NOTICE OF PRIVACY PRACTICES
MARY AND ALEXANDER LAUGHLIN CHILDREN’S CENTER
THIS NOTICE DESCRIBES HOW MEDICAL AND OTHER PERSONAL INFORMATION THAT WE COLLECT ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The Mary and Alexander Laughlin Children’s Center (“we”, “our” or “us”) provides counseling and psychological therapy services, occupational services, and speech therapy to children through its clinic. These services are collectively referred to herein as “Clinical Services.” We also provide academic services and programs to children, which include tutoring, a preschool program, and screening and evaluation services. These programs and services are collectively referred to herein as the “Academic Services.”
In general, when providing Clinical Services, we may collect medical or healthcare-related information from our patients or clients. In providing certain Academic Services, we may also collect medical or healthcare-related information from our patients, clients, and their parents and legal guardians. In addition, we may also collect other personal information that is not designated as medical or healthcare information. In this notice “you” and “your” refer to the patient or client and such individual’s parents or legal guardians. This Notice of Privacy Practices (this “Notice”) contains important information regarding how we collect, use, and disclose your medical information. This Notice also contains other information regarding our collection, use and disclosure of personal information that is not medical or healthcare-related. Our current Notice is posted at https://laughlincenter.org/privacy-policy/. You also have the right to receive a paper copy of this Notice and may ask us to give you a copy of this Notice at any time. If you received this Notice electronically, you are entitled to a paper copy of this Notice. If you have any questions about this Notice, please contact the person listed in Part 10, below.
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) imposes numerous requirements on us regarding how certain individually identifiable health information—known as protected health information or PHI—may be used and disclosed. This Notice describes how we and any third parties that assist us in the providing services to you, may collect, use and disclose your protected health information for treatment, payment, or health care operations and for other purposes that are permitted or required by law. This Notice describes your rights to access and control your protected health information, as well as other personal information that you provide to us. “Protected health information” or “PHI” is information that is maintained or transmitted by us, which may identify you and that relates to your past, present, or future physical or mental health or condition and related healthcare services. As used in this Notice, “personal information” is information that may identify you, but does not relate to your past, present, or future physical or mental health or condition and related health care services.
We understand that your PHI and your health is personal. We are committed to protecting your PHI and personal information and will use it to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request of it. The provisions of this Notice generally apply to you when you provide information to us for Clinical Services, and may also apply to information that you to provide to us for Academic Services, and relates to both PHI and personal information.
We are required by law to abide by the terms of this Notice to:
- Make sure that PHI that identifies you is kept private.
- Give you this Notice of our legal duties and privacy practices with respect to your PHI and personal information.
- Follow the terms of the Notice that is currently in effect.
How We May Use and Disclose Your PHI. HIPAA generally permits the use and disclosure of your PHI without your permission for purposes of health care treatment, payment activities, and health care operations. These uses and disclosures are more fully described below. Please note that this Notice does not list every use or disclosure; instead it gives examples of the most common uses and disclosures.
- Treatment: When and as appropriate, we may use or disclose PHI about you to facilitate medical treatment or services by providers. We may disclose PHI about you to health care providers, including doctors, nurses, technicians, medical students, or other health care personnel who are involved in taking care of you. For example, we might disclose information about you with physicians who are treating you.
- Payment: When and as appropriate, we may use and disclose PHI about you to determine your eligibility for discounted services, to facilitate payment for the treatment and services you receive from health care providers, to determine benefit responsibility and coverage under your health care plans, or to coordinate your coverage. For example, we may disclose information about your medical history to a physician (including your physician) to determine whether a particular treatment is experimental, investigational, or medically necessary, or to decide if your health care plan will cover the treatment. Additionally, we may share PHI with another entity to assist with the adjudication or subrogation of health claims, or with another health plan to coordinate benefit payments.
- Health Care Operations: When and as appropriate, we may use and disclose PHI about you for our operations, as needed. For example, we may use PHI in connection with: conducting quality assessment and administration improvement; underwriting, premium rating, and other activities relating to coverage; submitting claims for stop loss (or excess loss) coverage; conducting or arranging for medical review, legal services, audit services, and fraud and abuse detection programs; business planning and development such as cost management; and our business management and general administrative activities. For example, we may use your information to review the effectiveness of wellness programs or in negotiating new arrangements with our current or new insurers.
We will always try to ensure that the PHI used or disclosed is limited to a “Designated Record Set” and to the “Minimum Necessary” standard, including a “limited data set,” as defined in HIPAA and ARRA (as defined in Part 3, below) for these purposes.
We may also contact you to provide information about treatment options or alternatives or other services that we offer that may be of interest to you.
OTHER PERMITTED USES AND DISCLOSURES OF PHI AND PERSONAL INFORMATION
- Disclosure to Others Involved in Your Care. We may disclose your PHI to a relative, a friend, or to any other person you identify, provided the information is directly relevant to that person’s involvement with your health care or payment for that care.
- Disclosure to Health Plan. PHI may be disclosed to a health plan or governmental agency for purposes of facilitating claims payments under a plan or benefit program.
- Public Health. As permitted or required by law, including the National Emergencies Act, we may share your PHI with public health authorities for public health purposes to prevent or control disease, injury, or disability. This includes, but is not limited to, reporting disease, injury, and important events such as birth or death, and conducting public health monitoring, investigations, or activities. For example, we may share your health information to: (1) report abuse or neglect; (2) collect and report on the quality, safety, and effectiveness of products and activities regulated by the Food and Drug Administration (FDA) (such as drugs and medical equipment, and could include product recalls, repairs, and monitoring); or (3) help contain the spread of a disease.
- Health Oversight. We may share your PHI with a health oversight agency for purposes including: (1) monitoring the health care system; (2) determining benefit eligibility for Medicare, Medicaid, and other government benefit programs; and (3) monitoring compliance with government regulations and laws.
- To Comply with Federal and State Requirements. We will disclose your PHI when required to do so by federal, state, or local law. For example, we may disclose PHI when required by the U.S. Department of Labor or other government agencies that regulate us; to federal, state, and local law enforcement officials; in response to a judicial order, subpoena, or other lawful process; and to address matters of public interest as required or permitted by law (for example, reporting child abuse and neglect, threats to public health and safety, and for national security reasons). We are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services if the Secretary is investigating or determining compliance with HIPAA, or to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law. We may disclose your PHI to a health oversight agency for activities authorized by law (such as audits, investigations, inspections, and licensure).
- To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone who is able to help prevent the threat. For example, we may disclose your PHI in a proceeding regarding the licensure of a physician.
- Military and Veterans. If you are a member of the armed forces, we may release your PHI as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
- Business Associates. We may disclose your PHI to our business associates. We have contracted with entities (defined as “business associates” under HIPAA) to help us operate our business. We will enter into contracts with these individuals and entities requiring them to only use and disclose your PHI as we are permitted to do so under HIPAA.
- Fundraising Activities. We may use certain personal information that you provide to us to allow us to request donations from you. However, the information that we can share is limited to your name, address, phone number, and other contact information, the dates that health care was provided to you, and the general department that treated you. For example, you may receive a letter from us asking for a donation to support our activities. Any fundraising materials will explain how you can tell us that you do not want to be contacted in the future.
- Marketing Activities, Cookies, and Use of Our Website.
We may use or share your personal information to promote our own products and services. We may also use or share your personal information for marketing purposes when we discuss products or services with you face-to-face or to provide you with an inexpensive promotional gift related to the product or service.
When you visit and use our website, we may collect and share information about your use of these websites and applications through cookies and other similar technologies. This information can include technical information about your device or browser (such as, for example, your internet protocol (IP) address, operating system, device information, browser type and language, and referring URLs) as well as information about your activities or use of the websites and mobile device applications (such as, for example, access times, pages viewed, links clicked and similar information). We use these technologies to improve our website, understand who is accessing our website, respond to inquiries via the website, and to track inquiries.
We and you may agree to use a third-party website, application, or electronic messaging service (for example, with text, chat, video, or audio capabilities) for you to receive remote health care services from us, or for us to contact you relating to Clinical Services or Academic Services. These third-party services may have separate terms and conditions and privacy policies that you must agree to instead of or in addition to ours. However, when you use the third-party services, the PHI and personal information that you choose to share may be covered by this Notice.
We never sell your PHI or personal information to others for any purpose.
- Research: We may use and share your PHI for research if (1) our researcher obtains permission from us when request meets certain standards required by law; or (2) you provide us with your written permission to do so.
You may choose to participate in a research study that requires you to obtain related health care services. In this case, we may share your health information (1) to the researchers involved in the study who ordered the hospital or other health care services; and (2) to your insurance company in order to receive payment for those services that your insurance agrees to pay for. We may use and share your PHI with a researcher if certain parts of your PHI that would identify you are removed before we share it with the researcher. This will only be done if the researcher agrees in writing not to share the information, not to attempt to contact you, and to obey other requirements that the law provides. We may also share your PHI with a business associate who will remove information that identifies you so that the remaining information can be used for research.
- Other Uses: If you are an organ donor, we may release your PHI to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation. We may release your PHI to a coroner or medical examiner.
Uses and disclosures of PHI other than those described in this Notice will require your written authorization. Your written authorization is required for: most uses and disclosures of psychotherapy notes; uses and disclosures of PHI for marketing purposes; and disclosures that are a sale of PHI. You may revoke your authorization at any time, but you cannot revoke your authorization if we have already acted on it.
The privacy laws of a particular state or other federal laws might impose a more stringent privacy standard. If these more stringent laws apply and are not superseded by federal preemption rules under the Employee Retirement Income Security Act of 1974 (ERISA), we will comply with the more stringent law.
Your Rights Regarding Your PHI. You have the following rights regarding PHI that we maintain about you:
- Right to Inspect and Copy: You have the right to inspect and obtain a copy of your PHI. If you request a copy of the information, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to PHI, you may request that the denial be reviewed. If we do not maintain the health information, but know where it is maintained, you will be informed of where to direct your request. - Your Right to Amend: If you feel that PHI we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us.
You also must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend any of the following information:
- Information that is not part of the PHI kept by or for us.
- Information that was not created by us, unless the person or entity that created the information is no longer available to make the amendment.
- Information that is not part of the information which you would be permitted to inspect and copy.
- Information that is accurate and complete.
Your Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures” (that is, a list of certain disclosures we have made of your PHI). Generally, you may receive an accounting of disclosures if the disclosure is required by law, made in connection with public health activities, or in situations similar to those listed above as “Other Permitted Uses and Disclosures”. You do not have a right to an accounting of disclosures where such disclosure was made:
- For treatment, payment, or health care operations.
- To you about your own health information.
- Incidental to other permitted disclosures.
- Where authorization was provided.
- To family or friends involved in your care (where disclosure is permitted without authorization).
- For national security or intelligence purposes or to correctional institutions or law enforcement officials in certain circumstances.
- As part of a limited data set where the information disclosed excludes identifying information.
To request this list or accounting of disclosures, you must submit your request, which shall state a time period, which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Notwithstanding the foregoing, you may request an accounting of disclosures of any “electronic health record,” which is an electronic record of health-related information about you that is created, gathered, managed, and consulted by authorized health care clinicians and staff. To do so, however, you must submit your request and state a time period, which may be no longer than three years prior to the date on which the accounting is requested. In the case of any electronic heath record created on your behalf on or before January 1, 2009, this paragraph shall apply to disclosures made on or after January 1, 2014. In the case of any electronic health record created on your behalf after January 1, 2009, this paragraph shall apply to disclosures made on or after the later of January 1, 2011, or the date we acquired the electronic health record.
- Your Right to Request Restrictions: You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a treatment that you had.
We are not required to agree to your request. If we do agree to a request, a restriction may later be terminated by your written request, by agreement between you and us (including orally), or unilaterally by us for health information created or received after we have notified you that we have removed the restrictions and for emergency treatment.
To request restrictions, you must make your request in writing and must tell us the following information:
- What information you want to limit.
- Whether you want to limit our use, disclosure, or both.
- To whom you want the limits to apply (for example, disclosures to your spouse).
Effective February 17, 2010 (or such other date specified as the effective date under applicable law), we will comply with any restriction request if: (1) except as otherwise required by law, the disclosure is to others for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (2) the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full.
Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.
We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
You must make any of the requests described above, to the person listed in Part 10, below.
Breach Notification. Pursuant to changes to HIPAA required by the Health Information Technology for Economic and Clinical Health Act of 2009 and its implementing regulations (collectively, “HITECH Act”) under the American Recovery and Reinvestment Act of 2009 (“ARRA”), this Notice also reflects federal breach notification requirements imposed on us in the event that your “unsecured” PHI (as defined under the HITECH Act) is acquired by an unauthorized party.
We understand that your PHI and your health is personal and we are committed to protecting your PHI. Furthermore, we will notify you following the discovery of any “breach” of your unsecured PHI as defined in the HITECH Act (the “Notice of Breach”). Your Notice of Breach will be in writing and provided via first-class mail, or alternatively, by email if you have previously agreed to receive such notices electronically. If the breach involves:
- 10 or more individuals for whom we have insufficient or out-of-date contact information, then we will provide substitute individual Notice of Breach by either posting the notice on the benefits website on our website or by providing the notice in major print or broadcast media where the affected individuals likely reside.
- Less than 10 individuals for whom we have insufficient or out-of-date contact information, then we will provide substitute Notice of Breach by an alternative form.
Your Notice of Breach shall be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and shall include, to the extent possible:
- A description of the breach.
- A description of the types of information that were involved in the breach.
- The steps you should take to protect yourself from potential harm.
- A brief description of what we are doing to investigate the breach, mitigate the harm, and prevent further breaches.
- Our relevant contact information.
Additionally, for any substitute Notice of Breach provided via web posting or major print or broadcast media, the Notice of Breach shall include a toll-free number for you to contact us to determine if your protected health information was involved in the breach.
Changes to This Notice. We can change the terms of this Notice at any time. If we make changes to this Notice, the new terms and policies will be effective for all of the PHI we already have about you as well as any information we receive in the future. Any changes to this Notice will be shown on our website.
Complaints. If you believe that we have not complied with our requirements under regarding protection and disclosure of your PHI under HIPAA, you may file a complaint with the Secretary of the U.S. Department of Health and Human Services. To file a complaint with the Secretary of Health and Human Services, you must: (1) name the place or person that you believe violated your HIPAA privacy rights and describe how that place or person violated your HIPAA privacy rights; and (2) file the complaint within 180 days of when you knew or should have known that the violation occurred. All complaints to the Secretary of the U.S. Department of Health and Human Services must be in writing and addressed to:
U.S. Department of Health and Human Services
200 Independence Ave. S.W.
Washington, DC 20201
To file a complaint with us, contact the person listed in Part 10, below. All complaints must be submitted to us in writing.
You will not be penalized for filing a complaint.
Other Uses of PHI or Personal Information. Other uses and disclosures of PHI or personal information that are not covered by this Notice or the laws that apply to us will be made only with your written permission. If you grant us permission to use or disclose your PHI or personal information, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose your PHI or personal information for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we may be required to retain our records related to our treatment of you, or services provided to you.
Effective Date. The effective date of this Notice is July 2nd, 2025.
Changes to this Notice. We can change the terms of this Notice, and the changes will apply to all information we have about you. The new Notice will be available upon request, in our office, and on our website.
Contact Information. All correspondence relating to the contents of this Notice should be directed as follows:
Contact Information. All correspondence relating to the contents of this Notice should be directed as follows:
Mary Ann Perkins
412-741-4087