Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Last Updated: October 16, 2024

Overview

This notice will tell you about the ways Collectively We Heal (“Practice,” “we,” or “us”) may disclose health information about you and will also describe your rights and certain obligations that we have regarding the use and disclosure of your health information. Collectively We Heal is a behavioral health group that is operated across multiple legal entities which are referred to by the HIPAA Privacy Rule as an "organized health care arrangement." Collectively We Heal has relationships with the providers listed on this website and provides services via telehealth and at the service delivery sites of the providers listed on this website. Collectively We Heal's legal entities share protected health information with each other, as necessary to carry out Collectively We Heal's treatment, payment and health care operations. All of the legal entities that comprise Collectively We Heal agree to comply with the terms of this Notice of Privacy Practices.

We are required by law to: make sure that health information that identifies you is kept private; give you this notice of our legal duties and privacy practices with respect to your health information; notify you following a breach of your unsecured protected health information; and follow the terms of the notice that are currently in effect. Although this notice is being provided to you electronically, and by signing an acknowledgment of receipt of this notice, you consent to the provision of this notice electronically, you have the right to request a paper copy of this notice. We reserve the right to change our privacy practices and the terms of this notice at any time. You may obtain a copy of the revised notice on this website. This notice is effective as of February 8, 2021.

How your Information is Used

We may use and disclose your health information for the purposes of providing services and quality care. For the avoidance of doubt, providing treatment services, collecting payment and conducting healthcare operations are all necessary activities for quality care. State and federal laws allow us to use and disclose your health information for these purposes.

Here are some helpful examples, but this list is not exhaustive:

  • Using your information for providing treatment. For example, If your treating provider cannot prescribe medications but wants to refer you to a prescriber in your insurance network, he or she may use your health information for the purpose of referring you to a prescriber who is affiliated with the Practice.

    • The Practice or its business associates may use and disclose health information in order to verify your insurance and coverage.

  • Example of using and disclosing your health information for collecting payment

    • The Practice or its business associates will submit claims for reimbursement to your insurance company in order for them to pay us for the services we provide to you, which requires using your health information.

  • Examples of using and disclosing your health information for healthcare operations

    • The Practice or its business associates will use and disclose your health information for the review of treatment procedures, and may use it to review documentation to ensure provider compliance.

For uses and disclosures for purposes other than treatment, payment and operations, we are required to have your written authorization, unless the use or disclosure falls within an exception, such as those described below. Most uses and disclosures of psychotherapy notes (as that term is defined in the HIPAA Privacy Rule), uses and disclosures for marketing purposes, and disclosures that constitute the sale of Personal Information require your authorization. Authorizations can be revoked at any time to stop future uses/disclosures except to the extent that we may have already taken any action in reliance on your authorization.

Disclosures that can be made without an Authorization

  • Emergencies. Sufficient information may be shared to address an immediate emergency you are facing.

  • Judicial and Administrative Proceedings. We may disclose your personal health information in the course of a judicial or administrative proceeding in response to a valid court order or other lawful process, including if you were to make a claim for Workers Compensation.

  • Public Health Activities. If we felt you were an immediate danger to yourself or others, we may disclose health information about you to the authorities, as well as alert any other person who may be in danger.

  • Child/Elder Abuse. We may disclose health information about you related to the suspicion of child and/or elder abuse or neglect.

  • Criminal Activity or Danger to Others. We may disclose health information if a crime is committed on our premises or against our personnel, or if we believe there is someone who is in immediate danger.

  • Health Oversight Activities. We may disclose health information to a health oversight agency for activities authorized by law. These activities might include audits or inspections and are necessary for the government to monitor the health care system and assure compliance with civil rights laws. Regulatory and accrediting organizations may review your case record to ensure compliance with their requirements. The minimum necessary information will be provided in these instances.

  • Business Associates. The Practice may disclose the minimum necessary health information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. For example, the Practice contracts with a vendor for filing claims with insurance companies. In the process of filing claims, that organization will come into contact with your information. We also contract with a vendor that collects and manages internet or other electronic network activity on our sites and services and internally encodes it so that we can determine and manage information that might be health information. All of our business associates sign agreements to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract.

  • Research. Under certain circumstances, we may use and disclose health information for research. We may permit researchers to look at non-identifying information to help them plan research projects.

  • Marketing. We may send you newsletters or information about services we provide in which we feel you might be interested. You may at any time request that your name be removed from our mailing list.

  • Scheduling appointments. We may email or call you to schedule or remind you of appointments.

Your Individual Rights

  1. Right to Inspect and Copy. You have the right to look at or get copies of your health information, with limited exceptions. Your request must be in writing. If you request a copy of the information, a reasonable charge may be made for the costs incurred.

  2. Right to Amend. You have the right to request that we amend your health information. Your request must be in writing, and it must explain why the information should be amended. We have the right to deny your request under certain circumstances.

  3. Right to an Accounting of Disclosures. You have the right to receive a list of instances in which we have disclosed your health information for a purpose other than treatment, payment, or health care operations. To request an accounting of disclosures, you must submit your request in writing to the Privacy Officer. Such accountings remain available for six years after the last date of service at the Practice.

  4. Right to Request Restrictions. You have the right to request a restriction or limitation on the health information we use or disclose about you. For example, you could ask that we not share information with an insurance company, in which case you would be responsible to pay in full for the services provided. While you are in treatment, a written request should be made with your therapist. To request a restriction after therapy is completed, you must make your written request to the Privacy Officer. We are not required to agree to your request, but we will consider the request very seriously. If we agree, we will abide by our agreement unless the information is needed in an emergency or by law.

  5. Right to Request Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may ask that we contact you only by mail or at work. You must make this request in writing and it must specify the alternative means or location that you would like us to use to provide you information about your health care. We will make every attempt to accommodate reasonable requests.

  6. Right to File Complaints. You may complain to us and to the Secretary of Health and Human Services if you believe your privacy rights have been violated. You may file a complaint with us by contacting the Privacy Officer at Mani@CollectivelyWeHeal.com or (323)301-3962. You will not be retaliated against for filing a complaint. You may also contact the Privacy Officer for further information about this notice.

Email and Text Messages

Some of our patients prefer to communicate with their provider via email or text message. Email and text messages have inherent privacy and security risks, and you should be aware of those before using emails and text messages. Errors in transmission or interception of messages can occur. Your email or text message is not a secure communication between you and your treating provider. At your health care provider’s discretion, your email or text message any and all responses may become part of your medical record. Additionally, for urgent or an emergency situation, you should not rely on email communication with providers affiliated with the Practice. In those situations, you should call 911.

Data Retention and Destruction Policy

Collectively We Heal maintains patient records in accordance with state and federal laws. Our policies regarding data retention and destruction are as follows:

  1. Retention Period: We retain patient health records for a minimum of 7 years from the date of last service, or until 1 year after a minor patient reaches the age of 18, whichever is later.

  2. Storage: During the retention period, records are stored securely, with electronic records encrypted and physical records (if any) kept in locked, fireproof cabinets.

  3. Destruction Process: When records are eligible for destruction, we follow a secure destruction process:

    • Paper records are shredded using a cross-cut shredder or via a certified document destruction service.

    • Electronic records are securely wiped using methods that meet NIST 800-88 standards.

  4. Destruction Documentation: We maintain a log of destroyed records, including the date of destruction and the method used, but excluding any patient-identifying information.

  5. Business Associate Agreements: We ensure that any third-party services involved in data storage or destruction sign Business Associate Agreements and follow HIPAA-compliant processes.

Patients may request information about the status of their records at any time by contacting our Privacy Officer.

Additional Privacy Rights for California Residents

As a California resident, you have additional rights under state law, including:

  1. California Medical Information Act (CMIA) Rights:

    • You have the right to access your medical information and receive a copy within 5 days of our receipt of your request.

    • You can request amendments to your medical information.

    • You can receive an accounting of certain disclosures we have made of your medical information.

  2. California Consumer Privacy Act (CCPA) Rights:

    • Right to Know: You can request what personal information we have collected about you in the past 12 months.

    • Right to Delete: You can request deletion of personal information we have collected from you, with some exceptions.

    • Right to Opt-Out: You can opt-out of the sale of your personal information (Note: Collectively We Heal does not sell personal information).

    • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

  3. California "Shine the Light" Law:

    • You have the right to request information about how we have shared your personal information with third parties for their direct marketing purposes.

To exercise these rights, please contact our Privacy Officer at Mani@CollectivelyWeHeal.com or (323)301-3962. We will respond to your request within the timeframe required by applicable California law.

Please note that certain information may be exempt from these rights under applicable laws. We may need to verify your identity before responding to your request.