HIPAA  Sample form for clients 
from the AAMFT 

**You can access this and additional information directly from AAMFT by logging into http://www.aamft.org and going to the Members Area or by pressing here.

 

THIS SAMPLE NOTICE IS AN EXAMPLE OF THE KIND OF DOCUMENT THAT IS REQUIRED BY HIPAA’s “PRIVACY RULE”.  THIS IS A DRAFT PREPARED BY AAMFT LEGAL CONSULTANT RICHARD LESLIE, J.D., FOR THE STATE OF CALIFORNIA AND MUST BE MODIFIED TO MEET LEGAL REQUIREMENTS IN OTHER STATES. DO NOT COMBINE THIS FORM WITH ANY OTHER FORM. IT IS WRITTEN FOR PRIVATE PRACITIONERS (e.g., SOLE PROPRIETORS) AS OPPOSED TO EMPLOYEES OF A HEALTH CARE ENTITY. (ALTHOUGH THE FEDERAL REGULATIONS ARE COMPLEX AND HIGHLY TECHNICAL, THEY SPECIFY THAT THE NOTICE MUST BE WRITTEN IN PLAIN LANGUAGE!) THIS SAMPLE DOCUMENT DOES NOT REPRESENT THE RENDERING OF LEGAL ADVICE TO A PARTICULAR INDIVIDUAL AND PRACTITIONERS SEEKING LEGAL SERVICES SHOULD OBTAIN THEM THROUGH AN ATTORNEY LICENSED IN THEIR STATE.

 

NOTE: Covered health care providers who have direct treatment relationships with patients must give those patients the written Notice of Privacy Practices no later than the date of the first service delivery to the patient after April 14, 2003. They must post the Notice on their premises (in a clear and prominent location) and have it available upon request for individuals to take with them. If the first service delivery is electronic, the covered provider must furnish electronic notice automatically and contemporaneously in response to the individual’s first request for service. In addition, if a covered provider maintains a website, the Notice must be available electronically through the website. Covered providers must make a good faith effort to obtain the patient’s written acknowledgment of receipt of the Notice. Signatures are not specifically required to be on the Notice. The patient may, for example, sign a separate sheet or list, or may simply initial a cover sheet of the Notice to be retained by the provider. No specific form of written acknowledgment is specified. Oral acknowledgment is not considered appropriate. The Notice acknowledgment process is intended to provide a formal opportunity for the individual to engage in a discussion with a health care provider about privacy. At the very least, according to the Department of Health and Human Services, the process is intended to draw the individual’s attention to the importance of the Notice.                                

________________________________________________________________________

SAMPLE FORM                                                                                    SAMPLE FORM

                                    NOTICE OF PRIVACY PRACTICES  

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. 

What is “Medical Information”?  

The term “medical information” is synonymous with the terms “personal health information” and “protected health information” for purposes of this Notice. It essentially means any individually identifiable health information (either directly or indirectly identifiable), whether oral or recorded in any form or medium, that is created or received by a health care provider (me), health plan, or others and 2) relates to the past, present, or future physical or mental health or condition of an individual (you); the provision of health care (e.g., mental health) to an individual (you); or the past, present, or future payment for the provision of health care to an individual (you). 

I am a mental health care provider. More specifically, I am a Licensed Marriage and Family Therapist, licensed by the State of California through the Board of Behavioral Sciences. I create and maintain treatment records that contain individually identifiable health information about you. These records are generally referred to as “medical records” or “mental health records,” and this notice, among other things, concerns the privacy and confidentiality of those records and the information contained therein.  

Uses and Disclosures Without Your Authorization - For Treatment, Payment, or Health Care Operations 

Federal privacy rules (regulations) allow health care providers (me) who have a direct treatment relationship with the patient (you) to use or disclose the patient’s personal health information, without the patient’s written authorization, to carry out the health care provider’s own treatment, payment, or health care operations. I may also disclose your protected health information for the treatment activities of any health care provider. This too can be done without your written authorization. 

An example of a use or disclosure for treatment purposes: If I decide to consult with another licensed health care provider about your condition, I would be permitted to use and disclose your personal health information, which is otherwise confidential, in order to assist me in the diagnosis or treatment of your mental health condition. 

Disclosures for treatment purposes are not limited to the minimum necessary standard. because physicians and other health care providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, among other things, the coordination and management of health care among health care providers or by a health care provider with a third party, consultations between health care providers, and referrals of a patient for health care from one health care provider to another. 

An example of a use or disclosure for payment purposes: If your health plan requests a copy of your health records, or a portion thereof, in order to determine whether or not payment is warranted under the terms of your policy or contract, I am permitted to use and disclose your personal health information. 

An example of a use or disclosure for health care operations purposes: If your health plan decides to audit my practice in order to review my competence and my performance, or to detect possible fraud or abuse, your mental health records may be used or disclosed for those purposes. 

PLEASE NOTE: I, or someone in my practice acting with my authority, may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. Your prior written authorization is not required for such contact.  

Other Uses and Disclosures Without Your Authorization:  

I may be required or permitted to disclose your personal health information (e.g., your mental health records) without your written authorization. The following circumstances are examples of when such disclosures may or will be made:

1)      If disclosure is compelled by a court pursuant to an order of that court

2)      If disclosure is compelled by a board, commission, or administrative agency for purposes of adjudication pursuant to its lawful authority

3)      If disclosure is compelled by a party to a proceeding before a court or administrative agency pursuant to a subpoena, subpoena duces tecum (e.g., a subpoena for mental health records), notice to appear, or any provision authorizing discovery in a proceeding before a court or administrative agency.

4)      If disclosure is compelled by a board, commission, or administrative agency pursuant to an investigative subpoena issued pursuant to its lawful authority.

5)      If disclosure is compelled by an arbitrator or arbitration panel, when arbitration is lawfully requested by either party, pursuant to a subpoena duces tecum (e.g., a subpoena for mental health records), or any other provision authorizing discovery in a proceeding before an arbitrator or arbitration panel.

6)      If disclosure is compelled by a search warrant lawfully issued to a governmental law enforcement agency.

7)      If disclosure is compelled by the patient or the patient’s representative pursuant to Chapter 1 (commencing with Section 123100) of Part 1 of Division 106 of the California Health and Safety Code or by corresponding federal statutes or regulations (e.g., the federal “Privacy Rule,” which requires this Notice).

8)      If disclosure is compelled or by the California Child Abuse and Neglect Reporting Act (for example, if I have a reasonable suspicion of child abuse or neglect).

9)      If disclosure is compelled by the California Elder/Dependent Adult Abuse Reporting Law (for example, if I have a reasonable suspicion of elder abuse or dependent adult abuse).

10)  If disclosure is compelled or permitted by the fact that you are in such mental or emotional condition as to be dangerous to yourself or to the person or property of others, and if I determine that disclosure is necessary to prevent the threatened danger.

11)  If disclosure is compelled or permitted by the fact that you tell me of a serious threat (imminent) of physical violence to be committed by you against a reasonably identifiable victim or victims.

12)  If disclosure is compelled or permitted, in the event of your death, to the coroner in order to determine the cause of your death.

13)  As indicated above, I am permitted to contact you without your prior authorization to provide appointment reminders or information about alternatives or other health-related benefits and services that may be of interest to you. Be sure to let me know where and by what means (e.g., telephone, letter, email, fax) you may be contacted.

14)  If disclosure is required or permitted to a health oversight agency for oversight activities authorized by law, including but limited to, audits, criminal or civil investigations, or licensure or disciplinary actions. The California Board of Behavioral Sciences, who license marriage and family therapists, is an example of a health oversight agency.

15)  If disclosure is compelled by the U. S. Secretary of Health and Human Services to investigate or determine my compliance with privacy requirements under the federal regulations (the “Privacy Rule”).

16)  If disclosure is otherwise specifically required by law. 

PLEASE NOTE: The above list is not an exhaustive list, but informs you of most circumstances when disclosures without your written authorization may be made. Other uses and disclosures will generally (but not always) be made only with your written authorization, even though federal privacy regulations or state law may allow additional uses or disclosures without your written authorization. Uses or disclosures made with your written authorization will be limited in scope to the information specified in the authorization form, which must identify the information “in a specific and meaningful fashion.” You may revoke your written authorization at any time, provided that the revocation is in writing and except to the extent that I have taken action in reliance on your written authorization. Your right to revoke an authorization is also limited if the authorization was obtained as a condition of obtaining insurance coverage for you. If California law protects your confidentiality or privacy more than the federal “Privacy Rule” does, or if California law gives you greater rights than the federal rule does with respect to access to your records, I will abide by California law. In general, uses or disclosures by me of your personal health information (without your authorization) will be limited to the minimum necessary to accomplish the intended purpose of the use or disclosure. Similarly, when I request your personal health information from another health care provider, health plan or health care clearinghouse, I will make an effort to limit the information requested to the minimum necessary to accomplish the intended purpose of the request. As mentioned above, in the section dealing with uses or disclosures for treatment purposes, the “minimum necessary” standard does not apply to disclosures to or requests by a health care provider for treatment purposes because health care providers need complete access to information in order to provide quality care.  

Your Rights Regarding Protected Health Information 

1)      You have the right to request restrictions on certain uses and disclosures of protected health information about you, such as those necessary to carry out treatment, payment, or health care operations. I am not required to agree to your requested restriction. If I do agree, I will maintain a written record of the agreed upon restriction.

2)      You have the right to receive confidential communications of protected health information from me by alternative means or at alternative locations.

3)      You have the right to inspect and copy protected health information about you by making a specific request to do so in writing. This right to inspect and copy is not absolute – in other words, I am permitted to deny access for specified reasons. For instance, you do not have this right of access with respect to my “psychotherapy notes.” The term “psychotherapy notes” means notes recorded (in any medium) by a health care provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual’s medical (includes mental health) record. The term excludes medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date.

4)      You have the right to amend protected health information in my records by making a request to do so in a writing that provides a reason to support the requested amendment. This right to amend is not absolute – in other words, I am permitted to deny the requested amendment for specified reasons. You also have the right, subject to limitations, to provide me with a written addendum with respect to any item or statement in your records that you believe to be incorrect or incomplete and to have the addendum become a part of your record.

5)      You have the right to receive an accounting from me of the disclosures of protected health information made by me in the six years prior to the date on which the accounting is requested. As with other rights, this right is not absolute. In other words, I am permitted to deny the request for specified reasons. For instance, I do not have to account for disclosures made in order to carry out my own treatment, payment or health care operations. I also do not have to account for disclosures of protected health information that are made with your written authorization, since you have a right to receive a copy of any such authorization you might sign.

6)      You have the right to obtain a paper copy of this notice from me upon request.  

PLEASE NOTE: In order to avoid confusion or misunderstanding, I ask that if you wish to exercise any of the rights enumerated above, that you put your request in writing and deliver or send the writing to me. If you wish to learn more detailed information about any of the above rights, or their limitations, please let me know. I am willing to discuss any of these matters with you. As mentioned elsewhere in this document, I am the Privacy Officer of this practice.  

My Duties 

I am required by law to maintain the privacy and confidentiality of your personal health information. This notice is intended to let you know of my legal duties, your rights, and my privacy practices with respect to such information. I am required to abide by the terms of the notice currently in effect. I reserve the right to change the terms of this notice and/or my privacy practices and to make the changes effective for all protected health information that I maintain, even if it was created or received prior to the effective date of the notice revision. If I make a revision to this notice, I will make the notice available at my office upon request on or after the effective date of the revision and I will post the revised notice in a clear and prominent location.  

As the Privacy Officer of this practice, I have a duty to develop, implement and adopt clear privacy policies and procedures for my practice and I have done so. I am the individual who is responsible for assuring that these privacy policies and procedures are followed not only by me, but by any employees that work for me or that may work for me in the future. I have trained or will train any employees that may work for me so that they understand my privacy policies and procedures. In general, patient records, and information about patients, are treated as confidential in my practice and are released to no one without the written authorization of the patient, except as indicated in this notice or except as may be otherwise permitted by law. Patient records are kept secured so that they are not readily available to those who do not need them.  

Because I am the Contact Person of this practice, you may complain to me and to the Secretary of the U.S. Department of Health and Human Services if you believe your privacy rights may have been violated either by me or by those who are employed by me. You may file a complaint with me by simply providing me with a writing that specifies the manner in which you believe the violation occurred, the approximate date of such occurrence, and any details that you believe will be helpful to me. My telephone number is ________________. I will not retaliate against you in any way for filing a complaint with me or with the Secretary. Complaints to the Secretary must be filed in writing. A complaint to the Secretary can be sent to U.S Department of Health and Human Services, ____________. [locate regional address at http://www.hhs.gov/ocr/hipaahealth.txt.]  

If you need or desire further information related to this Notice or its contents, or if you have any questions about this Notice or its contents, please feel free to contact me. As the Contact Person for this practice, I will do my best to answer your questions and to provide you with additional information. 

This notice first became effective on April 14, 2003. 

SAMPLE FORM                                                                                    SAMPLE FORM