top of page

HIPAA Notice of PP

HIPAA NOTICE OF PRIVACY PRACTICE

Effective Date: [Date]

 

This Notice of Privacy Practices (“Notice”) explains how Get Healthy Directory and its affiliated clinicians and staff (“we,” “us,” or “our”) may use and disclose your protected health information (“PHI”), and how you can access it, as required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and applicable state laws.

This Notice applies to telehealth services and, if applicable, in-person care. It covers video sessions, phone visits, secure messaging, electronic records, and related administrative activities.

​

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

​

Our Legal Duties

​

We are required by law to:

  • Maintain the privacy and security of your PHI

  • Provide you with this Notice of our legal duties and privacy practices

  • Follow the terms of this Notice currently in effect

  • Notify you promptly if a breach occurs that may have compromised the privacy or security of your PHI

​

We may update this Notice at any time. Revised versions will apply to all PHI we maintain and will be posted on our website and available upon request.

 

What Information We Collect

​

Your PHI may include:

  • Identifying information (name, date of birth, contact details)

  • Medical and mental health history

  • Diagnoses, treatment plans, and progress notes

  • Telehealth session data and communications

  • Prescriptions and medication records

  • Billing and insurance information

This information may be created by your provider, other healthcare professionals, you, or your health plan.

 

How We May Use and Disclose Your PHI (Without Authorization)

​

HIPAA allows us to use and disclose your PHI for the following purposes without your written authorization:

​

Treatment

We may use and share your PHI to provide, coordinate, or manage your care, including with other providers, pharmacies, laboratories, specialists, or referral sources.

​

Payment

We may use and disclose PHI to bill for services, submit insurance claims, verify coverage, and obtain prior authorization.

​

Health Care Operations

We may use PHI for operations such as quality improvement, staff training, credentialing, business management, customer service, and care coordination.

 

Other Permitted or Required Disclosures

​

We may also use or disclose PHI to:

  • Comply with federal, state, or local laws

  • Report abuse, neglect, or domestic violence when required

  • Assist in public health activities

  • Support health oversight activities such as audits and investigations

  • Respond to court orders, subpoenas, or law enforcement requests

  • Assist coroners or medical examiners

  • Facilitate organ donation

  • Conduct approved research under privacy safeguards

  • Prevent or reduce serious threats to health or safety

  • Support national security and military activities

  • Comply with workers’ compensation laws

  • Communicate with family or caregivers involved in your care when appropriate

 

Business Associates and Technology Providers

​

We may share PHI with third-party providers who support telehealth technology, data storage, billing, and security. These providers must protect your PHI and, when required, sign Business Associate Agreements to ensure HIPAA compliance.

 

Uses and Disclosures Requiring Your Written Authorization

We will obtain your written authorization before:

  • Using PHI for most marketing purposes

  • Selling your PHI

  • Sharing psychotherapy notes, except as permitted by law

​

You may revoke your authorization in writing at any time, except when we have already acted based on it.

 

Special Protections for Certain Records

​

Some information may be protected by additional laws, such as 42 CFR Part 2 for substance use disorder records and state mental health or HIV confidentiality laws. We will follow these stricter protections when required.

 

Your Rights Under HIPAA

You have the right to:

  • Inspect and obtain copies of your health records, including electronic copies when available

  • Request amendments to records you believe are incorrect or incomplete

  • Receive an accounting of certain disclosures made in the past six years, excluding treatment, payment, and health care operations

  • Request restrictions on how your PHI is used or disclosed, with certain required exceptions, when you pay in full out of pocket, and request that information not be shared with your health plan

  • Request confidential communications at alternative locations or by alternative means

  • Obtain a paper copy of this Notice at any time

  • Appoint a personal representative to act on your behalf, subject to verification of legal authority

​

Requests may need to be in writing and may be subject to reasonable fees as allowed by law.

 

Telehealth Privacy and Security

​

Telehealth services use secure technology to protect electronic PHI under the HIPAA Security Rule. However, no electronic system is entirely risk-free.

We encourage you to use private locations for sessions, protect your login credentials, and avoid public Wi-Fi when accessing sessions or patient portals.

 

Complaints and Contact Information

​

If you believe your privacy rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services or us. We will not retaliate against you for filing a complaint.

 info@gethealthydirectory.com

​

File with HHS

​

U.S. Department of Health and Human Services

Office for Civil Rights

200 Independence Avenue, SW

Washington, DC 20201

Phone: 1-800-368-1019

TDD: 1-800-537-7697

Online: Office for Civil Rights Complaint Portal

 

Who Must Follow This Notice

​

This Notice applies to all licensed clinicians, employees, contractors, and departments involved in telehealth and clinical operations at Get Healthy Directory. All workforce members must follow this Notice.

bottom of page