Disclosures

Good Faith Estimate

You have the right to receive a “Good Faith Estimate” explaining how much your medical care will cost.

Under the law, health care providers need to give patients who don’t have insurance or who are not using insurance an estimate of the bill for medical items and services.

  • You have the right to receive a Good Faith Estimate for the total expected cost of any non-emergency items or services. This includes related costs like medical tests, prescription drugs, equipment, and hospital fees.
  • Make sure your health care provider gives you a Good Faith Estimate in writing at least 1 business day before your medical service or item. You can also ask your health care provider, and any other provider you choose, for a Good Faith Estimate before you schedule an item or service.
  • If you receive a bill that is at least $400 more than your Good Faith Estimate, you can dispute the bill.
  • Make sure to save a copy or picture of your Good Faith Estimate.

For questions or more information about your right to a Good Faith Estimate, visit www.cms.qov/nosurprises or call the Colorado Division of Insurance at 303-894-7490 or 1-800-930-3745.

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MENTAL HEALTH AND MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

In the course of providing services to you, RSA, Inc. will obtain, record, and use mental health and medical information about you that is considered Protected Health Information, or “PHI.”  PHI is defined as “individually identifiable health information” that is created or received by a healthcare provider and which relates to past, present, or future health, provision of healthcare, or payment for provision of healthcare and that either identifies the individual or could be used to identify the individual.  HIPAA and other laws regulate the use and disclosure of PHI when it is transmitted electronically.  This Notice describes RSA’s policies related to the use and disclosure of your PHI.

Uses and Disclosures Not Requiring Consent.

Providing treatment services, collecting payment and conducting healthcare operations are necessary activities for quality care.  State and federal laws allow me to use and disclose your health information for these purposes.  In most cases, I am limited to disclosing the minimum information necessary to accomplish these purposes.  To help clarify these terms, here are some examples: 

  • Treatment is when I use and disclose health information to provide, coordinate or manage your health care and other services related to your health care.  If I decide to consult with another licensed health care provider about your condition, I would be permitted to use and disclose your personal health information, which is otherwise confidential, in order to assist me in the diagnosis or treatment of your mental health condition.

Disclosures for treatment purposes are not limited to the minimum necessary standard, because physicians and other health care providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, among other things, the coordination and management of health care among health care providers or by a health care provider with a third party, consultations between health care providers, and referrals of a patient for health care from one health care provider to another.

  • Payment is when I use and disclose health information to obtain reimbursement for your healthcare.  Examples of payment are when I disclose your PHI to your health insurer to obtain reimbursement for your health care or to determine eligibility or coverage.
  • Health Care Operations refers to the use and disclosure of health information for activities that relate to the performance and operation of my practice.  Examples of health care operations are review of treatment procedures or business operations, quality assessment and improvement activities, and staff training.

PLEASE NOTE: I, or someone from RSA acting with my authority, may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. Your prior written authorization is not required for such contact.

Uses and Disclosures Requiring Authorization

I may use or disclose PHI for purposes outside of treatment, payment, or health care operations when your appropriate authorization is obtained.  In those instances when I am asked for information for purposes outside of treatment, payment or health care operations, I will obtain an authorization from you before releasing this information.  I will also need to obtain an authorization before releasing your Psychotherapy Notes.  “Psychotherapy Notes” are notes I have made about our conversation during a private, group, joint, or family counseling session, which I have kept separate from the rest of your medical record.  These notes are given a greater degree of protection than PHI.  I will also obtain an authorization from you before using or disclosing PHI in a way that is not described in this Notice.  You may revoke all such authorizations at any time, provided each revocation is in writing.  You may not revoke an authorization to the extent that (1) I have relied on that authorization; or (2) if the authorization was obtained as a condition of obtaining insurance coverage, law provides the insurer the right to contest the claim under the policy.

I may use or disclose PHI without your consent or authorization in certain circumstances, including, but not limited to:

  • Child or At-Risk Adult Abuse: If I have reasonable cause to know or suspect that a child has been subjected to abuse or neglect or an at-risk adult has been mistreated, self-neglected, or financially exploited or is at imminent risk of mistreatment, self-neglect, or financial exploitation, then I must report this to the appropriate authorities.
  • Health Oversight Activities: If the Colorado state licensing board or an authorized professional review committee is reviewing my services, I may disclose PHI to that board or committee.
  • Judicial and Administrative Proceedings:  If you are involved in a court proceeding where you are being evaluated for a third party or where the evaluation is court ordered, I may disclose PHI to the court.  You will be informed in advance if this is the case.
  • Serious Threat to Health or Safety: If you communicate to me a serious threat of imminent physical violence against a specific person or persons, including those identifiable by association with a specific place, I have a duty to notify any person or persons specifically threatened, as well as a duty to protect by taking other appropriate action.  If I believe that you are at imminent risk of inflicting serious harm on yourself, I may disclose information necessary to protect you.  In either case, I may disclose information in order to initiate hospitalization.
  • Business Associates:  RSA may enter into contracts with business associates that are outside entities to provide billing, legal, auditing, and practice management services. In those situations, protected health information will be provided to those contractors as needed to perform their contracted tasks.  Business associates are required to enter into an agreement maintaining the privacy of the protected health information released to them.
  • In Compliance with Other State/Federal Laws and Regulations: PHI may be disclosed when the use and disclosure is allowed under other sections of Section 164.512 of the Privacy Rule and the state’s confidentiality law. This includes certain narrowly-defined disclosures to law enforcement agencies, to a health oversight agency (such as HHS), to a medical examiner, for public health purposes relating to disease or FDA-regulated products, or for specialized government functions (fitness for military duties, eligibility for VA benefits, etc.)

Client Rights

When it comes to your PHI, you have certain rights.  This section explains your rights and some of RSA’s responsibilities to help you.

  • Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of protected health information regarding you.  The request must be in writing, and I am not required to agree to a restriction you request.
  • Right to Receive Confidential Communications by Alternative Means and at Alternative Locations: You have the right to request and receive confidential communications of PHI by alternative means and at alternative locations.  (For example, you may not want a family member to know that you are seeing me.  On your request, I will send your bills to another address.)
  • Right to Inspect and Copy: You have the right to inspect or obtain a copy (or both) of PHI in my mental health and billing records used to make decisions about you for as long as the PHI is maintained in the record.  I may deny your access to PHI under certain circumstances, but in some cases you may have this decision reviewed.  On your request, I will discuss with you the details of the request and denial process.
  • Right to Amend: You have the right to request an amendment of PHI for as long as the PHI is maintained in the record.  I may deny your request.  On your request, I will discuss with you the details of the amendment process.
  • Right to an Accounting: You generally have the right to receive an accounting of disclosures of PHI.  On your request, I will discuss with you the details of the accounting process.
  • Right to a Paper Copy: You have the right to obtain a paper copy of the notice from me upon request, even if you have agreed to receive the notice electronically.
  • Right to Restrict Disclosures When You Have Paid for Your Care Out-of-Pocket: You have the right to restrict certain disclosures of PHI to a health plan when you pay out-of-pocket in full for my services.

Provider’s Duties

As a mental health provider, I have certain duties to you related to your PHI.  These are described below. 

  • I am required by law to maintain the privacy of PHI and to provide you with a notice of my legal duties and privacy practices with respect to PHI.
  • I am required to notify you if: (a) there is a breach (a use or disclosure of your PHI in violation of the HIPAA Privacy Rule) involving your PHI; (b) that PHI has not been encrypted to government standards; and (c) my risk assessment fails to determine that there is a low probability that your PHI has been compromised.
  • I reserve the right to change the privacy policies and practices described in this notice.  Unless I notify you of such changes, however, I am required to abide by the terms currently in effect. 
  • If I revise my policies and procedures, I will send a revised Notice of Privacy Practices by mail or email to the address I have in your record.

Questions and Complaints

If you have questions about this notice, disagree with a decision I make about access to your records, or have other concerns about your privacy rights, you may contact the Privacy Officer, Shawna Craig, at 303-232-5749. 

If you believe that your privacy rights have been violated and wish to file a complaint with my office, you may send your written complaint to Shawna Craig at 1410 Vance, Street, Suite 107, Lakewood, CO 80214.  You may also send a written complaint to the Secretary of the U.S. Department of Health and Human Services.  Centralized Case Management Operations, U.S.

Department of Health and Human Services, 200 Independence Avenue, S.W., Room 509F HHH Bldg., Washington, D.C. 20201, or email to OCRComplaint@hhs.gov.   RSA will not retaliate against you for exercising your right to file a complaint.

This Notice is effective February 2022.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html