Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY
Last Updated: November 11, 2024
OVERVIEW
This Notice of Privacy Practices (the “Notice”) will tell you about the ways Headway-Affiliated Professional Entities (listed at the end of this Notice) and the licensed healthcare professionals providing professional services through such entities (“Headway Providers”) (collectively the “Practice”), together with Therapymatch, Inc. (dba Headway) and its affiliates (including, Headway Behavioral Health Management Services, Inc., acting as a HIPAA Business Associate to the Practice) (collectively, “Headway,” “we,” “us,” and “our”), may disclose health information about you. This Notice will also describe your rights and certain obligations that we have regarding the use and disclosure of your health information. Headway is a behavioral health practice platform that offers services (including professional services provided by Headway Providers) across multiple legal entities which are referred to by the HIPAA Privacy Rule as an "organized health care arrangement." Headway Providers listed on this website provide healthcare services via telehealth and at the service delivery sites of the Headway Providers. Headway's legal entities share protected health information with each other, only as necessary, to carry out Headway's treatment, payment and health care operations, and for other purposes that are permitted or required by law, as permitted by the Health Insurance Portability and Accountability Act (“HIPAA”). All of the legal entities that comprise Headway agree to comply with the terms of this Notice. This Notice applies only to health information that is “protected health information” as defined by HIPAA. It does not apply to information that is not covered by HIPAA. Please see Headway’sPrivacy Policyfor terms that apply to non-HIPAA covered products and services.
We are required by law to: make sure that health information that identifies you is kept private; give you this notice of our legal duties and privacy practices with respect to your health information; notify you following a breach of your unsecured protected health information; and follow the terms of the notice that are currently in effect. Although this notice is being provided to you electronically, and by signing an acknowledgment of receipt of this notice, you consent to the provision of this notice electronically, you have the right to request a paper copy of this notice. We reserve the right to change our privacy practices and the terms of this Notice at any time and reserve the right to make any updated or new notice provisions effective for all protected health information that we maintain. In addition, updates described in this Notice are effective for all health information maintained by Headway, including any health information collected prior to the effective date hereof. You may obtain a copy of the revised notice on this website. This notice is effective as of November 10, 2024.
HOW YOUR INFORMATION IS USED
We may use and disclose your health information for the purposes of providing services and quality care. For the avoidance of doubt, providing treatment services, collecting payment and conducting healthcare operations are all necessary activities for quality care. State and federal laws allow us to use and disclose your health information for these purposes.
Here are some helpful examples, but this list is not exhaustive:
- Using your information for providing treatment. For example, If your treating provider cannot prescribe medications but wants to refer you to a prescriber in your insurance network, he or she may use your health information for the purpose of referring you to a prescriber who is affiliated with the Practice.
- The Practice or its business associates may use and disclose health information in order to verify your insurance and coverage.
- Helping manage the health care treatment you receive.
For example, the Practice or its business associates may receive and use information from its Headway Providers to arrange additional services for you.
- Example of using and disclosing your health information for collecting payment
- The Practice or its business associates will submit claims for reimbursement to your insurance company in order for them to pay us for the services we provide to you, which requires using your health information.
- Examples of using and disclosing your health information for healthcare operations
- The Practice or its business associates will use and disclose your health information for the review of treatment procedures, and may use it to review documentation to ensure provider compliance and quality care, and may use it internally to analyze our website and technologies through which we provide you services.
For uses and disclosures for purposes other than treatment, payment and operations, we are required to have your written authorization, unless the use or disclosure falls within an exception, such as those described below. Most uses and disclosures of psychotherapy notes (as that term is defined in the HIPAA Privacy Rule), uses and disclosures for marketing purposes, and disclosures that constitute the sale of Personal Information require your authorization. Authorizations can be revoked at any time to stop future uses/disclosures except to the extent that we may have already taken any action in reliance on your authorization.
DISCLOSURES THAT CAN BE MADE WITHOUT AN AUTHORIZATION
- Emergencies. Sufficient information may be shared to address an immediate emergency you are facing.
- Judicial and Administrative Proceedings. We may disclose your personal health information in the course of a judicial or administrative proceeding in response to a valid court order or other lawful process, including if you were to make a claim for Workers Compensation.
- Public Health Activities. If we felt you were an immediate danger to yourself or others, we may disclose health information about you to the authorities, as well as alert any other person who may be in danger.
- Child/Elder Abuse. We may disclose health information about you related to the suspicion of child and/or elder abuse or neglect.
- Criminal Activity or Danger to Others. We may disclose health information if a crime is committed on our premises or against our personnel, or if we believe there is someone who is in immediate danger.
- Health Oversight Activities. We may disclose health information to a health oversight agency for activities authorized by law. These activities might include audits or inspections and are necessary for the government to monitor the health care system and assure compliance with civil rights laws. Regulatory and accrediting organizations may review your case record to ensure compliance with their requirements. The minimum necessary information will be provided in these instances.
- Business Associates. The Practice may disclose the minimum necessary health information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. For example, the Practice contracts with a vendor for filing claims with insurance companies. In the process of filing claims, that organization will come into contact with your information. We also contract with a vendor that collects and manages internet or other electronic network activity on our sites and services and internally encodes it so that we can determine and manage information that might be health information. In addition, we have a vendor that collects and analyzes information about how our users interact with our website to support our health care operations. All of our business associates sign agreements to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract, and are obligated to promptly notify us in the event there is a breach of protected health information (as defined by HIPAA).
- Trusted Exchange Framework and Common Agreement (“TEFCA”). The Practice or its business associates may disclose health information through a TEFCA for HIPAA-authorized treatment purposes, subject to contractual agreements to protect the privacy and security of health information as required by HIPAA, in order to manage or coordinate your health care, arrange for additional services, and/or for our health care operations.
- Research. Under certain circumstances, we may use and disclose health information for research. We may permit researchers to look at non-identifying information to help them plan research projects.
- Marketing. We may send you newsletters or information about services we provide in which we feel you might be interested. You may at any time request that your name be removed from our mailing list.
- Scheduling appointments. We may email or call you to schedule or remind you of appointments.
YOUR INDIVIDUAL RIGHTS
- Right to Inspect and Copy. You have the right to look at or get copies of your health information, with limited exceptions. Your request must be in writing. If you request a copy of the information, a reasonable charge may be made for the costs incurred.
- Right to Amend. You have the right to request that we amend your health information. Your request must be in writing, and it must explain why the information should be amended. We have the right to deny your request under certain circumstances.
- Right to an Accounting of Disclosures. You have the right to receive a list of instances in which we have disclosed your health information for a purpose other than treatment, payment, or health care operations. To request an accounting of disclosures, you must submit your request in writing to the Privacy Officer. Such accountings remain available for six years after the last date of service at the Practice.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the health information we use or disclose about you. For example, you could ask that we not share information with an insurance company, in which case you would be responsible to pay in full for the services provided. While you are in treatment, a written request should be made with your therapist. To request a restriction after therapy is completed, you must make your written request to the Privacy Officer. We are not required to agree to your request, but we will consider the request very seriously. If we agree, we will abide by our agreement unless the information is needed in an emergency or by law.
- Right to Request Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may ask that we contact you only by mail or at work. You must make this request in writing and it must specify the alternative means or location that you would like us to use to provide you information about your health care. We will make every attempt to accommodate reasonable requests.
- Right to File Complaints. You may complain to us and to the Secretary of Health and Human Services if you believe your privacy rights have been violated. You may file a complaint with us by contacting the Privacy Officer at [email protected] or (646) 453–6777. You will not be retaliated against for filing a complaint. You may also contact the Privacy Officer for further information about this notice.
EMAIL AND TEXT MESSAGES
Some of our patients prefer to communicate with their provider via email or text message. Email and text messages have inherent privacy and security risks, and you should be aware of those before using emails and text messages. Errors in transmission or interception of messages can occur. Your email or text message is not a secure communication between you and your treating provider. At your health care provider’s discretion, your email or text message any and all responses may become part of your medical record. Additionally, for urgent or an emergency situation, you should not rely on email communication with providers affiliated with the Practice. In those situations, you should call 911.
ABOUT HEADWAY AND ITS HEADWAY-AFFILIATED PROFESSIONAL ENTITIES
Therapymatch, Inc. d/b/a Headway (and its subsidiaries and affiliated companies, including, but not limited to, Headway Behavioral Health Management Services, Inc.) does not provide professional healthcare services. Subject to applicable HIPAA Privacy Rule protections (including a Business Associate Agreement), it provides only administrative, billing, payment, technical, quality and compliance oversight, and other non-clinical support services necessary for clients to receive professional healthcare services from a Headway Provider. These non-clinical support services allow Headway Providers to concentrate on offering professional healthcare services to clients through one or more clinical practice entities often referred to as “Professional Corporations” or “P.C.s”) (listed below) owned (where required by law) and overseen by a licensed medical director (e.g., Medical Doctor) under common Headway branding.
HEADWAY-AFFILIATED PROFESSIONAL ENTITIES
Sunshine Medical Behavioral Health Services, P.A., Headway Florida Behavioral Health Services, P.A., Hudson Liberty Medical, P.C., New York Medical Behavioral Health Services, P.C., Golden Gate Behavioral Health Services, P.C., Headway California Behavioral Health Services, P.C., Great Lakes Behavioral Health Services, P.C., Headway Michigan Behavioral Health Services, P.C., Garden State Behavioral Health Services, P.C., Headway New Jersey Behavioral Health Services, P.C., Mile High Behavioral Health Services, Inc., Headway Colorado Behavioral Health Services, Inc., Windy City Behavioral Health Services, PLLC, Headway Illinois Behavioral Health Services, PLLC, Badger Behavioral Health Services, S.C., Headway Wisconsin Behavioral Health Services, S.C., Sunflower Behavioral Health Services, P.A., Headway Kansas Behavioral Health Services, P.A.