FANCHER PSYCHOLOGY & ASSESSMENT, LLC
4709 GOLF ROAD, SUITE 1150
SKOKIE, ILLINOIS 60076
NOTICE OF PRIVACY PRACTICES FORM
Polices and Practices to Protect the Privacy of Your Health Information when Receiving
THIS NOTICE DESCRIBES HOW PSYCHOLOGICAL & MEDICAL INFORMATION ABOUT
YOU MAY BE DISCLOSED & HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
I. Uses and Disclosures for Treatment, Payment, and Health Care Operations
We may use or disclose your protected health information (PHI), for treatment, payment, and
health care operations purposes with your consent. To help clarify these terms, here are some
- “PHI” refers to information in your health record that could identify you.
- “Treatment, Payment and Health Care Operations”
– Treatment is when we provide, coordinate or manage your health care and other
services related to your health care. An example of treatment would be when we consult
with another health care provider, such as your family physician or another psychologist.
– Payment is when we obtain reimbursement for your healthcare. Examples of payment
are when we disclose your PHI to your health insurer to obtain reimbursement for your
health care or to determine eligibility or coverage.
– Health Care Operations are activities that relate to the performance and operation
of our practice. Examples of health care operations are quality assessment and
improvement activities, business-related matters such as audits and administrative
services, and case management and care coordination.
- “Use” applies only to activities within our office such as sharing, employing, applying,
utilizing, examining, and analyzing information that identifies you.
- “Disclosure” applies to activities outside of our office, such as releasing, transferring, or
providing access to information about you to other parties.
II. Uses and Disclosures Requiring Authorization
We may use or disclose PHI for purposes outside of treatment, payment, and health care
operations when your appropriate authorization is obtained. An “authorization” is written
permission above and beyond the general consent that permits only specific disclosures. In
those instances when we are asked for information for purposes outside of treatment, payment
and health care operations, we will obtain an authorization from you before releasing this
information. We will also need to obtain an authorization before releasing your psychotherapy
notes. “Psychotherapy notes” are notes we have made about our conversation during a private,
group, joint, or family counseling session, which we have kept separate from the rest of your
medical record. These notes are given a greater degree of protection than PHI.
You may revoke all such authorizations (of PHI or psychotherapy notes) at any time, provided
each revocation is in writing. You may not revoke an authorization to the extent that (1) we have
relied on that authorization; or (2) if the authorization was obtained as a condition of obtaining
insurance coverage, and the law provides the insurer the right to contest the claim under the
I will also obtain an authorization from you before using or disclosing: PHI in a way that is not
described in this Notice. PHI in a way that is considered a sale of PHI. We will not share any
substance abuse treatment records or information with regard to HIV status without your written
III. Uses and Disclosures with Neither Consent nor Authorization
We may use or disclose PHI without your consent or authorization in the following
- Child Abuse: If we know, or have reasonable cause to suspect, that a child is abused,
abandoned, or neglected by a parent, legal custodian, caregiver or other person responsible
for the child’s welfare, the law requires that we report such knowledge or suspicion to the
Florida Department of Child and Family Services.
- Adult and Domestic Abuse: If we know, or have reasonable cause to suspect, that a
vulnerable adult (disabled or elderly) has been or is being abused, neglected, or exploited,
we are required by law to immediately report such knowledge or suspicion to the Central
- Health Oversight: If a complaint is filed against us with the relevant state licensing board
(e.g. the Florida Board of Psychology), that department has the authority to subpoena
confidential mental health information from us relevant to that complaint.
- Judicial or Administrative Proceedings: If you are involved in a court proceeding and a
request is made for information about your diagnosis or treatment and the records thereof,
such information is privileged under state law, and we will not release information without
the written authorization of you or your legal representative, or a subpoena of which you
have been properly notified and you have failed to inform us that you are opposing the
subpoena or a court order. The privilege does not apply when you are being evaluated for a
third party or where the evaluation is court ordered. You will be informed in advance if this is
- Serious Threat to Health or Safety: When you present a clear and immediate probability of
physical harm to yourself, to other individuals, or to society, we may communicate relevant
information concerning this to the potential victim, appropriate family member, or law
enforcement or other appropriate authorities.
- Worker’s Compensation: If you file a worker’s compensation claim, we must, upon request
of your employer, the insurance carrier, an authorized qualified rehabilitation provider, or
the attorney for the employer or insurance carrier, furnish your relevant records to those
- When the use and disclosure without your consent or authorization is allowed under other
sections of Section 164.512 of the Privacy Rule and the state’s confidentiality law. This
includes certain narrowly-defined disclosures to law enforcement agencies, to a health
oversight agency (such as HHS or a state department of health), to a coroner or medical
examiner, for public health purposes relating to disease or FDA-regulated products, or
for specialized government functions such as fitness for military duties, eligibility for VA
benefits, and national security and intelligence.
IV. Client’s Rights and Psychologist’s Duties
- Right to Request Restrictions –You have the right to request restrictions on certain
uses and disclosures of protected health information about you. However, we are not
required to agree to a restriction you request.
- Right to Receive Confidential Communications by Alternative Means and at Alternative
Locations – You have the right to request and receive confidential communications of
PHI by alternative means and at alternative locations. (For example, you may not want a
family member to know that you are seeing a therapist. Upon your request, we will send
your bills to another address.)
- Right to Inspect and Copy – You have the right to inspect or obtain a copy (or both) of
PHI in our mental health and billing records used to make decisions about you for as
long as the PHI is maintained in the record. We may deny your access to PHI under
certain circumstances, but in some cases, you may have this decision reviewed. On your
request, we will discuss with you the details of the request and denial process.
- Right to Amend – You have the right to request an amendment of PHI for as long as the
PHI is maintained in the record. We may deny your request. On your request, we will
discuss with you the details of the amendment process.
- Right to an Accounting of with whom we’ve shared your information – You generally
have the right to receive an accounting of disclosures of PHI regarding you. On your
request, we will discuss with you the details of the accounting process.
- Right to a Paper Copy – You have the right to obtain a paper copy of the notice from us
upon request, even if you have agreed to receive the notice electronically.
- Right to Restrict Disclosures When You Have Paid for Your Care Out-of-Pocket. You
have the right to restrict certain disclosures of PHI to a health plan when you pay out-ofpocket in full for my services.
- Right to Be Notified if There is a Breach of Your Unsecured PHI. You have a right to be
notified if: (a) there is a breach (a use or disclosure of your PHI in violation of the HIPAA
Privacy Rule) involving your PHI; (b) that PHI has not been encrypted to government
standards; and (c) my risk assessment fails to determine that there is a low probability
that your PHI has been compromised.
- Right to Choose Someone to Act for You. If you have given someone medical power of
attorney or if someone is your legal guardian, that person can exercise your rights and
make decisions for you. We will be sure this person has authority before we take any
- We are required by law to maintain the privacy of PHI and to provide you with a notice of our
legal duties and privacy practices with respect to PHI.
- We reserve the right to change the privacy policies and practices described in this notice.
Unless we notify you of such changes, however, we are required to abide by the terms
currently in effect.
- If we revise our policies and procedures, you will be notified about those changes in your
next office visit, by telephone communication, or by mail.
If you are concerned that we have violated your privacy rights, or you disagree with a decision
we made about access to your records, you may contact our Privacy Officer, Dr. Rachel Riley
Fancher, PsyD at 312-854-9764.
You may also send a written complaint to the Secretary of the U.S. Department of Health and
Human Services 200 Independence Ave, S.W., Washington, D.C. 20201 or 1-877-696-6775.
We will not retaliate against you if a complaint is made.
VI. Breach Notification Addendum to Policies & Procedures
1.When the Practice becomes aware of or suspects a breach, as defined in Section 1 of the
breach notification Overview, the Practice will conduct a Risk Assessment, as outlined
in Section 2.A of the Overview. The Practice will keep a written record of that Risk
2. Unless the Practice determines that there is a low probability that PHI has been
compromised, the Practice will give notice of the breach as described in Sections 2.B
and 2.C of the breach notification overview.
3. The risk assessment can be done by a business associate if it was involved in the breach.
While the business associate will conduct a risk assessment of a breach of PHI in its
control, the Practice will provide any required notice to patients and HHS.
4. After any breach, particularly one that requires notice, the Practice will re-assess its privacy
and security practices to determine what changes should be made to prevent the reoccurrence of such breaches.
This notice will go into effect on July 1, 2011.
Revised August 20, 2013.