HIPAA NOTICE OF PRIVACY PRACTICES FOR LYRA CLINICAL ASSOCIATES P.C.
Effective date: December 26, 2019.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides standards for how medical information should be used and disclosed by healthcare providers, health plans, and other covered entities. Lyra Clinical Associates P.C. (“LCA”) is a health care provider that both directly delivers health care services through its personnel as well as contracts with licensed providers to deliver health care services. We provide each of our users with this information and ask each of our users to acknowledge receipt of our HIPAA Notice of Privacy Practices for LCA, which discloses our practices for personal information gathering and dissemination. Please note that by registering on the website (the “Site”) or by using the services provided by LCA, together with any independent contracted affiliates (together “LCA”, “we”, “our” or “us”), you accept the practices described in this Notice of Privacy Practices. If you do not agree to this Notice, please do not use the Site or Lyra’s services. IF YOU ARE UNDER 13 YEARS OF AGE OR RESIDE OUTSIDE OF THE UNITED STATES, PLEASE DO NOT USE OR ACCESS OUR SITE.
What information do we collect from users and how is it used?
Forms. To fully use our offerings, you may need to fill out forms that ask for or contain personal information such as your name, contact information, health, and other personal information. By providing us with your mobile phone number, you consent to receiving information from us by text or voicemail, including in the case of voicemail, protected health information.
Medical Records. In order for us to get you the best care, we may ask you to provide us with your medical records, for which we will obtain a signed authorization from you. We may also ask you for a description of symptoms, a medical history, lifestyle descriptions and information on the progress of your treatment from your provider either over the phone, by email, or through our Site. In addition, if you see a provider that is employed by LCA, we will maintain a medical record that contains the details of the care you receive from LCA.
Correspondence. If you correspond with us via email or text, we may gather in a file specific to you the information that you submit.
Recordings. If you contact our care team by videoconference, phone or by email, we may record and retain copies of the interaction for, among other things, quality assurance and training purposes. If you access any apps or other services we offer, we may record your interactions with our software or our providers. We will inform you if we are recording your interactions with our care team or providers and, if you do not wish to be recorded, you can let the care team or provider know at that time.
Outcomes. We may periodically send you surveys to collect your feedback on the outcomes of your therapy. Understanding outcomes is central to our mission of providing effective, evidence-based care, and data can help inform Lyra’s approach to treatment and assessment of progress. In addition, LCA uses aggregated, de-identified outcomes data to provide our customers with insight into how their employees are coping better with stressors and functioning at a higher level. We anonymize and convert individual outcome scores into improvement levels, and then aggregate those in reporting across an entire population.
We will store the above described categories of information for as long as needed to provide our services, and as required to comply with our legal obligations (including those under HIPAA), resolve potential or actual disputes, improve the quality of our services, or enforce our agreements.
In addition, your provider may capture independent clinical and psychotherapy notes, which would be subject to his or her separate HIPAA privacy practices.
How does LCA use and disclose protected health information about you that we collect?
LCA will collect protected health information (“PHI”), which includes but may not be limited to your name, age, gender, contact information, problems you are seeking help for, and progress and outcomes of your treatment, from you and will use or share it for the following purposes:
Treatment. We can use your PHI and share it with other professionals or programs that are treating you, such as when you are referred to another mental health professional for further treatment. By using our services, you hereby explicitly consent to the sharing of information like your name, age, gender, problems you are seeking help for, including alcohol and substance use, care preferences, health plan coverage, and progress of your treatment with current and potential therapists to promote good outcomes.
Run our Organization. We can use and share your PHI to support our business operations, that is to run our organization, improve our offerings to clients, improve your care and the coordination of your care, and contact you when necessary, such as using your PHI to manage your treatment and services.
Billing and Payment. We may use and share your PHI to confirm eligibility for services and to ensure proper payment to providers. For example, we may request your information from your health plan or employer in order to confirm eligibility for services.
Other Uses. We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. The following are ways we may share your information:
You have both the right and the choice to tell us to share your PHI with your family, close friends, or others involved in your care; share your PHI in a disaster relief situation; and whether to contact you for fundraising efforts. If you are not able to tell us your preference, we may go ahead and share your information if we believe it is in your best interest.
We will never share your PHI, unless you give us written permission to, for marketing purposes, for sale of your information, and for any sharing of psychotherapy notes. You may revoke or restrict the authorization to disclose your PHI for these purposes at any time.
Lyra reserves the right to release collected information to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate.
What are your rights regarding your protected health information?
You have certain rights regarding protected health information that we maintain about you, including rights to:
What are LCA’s responsibilities with my information?
We are required by federal law (HIPAA) and state law (e.g. CMIA in California) to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your protected health information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
In some limited circumstances, one of our customers who sponsor the services offered by LCA may have requested further limitations on our use and disclosure of PHI than those scenarios described above. In such circumstances, the provisions of our agreement with a customer will govern the use and disclosure of your PHI.
How will I know about changes in the Notice of Privacy Practices?
LCA reserves the right to update this Notice of Privacy Practices from time to time. Please visit this page periodically so that you will be apprised of any changes. The policies indicated in this Notice will remain effective, even if you are no longer using our Site or services.
How to contact us?
If you have questions, or need to reach us for any other reason, you may contact the Chief Privacy Officer at 287 Lorton Avenue, Burlingame, CA 94010; (800) 505-5972 or at firstname.lastname@example.org.