Notice of Privacy Practices

My Commitment to Your Privacy

I understand that your health information is personal. I am committed to protecting your protected health information (PHI) and to complying with the Health Insurance Portability and Accountability Act (HIPAA) and applicable New York State law.

I create and maintain records of the care and services I provide to you. This Notice applies to all records generated by this practice and describes how I may use and disclose your health information, as well as your rights regarding that information.

• Maintain the privacy of your protected health information
• Provide you with this Notice of my legal duties and privacy practices
• Follow the terms of the Notice currently in effect
• Notify you in the event of a breach of your unsecured protected health information

I reserve the right to change the terms of this Notice. Any changes will apply to all health information I maintain. An updated Notice will be made available upon request and through my client portal.

In the event of a breach of your unsecured protected health information, I am required by law to notify you. Notification will be provided in writing — by first-class mail to your address on file, or by email if you have agreed to receive communications electronically — within 60 days of discovery of the breach. The notification will include a description of what occurred, the type of information involved, steps you can take to protect yourself, what I am doing to investigate and mitigate the breach, and contact information for follow-up questions.

How I May Use and Disclose Your Health Information

I may use and disclose your PHI to provide, coordinate, or manage your care. For example, I may share relevant information with another health care provider if I refer you for consultation or additional services.

If you request a superbill for out-of-network reimbursement, I may use and disclose your PHI, including your diagnosis and procedure codes, to facilitate that process. By requesting a superbill, you consent to the release of this information to your insurance company. You remain financially responsible for all charges regardless of reimbursement.

I may use your PHI for internal operations necessary to support this practice, including quality assessment, training, and administrative functions.

I may consult with other licensed health professionals about a case to ensure quality care. During consultations, I make every effort to protect your identity. The consulting professional is also legally bound to maintain confidentiality. All consultations are documented in your clinical record.

Uses and Disclosures That Do Not Require Your Authorization

Subject to certain limitations in the law, I may use and disclose your PHI without your written authorization in the following circumstances:

• When disclosure is required by state or federal law
• For public health activities, including reporting suspected child, elder, or vulnerable adult abuse or neglect
• For health oversight activities, including government audits and investigations
• For judicial and administrative proceedings, including responding to a court order or subpoena
• For law enforcement purposes, as required by law
• To coroners or medical examiners performing duties authorized by law
• For specialized government functions, including national security and protective services
• If you file a complaint or lawsuit against this practice, relevant information may be disclosed as necessary to defend the practice

Uses and Disclosures That Require Your Authorization

I maintain psychotherapy notes as defined under HIPAA (45 CFR § 164.501). Any use or disclosure of psychotherapy notes requires your written authorization, with limited exceptions including treatment, training, legal defense, regulatory compliance, legal mandate, or averting a serious threat to health or safety.

I will not use or disclose your PHI for marketing purposes. I will not sell your PHI.

Any use or disclosure of your PHI not described in this Notice will be made only with your written authorization. You may revoke any authorization at any time in writing. Revocation will not affect actions already taken in reliance on the authorization.

Disclosures to Family, Friends, or Others

I may provide your PHI to a family member, friend, or other person you identify as involved in your care or payment for your care, unless you object. In an emergency where you are unable to agree or object, I may disclose information directly relevant to that person's involvement in your care, using professional judgment.

Your Rights Regarding Your Health Information

Electronic Records and Security

Your clinical records are maintained in a HIPAA-compliant electronic health record system with encryption and password-restricted access. All telehealth sessions are conducted via a HIPAA-compliant video platform.

Please be aware that standard email and phone calls are not fully secure. These channels are used for scheduling and administrative matters only. Do not send clinical content via email or voicemail.

Information disclosed through HIPAA-permitted channels may be subject to redisclosure by the recipient and may lose its legal protection under HIPAA once disclosed to a third party.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with this practice or with the U.S. Department of Health and Human Services. You will not be penalized in any way for filing a complaint.

Confirm You Have Received This Notice

If you are a current or prospective client, you will be asked to sign an Acknowledgment of Receipt confirming that you have reviewed this Notice. This is a separate document from your Informed Consent and will be provided through your SimplePractice client portal before your first session.

If you have questions about this Notice or your privacy rights before signing, please contact me directly.