PRIVACY POLICY & HIPAA NOTICE OF PRIVACY PRACTICES

KMH Counseling, PLLC

1820 W. Webster Ave, Suite 400, Chicago, IL 60614

Effective Date: January 1, 2024

TABLE OF CONTENTS

1. Introduction

2. HIPAA Notice of Privacy Practices

3. Information We Collect

4. How We Use Your Information

5. When We Share Information

6. Special Protections

7. Your Privacy Rights

8. Website Privacy

9. Communication Privacy

10. Data Security

11. Record Retention

12. Changes to This Policy

13. Complaints

14. Contact Information

1. INTRODUCTION

KMH Counseling, PLLC ("we," "our," or "us") is committed to protecting your privacy and maintaining the confidentiality of your personal health information. This Privacy Policy explains how we collect, use, and safeguard your information in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and Illinois mental health confidentiality laws.

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

2. HIPAA NOTICE OF PRIVACY PRACTICES

2.1 Your Rights

You have the right to:

  • Receive a copy of your mental health records
  • Request correction of your records
  • Request confidential communications
  • Ask us to limit what we use or share
  • Get a list of those with whom we've shared information
  • Get a copy of this privacy notice
  • Choose someone to act for you
  • File a complaint if you believe your privacy rights have been violated

2.2 Your Choices

You have choices about how we share information:

  • With family and friends involved in your care
  • In a disaster relief situation
  • For marketing purposes (we don't market)
  • For fundraising (we don't fundraise)

2.3 Our Uses and Disclosures

We may use and share your information as we:

  • Provide mental health treatment
  • Run our practice
  • Bill for your services
  • Comply with the law
  • Address workers' compensation
  • Respond to lawsuits and legal actions

3. INFORMATION WE COLLECT

3.1 Personal Information

  • Name, address, phone number, email address
  • Date of birth
  • Emergency contact information
  • Insurance information

3.2 Health Information

  • Mental health history
  • Treatment records
  • Session notes
  • Diagnosis information
  • Treatment plans

3.3 Financial Information

  • Insurance coverage details
  • Payment information
  • Billing records

4. HOW WE USE YOUR INFORMATION

4.1 Treatment Purposes

  • Providing psychotherapy services
  • Coordinating care with other providers
  • Treatment planning
  • Crisis intervention

4.2 Payment Purposes

  • Insurance billing
  • Payment processing
  • Benefits verification
  • Claims management

4.3 Healthcare Operations

  • Quality assessment
  • Practice improvement
  • Training and supervision
  • Business planning

5. WHEN WE SHARE INFORMATION

5.1 With Your Consent

We share information when you provide written authorization, except in specific situations outlined below.

5.2 Without Your Consent

We may share information without consent in these situations:

5.2.1 Mandated Reporting

  • Suspected child abuse or neglect
  • Suspected elder abuse
  • Suspected abuse of vulnerable adults

5.2.2 Safety Concerns

  • Imminent danger to yourself
  • Imminent danger to others
  • Gravely disabled

5.2.3 Legal Requirements

  • Court orders
  • Subpoenas (we will attempt to notify you)
  • Law enforcement (limited circumstances)
  • National security

5.2.4 Professional Consultation

  • Clinical supervision (identity protected)
  • Professional consultation (anonymous)

6. SPECIAL PROTECTIONS

6.1 Psychotherapy Notes

We keep psychotherapy notes separate from your medical record. These have additional protections and require specific authorization for most disclosures.

6.2 Minors

Parents/guardians generally have access to minor's records, with exceptions for:

  • Certain confidential services
  • When minor consents to treatment
  • Court-appointed representation

6.3 Substance Use Records

If applicable, substance use treatment records have additional federal protections under 42 CFR Part 2.

7. YOUR PRIVACY RIGHTS

7.1 Access to Records

You can request copies of your mental health records. We may charge a reasonable fee for copies.

7.2 Amendment Requests

You can request corrections to your records if you believe information is incorrect or incomplete.

7.3 Accounting of Disclosures

You can request a list of disclosures we've made, with certain exceptions.

7.4 Restriction Requests

You can request restrictions on use/disclosure, though we're not required to agree in all cases.

7.5 Confidential Communications

You can request communications in a specific way or location.

8. WEBSITE PRIVACY

8.1 Information Collection

Our website may collect:

  • IP addresses
  • Browser information
  • Pages visited
  • Time spent on site

8.2 Cookies

We use cookies to improve website functionality. You can disable cookies in your browser settings.

8.3 Third-Party Services

We use:

  • Google Analytics (anonymized)
  • Scheduling software (HIPAA-compliant)
  • Payment processors (secure, encrypted)

8.4 Security

  • SSL encryption
  • Secure forms
  • Regular security updates
  • Limited access controls

9. COMMUNICATION PRIVACY

9.1 Email

Email is not completely secure. We recommend:

  • Limiting sensitive information in email
  • Using our secure patient portal when available
  • Calling for urgent matters

9.2 Text Messaging

  • Appointment reminders only (if opted in)
  • No clinical information via text
  • You may opt out anytime

9.3 Telehealth

  • HIPAA-compliant video platform
  • Encrypted connections
  • Private location required

10. DATA SECURITY

10.1 Protections We Implement

  • Physical locks and security
  • Electronic encryption
  • Password protection
  • Staff training
  • Business Associate Agreements
  • Regular security assessments

10.2 Breach Notification

If a breach occurs affecting your information, we will notify you within 60 days as required by law.

11. RECORD RETENTION

11.1 Retention Period

  • Adult records: 7 years from last service
  • Minor records: 7 years after reaching majority
  • Other requirements may extend retention

11.2 Record Disposal

  • Secure shredding of paper records
  • Secure deletion of electronic records
  • Certificate of destruction maintained

12. CHANGES TO THIS POLICY

We may update this policy periodically. Changes will be:

  • Posted on our website
  • Available in our office
  • Provided upon request
  • Effective as posted

13. COMPLAINTS

13.1 Contact Us First

KMH Counseling Privacy Officer

1820 W. Webster Ave, Suite 400

Chicago, IL 60614

(312) 869-2081

13.2 File a Complaint With

U.S. Department of Health and Human Services

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, D.C. 20201

1-877-696-6775

www.hhs.gov/ocr

We will not retaliate against you for filing a complaint.

14. CONTACT INFORMATION

For questions about this privacy policy or our privacy practices:

Privacy Officer

KMH Counseling, PLLC

1820 W. Webster Ave, Suite 400

Chicago, IL 60614

📞 (312) 869-2081

✉️ privacy@kmhcounseling.com

ACKNOWLEDGMENT

By receiving services from KMH Counseling, you acknowledge receiving this Privacy Policy and HIPAA Notice of Privacy Practices.

Last Updated: January 1, 2024

Effective Date: January 1, 2024

This notice is provided in compliance with the Health Insurance Portability and Accountability Act (HIPAA) and Illinois mental health confidentiality laws.