HIPAA Privacy and Security Practices

Journey Services Counseling follows HIPAA regulations to protect your privacy and the security of your personal information. Here is our HIPAA Notice of Privacy and Security Practices.

Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL/MENTAL HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

PRACTICE START DATE: March 1, 2012

Every effort is made to treat your confidential information in a professional manner in keeping with ethical standards and laws regarding privacy. The personal information that a client shares with a professional counselor is kept confidential with the following exceptions:

  1. Danger to self or others – A therapist must take steps to protect a client or others from imminent danger when the client is viewed as threatening physical injury to self or others, or when the client has threatened to damage or destroy the property of others.
  2. Disclosure of abuse – All therapists must report to the appropriate local Protective Service agencies any and all knowledge or suspicion of physical or sexual abuse of a minor, an elderly person, or a person with a mental disability. We must also report severe physical abuse of non-disabled adults.

This notice describes our policies related to the use and disclosure of a client’s healthcare information. The use and disclosure of protected health information for the purposes of providing services. Providing treatment services, collecting payment, and conducting healthcare operations are necessary activities for quality care. State and federal laws allow us to use and disclose your health information for these purposes.

Treatment

  • Provide, manage or coordinate care
    Your personal health information may be legally shared within the practice in order to provide, manage, or coordinate your care. Details of sessions are only maintained by the counselor and are not shared with anyone else. Other staff of Journey Services Counseling will only be aware of information related to scheduling or billing.
  • Consultants
    At times, if difficulties in a case arise, it is possible for the counselor to consult with another counselor for guidance in treatment. In such situations, no personally identifiable information will be divulged, only appropriate details of the case in order to assist the counselor to develop an accurate diagnosis and treatment plan.
  • Referral Sources
    When a client is referred by another counselor or practice, a release of information will be provided to the client for them to sign prior to communicating any Personal Health Information to Journey Services Counseling. If a referral is made from Journey Services Counseling to another counselor or practice, the client will be asked to review and sign an information release prior to communication of any case information or Personal Health Information.

Payment

Journey Services Counseling may legally use and disclose Personal Health Information to:

  • Verify Insurance and Coverage
    Currently, Journey Services Counseling does not do insurance billing. If it does so in the future, HIPAA allows for the provider to verify the client’s insurance and coverage without prior permission.
  • Process Claims and Collect Fees
    Journey Services Counseling can use the Personal Health Information you have provided to collect payment for counseling services (via Credit, Debit, HSA cards). Your initial permission is always requested when you provide the card information. Once provided we use that information to bill for sessions when they happen. Should Journey Services Counseling ever begin taking insurance payments, HIPAA also allows us to submit claims and receive payments using HIPAA-compliant mechanisms to do so.

Healthcare Operations

Journey Services Counseling may legally use and disclose Personal Health Information to:

  • Review of Treatment Procedures
    Currently, Journey Services only has one staff counselor, so there is no in-practice review of treatment. If the practice expands in the future, it is within HIPAA guidelines for counseling staff to review and consult as professional colleagues regarding diagnoses and treatment procedures, without prior permission.
  • Review of Business Activities
    When Journey Services Counseling is reviewing business activities such as information storage, scheduling, or billing, non-counseling staff have limited access to Personal Health Information related to those practices. Client notes and counselor notes are not accessible to non-counseling staff. 
  • Certification
    If Journey Services Counseling were to seek certification for its practice, it is possible that representatives of the certifying entity would need to review policies, procedures, and the data involved in those processes. 
  • Staff Training
    When staff are trained in specific processes they may see some Personal Health Information. No client session records, though, are ever included in training.
  • Compliance and Licensing Activities
    If any audit is conducted by HIPAA or the Ohio Board, Journey Services Counseling is legally required to provide access to official review team members of any requested information, in order to demonstrate compliance in each aspect of the practice.

Other Uses and Disclosures without Your Consent

  • Mandated Reporting
    If a government agency mandates reporting to confirm compliance, Journey Services Counseling is required to provide the necessary, but only necessary, information. This mandated reporting can include: child abuse, elder abuse, or posing a serious threat to themselves or someone else.
  • Emergencies
    Should the counselor determine that a client is in a state of emergency (suicide, endangering abuse), they are required by law to report to appropriate agencies to ensure the client’s safety and wellbeing are ensured.
  • Appointment Scheduling
    Journey Services Counseling staff other than the counselor can view basic information while they are involved in scheduling appointments, may view your appointment while checking the overall calendar, or may be aware of your personal information as part of arranging payment for services after a session. 
  • Treatment Alternatives
    When your counselor determines that a client may need treatment alternatives from another counselor, they will obtain an information release from the client in order to talk with another provider and help ensure that the alternative treatment will work and the transfer can happen smoothly.
  • As Required by Law
    Under some circumstances, a judge may request or subpoena counseling information. The counselor will only provide information specifically requested by the judge and will provide the minimum required to meet the request. 

Security

Here are security practices we follow to protect client PHI.

  • Journey Services Counseling uses password-protected emails, computer logins, and software logins to ensure security of your data.
  • Our service providers, Simple Practice and Doxy.me have current Business Associate Agreements with Journey Services Counseling ensuring their compliance with HIPAA privacy and security requirements.
  • Any personal devices used for communication (phones, tablets) are secured with password and additional login requirements (pattern or pin) that are unknown to other persons.
  • When devices are taken out of service, they are factory reset and wiped of data (using an electronic shredder) to remove any possible PHI that might have been stored.
  • The counselor uses physical, written notes for client sessions. These are placed in the client’s physical file at the end of the session. The counselor then locks the file folder in a locked filing cabinet in her office.
  • In the event that something would happen to the counselor, arrangements would be made for her backup counseling colleague to come, unlock the cabinet, and remove the files to a secure location at the backup counselor’s office.

HIPAA Information

For further information about the Health Information Portability and Accountability Act (HIPAA) and your rights under it, see:

Return <Telehealth>