Confidential Care

Image

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted on August 21, 1996. Sections 261 through 264 of HIPAA require the Secretary of HHS to publicize standards for the electronic exchange, privacy and security of health information.  The final regulation, the Privacy Rule, was published December 28, 2000. The Privacy Rule, as well as all the Administrative Simplification rules, apply to health plans, health care clearinghouses, and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of HHS has adopted standards under HIPAA (the “covered entities”). The Privacy Rule protects all "individually identifiable health information" held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information "protected health information (PHI)." “Individually identifiable health information” is information, including demographic data, that relates to: the individual’s past, present or future physical or mental health or condition, the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number). A major purpose of the Privacy Rule is to define and limit the circumstances in which an individual’s protected heath information may be used or disclosed by covered entities. A covered entity, like Pacific Solstice LLC, may not use or disclose protected health information, except either: (1) as the Privacy Rule permits or requires; or (2) as the individual who is the subject of the information (or the individual’s personal representative) authorizes in writing. 

Pacific Solstice LLC, a covered entity, must disclose protected health information in only two situations: (a) to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of, their protected health information; and (b) to HHS when it is undertaking a compliance investigation or review or enforcement action.
 

Pacific Solstice LLC, a covered entity may use and disclose protected health information for its own treatment, payment, and health care operations activities. We may also may disclose protected health information for the treatment activities of a Pacific Solstice health care provider, the payment activities of another covered entity and of any health care provider, or the health care operations of another covered entity involving either quality or competency assurance activities or fraud and abuse detection and compliance activities, if both covered entities have or had a relationship with the individual and the protected health information pertains to the relationship. 

Most uses and disclosures of psychotherapy notes for treatment, payment, and health care operations purposes require an authorization as described below. Obtaining “consent” (written permission from individuals to use and disclose their protected health information for treatment, payment, and health care operations) is optional under the Privacy Rule for all covered entities. The content of a consent form, and the process for obtaining consent are explained at Intake and in your Pacific Solstice Admission Agreement. All authorizations are in plain language, and contain specific information regarding the information to be disclosed or used, the person(s) disclosing and receiving the information, expiration, right to revoke in writing, and other data. 

A central aspect of the Privacy Rule is the principle of “minimum necessary” use and disclosure. Pacific Solstice LLC must make reasonable efforts to use, disclose, and request only the minimum amount of protected health information needed to accomplish the intended purpose of the use, disclosure, or request. Our policies and procedures reasonably limit uses and disclosures to the minimum necessary. When the minimum necessary standard applies to a use or disclosure,we may not use, disclose, or request the entire medical record for a particular purpose, unless it can specifically justify the whole record as the amount reasonably needed for the purpose. 

Your well-being, time, trust, consent and confidentiality are our priorities. Please do not hesitate to ask any team member questions about HIPAA. We are at your service.

- Information herein cited from United States Department of Health and Human Services Summary of the Privacy Rule -