Confidentiality and HIPAA

Common Thread Therapy takes client privacy very seriously and follows all legal requirements to protect your personal health information.

Purpose

To protect the privacy and confidentiality of client information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable federal and state laws.

Policy Statement

Common Thread Therapy is committed to maintaining the confidentiality of all client information and ensuring compliance with HIPAA regulations. This policy outlines the rights of clients, the responsibilities of the practice, and procedures for handling protected health information (PHI).

Confidentiality of Client Information

  1. Protected Health Information (PHI)

    • PHI includes any information related to a client’s health condition, treatment, or payment that can identify the client.

    • PHI may be stored electronically, on paper, or communicated verbally and is protected under this policy.

  2. Client rights under hipaa

    • Clients have the right to:

      • Receive a copy of their medical records

      • Request corrections to inaccurate information

      • Request restrictions on the use or disclosure of their PHI

      • Receive an accounting of disclosures of their PHI

      • File a complaint if they believe their rights have been violated

Use and Disclosure of PHI

  1. Permitted uses and disclosures without client authorization:

    • PHI may be used or disclosed by the practice for:

      • Treatment: Sharing necessary information with healthcare providers involved in the client’s care

      • Payment: Disclosing PHI to billing entities for payment purposes

      • Healthcare Operations: Using PHI for quality assessment, training, and compliance audits

      • Legal Requirements: Disclosing PHI when required by law, such as court orders or mandated reporting of abuse

  2. Uses and Disclosures requiring client authorization

    • Any use or disclosure outside of treatment, payment, or healthcare operations requires a signed authorization from the client.

    • Clients may revoke authorization at any time, except when disclosure has already occurred.

Safeguarding Client Information

  • Electronic Records: Access to electronic health records (EHR) is restricted to authorized staff (the therapist or administrative staff) only.

  • Paper Records: Physical files are stored in locked cabinets in a secure location.

  • Verbal Communication: Staff should avoid discussing PHI in public areas or non-secure settings.

  • Email and Electronic Communication: PHI should only be transmitted through encrypted and secure channels.

Reporting and Breach Notification

  • Reporting Violations:

    • Any suspected or actual breaches of client confidentiality must be reported immediately to Kaitlin Mulvihill (Designated Privacy Officer).

    • Staff who violate confidentiality policies may be subject to disciplinary action.

  • Breach Notification:

    • In the event of an unauthorized disclosure of PHI, affected clients will be notified as required by HIPAA.

    • The practice will take corrective action to prevent future breaches.