Notice of Privacy Policies
Please, read over this document to learn MGCS, PLLC's privacy policies. This is a READ ONLY document.
If you become or are a client of MGCS, PLLC you will receive a version to sign.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Your health record contains personal information about you and your health. Information that identifies you and relates to your past, present, or future physical or mental health or condition and any other related health care services is referred to as Protected Health Information (“PHI”). This Notice of Privacy Practices describes how this practice ("MGCS, PLLC") may use and disclose your PHI in accordance with applicable law, including the Health Insurance Portability and Accountability Act (“HIPAA”) It also describes your rights regarding how you may gain access to and control your PHI.
MGCS, PLLC is required by law to maintain the privacy of PHI and to provide you with notice of the practice's legal duties and privacy practices with respect to PHI. MGCS, PLLC is required to abide by the terms of this Notice of Privacy Practices. If there is a breach of unsecured PHI concerning you, MGCS, PLLC may be required to notify you of this breach, including what happened and what you can do to protect yourself.
MGCS, PLLC reserves the right to change the terms of this Notice of Privacy Practices at any time. Any new Notice of Privacy Practices will be effective for all PHI that MGCS, PLLC maintains at that time. MGCS, PLLC will provide you with a copy of the revised Notice of Privacy Practices by posting a copy on MGCS, PLLC's website: sanmarcostxtherapy.com, sending a copy to you in the mail (electronic or paper) upon request, or providing one to you at your next appointment.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU
After you have read this Notice, you will be asked to sign this form below to authorize treatment and allow MGCS,PLLC to use and share your PHI. In almost all cases MGCS,PLLC intends to use your PHI within it's practice organization or share your PHI with other people or organizations to provide treatment to you, arrange for payment for services, or some other business functions called health care operations. Together, these routine purposes are called TPO and this Consent form allows MGCS, PLLC to use and disclose your PHI for TPO.
FOR TREATMENT Your PHI may be used and disclosed by those who are involved in your care for the purpose of providing, coordinating, or managing your health care treatment and related services.
This includes: MGCS, PLLC's sole clinician, Megan Gauwain, MA, LPC, NCC
Consults with a focus on treatment and absolute minimum PHI disclosure conducted with other licensed mental health practitioners that are under same legal obligations regarding PHI, HIPAA standards, and privacy laws
Care coordination: Disclosure with other physicians, psychiatrists, psychologists, and other licensed health care providers who provide you with health care services or are otherwise involved in your care.
FOR PAYMENT MGCS, PLLC
may use and disclose PHI so that this practice can receive payment for the treatment services provided to you. This will only be done with your authorization. Examples of payment-related activities are: processing claims with your insurance company, reviewing services provided to you to determine medical necessity, or undertaking utilization review activities
FOR HEALTHCARE OPERATIONS MGCS, PLLC
may use or disclose, as needed, your PHI in order to support business activities including, but not limited to, quality assessment activities, licensing, and conducting or arranging for other business activities. For example, this practice may share your PHI with third parties that perform various business activities (e.g., scanning documents, scheduling) provided we have a written contract with the business that requires it to safeguard the privacy of your PHI.
USE AND DISCLOSER OF YOUR HEALTH INFORMATION WITHOUT AUTHORIZATION
Following is a list of the categories of uses and disclosures permitted by HIPAA without an authorization.
Applicable law and ethical standards permit MGCS,PLLC to disclose information about you without your authorization only in a limited number of situations. This use and disclosure may be made electronically [Texas 181.154].
Emergency MGCS, PLLC may disclose your PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of you or your person in cases of immediate emergency or crisis. If information is disclosed to prevent or lessen a serious threat towards yourself or your person it will be disclosed to a person or persons reasonably able to prevent or lessen the threat.
Child Abuse or Neglect MGCS, PLLC may disclose your PHI to a state or local agency that is authorized by law to receive reports of child abuse or neglect. Texas law identifies state licensed professionals as mandated reporters that are legally bound to report suspected child abuse or neglect [Texas Section 21.11, Penal Code; Texas Family Code, Section 261.101].
Elder Abuse or Neglect MGCS, PLLC may disclose your PHI to a state or local agency that is authorized by law to receive reports of elder abuse or neglect. Texas law identifies state licensed professionals as mandated reporters that are legally bound to report suspected elder abuse or neglect [Texas Human Resources Code, Chapter 48, Subchapter B, Sec. 48.051, C].
Persons with Disabilities Abuse or Neglect MGCS, PLLC may disclose your PHI to a state or local agency that is authorized by law to receive reports of persons with disabilities abuse or neglect. Texas law identifies state licensed professionals as mandated reporters that are legally bound to report suspected persons with disabilities abuse or neglect
[Texas Human Resources Code, Chapter 48, Subchapter B, Sec. 48.051, C].
Judicial and Administrative Proceedings MGCS, PLLC may disclose your PHI pursuant to a subpoena (with your written consent), court order, administrative order or similar process.
Required by Law MGCS, PLLC must make disclosures to the government agencies for the purpose of investigating or determining our compliance with the requirements of the Privacy Rule.
Health Oversight MGCS, PLLC If required, may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies and peer review organizations performing utilization and quality control.
Law Enforcement MGCS, PLLC may disclose PHI to a law enforcement official as required by law, in compliance with a subpoena (with your written consent), court order, administrative order or similar document, for the purpose of identifying a suspect, material witness or missing person, in connection with the victim of a crime, in connection with a deceased person, in connection with the reporting of a crime in an emergency, or in connection with a crime on the premises.
Specialized Government Functions MGCS, PLLC may review requests from U.S. military command authorities if you have served as a member of the armed forces, authorized officials for national security and intelligence reasons and to the Department of State for medical suitability determinations, and disclose your PHI based on your written consent, mandatory disclosure laws and the need to prevent serious harm.
Public Health MGCS, PLLC If required, may use or disclose your PHI for mandatory public health activities to a public health authority authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, or if directed by a public health authority, to a government agency that is collaborating with that public health authority.
Public Safety MGCS, PLLC may disclose your PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. If information is disclosed to prevent or lessen a serious threat it will be disclosed to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat.
Verbal Permission MGCS, PLLC may also use or disclose your information to family members that are directly involved in your treatment with your verbal permission.
USE AND DISCLOSER OF YOUR HEALTH INFORMATION WITH AUTHORIZATION
Uses and disclosures not specifically permitted by applicable law will be made only with your written authorization, which may be revoked at any time, except to the extent that MGCS, PLLC has already made a use or disclosure based upon your authorization. This use and disclosure may be made electronically [Texas 181.154].
YOUR RIGHTS REGARDING YOUR PHI
Right to Request Restrictions You have the right to request a restriction or limitation on the use or disclosure of your PHI for treatment, payment, or health care operations. MGCS, PLLC is not required or legally bound to agree to your request. If this practice does agree with your request, this practice will obtain consent from you in writing, outline request in detail, and include agreement with your records within the practice. Excepting uses or disclosures without your consent as mentioned above, this practice will abide by the written agreement.
Right to Request Confidential Communication You have the right to request that MGCS, PLLC communicates with you about health matters in a certain way or at a certain location. This practice will accommodate reasonable requests. This practice may require information regarding how payment will be handled or specification of an alternative address or other method of contact as a condition for accommodating your request. This practice will not ask you for an explanation of why you are making the request.
Right of Access to Inspect and Copy Unless your information was compiled in reasonable anticipation of, or for use in a civil, criminal, or administrative action or proceeding, you have the right, which may be restricted only in exceptional circumstances, to inspect and copy PHI that is maintained in a “designated record set”. A designated record set contains mental health/medical and billing records and any other records that are used to make decisions about your care. Your right to inspect and copy PHI will be restricted only in those situations where a licensed professional believes it is reasonably likely that access would endanger the life or physical safety of, or cause substantial harm to the individual or another person. MGCS, PLLC may charge a reasonable fee for copies. If your records are maintained electronically, you may also request an electronic copy of your PHI. You may also request that a copy of your PHI be provided to another person.
Right to Amend If you feel that the PHI MGCS, PLLC has about you is incorrect or incomplete, you may ask to amend the information although this practice is not required to agree to the amendment. If this practice denies your request for amendment, you have the right to file a statement of disagreement with MGCS, PLLC. MGCS, PLLC may prepare a rebuttal to your statement and will provide you with a copy. Please contact the practice owner if you have any questions.
Right to an Accounting of Disclosures You have the right to request an accounting of certain of the disclosures that MGCS, PLLC make of your PHI. MGCS, PLLC may charge you a reasonable fee if you request more than one accounting in any 12-month period.
Right to a Copy of this Notice. You have the right to a paper copy or email copy of this notice.
COMPLAINTS If you believe MGCS, PLLC has violated your privacy rights, you have the right to file a complaint in writing with the options below. MGCS, PLLC will not retaliate against you for filing a complaint.
The practice owner, Megan Gauwain, MA, LPC, NCC at 136 E San Antonio Street, Suite #104 San Marcos, Texas 78666
The Secretary of Health and Human Services at 200 Independence Avenue, S.W. Washington,
D.C. 20201 or by calling 1-877-696-6775
BREACH NOTIFICATION MGCS, PLLC will notify you following the discovery of any “breach” of your unsecured PHI as defined in the HITECH Act (the “Notice of Breach”). Your Notice of Breach will be in writing and provided via first-class mail, or alternatively, by e-mail if you have previously agreed to receive such notices electronically. If the breach involves:
10 or more individuals for whom the practice has insufficient or out-of-date contact information, then the practice will provide substitute individual Notice of Breach by either posting the notice on this practice's website or by providing the notice in major print or broadcast media where the affected individuals likely reside
Less than 10 individuals for whom this practice has insufficient or out-of-date contact information, then this practice will provide substitute Notice of Breach by an alternative form.
Your Notice of Breach shall be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and shall include, to the extent possible:
A description of the breach.
A description of the types of information that were involved in the breach
The steps you should take to protect yourself from potential harm.
A brief description of what we are doing to investigate the breach, mitigate the harm, and prevent further breaches.
MGCS, PLLC’s relevant contact information.
Additionally, for any substitute Notice of Breach provided via web posting or major print or broadcast media, the Notice of Breach shall include a toll-free number for you to contact this practice to determine if your protected health information was involved in the breach.
COMMUNICATION NOTICE AND CONSENT MGCS, PLLC is committed to maintaining and staying informed on best privacy practices when using or disclosing PHI. This practice has set in place procedures to maintain and secure PHI to the best of it's ability.
However, electronic communication platforms (i.e. email, text, direct messages, voicemail, etc.) do have inherent limitations to privacy, such as (but not limited to): possible breach of privacy or confidentiality of sensitive PHI; data that contains sensitive PHI security risks; difficulties in verifying the identity of the parties when communicating electronically; and the potential impact of delayed responses during emergency situations.
Knowing the inherent risks mentioned above, please note the types of PHI that may be electronically communicated between MGCS, PLLC and its clients:
From MGCS, PLLC
Limited PHI administrative information such as: appointment reminders; appointment/reschedule changes; billing notices and invoices; links to complete paperwork; mental health resources - e.g. phone applications, worksheets; or other information for treatment or healthcare operation purposes)
Records with written authorization given by you to be sent to you or another person authorized by you to receive electronic records
From you to MGCS, PLLC of the above types of PHI
Note: This practice recommends and will follow a best practice's guideline to send as limited PHI as possible or administrative in nature PHI for most of its electronic communication.
Please, send any new contact information to MGCS, PLLC so it can be updated as soon as possible if your information should change.
[VIEWING FULL DOCUMENT - READ ONLY]
Please, check which types of communication you are giving consent to MGCS, PLLC to electronically communicate PHI with you.
NONE OF THE ABOVE (I request another form of communication - electronic or other - option)
[VIEWING FULL DOCUMENT - READ ONLY]
CONSENT I have read and give consent to MGCS, PLLC's privacy practices outlined in this Notice of Privacy Practices. I acknowledge that I have had the opportunity and will continue to have the option to ask questions to gain clarity and understanding of these practices to my satisfaction.