Headway
Join as a provider
Language

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY

Last Updated: August 8, 2023

OVERVIEW

This notice will tell you about the ways Headway (“Practice,” “we,” or “us”) may disclose health information about you and will also describe your rights and certain obligations that we have regarding the use and disclosure of your health information. Headway is a behavioral health group that is operated across multiple legal entities which are referred to by the HIPAA Privacy Rule as an "organized health care arrangement." Headway has relationships with the providers listed on this website and provides services via telehealth and at the service delivery sites of the providers listed on this website. Headway's legal entities share protected health information with each other, as necessary to carry out Headway's treatment, payment and health care operations. All of the legal entities that comprise Headway agree to comply with the terms of this Notice of Privacy Practices.

We are required by law to: make sure that health information that identifies you is kept private; give you this notice of our legal duties and privacy practices with respect to your health information; notify you following a breach of your unsecured protected health information; and follow the terms of the notice that are currently in effect. Although this notice is being provided to you electronically, and by signing an acknowledgment of receipt of this notice, you consent to the provision of this notice electronically, you have the right to request a paper copy of this notice. We reserve the right to change our privacy practices and the terms of this notice at any time. You may obtain a copy of the revised notice on this website. This notice is effective as of February 8, 2021.

HOW YOUR INFORMATION IS USED

We may use and disclose your health information for the purposes of providing services and quality care. For the avoidance of doubt, providing treatment services, collecting payment and conducting healthcare operations are all necessary activities for quality care. State and federal laws allow us to use and disclose your health information for these purposes.

Here are some helpful examples, but this list is not exhaustive:

  • Using your information for providing treatment. For example, If your treating provider cannot prescribe medications but wants to refer you to a prescriber in your insurance network, he or she may use your health information for the purpose of referring you to a prescriber who is affiliated with the Practice.
    • The Practice or its business associates may use and disclose health information in order to verify your insurance and coverage.
  • Example of using and disclosing your health information for collecting payment
    • The Practice or its business associates will submit claims for reimbursement to your insurance company in order for them to pay us for the services we provide to you, which requires using your health information.
  • Examples of using and disclosing your health information for healthcare operations
    • The Practice or its business associates will use and disclose your health information for the review of treatment procedures, and may use it to review documentation to ensure provider compliance.

For uses and disclosures for purposes other than treatment, payment and operations, we are required to have your written authorization, unless the use or disclosure falls within an exception, such as those described below. Most uses and disclosures of psychotherapy notes (as that term is defined in the HIPAA Privacy Rule), uses and disclosures for marketing purposes, and disclosures that constitute the sale of Personal Information require your authorization. Authorizations can be revoked at any time to stop future uses/disclosures except to the extent that we may have already taken any action in reliance on your authorization.

DISCLOSURES THAT CAN BE MADE WITHOUT AN AUTHORIZATION

  • Emergencies. Sufficient information may be shared to address an immediate emergency you are facing.
  • Judicial and Administrative Proceedings. We may disclose your personal health information in the course of a judicial or administrative proceeding in response to a valid court order or other lawful process, including if you were to make a claim for Workers Compensation.
  • Public Health Activities. If we felt you were an immediate danger to yourself or others, we may disclose health information about you to the authorities, as well as alert any other person who may be in danger.
  • Child/Elder Abuse. We may disclose health information about you related to the suspicion of child and/or elder abuse or neglect.
  • Criminal Activity or Danger to Others. We may disclose health information if a crime is committed on our premises or against our personnel, or if we believe there is someone who is in immediate danger.
  • Health Oversight Activities. We may disclose health information to a health oversight agency for activities authorized by law. These activities might include audits or inspections and are necessary for the government to monitor the health care system and assure compliance with civil rights laws. Regulatory and accrediting organizations may review your case record to ensure compliance with their requirements. The minimum necessary information will be provided in these instances.
  • Business Associates. The Practice may disclose the minimum necessary health information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. For example, the Practice contracts with a vendor for filing claims with insurance companies. In the process of filing claims, that organization will come into contact with your information. We also contract with a vendor that collects and manages internet or other electronic network activity on our sites and services and internally encodes it so that we can determine and manage information that might be health information. All of our business associates sign agreements to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract.
  • Research. Under certain circumstances, we may use and disclose health information for research. We may permit researchers to look at non-identifying information to help them plan research projects.
  • Marketing. We may send you newsletters or information about services we provide in which we feel you might be interested. You may at any time request that your name be removed from our mailing list.
  • Scheduling appointments. We may email or call you to schedule or remind you of appointments.

YOUR INDIVIDUAL RIGHTS

  1. Right to Inspect and Copy. You have the right to look at or get copies of your health information, with limited exceptions. Your request must be in writing. If you request a copy of the information, a reasonable charge may be made for the costs incurred.
  2. Right to Amend. You have the right to request that we amend your health information. Your request must be in writing, and it must explain why the information should be amended. We have the right to deny your request under certain circumstances.
  3. Right to an Accounting of Disclosures. You have the right to receive a list of instances in which we have disclosed your health information for a purpose other than treatment, payment, or health care operations. To request an accounting of disclosures, you must submit your request in writing to the Privacy Officer. Such accountings remain available for six years after the last date of service at the Practice.
  4. Right to Request Restrictions. You have the right to request a restriction or limitation on the health information we use or disclose about you. For example, you could ask that we not share information with an insurance company, in which case you would be responsible to pay in full for the services provided. While you are in treatment, a written request should be made with your therapist. To request a restriction after therapy is completed, you must make your written request to the Privacy Officer. We are not required to agree to your request, but we will consider the request very seriously. If we agree, we will abide by our agreement unless the information is needed in an emergency or by law.
  5. Right to Request Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may ask that we contact you only by mail or at work. You must make this request in writing and it must specify the alternative means or location that you would like us to use to provide you information about your health care. We will make every attempt to accommodate reasonable requests.
  6. Right to File Complaints. You may complain to us and to the Secretary of Health and Human Services if you believe your privacy rights have been violated. You may file a complaint with us by contacting the Privacy Officer at compliance@headway.co or (646) 453–6777. You will not be retaliated against for filing a complaint. You may also contact the Privacy Officer for further information about this notice.

EMAIL AND TEXT MESSAGES

Some of our patients prefer to communicate with their provider via email or text message. Email and text messages have inherent privacy and security risks, and you should be aware of those before using emails and text messages. Errors in transmission or interception of messages can occur. Your email or text message is not a secure communication between you and your treating provider. At your health care provider’s discretion, your email or text message any and all responses may become part of your medical record. Additionally, for urgent or an emergency situation, you should not rely on email communication with providers affiliated with the Practice. In those situations, you should call 911.