your PHI to You
    It is your right to ask that your PHI be communicated to you via an alternate address (e.g., sending information to your work address rather than your home address) or by an alternate method (e.g., fax). I am obliged to agree to your request providing that I can give you the PHI, in the format you requested, without undue inconvenience. If the means you request would incur additional financial costs to me relative to local telephone or U.S. Mail (e.g., Fed-Ex, long distance calls), I am permitted to obtain payment from you for these additional costs.

  4. The Right to Get a List of Disclosures Made
    You have a right to get a list of disclosures of your PHI that I have made. The list will not include uses or disclosures to which you have already consented (i.e., those for treatment, payment, or health care operations, sent directly to you, or to your family or personal representative), neither will the list include disclosures for incident to otherwise permitted or required disclosure. After April 15, 2003, your request can relate to disclosures going as far back as six years.

    I will respond to your request for an accounting of disclosures within sixty (60) days of receiving your request. The list I give you will include disclosures made in the previous six (6) years unless you indicate a shorter period. The list will include the date of disclosure, to whom PHI was disclosed, a description of the information disclosed, and the reason for disclosure. I will provide the list to you at no cost, unless you make more than one request in the same year, in which case I will charge you a reasonable sum based on a set fee for each additional request.

  5. To Request Amendment of Your PHI
    If you believe that there is a mistake or missing information in my record of your PHI, you may request, in writing, that I amend the record. You will receive a response within sixty (60) days of my receipt of your request. I may deny the request, in writing, for example, if I determine that the PHI is: (a) correct and complete; (b) forbidden to be disclosed, (c) not part of my records, or (d) written by someone other than me. My denial must be in writing, and will state the reasons for denial. If you do not file a written objection, you still have the right to ask that your request and my denial be attached to any future disclosures of your PHI. If I approve your request, I will make the change(s) to the PHI. Additionally, I will tell you that the changes have been made, and I will advise all others who need to know about the change(s) to the PHI.

  6. Personal Representatives
    In most cases, the Privacy Rule requires me to treat a “personal representative” the same as you, with respect to uses and disclosures of your PHI and associated rights under the Rule. A personal representative is a person legally authorized to make health care decisions on your behalf or to act for a deceased individual or the estate.

  7. Minors
    In most cases, parents are the personal representatives for their minor children. Therefore, in most cases, parents can exercise individual rights, such as access to the medical record, on behalf of their minor children. In certain exceptional cases, the parent is not considered the personal representative. In these situations, the Privacy Rule defers to State and other law to determine the rights of parents to access and control the PHI of their minor children.

  8. The Right to Get this Notice by Email
    You have the right to receive a paper copy of this Notice and/or an electronic copy upon request. Page 4 of 4 From the office of Santhi Periasamy, Ph.D., P.L.L.C. (2013)

VII. Safeguards of your privacy

Protection of patient confidentiality is important. Below are the specific safeguards I take in my practice.

  • My duty of confidentiality and the psychotherapist-patient privilege survive the death of a client, by law.

  • Communication by you to me, whether by phone, mail, or in person, will be handled only by me.

  • I will avoid sensitive subject matter in semi-public areas such as the waiting room or corridor, unless you initiate.

  • I will attempt to leave voicemail messages that are discrete if I do not know who might access your messages.

  • I will not acknowledge you if you and I inadvertently see each other in a public place, unless you initiate.

  • This practice does not maintain sign-in sheets.

  • Client records are not left in places in my office where others will see their contents.

  • I shred all documents containing protected health information before discarding them.

  • Unless client’s charts are in my personal custody, they are kept in a locked file cabinet and I am the only person in possession of the key. The filing cabinet is in a locked room.

  • I may keep client information pertaining to treatment, payment, or health care operations on a computer. When a computer is used for these purposes it is password protected. I am the only person with access to the computer and the password. Any backup files are accessible only to me and hard copies of such records are locked in a file cabinet.

  • Whenever I transmit information about you electronically (e.g., fax), it will be done with special safeguards to insure confidentiality. The fax machine I use is away from public view in my locked office.

  • I prefer using email to arrange or modify appointments and maintain a connection in between appointments. However, email is not completely secure or confidential. If you elect to communicate with me by email at some point in our work together, please be aware that all emails may be retained in the logs of your and my Internet service providers. While it is unlikely that someone will be looking at these logs, they are, in theory, available to be read by the system administrator(s) of the Internet service provider. You should also know that any emails I receive from you and any responses that I send to you become a part of your legal record.

  • By law, I keep client records for at least ten (10) years from the date of the last treatment session or contact. With respect to records of a minor, I keep records for at least ten (10) years from the date that the client reaches age 18. When records are destroyed due to the number of years following client termination of treatment, they are destroyed and discarded in a manner that protects patient privacy and confidentiality.

  • Any employee or volunteer working in my office is required to complete a written agreement to maintain your privacy.

  • Any institutions outside my office that will have access to your information, such as billing services, or typing services, are similarly required to protect your information by contract or law.

  • I may occasionally find it helpful to consult other professionals about a case. During a consultation, I make every effort to avoid revealing the identity of my client. The consultant is also legally bound to keep the information confidential. If you don’t object, I will not tell you about these consultations unless I feel that it is important to our work together.

  • This is not a legal exception to your confidentiality. However, it is a policy you should be aware of if you are in couples therapy with me. If you and your partner decide to have some individual sessions as part of the couples therapy, what you say in those individual sessions will be considered to be a part of the couples therapy, and can and probably will be discussed in our joint sessions. Do not tell me anything you wish kept secret from your partner. I will remind you of this policy before beginning such individual sessions.

  • If you bring a family member to your appointment and disclose information in their presence, that information is considered disclosed to them. I will disclose your information in such a session with your verbal permission.

To maintain the highest ethical and legal standards of protecting your privacy, I will adhere to these policies and may amend them in the future as needed to remain current with law and ethics. Any changes will apply to all information I maintain at that time.

IX. Person to contact for information about this notice or to complain about my privacy practices:

I am the Privacy Officer for my practice; I am the person responsible for developing and implementing the privacy policies and procedures of my practice. If you have questions, believe your privacy has been violated, or if you object to a decision I have made about access to your PHI, you are entitled to file a complaint. You are encouraged to address your concerns with me, Santhi Periasamy, PhD at 713-942-7793. You may also contact Ralph Rouse, Regional Manager, Office for Civil Rights, U.S. Department of Health and Human Services, 1301 Young Street, Suite 1169, Dallas, TX 75202, Phone 214-767-4056, or online at http://www.hhs.gov/ocr/privacy/hipaa/complaints/. If you file a complaint about my privacy practices, I will take no retaliatory action against you.