Privacy Policy
FANCHER PSYCHOLOGY & ASSESSMENT, LLC
4709 GOLF ROAD, SUITE 1150
SKOKIE, ILLINOIS 60076
NOTICE OF PRIVACY PRACTICES FORM
Polices and Practices to Protect the Privacy of Your Health Information when Receiving
Psychological Services
THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL & MEDICAL INFORMATION ABOUT YOU MAY BE DISCLOSED & HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. Uses and Disclosures for Treatment, Payment, and Health Care Operations
We may use or disclose your protected health information (PHI), for treatment, payment, and health care operations purposes with your consent. To help clarify these terms, here are some definitions:
“PHI” refers to information in your health record that could identify you.
“Treatment, Payment and Health Care Operations”
Treatment is when we provide, coordinate or manage your health care and other services related to your health care. An example of treatment would be when we consult with another health care provider, such as your family physician or another psychologist.
Payment is when we obtain reimbursement for your healthcare. Examples of payment are when we disclose your PHI to your health insurer to obtain reimbursement for your health care or to determine eligibility or coverage.
Health Care Operations are activities that relate to the performance and operation of our practice. Examples of health care operations are quality assessment and improvement activities, business-related matters such as audits and administrative services, and case management and care coordination.
“Use” applies only to activities within our office such as sharing, employing, applying, utilizing, examining, and analyzing information that identifies you.
“Disclosure” applies to activities outside of our office, such as releasing, transferring, or providing access to information about you to other parties.
II. Uses and Disclosures Requiring Authorization
We may use or disclose PHI for purposes outside of treatment, payment, and health care operations when your appropriate authorization is obtained. An “authorization” is written permission above and beyond the general consent that permits only specific disclosures. In those instances when we are asked for information for purposes outside of treatment, payment and health care operations, we will obtain an authorization from you before releasing this information. We will also need to obtain an authorization before releasing your psychotherapy notes. “Psychotherapy notes” are notes we have made about our conversation during a private, group, joint, or family counseling session, which we have kept separate from the rest of your medical record. These notes are given a greater degree of protection than PHI. You may revoke all such authorizations (of PHI or psychotherapy notes) at any time, provided each revocation is in writing. You may not revoke an authorization to the extent that (1) we have relied on that authorization; or (2) if the authorization was obtained as a condition of obtaining insurance coverage, and the law provides the insurer the right to contest the claim under the policy.
I will also obtain an authorization from you before using or disclosing: PHI in a way that is not described in this Notice. PHI in a way that is considered a sale of PHI. We will not share any substance abuse treatment records or information with regard to HIV status without your written permission.
III. Uses and Disclosures with Neither Consent nor Authorization
We may use or disclose PHI without your consent or authorization in the following circumstances:
Child Abuse: If we know, or have reasonable cause to suspect, that a child is abused, abandoned, or neglected by a parent, legal custodian, caregiver or other person responsible for the child’s welfare, the law requires that we report such knowledge or suspicion to the Illinois Department of Child and Family Services.
Adult and Domestic Abuse: If we know, or have reasonable cause to suspect, that a vulnerable adult (disabled or elderly) has been or is being abused, neglected, or exploited, we are required by law to immediately report such knowledge or suspicion to the Central Abuse Hotline.
Health Oversight: If a complaint is filed against us with the relevant state licensing board (e.g. the Illinois Board of Psychology), that department has the authority to subpoena confidential mental health information from us relevant to that complaint.
Judicial or Administrative Proceedings: If you are involved in a court proceeding and a request is made for information about your diagnosis or treatment and the records thereof, such information is privileged under state law, and we will not release information without the written authorization of you or your legal representative, or a subpoena of which you have been properly notified and you have failed to inform us that you are opposing the subpoena or a court order. The privilege does not apply when you are being evaluated for a third party or where the evaluation is court ordered. You will be informed in advance if this is the case.
Serious Threat to Health or Safety: When you present a clear and immediate probability of physical harm to yourself, to other individuals, or to society, we may communicate relevant information concerning this to the potential victim, appropriate family member, or law enforcement or other appropriate authorities.
Worker’s Compensation: If you file a worker’s compensation claim, we must, upon request of your employer, the insurance carrier, an authorized qualified rehabilitation provider, or the attorney for the employer or insurance carrier, furnish your relevant records to those persons.
When the use and disclosure without your consent or authorization is allowed under other sections of Section 164.512 of the Privacy Rule and the state’s confidentiality law. This includes certain narrowly-defined disclosures to law enforcement agencies, to a health oversight agency (such as HHS or a state department of health), to a coroner or medical examiner, for public health purposes relating to disease or FDA-regulated products, or for specialized government functions such as fitness for military duties, eligibility for VA benefits, and national security and intelligence.
IV. Client’s Rights and Psychologist’s Duties
Client’s Rights:
Right to Request Restrictions –You have the right to request restrictions on certain uses and disclosures of protected health information about you. However, we are not required to agree to a restriction you request.
Right to Receive Confidential Communications by Alternative Means and at Alternative Locations – You have the right to request and receive confidential communications of PHI by alternative means and at alternative locations. (For example, you may not want a family member to know that you are seeing a therapist. Upon your request, we will send your bills to another address).
Right to Inspect and Copy – You have the right to inspect or obtain a copy (or both) of PHI in our mental health and billing records used to make decisions about you for as long as the PHI is maintained in the record. We may deny your access to PHI under certain circumstances, but in some cases, you may have this decision reviewed. On your request, we will discuss with you the details of the request and denial process.
Right to Amend – You have the right to request an amendment of PHI for as long as the PHI is maintained in the record. We may deny your request. On your request, we will discuss with you the details of the amendment process.
Right to an Accounting of with whom we’ve shared your information – You generally have the right to receive an accounting of disclosures of PHI regarding you. On your request, we will discuss with you the details of the accounting process.
Right to a Paper Copy – You have the right to obtain a paper copy of the notice from us upon request, even if you have agreed to receive the notice electronically.
Right to Restrict Disclosures When You Have Paid for Your Care Out-of-Pocket. You have the right to restrict certain disclosures of PHI to a health plan when you pay out-of-pocket in full for my services. You have the right to a Good Faith Estimate of service costs.
Right to Be Notified if There is a Breach of Your Unsecured PHI. You have a right to be notified if: (a) there is a breach (a use or disclosure of your PHI in violation of the HIPAA
Privacy Rule) involving your PHI; (b) that PHI has not been encrypted to government standards; and (c) my risk assessment fails to determine that there is a low probability that your PHI has been compromised.
Right to Choose Someone to Act for You. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make decisions for you. We will be sure this person has authority before we take any action.
Psychologist’s Duties:
We are required by law to maintain the privacy of PHI and to provide you with a notice of our legal duties and privacy practices with respect to PHI.
We reserve the right to change the privacy policies and practices described in this notice.
Unless we notify you of such changes, however, we are required to abide by the terms currently in effect.
If we revise our policies and procedures, you will be notified about those changes in your next office visit, by telephone communication, or by mail.
V. Complaints
If you are concerned that we have violated your privacy rights, or you disagree with a decision we made about access to your records, you may contact our Privacy Officer, Dr. Rachel Riley Fancher, PsyD at 312-854-9764.
You may also send a written complaint to the Secretary of the U.S. Department of Health and Human Services 200 Independence Ave, S.W., Washington, D.C. 20201 or 1-877-696-6775.
We will not retaliate against you if a complaint is made.
VI. Breach Notification Addendum to Policies & Procedures
1.When the Practice becomes aware of or suspects a breach, as defined in Section 1 of the breach notification Overview, the Practice will conduct a Risk Assessment, as outlined in Section 2.A of the Overview. The Practice will keep a written record of that Risk Assessment.
2. Unless the Practice determines that there is a low probability that PHI has been compromised, the Practice will give notice of the breach as described in Sections 2.B and 2.C of the breach notification overview.
3. The risk assessment can be done by a business associate if it was involved in the breach.
While the business associate will conduct a risk assessment of a breach of PHI in its control, the Practice will provide any required notice to patients and HHS.
4. After any breach, particularly one that requires notice, the Practice will re-assess its privacy and security practices to determine what changes should be made to prevent the reoccurrence of such breaches.
VII. Effective Date, Restrictions and Changes to Privacy Policy
This notice will go into effect on July 1, 2011
Revised August 20, 2013
Revised January 20, 2022
Please reach out with any questions.