Privacy Policy
Health Insurance Portability and Accountability Act (HIPAA)
Notice of Privacy Practices and Confidentiality of Substance Use Disorder Treatment Records
(42 U.S.C. § 290dd-2 and 42 C.F.R. Part 2)
Effective Date: 1/8/2023
Your Information. Your Rights. Our Responsibilities.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Your Rights
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
Ask us to correct your medical record
You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this. We may say “no” to your request, but we’ll tell you why in writing within 60 days.
Request confidential communications
You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
We will say “yes” to all reasonable requests.
Ask us to limit what we use or share
You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
Get a list of those with whom we’ve shared information
You can ask for a list (accounting) of the times we’ve shared your health information for up to six (6) years prior to the date you ask, who we shared it with, and why.
We will include all the disclosures we are required by law to include in an accounting. Except in certain circumstances, federal law generally does not require us to provide an accounting of disclosures made for treatment, payment, and health care operations purposes and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but, if permitted by the laws that apply to use, will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
You can complain if you feel we have violated your rights by contacting us using the information on page 1.
You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting hhs.gov/ocr/privacy/hipaa/complaints/.
Violations of the Federal Confidentiality of Substance Use Disorder Patient Record regulations is a crime. Suspected violations may be reported to the United States Attorney at:
The United States Attorney’s Office District of Arizona, Two Renaissance Square 40 N. Central Avenue, Suite 1800, Phoenix, AZ 85004-4449, (602) 514-7500
If the violation involves an opioid treatment program, the violation may also be reported to: SAMHSA Center for Substance Abuse Treatment, 5600 Fishers Lane, Rockville, MD 20857, Phone: 240-276-1660 ‖ Fax: 301-480-6596
We will not retaliate against you for filing a complaint.
Your Choices
For certain health information, you can tell us your choices about what we share. Because we comply with the federal Confidentiality of Substance Use Disorder Patient Records regulations (42 C.F.R. Part 2 or “Part 2”) there are very limited circumstances in which we may share your health information without your written consent to do so. Thus, in most circumstances we will ask you for your written permission before sharing health information.
However, as explained below, there may be circumstances where your health information is not protected by Part 2 but is protected by HIPAA. In these circumstances, we may use and disclosure such health information as permitted by HIPAA. However, if you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions. In these cases, you have both the right and choice under HIPAA to tell us to:
Share information with your family, close friends, or others involved in your care; and
Share information in a disaster relief situation.
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest and, if applicable, permitted by Part 2. We may also share your information when needed to lessen a serious and imminent threat to health or safety and, if applicable, will do so in compliance with Part 2 requirements.
In these cases, we never share your information unless you give us written permission:
Marketing purposes;
Sale of your information; and
Most sharing of psychotherapy notes (that is, your mental health professional’s impressions from your individual or group therapy sessions that are kept separate from the rest of your medical record).
In the case of fundraising:
We may contact you for fundraising efforts, but you can tell us not to contact you again.
Our Uses and Disclosures of Your Health Information
HIPAA is a federal privacy law that protects individually identifiable health information (called “protected health information” or PHI). Protected health information that identifies a person as having (or having had) a substance use disorder and that originates from a federally assisted substance use disorder treatment provider (called a “Part 2 program”) is also specially protected by a Federal law and regulations that are more protective than HIPAA. That Federal law is located at 42 U.S.C. § 290dd-2 and 42 C.F.R. Part 2 (collectively, called “Part 2”). We follow Part 2’s more restrictive privacy protections when Part 2 applies.
How do we typically use your health information?
We typically use your health information (including substance use disorder information) in the following ways:
- To treat youth and families enrolled in our behavioral health programs.
- We can use your health information for purposes of providing treatment to you.
- Example: A notMYkid clinician providing behavioral health services may share your health information with your notMYkid peer support specialist to better coordinate your care.
- To effectively run our organization and comply with policies and procedures.
We can use your health information to run our practice, improve your care, and contact you when necessary.
Example: We use health information about you to manage your treatment and services.
How do we disclose (share) your health information?
A Part 2 program may not say whether you are receiving services from the Part 2 program (or have received services) if doing so would reveal your substance use disorder. A Part 2 program may not disclose information identifying you as having (or having had) a substance use disorder unless:
You consent to the disclosure in writing or, if you have been adjudicated incompetent, your guardian (or other individual legally authorized to act on your behalf) consents to the disclosure.
The disclosure is allowed by court order.
The disclosure is to medical personnel in a medical emergency where your prior consent cannot be obtained.
The disclosure is to medical personnel of the Food and Drug Administration (FDA) for product recalls.
The disclosure is to medical personnel when there is a temporary state of emergency declared as the result of a natural or major disaster (such as a wildfire or hurricane) and the Part 2 program is closed and unable to provide services or obtain your prior consent due to the emergency.
The disclosure is to a third-party payor (like your health plan) for payment purposes in circumstances where the Part 2 program director has consented on your behalf because your condition prevents you from knowing or taking effective action on your own behalf.
The disclosure is to the Part 2 program’s contractors who provide services to the Part 2 program and who agree to be bound by the privacy protections for substance use disorder information.
The disclosure is to organization(s) that have direct administrative control over the Part 2 program.
The disclosure is to qualified personnel for research, audit or program evaluation purposes.
The disclosure is for cause of death reporting or investigations permitted by state law.
The disclosure is for another purpose permitted by 42 U.S.C. § 290dd-2 and 42 C.F.R. Part 2.
The Federal law and regulations do NOT protect any information about:
A crime committed by a patient on the premises of the Part 2 program, against Part 2 program personnel, or about any threat to commit such a crime.
Suspected child abuse or neglect from being reported under State law to appropriate State or local authorities.
If Part 2 does not apply to your health information, we may share that non-Part 2 information without your written consent in the following ways:
To treat you or your child. We may share your health information with other professionals who are treating you or your child.
For normal health care operations activities. We may share your health information to run our practice and to the improve the care that is provided to patients.
To bill for your services. We may share your health information to bill and get payment from health plans or other entities.
How else can we use or share your health information?
If Part 2 does not apply, we may be allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We provide a summary of those other purposes below. But we have to meet many conditions in the law before we can share your information for these purposes. For more information see:
www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. If Part 2 applies, we may not be allowed to share your health information in these ways unless we get your written consent.
Help with public health and safety issues
If Part 2 does not apply, we may share health information about you for certain public health situations (and if certain conditions are met), such as:
Preventing disease;
Reporting adverse reactions to medications;
Reporting suspected partner or elder abuse, neglect, or domestic violence; and
Preventing or reducing a serious threat to anyone’s health or safety.
Do research
We can use or share your information for health research if certain conditions are met.
Comply with the law
Unless Part 2 prevents us from making the disclosure, we will share information about you if State or Federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with Federal privacy law.
Respond to organ and tissue donation requests
If Part 2 does not apply, we may share health information about you with organ procurement organizations (and if certain conditions are met).
Work with a medical examiner or funeral director
We can share health information with a coroner, medical examiner, or funeral director when an individual dies (and if certain conditions are met).
Address workers’ compensation, law enforcement, and other government requests
If Part 2 does not apply, we may use or share health information about you (if certain conditions are met):
For workers’ compensation claims;
For law enforcement purposes or with a law enforcement official;
With health oversight agencies for activities authorized by law; and
For special government functions such as military, national security, and presidential protective services.
Respond to lawsuits and legal actions
If Part 2 does not apply, we may share health information about you in response to a court or administrative order, or in response to a subpoena.
Our Responsibilities
We are required by law to maintain the privacy and security of your protected health information and substance use disorder records. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
We must follow the duties and privacy practices described in this notice and give you a copy of it.
We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.
Cookies
Do we use ‘cookies’?
Yes. Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow) that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. For instance, we use cookies to help us remember and process the items in your shopping cart. They are also used to help us understand your preferences based on previous or current site activity, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.
We use cookies to:
- Understand and save user’s preferences for future visits.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
If you disable cookies off, some features will be disabled It won’t affect the users experience that make your site experience more efficient and some of our services will not function properly.
Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide you with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential. We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety. However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Third-party links
Occasionally, at our discretion, we may include or offer third party products or services on our website. These third-party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
COPPA (Children Online Privacy Protection Act)
When it comes to the collection of personal information from children under 13, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, the nation’s consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.
We do not specifically market to children under 13.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
We will notify the users via email
- Within 1 business day
We will notify users via phone call
- Within 1 business day
We also agree to the individual redress principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or a government agency to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act
The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
To be in accordance with CANSPAM we agree to the following:
- NOT use false, or misleading subjects or email addresses
- Identify the message as an advertisement in some reasonable way
- Include the physical address of our business
- Monitor third party email marketing services for compliance, if one is used.
- Honor opt-out/unsubscribe requests quickly
- Allow users to unsubscribe by using the link at the bottom of each email
If at any time you would like to unsubscribe from receiving future emails, you can email us at
[email protected] and we will promptly remove you from ALL correspondence.
Contacting Us
If there are any questions regarding this privacy policy you may contact us using the information below.
notMYkid, Inc.
Attn: Site Administrator
5310 E Shea Blvd
Scottsdale, AZ 85254
Phone 602-652-0163
Email: [email protected]