HIPAA NOTICE OF PRIVACY PRACTICES:
Because we do not file insurance claims, we will not ask for your social security number. Your insurance company already has that information and when you file your claim, you can provide your social security number to your insurance carrier. This provides a greater level of security to our clients as social security number information is not shared with our offices or your therapist.
​
How we use & disclose Protected Health Information ("PHI") to provide treatment, obtain payment, provide health care for purposes permitted or required by law, and your rights to access & control your PHI. PHI is information, including demographics, that may identify you, related to past, present, or future physical, and mental health, other conditions, or related healthcare services. Our offices are required by law to maintain the privacy of "PHI," provide notice of legal duties & privacy practices & follow the terms of our notice currently in effect. We may change terms at any time. Refer to www.CliftonFullerCounseling.com for the current privacy policy. Notice is effective for all PHI we maintain at the time & future info we receive. Obtain a revised Notice of Privacy Practices by contacting our office or via your secure patient log-in portal.
​
USE & DISCLOSURE OF PROTECTED HEALTH INFORMATION "PHI":
How We May Use and Disclose Protected Health Information: Examples describe ways of use or PHI disclosure. Examples are not all-inclusive and describe acceptable use & disclosure. Even if listed below, our office may never have reason to make these disclosures.
For treatment: provide, coordinate, or manage health care treatment & any related services to physicians treating you (upon written request) or to a physician to whom you have been referred to ensure the physician has any necessary information to diagnose or treat you, to another physician or health care provider (e.g., specialist or laboratory) who, at the written request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment.
​
For Payment: for health care services. (We require payment prior to a session. Clients are provided with a statement in their secure patient portals following sessions and must file insurance claims directly to their insurance for reimbursement).
For Health Care Operations: So patients receive quality care for operation-management purposes.
​
Appointment Reminders/Treatment Alternatives/Health-Related Benefits, Services: client appointment reminders, scheduling, treatment options, alternatives or health-related benefits, services that may interest you, birthday congratulations, or another email contact.
Plan Sponsors: to employer or group insurance health plan, upon request.
​
Others Involved in Your Healthcare: disclose to a member of your family, relative, close friend, or other person you identify (in writing) relating to a person's involvement in your healthcare. If you're unable to agree or object to such a disclosure, we may disclose as necessary if we determine it's in your best interest, based on our professional judgment, to notify or assist in notifying a family member, personal representative or another person responsible for your care of your location, general condition or death, to an authorized public or private entity to assist in disaster relief efforts, coordinate use & disclosures to family or individuals involved in your health care.
​
As Required by Law: to the extent required by law or courts in compliance with law & limited to relevant law requirements. As required by law, you'll be notified of such uses or disclosures.
​
Public Health: public health activities & purposes to public health authority permitted by law to collect or receive info for the purpose of disability, injury, or controlling disease, if directed by a public health authority, to government agency collaborating with a public health authority.
​
Business Associates: to business associates performing functions on our behalf or to provide services if information is necessary for such functions or services. Example: A company that schedules services. All business associates are obligated to protect PHI and are not allowed to use or disclose information other than specified in the contract.
​
​
Infectious Diseases: if authorized by law, to a person possibly exposed to a communicable disease or otherwise at risk of contracting or spreading a disease or condition.
​
Health Oversight: to a health oversight agency for activities authorized by law (investigations, inspections, audits). This may include government agencies overseeing the health care system, government benefit programs, other government regulatory programs & civil rights laws.
​
Abuse or Neglect: to public health authority authorized by law to receive reports of child abuse or neglect if we believe you've been a victim of abuse, neglect, or domestic violence to a governmental entity or agency authorized to receive such info-any disclosures made consistent with requirements of applicable federal & state laws.
​
Food and Drug Administration: to person or company required by FDA to report adverse events, product defects, problems, biological product deviations, track products for product recalls, make repairs or replacements, or conduct post-marketing surveillance, as required by law.
​
Legal Proceedings: in the course of judicial or administrative proceedings, in response to court order or administrative tribunal (to the extent such disclosure is expressly authorized), in certain conditions in response to subpoena, discovery request, or other lawful process.
Law Enforcement: as long as applicable legal requirements are met, for law enforcement purposes, including (1) legal processes & otherwise required by law, (2) limited information requests for identification & location purposes, (3) pertaining to victims of crime, (4) suspicion death has occurred as result of criminal conduct, (5) in the event a crime occurs on practice premises, and (6) medical emergency (on or off practice's premises) & likely crime has occurred.
​
Research: to researchers when research has been approved by an institutional review board reviewing research proposal & established protocols to ensure PHI privacy.
​
Criminal Activity: Consistent with applicable federal and state laws, if we believe use or disclosure is necessary to prevent or lessen serious & imminent threat to the health or safety of a person or public or if required for law enforcement authorities to identify or apprehend an individual.
​
Military Activity and National Security: When appropriate conditions apply, Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of eligibility for benefits, or (3) to foreign military authority if you're a member of that foreign military services. We may disclose PHI to authorized federal officials for conducting national security & intelligence activities, including any provision of protective services to the President or others legally authorized.
​
Workers' Compensation: as authorized for workers' compensation & other similar legally established programs.
Inmates: if an inmate of a correctional facility & a physician created or received your PHI while providing care to you.
For Data Breach Notification Purposes: provide legally required notices of unauthorized acquisition, access, or disclosure of PHI. We may send notice directly to you or provide notice to your insurance carrier.
​
Required Uses and Disclosures: Under the law, when required by the Secretary of the U.S. Department of Health & Human Services to investigate or determine our compliance with Section 164.500 et. seq requirements.
​
PROTECTION FOR HIV, Alcohol, Substance Abuse, Mental Health or Genetic Information: Special Protections for HIV, Alcohol and Substance Abuse, Mental Health, and Genetic Information: Certain federal and state laws may require special privacy protections restricting the use and disclosure of certain health information, including HIV-related information, alcohol and substance abuse information, mental health information & genetic information. Some parts of this Notice of Privacy Practices may not apply to these types of info. Since your treatment through our offices involves this info, you may contact our office about these protections.
​
USE/DISCLOSURE; WRITTEN AUTHORIZATION: Other uses & disclosures of PHI made only with written authorization unless otherwise permitted or required by law. You may revoke this authorization, at any time, in writing, except to the extent this office has taken action in reliance on the use or disclosure indicated in authorization if the use or disclosure of PHI described above in this notice is prohibited or materially limited by other laws that apply to use, it is our intent to meet requirements of more stringent law.
​
YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION: You have the right to inspect & obtain a copy of the PHI contained in your designated file for as long as we maintain the PHI. "Designated file" contains medical and billing records and other records your physician and office use for making decisions about you. Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in a civil, criminal, or administrative action or proceeding; or PHI that is subject to law that prohibits access to PHI. You must make a written request to inspect & copy the designated file. Additionally, if we maintain an electronic health record of your designated file, you have the right to request a copy of PHI in electronic format to you or to a third party you identify in writing. We charge reasonable fees for sending electronic PHI copies. You understand and agree that this fee will be charged to you prior to release for those records ($1.00 per page, plus the cost of certified mail if mailed, plus a $75 processing/administration fee). We may deny requests to inspect and/or copy PHI, depending on circumstances. The decision to deny access may be reviewable. Please contact our office for questions.
​
*You have the right to request a restriction of your PHI and may ask us not to use or disclose any part of PHI for purposes of treatment, payment, or healthcare operations, request any part of PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in Notice of Privacy Practices. Any request must state the specific restriction requested and to whom restrictions apply. Requests must be in writing, and any changes or revisions must also be in writing, signed & dated.
*Our office is not required to agree to restrictions you may request. If this office believes it is in your best interest to permit the use & disclosure of PHI, PHI will not be restricted. If this office does agree to the requested restriction, we may not use or disclose PHI in violation of that restriction unless needed to provide emergency treatment. Please discuss any restriction you wish to request with your provider. All restriction requests must be in writing.
​
*You can request info regarding services not be disclosed to your third-party payer since you are paying at the time of a session and since no claim is being made against the third-party payer.
​
*You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We accommodate reasonable requests & may also condition this accommodation by asking you for info as to how payment will be handled or specification of an alternative address or other method of contact. We will not request an explanation from you regarding the basis for the request. Please make this request in writing to our office.
​
*You may have the right to have a counselor amend your PHI. You may request, in writing, that an amendment of PHI about you be placed in your designated file for as long as the info is maintained. In certain cases, requests for amendment may be denied. Requests must be in writing & provide reasons for the requested amendment.
​
*You have the right to receive a record of certain disclosures we've made, if any, of your PHI. This right applies to disclosures for purposes other than treatment, payment, or healthcare operations as described in the Notice of Privacy Practices. It excludes disclosures we may have made to you, a facility directory, family members or friends involved in your care, or notification purposes. The right to receive info is subject to certain exceptions, restrictions, and limitations. Fees apply for obtaining this information. Additionally, limitations are different for electronic health records. You have the right to obtain a paper copy of this notice, upon request, even if you agreed to accept this notice electronically. (There is a processing fee to mail a printed copy of your information readily available online through your patient portal.)
​
*You have the right to receive notice of a security breach. We're required to notify you if your PHI has been breached by first-class mail within 60 days of any event. A breach occurs when there has been an unauthorized use or disclosure under HIPAA that compromises the privacy or security of PHI. Notification requirements only apply if any breach poses a significant risk for financial, reputational, or other harm to you. Notice will contain the following: (1) a brief description of what happened, including the date of breach and date of discovery of breach; (2) steps you should take to protect yourself from potential harm resulting from a breach; (3) a brief description of what we are doing to investigate breach, mitigate losses, to protect against further breaches. Not every impermissible use or disclosure of PHI constitutes a reportable breach. Determination if an impermissible breach is reportable, depends on whether there is significant risk of harm to you due to impermissible activity. For example, if PHI were inappropriately shared with a billing clerk who understood confidentiality obligations, you would not need to be notified of a breach. If we inadvertently disclosed you received services at our facility without more specifics, this also may not be a reportable breach as it may not have been a significant risk of financial or reputational harm. Key to determining potential harm is whether sufficient information was released that would allow identity theft or harm you because of the likelihood of sharing sensitive health data.
​
COMPLAINTS OR QUESTIONS: You may complain to us in writing to our offices or to the Secretary of the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint. If you have a question about this privacy notice, please contact Privacy Officer Clifton Fuller at (210)-970-1511.
​
If you have any questions about this Disclaimer, contact us In writing:
Clifton Fuller, 12951 Huebner, Ste 781466, San Antonio, TX 78230.
Clients may contact us via their secure client portal email.
Effective original date January 1, 2015, last update July 5, 2024