Privacy Practices

On this page you will find the Website Privacy Policy for erinkilbury.com and the HIPAA Notice of Privacy Practices for Erin Kilbury’s psychotherapy practice.

Website Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally Identifiable Information’ (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read this privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your PII in accordance with our website.

Who we are:

Erin Kilbury, Licensed Mental Health Counselor

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. The law’s reach stretches well beyond California to require any person or company in the United States (and conceivably the world) that operates websites collecting PII from California consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared.

According to CalOPPA, we agree to the following:

Users can visit our site anonymously.

Once this privacy policy is created, we will add a link to it on our homepage or as a minimum, on the first significant page after entering our website.

Our Privacy Policy link includes the word ‘Privacy’ and can easily be found on the page specified above.

You will be notified of any Privacy Policy changes:

  • On our Privacy Policy Page

You can change your personal information:

  • By emailing us

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online.

We do not specifically market to children under the age of 13 years old.

What personal information do we collect from people who visit our website?

Analytics:

We have Google Analytics enabled on our site. This allows analyzing where our viewers live, and how they access our site. It does not give us personal information or names or other identifying information about people visiting our site.

Industry regulatory disclosure requirements

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify you via email

  • Within 7 business days

We will notify the users via in-site notification

  • Within 7 business days

We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

Visitors’ GDPR Rights

If you are within the European Union, you are entitled to certain information and have certain rights under the General Data Protection Regulation. Those rights include:

We will retain the any information you choose to provide to us until the earlier of: (a) you asking us to delete the information, (b) our decision to cease using our existing data providers, or (c) the Company decides that the value in retaining the data is outweighed by the costs of retaining it.

You have the right to request access to your data that the Company stores and the rights to either rectify or erase your personal data.

You have the right to seek restrictions on the processing of your data.

You have the right to object to the processing of your data and the right to the portability of your data.

To the extent that you provided consent to the Company’s processing of your personal data, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based upon consent that occurred prior to your withdrawal of consent.

You have the right to lodge a complaint with a supervisory authority that has jurisdiction over issues related to the General Data Protection Regulation.

We require only the information that is reasonably required to enter into a contract with you. We will not require you to provide consent for any unnecessary processing as a condition of entering into a contract with us.

Contact Us

If you have any questions about this Privacy Policy, you can contact:

 

HIPAA Notice of PRivacy Practices

EFFECTIVE DATE OF THIS NOTICE

This notice went into effect on 6/1/2023.

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

I. MY PLEDGE REGARDING HEALTH INFORMATION:

I understand that health information about you and your health care is personal. I am committed to protecting health information about you. I create a record of the care and services you receive from me. I need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated by this mental health care practice. This notice will tell you about the ways in which I may use and disclose health information about you. I also describe your rights to the health information I keep about you and describe certain obligations I have regarding the use and disclosure of your health information. I am required by law to:

·       Make sure that protected health information (“PHI”) that identifies you is kept private.

·       Give you this notice of my legal duties and privacy practices with respect to health information.

·       Follow the terms of the notice that is currently in effect.

·       I can change the terms of this Notice, and such changes will apply to all information I have about you. The new Notice will be available upon request, in my office, and on my website.

II. HOW I MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU:

The following categories describe different ways that I use and disclose health information. For each category of uses or disclosures, I will explain what I mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways I am permitted to use and disclose information will fall within one of the categories.

For Treatment, Payment, or Health Care Operations: Federal privacy rules (regulations) allow healthcare providers who have a direct treatment relationship with the patient/client to use or disclose the patient/client’s personal health information without the patient’s written authorization, to carry out the healthcare provider’s own treatment, payment, or healthcare operations. I may also disclose your protected health information for the treatment activities of any healthcare provider. This too can be done without your written authorization. For example, if a clinician were to consult with another licensed healthcare provider about your condition, we would be permitted to use and disclose your personal health information, which is otherwise confidential, in order to assist the clinician in the diagnosis and treatment of your mental health condition.

Disclosures for treatment purposes are not limited to the minimum necessary standard. Because therapists and other healthcare providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, among other things, the coordination and management of healthcare providers with a third party, consultations between healthcare providers and referrals of a patient for healthcare from one healthcare provider to another.

Lawsuits and Disputes: If you are involved in a lawsuit, I may disclose health information in response to a court or administrative order. I may also disclose health information about your child in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

III. CERTAIN USES AND DISCLOSURES REQUIRE YOUR AUTHORIZATION:

1.     Psychotherapy Notes. I do keep “psychotherapy notes” as that term is defined in 45 CFR § 164.501, and any use or disclosure of such notes requires your Authorization unless the use or disclosure is:

·      For my use in treating you.

·      For my use in training or supervising mental health practitioners to help them improve their skills in group, joint, family, or individual counseling or therapy.

·      For my use in defending myself in legal proceedings instituted by you.

·      For use by the Secretary of Health and Human Services to investigate my compliance with HIPAA.

·      Required by law and the use or disclosure is limited to the requirements of such law.

·      Required by law for certain health oversight activities pertaining to the originator of the psychotherapy notes.

·      Required by a coroner who is performing duties authorized by law.

·      Required to help avert a serious threat to the health and safety of others.

2.     Marketing Purposes. As a psychotherapist, I will not use or disclose your PHI for marketing purposes without your prior written consent. For example, if I request a review from you and plan to share the review publicly online or elsewhere to advertise my services or my practice, I will provide you with a release form and HIPAA authorization. The HIPAA authorization is required in the instance that your review contains PHI (i.e., your name, the date of the service you received, the kind of treatment you are seeking, or other personal health details). Because you may not realize which information you provide is considered “PHI,” I will send you a HIPAA authorization and request your signature regardless of the content of your review. Once you complete the HIPAA authorization, I will have the legal right to use your review for advertising and marketing purposes, even if it contains PHI. You may withdraw this consent at any time by submitting a written request to me via the email address I keep on file or via certified mail to my address. Once I have received your written withdrawal of consent, I will remove your review from my website and from any other places where I have posted it. I cannot guarantee that others who may have copied your review from my website or other locations will also remove the review. This is a risk that I want you to be aware of, should you give me permission to post your review.

3.     Sale of PHI. As a psychotherapist, I will not sell your PHI in the regular course of my business.

IV. CERTAIN USES AND DISCLOSURES DO NOT REQUIRE YOUR AUTHORIZATION:

Subject to certain limitations in the law, I can use and disclose your PHI without your Authorization for the following reasons:

1.     When disclosure is required by state or federal law, and the use or disclosure complies with and is limited to the relevant requirements of such law.

2.     For public health activities, including reporting suspected child, elder, or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety.

3.     For health oversight activities, including audits and investigations.

4.     For judicial and administrative proceedings, including responding to a court or administrative order, my preference is to obtain authorization from you before doing so.

5.     For law enforcement purposes, including reporting crimes occurring on my premises.

6.     To coroners or medical examiners, when such individuals are performing duties authorized by law.

7.     For research purposes, including studying and comparing the mental health of patients who received one form of therapy versus those who received another form of therapy for the same condition.

8.     Specialized government functions, including ensuring the proper execution of military missions; protecting the President of the United States; conducting intelligence or counter-intelligence operations; or helping to ensure the safety of those working within or housed in correctional institutions.

9.     For workers’ compensation purposes. Although my preference is to obtain authorization from you, I may provide your PHI to comply with workers’ compensation laws.

10.  Appointment reminders and health-related benefits or services. I may use and disclose your PHI to contact you to remind you that you have an appointment with me. I may also use and disclose your PHI to tell you about treatment alternatives, or other healthcare services or benefits that I offer.

V. CERTAIN USES AND DISCLOSURES REQUIRE YOU TO HAVE THE OPPORTUNITY TO OBJECT:

1.     Disclosures to family, friends, or others. I may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations.

VI. YOU HAVE THE FOLLOWING RIGHTS WITH RESPECT TO YOUR PHI:

1.     The Right to Request Limits on Uses and Disclosures of Your PHI. You have the right to ask me not to use or disclose certain PHI for treatment, payment, or health care operations purposes. I am not required to agree to your request, and I may say “no” if I believe it would affect your health care.

2.     The Right to Request Restrictions for Out-of-Pocket Expenses Paid for In Full. You have the right to request restrictions on disclosures of your PHI to health plans for payment or health care operations purposes if the PHI pertains solely to a health care item or a health care service that you have paid for out-of-pocket in full.

3.     The Right to Choose How I Send PHI to You. You have the right to ask me to contact you in a specific way (for example, home or office phone), or to send mail to a different address, and I will agree to all reasonable requests.

4.     The Right to See and Get Copies of Your PHI. Other than “psychotherapy notes,” you have the right to get an electronic or paper copy of your medical record and other information that I have about you. I will provide you with a copy of your record, or a summary of it, if you agree to receive a summary, within 30 days of receiving your written request, and I may charge a reasonable, cost-based fee for doing so.

5.     The Right to Get a List of the Disclosures I Have Made. You have the right to request a list of instances in which I have disclosed your PHI for purposes other than treatment, payment, or healthcare operations, or for which you provided me with an Authorization. I will respond to your request for an accounting of disclosures within 60 days of receiving your request. The list I will give you will include disclosures made in the last six years unless you request a shorter time. I will provide the list to you at no charge, but if you make more than one request in the same year, I will charge you a reasonable cost-based fee for each additional request.

6.     The Right to Correct or Update Your PHI. If you believe that there is a mistake in your PHI, or that a piece of important information is missing from your PHI, you have the right to request that I correct the existing information or add the missing information. I may say “no” to your request, but I will tell you why in writing within 60 days of receiving your request.

7.     The Right to Get a Paper or Electronic Copy of this Notice. You have the right to get a paper copy of this Notice, and you have the right to get a copy of this notice by e-mail. And, even if you have agreed to receive this Notice via e-mail, you also have the right to request a paper copy of it.