HIPAA Compliance

Protected Health Information (PHI) includes any health information that can be linked to you, including:

• • Medical history and diagnoses
• • Mental health treatment records and therapy notes
• • Medication information and prescriptions
• • Laboratory and test results
• • Billing and payment information
• • Family and emergency contact information
• • Any other health-related personal information

All PHI collected during your engagement with ACC is protected under HIPAA regulations and state mental health confidentiality laws.

Administrative Safeguards:

• • Designated Privacy Officer responsible for HIPAA compliance
• • Staff training on HIPAA regulations and confidentiality protocols
• • Access controls limiting staff to necessary information only
• • Written policies and procedures for information handling
• • Regular compliance audits and security assessments

Physical Safeguards:

• • Secure storage of all client records and documentation
• • Limited access to clinical files and treatment records
• • Controlled facility access with security protocols
• • Secure disposal of all paper and electronic records

Technical Safeguards:

• • Encrypted data transmission and storage
• • Secure access controls with unique user authentication
• • Regular software updates and security patches
• • Audit logs tracking all access to PHI
• • Intrusion detection and prevention systems
• • Backup and disaster recovery protocols

Your PHI may be used and disclosed by ACC only for the following purposes:

• • Treatment: Providing counseling, assessment, and clinical services
• • Payment: Billing and collection of service fees
• • Operations: Administrative functions, quality improvement, and staff training
• • Family Coordination: Sharing information with family members you authorize in writing
• • Referrals: Sharing information with referring professionals or treatment providers you authorize

We DO NOT:

• • Share your information with third parties without written consent
• • Sell or trade your PHI for any purpose
• • Use your information for marketing or advertising
• • Disclose your engagement with ACC to anyone outside your authorized circle

ACC may disclose your PHI without your consent only in the following circumstances:

• • Legal Process: When required by court order, subpoena, or warrant
• • Emergency: When necessary to prevent serious harm to you or others
• • Public Health: When required by law to report communicable diseases or abuse
• • Law Enforcement: When required by law enforcement for criminal investigations
• • Abuse Reporting: When mandated to report child, elder, or dependent adult abuse

In all required disclosures, ACC provides only the minimum information necessary and documents the disclosure in your medical record.

Under HIPAA, you have the following rights regarding your Protected Health Information:

In the unlikely event of a breach of your PHI, ACC will:

• • Notify you without unreasonable delay (no later than 60 days after discovery)
• • Provide details of the breach and affected information
• • Explain the steps you should take to protect yourself
• • Describe ACC's investigation and remediation efforts
• • Notify relevant regulatory authorities as required by law

ACC maintains comprehensive cyber insurance and breach response protocols to minimize risk and ensure rapid notification if any incident occurs.

ACC may use third-party vendors (Business Associates) to support clinical operations, including:

• • Electronic health record systems
• • Secure communication platforms
• • Data backup and storage providers
• • Billing and payment processors

All Business Associates are contractually required to maintain HIPAA compliance and implement equivalent security measures. ACC maintains oversight of all third-party access to PHI.

ACC retains client medical records in accordance with state law requirements (typically 7 years from last date of service). After the retention period expires, all records are securely destroyed through:

• • Certified document shredding for paper records
• • Secure data wiping for electronic records
• • Verified destruction with certificates of destruction

If you have questions about ACC's HIPAA practices or wish to exercise any of your rights, please contact our Privacy Officer through your referring professional advisor.

All inquiries are handled with complete discretion and will not affect your care or services.