Confidentiality and HIPAA
Common Thread Therapy takes client privacy very seriously and follows all legal requirements to protect your personal health information.
Purpose
To protect the privacy and confidentiality of client information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable federal and state laws.
Policy Statement
Common Thread Therapy is committed to maintaining the confidentiality of all client information and ensuring compliance with HIPAA regulations. This policy outlines the rights of clients, the responsibilities of the practice, and procedures for handling protected health information (PHI).
Confidentiality of Client Information
Protected Health Information (PHI)
PHI includes any information related to a client’s health condition, treatment, or payment that can identify the client.
PHI may be stored electronically, on paper, or communicated verbally and is protected under this policy.
Client rights under hipaa
Clients have the right to:
Receive a copy of their medical records
Request corrections to inaccurate information
Request restrictions on the use or disclosure of their PHI
Receive an accounting of disclosures of their PHI
File a complaint if they believe their rights have been violated
Use and Disclosure of PHI
Permitted uses and disclosures without client authorization:
PHI may be used or disclosed by the practice for:
Treatment: Sharing necessary information with healthcare providers involved in the client’s care
Payment: Disclosing PHI to billing entities for payment purposes
Healthcare Operations: Using PHI for quality assessment, training, and compliance audits
Legal Requirements: Disclosing PHI when required by law, such as court orders or mandated reporting of abuse
Uses and Disclosures requiring client authorization
Any use or disclosure outside of treatment, payment, or healthcare operations requires a signed authorization from the client.
Clients may revoke authorization at any time, except when disclosure has already occurred.
Safeguarding Client Information
Electronic Records: Access to electronic health records (EHR) is restricted to authorized staff (the therapist or administrative staff) only.
Paper Records: Physical files are stored in locked cabinets in a secure location.
Verbal Communication: Staff should avoid discussing PHI in public areas or non-secure settings.
Email and Electronic Communication: PHI should only be transmitted through encrypted and secure channels.
Reporting and Breach Notification
Reporting Violations:
Any suspected or actual breaches of client confidentiality must be reported immediately to Kaitlin Mulvihill (Designated Privacy Officer).
Staff who violate confidentiality policies may be subject to disciplinary action.
Breach Notification:
In the event of an unauthorized disclosure of PHI, affected clients will be notified as required by HIPAA.
The practice will take corrective action to prevent future breaches.
