Switch to Accessible Site

Privacy & Policy

      Notice of Alanna Sadoff, LMHC Policies and Practices to protect the Privacy of Your Health Information.

This notice describes how mental health and medical information about you may be used and disclosed and how to get access to this information. Please review it carefully.

1.              Uses and Disclosures for Treatment, Payment and Health Care Operations
I may used or disclose your protected health information (PHI) for treatment, payment and health care operations with your consent.  To help clarify these terms, here are some definitions:
“PHI” refers to information in your health care record that could identify you.
“Treatment, Payment and Health Care Operations”

¨     Treatment is when I provide, coordinate or manage your health care and other services related to your health care. An example of treatment would be when I consult with another health care provider such as a primary care doctor or another counselor.
¨     Payment is when I obtain reimbursement for your healthcare. Examples of payment are when I disclose your PHI to your health insurer to obtain reimbursement for your health care or to determine eligibility or coverage.
¨     Health Care Operations are activities that relate to the performance and operations of my practice.  Examples of health care operations are quality assessment and improvement activities, business related matters, such as audits and administrative services, case management and care coordination.

  “Use” applies only to activities within my office, such as sharing, employing, applying, utilizing, examining and analyzing information that identifies you.

“Disclosure” applies to activities outside my office, such as releasing, transferring, or providing access to information about you to other parties.

  II.              Uses and Disclosures Requiring Authorization
I may use or disclose PHI for purposes outside treatment, payment and health care operations when your appropriate authorization is obtained. An authorization is a written permission above and beyond the general consent that permits only specific disclosures.  In those instances when I am asked for information outside of treatment, payment and health care operations, I will obtain an authorization from you before releasing this information.

  You may revoke all such authorizations (of PHI) at any time, provided each revocation is in writing.  You may not revoke an authorization to the extent that (1) I have relied on that authorization; or (2) if the authorization was obtained as a condition of obtaining insurance coverage and the law provides the insurer the right to contest the claim under the policy.

  I will also obtain an authorization from you before using or disclosing PHI in a way that is not described in the Notice.

  III.             Uses and Disclosures with Neither Consent or Authorization

  I may use or disclose PHI without your consent or authorization in the following circumstances:

  Duty to Warn and Protect:  When a client discloses information, intentions, or plans to harm another person, the health care professional is required to warn the intended victim, if known, and report this information to legal authorities.  In cases in which the client discloses or implies a plan for harming him/herself, the health care professional is required to notify legal authorities and make reasonable attempts to notify the family of the client.
 Abuse of Children and Vulnerable Adults:  If a client or parent/guardian suggests that he/she is abusing or harming a child or vulnerable adult, or has recently abused or harmed a child or vulnerable adult, or a child or vulnerable adult is in danger of abuse or harm, the health care provider is required to report this information to the appropriate social service and/or legal authorities.
 Court Orders: Health care professionals are required to release records of clients when a valid court order has been issued.  A subpoena from an attorney, absent a court order still requires client consent to release records, however.  You will be informed in advance if this is the case.
Law Enforcement: I may be required to release medical information if asked to do so by a law enforcement officer.
In response to a court order, subpoena, warrant, summons or similar proces
To identify or locate a suspect fugitive, material witness, or missing person
About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement.
About a death I believe may be the result of criminal misconduct
In emergency circumstances to report a crime; the location of a crime or victims; or the identity, description or location of the person who committed the crime.
Medical Examiners: I may be required to release medical information to a coroner or medical examiner.  This may be necessary, for example, to identify a deceased person or determine the cause of death.
National Security & Intelligence Activities: I may be required to release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective Service for the President and Others:  I may be required to disclose medical information about you to authorized federal officials so they may provide protection to the president of the United States.
Health Oversight: I may be required to disclose medical information to an authorized health oversight agency for activities authorized by law.  These oversight activities include, for example, audits, investigations, inspections, licensure and accreditation.  These activates are necessary for the government to monitor the health care system, and related government programs, as well as compliance with civil rights laws. 
Minors/Guardianship: Parents or legal guardians of non-emancipated minors have the right to review the client’s records.

  IV.       Patient’s Rights and Health Care Professionals Responsibilities  

  Patients Rights:
Right to Request Restrictions: You have the right to request restrictions on certain issues and disclosures of protected health information about you.  However, I am not required to agree to a restriction of your request.

Right to Receive Confidential Communications by Alternative Means at Alternative Locations: You have the right to request and receive confidential communications of PHI by alternative means and alternative locations.  For example, you may not want a family member to know you are seeing me.  Upon request, I will send your bills or other correspondence to another address.

Right to Inspect and Copy: You have the right to inspect or obtain a copy (or both) of PHI in the mental health and billing records used to make decisions about you for as long as the PHI is maintained in the record.  I may deny you access to PHI under certain circumstances, but in some cases, you may have this decision reviewed.  On your request, I will discuss with you the details of the request and denial process.

  Right to Amend:  You have the right to request an amendment of PHI for as long as the PHI is maintained in the record.  I may deny your request.  On your request, I will discuss with you the details of the amendment process.

  Right to an Accounting: You generally have the right to receive an accounting of disclosures of PHI for which you have provided neither consent nor authorization (as described in Section III of this notice).  Upon your request, I will discuss with you the details of the accounting process.

  Right to a Paper Copy: You have the right to obtain a paper copy of the notice from me upon request, even if you have agreed to receive the notes electronically.

  Right to have someone act for you: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise rights and make choices about your health information.  I will make sure the person who has this authority and can act for your before we take any action.

  Right to Restrict Disclosures When You Have Paid for Your Care Out-of-Pocket: You have the right to restrict certain disclosures of PHI to a health plan when you pay out of pocket in full for my services.

  Right to be Notified if There is a Breach of Your Unsecured PHI: You have a right to be notified if (a) there is a breach (a use or disclosure of your PHI in violation of the HIPAA Privacy Rule) involving your PHI; (b) that PHI has not been encrypted to government standards: and (c) my risk assessment fails to determine that there is low probability that your PHI has been compromised.

  Health Care Professional’s Responsibilities:

  I am required by law to maintain the privacy of PHI and to provide you with a notice of my legal duties and privacy practices with respect to PHI.

  I reserve the right to change the privacy policies and procedures described in this notice.  Unless I notify you of such changes, however, I am required to abide by the terms currently in effect.

  If I revise my policies and procedures I ill notify you in person or by mail.

  V.        Breach Notification  

A “breach” is defined as the acquisition, access, use or disclosure of PHI in violation of the HIPAA Privacy Rule.  Examples, of breach include: stolen or improperly accessed PHI; PHI inadvertently sent to the wrong provider or PHI that is “unsecured” if it is not encrypted to government standards. 

  A use or disclosure of PHI that violates the Privacy Rule is presumed to be a breach unless I determine there is low probability PHI has been compromised.  When I become aware of or, suspect a breach, I will conduct a Risk Assessment.  I will keep a written record of that Risk Assessment.

  A Risk Assessment considers the following four factors to determine of PHI has been compromised:

         2.              The nature and extent of PHI involved.

3.              To whom the PHI may have been disclosed.

4.              Whether the PHI was actually acquired or viewed.

5.              The extent to which the risk to the PHI has been mitigated.

  If the Risk Assessment fails to demonstrate that there is a low probability that the PHI has been compromised, I will notify you that there has been a breach if the PHI was unsecured.

  Notification will be made without unreasonable delay and within 60 days of discovery.  This notice will be made to you in plain language and will include a brief description of the breach; a description of types of unsecured PHI involved; the steps you should take to protect against potential harm; a brief description of the steps I have taken to investigate the incident, mitigate harm and protect against further breaches as well as my contact information.

  For breaches affecting fewer than 500 patients, I will keep a log of those breaches during the year and provide notice to HHS of all breaches during the calendar year, within 60 days after that year ends.  For breaches affecting 500 patients or more, I will notify HHS immediately.

  After any breach, particularly one that requires notice, I will reassess my privacy and security practices to determine what changes should be made to prevent the re-occurrence of such breaches.

  VI.       Questions and Complaints

If you have any questions about this notice, disagree with a decision I make about access to your records, or have any other concerns about your privacy rights, you may contact me at (401) 829-9956 for further information.

If you believe your privacy rights have been violated and wish to file a complaint with me, you may send your written complaint to me at my office address noted above.

You may also send a written complaint to the Secretary of the U.S. Department of Health and Human Services.  I can provide you with the appropriate address upon request.

  You have specific rights under the Privacy Rule.  I will not retaliate against you for exercising your right to file a complaint.

  VII.      Effective Date, Restrictions and Changes to Privacy Policy
This notice went into effect September 23, 2013.








Schedule Appointment

Start your new path in life and be the change today!