Privacy Practices – Diana

Diana Bigham, LMFT-S

Notice Of Privacy Practices

As Required by the Privacy Regulations Created as a Result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)



My Obligations Concerning The Use And Disclosure of Your Protected Health Information (PHI)

My Commitment To Your Privacy

Your provider is dedicated to maintaining the privacy of your individually Protected Health Information (PHI).  In conducting my business, I will create records regarding you and the treatment and services I provide to you.  I am required by law to maintain the confidentiality of health information that identifies you.  I am also are required by law to provide you with this notice of my legal duties and the privacy practices that I maintain in my practice concerning your PHI.  By federal and state law, I must follow the terms of the notice of privacy practices that I have in effect at the time.  I realize that these laws are complicated, but I must provide you with the following important information:

  1. My obligations concerning the use and disclosure of your PHI
  2. How I may use and disclose your PHI
  3. Your privacy rights in your PHI

Changes To This Notice

The terms of this notice apply to all records containing your PHI that are created or retained by my practice.  I reserve the right to revise or amend this Notice of Privacy Practices.  Any revision or amendment to this notice will be effective for all of your records that my practice has created or maintained in the past, and for any of your records that I may create or maintain in the future.  My practice will post a copy of my current Notice in my office in a visible location at all times, and you may request a copy of my most current Notice at any time.


Privacy Officer

Diana Bigham, LMFT-S

620 Stoneglen Dr, Suite B

Keller, Texas  76248


How I May Use And Disclose Your PHI (Protected Health information)

The following categories describe the different ways in which I may use and disclose your PHI.  Some of the uses or disclosures will require your prior written authorization; others, however will not.  Below you will find the different categories of my uses and disclosures, with some examples.

A.      Uses And Disclosures Related To Treatment, Payment, Or Healthcare Operations (TPO)

I do not have to have your prior written consent for uses and disclosures related to TPO.

  1. Treatment. My practice will collect information about you.  This will include information about where you live and how to contact you; personal history such as family history, work or school; marital, medical, and psychological, and other personal information.  These are all examples of Protected Health Information (PHI).  I will use your health information to plan for your treatment and services.  (This is called usage.)  I will use your information to gain an understanding about you as a person and the problems for which you are seeking help.  I will formulate a diagnosis, assessment, and treatment plan to provide solutions to your problems.  This information will be kept in a clinical file called a progress record.  I will keep a record of each visit and record your statements and my observations about your progress in a record called psychotherapy notes.  I may share your PHI with other healthcare providers who provide treatment to you (this is called disclosure).  I may share your PHI with your personal physician.  I may share your PHI with other healthcare providers who provide services that I do not provide such as psychiatrists, psychologists, and other licensed providers who may offer specialized testing or treatment.  I may disclose your PHI to other providers that you seek out in the future.
  2. Payment. My practice may use and disclose your PHI in order to bill and collect payment for the services you may receive from my practice.  For example, I may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits), and I may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment.  I also may use and disclose your PHI to obtain payment from third party payers that may be responsible for costs, such as family members.  Also, I may use your PHI to bill you directly for services.
  3. Health Care Operations. My practice may use and disclose your PHI for the administration, planning, and operation of my business.  As examples of the ways in which I may use and disclose your information for my operations, my practice may use your PHI to evaluate the quality of care you received from your provider, or to conduct cost-management and business planning activities for my practice.  I may use PHI to verify that I provided services to you or to fulfill certain operational requirements of insurance companies, managed care companies, or employee assistance programs.  I may disclose your PHI to other health care providers and entities to assist in their health care operations.  I may also provide your PHI to attorneys, accountants, consultants, and others to make sure that I am in compliance with the law.
  4. Appointment Reminders: My practice may use and disclose your PHI to contact you and remind you of an appointment.
  5. Treatment Options. My practice may use and disclose your PHI to inform you of potential treatment alternatives or other health-related benefits and services that may be of interest to you.

B.      Use And Disclosure Of Your PHI In Certain Special Circumstances

I may use and/or disclose your PHI without your consent or authorization for the following reasons:

  1. In an Emergency – Your consent is not required if you need emergency treatment, provided that an attempt is made to get your consent after treatment is rendered. In the event that I try to get your consent but you are unable to communicate with your provider (for example, if you are unconscious or in severe pain) but I think that you would consent to such treatment if you could, I may disclose your PHI.
  2. Public Health Risks – My practice may disclose your PHI to public health authorities that are authorized by law to collect information under certain conditions. For example:
    • When I have a reasonable suspicion of child abuse or neglect, I am mandated by state law to report it.
    • When I have a reasonable suspicion of elder/dependent adult abuse, I am mandated by state law to report it.
    • When it is necessary to prevent a serious threat to your health and safety or the health and safety of another individual or the public, I may notify appropriate law enforcement personnel or persons able to prevent the threatened danger.
  3. Lawsuits and Similar Legal Proceedings 
    • In response to a court or administrative order, if you are involved in a lawsuit or similar proceeding.
    • In response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if I have made an effort to inform you of the request or to obtain an order protecting the information the party has requested, for example, a child custody suit or other legal proceedings in which your mental health condition is an issue.
    • To defend myself in a lawsuit.
    • In connection with a suit to collect fees for my services.
  4. Law Enforcement Purposes – I may disclose your PHI to a judicial officer, grand jury or law enforcement official:
    • To report a crime (including at my offices and including the location or victim(s) of the crime, or the description, identity or location of the perpetrator.)
    • To identify/locate a suspect, material witness, fugitive or missing person
  5. Research My practice may use and disclose your PHI for research purposes in certain limited circumstances. I will obtain your written authorization to use your PHI for research purposes except when an Institutional Review Board or Privacy Board has determined that the waiver of your authorization satisfies the following:
    •  the use or disclosure involves no more than a minimal risk to your privacy based on the following:
      • an adequate plan to protect the identifiers from improper use and disclosure
      • an adequate plan to destroy the identifiers at the earliest opportunity consistent with the research (unless there is a health or research justification for retaining the identifiers or such retention is otherwise required by law)
      • adequate written assurances that the PHI will not be re-used or disclosed to any other person or entity (except as required by law) for authorized oversight of the research study, or for other research for which the disclosure would be otherwise permitted
    • the research could not practically be conducted without the waiver
    • the research could not practically be conducted without access to and use of PHI
  6. Health Oversight Activities – My practice may disclose your PHI to health oversight agencies for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions, civil, administrative, and criminal procedures or actions, or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.  This includes the Secretary of Health and Human Services in an investigation to determine my compliance with the privacy rules.

Other Rare Disclosures That Do Not Require Your Consent Or Authorization

  1. Military My practice may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans), if required by the appropriate authorities.
  2. National Security – My practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. I also may disclose your PHI to federal officials in order to protect the President, other officials, or foreign heads of state, or to conduct investigations.
  3. Inmates – My practice may disclose your PHI to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary:
    • for the institution to provide health care services to you
    • for the safety and security of the institution, and/or
    • to protect your health and safety or the health and safety of other individuals
  4. Workers’ Compensation My practice may release your PHI for workers’ compensation and similar program such as Social Security Disability for the purpose of assessments, evaluations, and eligibility and in accordance with federal laws.
  5. Deceased Clients – My practice may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death.

C.      Certain Uses and Disclosures to Which You Have Opportunity to Object

  1. Disclosures to Family, Friends, or Others – I may provide your PHI to a family member, friend, or individual that you indicate is involved in your care or responsible for the payment for your health care unless you object in whole or in part. Retroactive consent may be obtained in emergency situations.

D.      Other Uses and Disclosures to That Require Your Prior Written Authorization

In any other situation not described section A, B, or C above, I will request your written authorization before using or disclosing any of your PHI.  Even if you have signed an authorization to disclose your PHI, you may later revoke that original authorization in writing, to stop any future uses and disclosures (assuming that I have not already taken action on a subsequent authorization) of your PHI.

Your Privacy Rights Regarding Your PHI

You have the following rights regarding the PHI that I maintain about you:

  1. Confidential Communications  You have the right to request that my practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that I contact you at home, rather than at work.  In order to request a type of confidential communication, you must make a written request to Diana Bigham, LMFT-S, at 620 Stoneglen Dr, Suite B, Keller, Texas 76248 specifying the requested method of contact, or the location where you wish to be contacted.  My practice will accommodate reasonable requests.  You do not need to give a reason for your request.
  2. Requesting Restrictions – You have the right to request a restriction in my use or disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that I restrict my disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends.  I am not required to agree to your request; however, if I do agree, I am bound by my agreement except when otherwise required by law, in emergencies, or when the information is necessary to treat you.  In order to request a restriction in my use or disclosure of your PHI, you must make your request in writing to Diana Bigham, LMFT-S, at 620 Stoneglen Dr, Suite B, Keller, Texas 76248.  Your request must describe in a clear and concise fashion:
    • the information you wish restricted
    • whether you are requesting to limit my practice’s use, disclosure or both
    • to whom you want the limits to apply
  3. Inspection and Copies You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including client progress records and billing records, but not including psychotherapy notes. My practice will retain your records for 7 years after you terminate therapy (for minors, 7 years after their 18th birthday).  You must submit your request in writing to Diana Bigham, LMFT-S, at 620 Stoneglen Dr, Suite B, Keller, Texas 76248 in order to inspect and/or obtain a copy of your PHI.  My practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your request.  My practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of my denial.  Another licensed health care professional chosen by your provider will conduct reviews.
  4. Amendment You may ask your provider to amend your health information if you believe it is incorrect or incomplete. You may request an amendment for as long as the information is kept by or for my practice.  To request an amendment, your request must be made in writing and submitted to Diana Bigham, LMFT-S, at 620 Stoneglen Dr, Suite B, Keller, Texas 76248.  You must provide your provider with a reason that supports your request for amendment.  My practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing.  Also, I may deny your request if you ask your provider to amend information that is in my opinion:
    • inaccurate and incomplete
    • not part of the PHI kept by or for the practice
    • not part of the PHI which you would be permitted to inspect and copy
    • not created by my practice, unless the individual or entity that created the information is not available to amend the information.
  5. Accounting of Disclosures All of my patients have the right to request an “accounting of disclosures.” An “accounting of disclosures” is a list of certain non-routine disclosures my practice has made of your PHI for non-treatment, non-payment or non-operational purposes. Use of your PHI as part of the routine patient care in my practice is not required to be documented.  For example, the therapist sharing information with a doctor; or the billing department using your information to file your insurance claim.  In order to obtain an accounting of disclosures, you must submit your request in writing to Diana Bigham, LMFT-S, at 620 Stoneglen Dr, Suite B, Keller, Texas 76248.  All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure and may not include dates before April 14, 2003.  The first list you request within a 12-month period is free of charge, but my practice may charge you for additional lists within the same 12-month period.  My practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
  6. Data Breach Notification – If in the event that unauthorized access of protected health information (PHI) has occurred or PHI is improperly used or disclosed, the HIPAA Privacy Officer will investigate the incident and assess the risk. The incident will be mitigated and documented in the covered entity’s HIPAA records. If any compromise has been made where patient protected health information has been disclosed, affected individuals will be notified as well as potentially the Texas Department of Health and Human Services.
  7. Right to a Paper Copy of This Notice You are entitled to receive a paper copy of my Notice of Privacy Practices. You may ask your provider to give you a copy of this notice at any time.  To obtain a paper copy of this notice, contact Diana Bigham, LMFT-S, at 620 Stoneglen Dr, Suite B, Keller, Texas 76248.
  8. Right to Provide an Authorization for Other Uses and Disclosures My practice will obtain your written authorization for uses and disclosures that are not identified by this notice or permitted by applicable law. Any authorization you provide to your provider regarding the use and disclosure of your PHI may be revoked at any time in writing.  After you revoke your authorization, I will no longer use or disclose your PHI for the reasons described in the authorization.
  9. Right to File a Complaint If you believe your privacy rights have been violated, you may file a complaint with Diana Bigham, LMFT-S, at 620 Stoneglen Dr, Suite B, Keller, Texas 76248. All complaints must be submitted in writing.  You may also send a complaint to the Secretary of the Department of Health and Human Services at 750 Security Blvd. C5-24-04, Baltimore MD 21244.  You must file the complaint within 180 days of when you knew the violation occurred.  You will not be penalized for filing a complaint.
  10. Person to Contact For Information About This Notice Or To Complain About My Privacy Practices. Again, if you have any questions regarding this notice or my health information privacy policies, please contact Diana Bigham, LMFT-S, at 620 Stoneglen Dr, Suite B, Keller, Texas 76248.

Effective Date of This Notice: This notice went into effect on April 14, 2003.