Privacy Policy - Serenity Falls Behavioral Health

Effective Date: 09/01/2024

At Serenity Falls Behavioral Health, we are dedicated to protecting the privacy, confidentiality, and rights of all individuals receiving mental health services. This Privacy Policy outlines how we collect, use, disclose, and protect your health information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and all applicable California state laws.

1. HIPAA Compliance and Patient Confidentiality

We follow all HIPAA guidelines to safeguard your Protected Health Information (PHI). This includes, but is not limited to:

• Limiting access to your information only to authorized staff involved in your care

• Securing all electronic and paper records

• Providing notice of any breaches in the security of your PHI, as required by law

You have the right to:

• Access your health records

• Request corrections to inaccurate or incomplete information

• Obtain a list of disclosures of your PHI

• Request restrictions on how your PHI is used or shared

2. California State Law Protections

California law provides additional protections for mental health records, particularly around:

• Minor Consent: In many cases, minors age 12 and older may consent to mental health treatment and may control access to their records.

• Substance Use Records: These are given special confidentiality protections under federal law (42 CFR Part 2) and California state law.

• Disclosure Requirements: We will not release your information without your explicit written consent unless required or permitted by law (e.g., duty to warn, abuse reporting, court orders).

3. Telehealth Privacy and Security

Serenity Falls Behavioral Health offers telehealth services to increase access to care. We are committed to ensuring that these services are delivered securely and in compliance with HIPAA and state privacy regulations.

Telehealth Policies:

• All telehealth sessions are conducted through HIPAA-compliant platforms that use secure, encrypted connections.

• Patients are responsible for participating in sessions from a private, quiet, and secure location to help protect their own confidentiality.

• Telehealth services are subject to the same standards of care, documentation, and confidentiality as in-person visits.

• Consent for telehealth will be obtained prior to the start of services and documented in the patient’s medical record.

4. Data Protection and Storage

We implement a variety of administrative, physical, and technical safeguards to protect your PHI. These include:

• Encrypted electronic health record (EHR) systems

• Role-based access to health information

• Regular staff training on privacy and security policies

5. Use and Disclosure of PHI

We may use or disclose your PHI for:

• Treatment (coordination of care among providers)

• Payment (billing your insurance company)

• Healthcare operations (quality improvement, audits, accreditation)

• Legal compliance (reporting abuse, danger to self/others, or court-ordered disclosures)

6. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Any changes will be posted on our website and available at our facility. The revised policy will apply to all PHI we maintain.