Privacy Policy

This notice describes how your medical information may be used and disclosed, and how you can get access to this information. This information will include Protected Health Information (PHI), as that term is defined in privacy regulations issued by the United States Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and, as applicable, RCW Chapter 70.02 entitled “Medical Records - Health Care Access and Disclosure.” Please review it carefully.

I respect your privacy. I understand that your personal health information is very sensitive. I will not disclose your information to others unless you tell me to do so, or unless the law authorizes or requires me to do so. The law protects the privacy of the health information I create and obtain in providing care and services to you. For example, your protected health information includes your symptoms, test results, diagnoses, treatments, health information from other providers, and billing and payment information relating to these services. Federal and state law allows me to use and disclose your protected health information for purposes of treatment and health care operations.

Per Washington Law, I am required to maintain records of our sessions for 5 years after our last visit unless otherwise requested by you. All session records are stored in a safe location. The law mandates that you may request and access to your treatment records at any time. Prior to record release, I may request a meeting to discuss the benefits and risks of record access and release.

Your Right to Access Your Records.

“Access to your Records” is defined under HIPAA as the right to access to your protected health information (PHI) in one or more "designated record sets" we maintain. This includes your right to inspect or obtain a copy, or both, of the PHI, as well as the right to direct me to transmit a copy to a designated person or entity of your choice. You have a right to access your PHI for as long as I maintain your PHI, regardless of the date the information was created; whether the information is maintained in paper or electronic systems onsite, remotely, or is archived; or where the PHI originated (e.g., whether it originated with me, another provider, or you.).

A "Designated Record Set" is defined under HIPAA as a group of records we maintain that comprises your:

• Medical records and billing records about you that we maintain;
• Enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan; or
• Other records that are used, in whole or in part, by me to make decisions about you.

The term "record" means any item, collection, or grouping of information that includes PHI and is maintained, collected, used, or disseminated by me. Thus, you have a right to a broad array of health information about yourself maintained by me, including:

• medical records; billing and payment records;
• insurance information;
• clinical laboratory test results; medical images, such as X-rays; wellness and disease management program files; and
• clinical case notes; among other information used to make decisions about you.

In responding to a request for access, I am not, however, required to create new information, such as explanatory materials or analyses, that does not already exist in the designated record set.

Information Excluded from the Right of Access:

You do not have a right to access PHI that is not part of a designated record set because the information is not used to make decisions about you. This may include certain quality assessment or improvement records, patient safety activity records, or business planning, development, and management records that are used for business decisions more generally, rather than to make decisions about you. For example, a hospital's peer review files or practitioner or provider performance evaluations, or a health plan's quality control records that are used to improve customer service or formulary development records, may be generated from and include an individual's PHI but might not be in the covered entity's designated record set and subject to access by you .In addition, two categories of information are expressly excluded from the right of access:

My personal notes documenting or analyzing the contents of a therapy session, that I maintain separate from the rest of your medical record.

Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding.

However, the underlying PHI from your medical or payment records or other records used to generate the above types of excluded records or information remains part of the designated record set and subject to access by you.

Form and Format and Manner of Access.

HIPAA requires me to provide you with access to your PHI in the form and format requested, if readily producible in that form and format, or if not, in a readable hard copy form or other form and format as agreed to by the covered entity and individual.

If you request electronic access to PHI that I maintain electronically, I must provide you with access to the information in the requested electronic form and format, if it is readily producible in that form and format, or if not, in an agreed-upon alternative, readable electronic format.

The terms "form and format" refer to how your PHI is conveyed to you (e.g., on paper or electronically, type of file, etc.) Thus, when you request a paper copy of PHI maintained by me either electronically or on paper, it is expected that I will be able to provide you with the paper copy requested.

Where you request an electronic copy of PHI that I maintain only on paper, I am required to provide you with an electronic copy if it is readily producible electronically (e.g., I can readily scan the paper record into an electronic format) and in the electronic format requested if readily producible in that format, or if not, in a readable alternative electronic format or hard copy format that you and I agree to.

Where you request an electronic copy of PHI that I maintain electronically, I must provide you with access to the information in the requested electronic form and format, if it is readily producible in that form and format. When your PHI is not readily producible in the electronic form and format requested, then I must provide access to an agreed-upon alternative readable electronic format. This means that, while I am not required to purchase new software or equipment in order to accommodate every possible individual request I must have the capability to provide some form of electronic copy of PHI maintained electronically; it is only if you decline to accept any of the electronic formats readily producible by me that I may satisfy your request for access by providing you with a readable hard copy of the PHI.

I also may provide you with a summary of the PHI requested, in lieu of providing access to the PHI, or may provide an explanation of the PHI to which access has been provided in addition to that PHI, so long as you, in advance: (1) choose to receive the summary or explanation (including in the electronic or paper form being offered by me); and (2) agree to any fees (as explained below in the Section describing permissible Fees for Copies) that I may charge for the summary or explanation.

I also must provide access in the manner you request, which includes arranging with you for a convenient time and place to pick up a copy of your PHI or to inspect your PHI (if that is the manner of access requested by you), or to have a copy of your PHI mailed or e-mailed, or otherwise transferred or transmitted to you to the extent the copy would be readily producible in such a manner. Whether a particular mode of transmission or transfer is readily producible will be based on my capabilities and the level of security risk that the mode of transmission or transfer may introduce to your PHI on my systems (as opposed to security risks to your PHI once it has left the systems). I am not expected to tolerate unacceptable levels of risk to the security of your PHI on my systems in responding to requests for access; whether your requested mode of transfer or transmission presents such an unacceptable level of risk will depend on my Security Rule risk analysis. However, mail and e-mail are generally considered readily producible. It is expected that I have the capability to transmit PHI by mail or e-mail (except in the limited case where e-mail cannot accommodate the file size of requested images), and transmitting PHI in such a manner does not present unacceptable security risks to my systems, even though there may be security risks to your PHI while in transit (such as where you have requested to receive your PHI by, and accepted the risks associated with, unencrypted e-mail). Thus, I may not require that you travel to my physical location to pick up a copy of your PHI if you request that the copy be mailed or e-mailed.

Fees for Copies.

HIPAA permits me to impose a reasonable, cost-based fee if you request a copy of your PHI (or agree to receive a summary or explanation of the information). The fee may include only the cost of: (1) labor for copying the PHI you requested, whether in paper or electronic form; (2) supplies for creating the paper copy or electronic media (e.g., CD or USB drive) if you request that the electronic copy be provided on portable media; (3) postage, when you request that the copy, or the summary or explanation, be mailed; and (4) preparation of an explanation or summary of your PHI, if agreed to by you. The fee may not include costs associated with verification; documentation; searching for and retrieving your PHI; maintaining systems; recouping capital for data access, storage, or infrastructure; or other costs not listed above even if such costs are authorized by State law.

Washington State Law provides that:

  • Upon receipt of a written request from you to examine or copy all or part of your recorded health care information, as promptly as required under the circumstances, but no later than fifteen working days after receiving the request, I will:

    • a) Make the information available for examination during regular business hours and provide a copy, if requested, to you:

    • b) Inform you if the information does not exist or cannot be found;

    • c) If I do not maintain a record of the information, inform you and provide the name and address, if known, of the health care provider who maintains the information;

    • d) If the information is in use or unusual circumstances have delayed handling the request, inform you and specify in writing the reasons for the delay and the earliest date, not later than twenty-one working days after receiving the request, when the information will be available for examination or copying or when the request will be otherwise disposed of; or e) Deny the request, in whole or in part, under RCW 70.02.090 and inform you of the denial.

  • Upon request, I shall provide an explanation of any code or abbreviation used in the health care information. If a record of the particular health care information requested is not maintained by me in the requested form, I am not required to create a new record or reformulate an existing record to make the health care information available in the requested form. Except as provided in RCW 70.02.030, I may charge a reasonable fee for providing the health care information and I am not required to permit examination or copying until the fee is paid.

RCW 70.02.090 states that

(1) Subject to any conflicting requirement in the public records act, chapter 42.56 RCW, I may deny your request if I reasonably conclude that:

a. Knowledge of the health care information would be injurious to your health;
b. Knowledge of the health care information could reasonably be expected to lead to your identification of an individual who provided the information in confidence and under circumstances in which confidentiality was appropriate;
c. Knowledge of the health care information could reasonably be expected to cause danger to the life or safety of any individual;
d. The health care information was compiled and is used solely for litigation, quality assurance, peer review, or administrative purposes; or
e. Access to health care information is otherwise prohibited by law.

(2) If I deny a request for examination and copying under this section, I, to the extent possible, shall segregate health care information for which access has been denied under subsection (1) of this section from information for which access cannot be denied and permit you to examine or copy the disclosable information.

(3) If I deny your request for examination and copying, in whole or in part, under subsection (1) a. or (1) c. of this section, I shall permit examination and copying of the record by another health care provider, selected by you, who is licensed, certified, registered, or otherwise authorized under the laws of this state to treat you for the same condition as I have treated you. I shall inform you of your right to select another health care provider under this subsection. You shall be responsible for arranging for compensation of the other health care provider so selected.

Confidentiality

The session content and all relevant materials to your treatment will be held confidential unless you request in writing to have all or portions of such content released to a specifically named person/persons.

Exceptions to Confidentiality: I am required to disclose health care information, including individually identifiable health information in the following situations:

  • If you threaten, or attempt to commit, suicide or otherwise conduct yourself in a manner in which there is a substantial risk of incurring serious bodily harm;

  • If you threaten grave bodily harm or death to another person;

  • If I have a reasonable cause to believe that abuse or neglect of a child has occurred or that a clear and present danger to a child's health, welfare, or safety exists;

  • If I have a reasonable cause to believe that abandonment, abuse, neglect, or financial exploitation of a vulnerable adult has occurred;

  • If a court of law issues a legitimate subpoena for information;

  • To federal, state, or local public health authorities, to the extent I am required by law to report health care information.

I am permitted to disclose health care information, including individually identifiable health information in the following situations:

  • If I have reasonable cause to believe that that use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public;

  • To a person whom I reasonably believe is providing health care to you;

  • To any other person who requires health care information for health care education, or to provide planning, quality assurance, peer review, or administrative, legal, financial, or actuarial services, provided they follow certain guidelines and requirements;

  • For payment, including information necessary for you to make a claim, or for a claim to be made on your behalf for aid, insurance, or medical assistance to which you may be entitled.

Additional details can be found at: 45 CFR § 164.512(j), RCW 26.44.030, 70.02.050, 70.02.200, 70.02.210, and 74.34.035