Confidentiality & Legal Compliance

This practice complies with the Health Insurance Portability and Accountability Act (HIPAA) and the California Confidentiality of Medical Information Act (CMIA). Your protected health information (PHI) is handled with the highest standards of privacy, security, and ethical responsibility.

Protected health information includes identifying information, clinical records, appointment data, billing information, and any communication related to treatment. Information is stored in secure, HIPAA-compliant electronic systems.

Use & Disclosure of Information

Your health information may be used for treatment, payment, and healthcare operations. Information will not be shared without your written authorization except where required or permitted by law, including but not limited to mandated reporting, risk of harm to self or others, abuse reporting, court orders, or legal obligations.

A detailed Notice of Privacy Practices is provided at the beginning of services outlining how information may be used and disclosed.

Telehealth & Electronic Communication

Telehealth sessions are conducted through secure, encrypted platforms that meet HIPAA security standards. While reasonable safeguards are used, electronic communication (email, text, voicemail) may carry some inherent privacy risks.

Clients are encouraged to use secure portals for clinical communication. Emergency matters should not be addressed through electronic messaging and should be directed to emergency services.

Record Retention

Clinical records are maintained in accordance with California law. For adult clients, records are typically retained for a minimum of seven years from the date of last service. For minors, records are retained for at least seven years after the minor reaches the age of 18.

Your Rights Under HIPAA & California Law

You have the right to request access to your records, request amendments, request restrictions on certain disclosures, receive an accounting of disclosures, and request confidential communications.

Requests must be submitted in writing and may be subject to review under applicable legal guidelines.

Complaints

If you believe your privacy rights have been violated, you may file a complaint directly with this practice or with the U.S. Department of Health and Human Services, Office for Civil Rights. Filing a complaint will not result in retaliation.