OFFICE PRIVACY POLICIES AND PROCEDURES
Confidentiality and privacy are the cornerstones of the mental
health professions. Patients have an expectation that their communications
with therapist, and their treatment records, will be kept confidential
and will not be released to others without the written authorization
of the patient. One of the purposes of the Notice of Privacy Practices
is to inform and to educate patients about the fact that there
are exceptions to the general rule of confidentiality. Many of
these exceptions have existed for years, and many of them are
the result of laws and regulations being passed by state legislatures
and by the federal government. These laws and regulations are
essentially statements of public policy. My office policies and
procedures, as well as the ethical standards of my profession
are intended to shape my practice so that privacy and confidentiality
are maintained, consistent with California law and the federal
Officer: I, William G. Barton, Ph.D., am the privacy officer for
practice. I am the one responsible for developing and implementing
policies and procedures.
(2) Contact Person: I, William G. Barton, Ph.D., am the contact
person for this
practice. If a patient needs or desires further information related
to the Notice
of Privacy Practices, or if the patient has a complaint regarding
and procedures or our compliance with them, I am the person who
(3) The effective date of these policies and procedures is April
(4) I will maintain documentation of all consents, authorizations,
Notices of Privacy Practices, Office Policies and Procedures,
trainings, and patient requests for records or the amendments
to records. I will also document complaints received and their
(5) I will train all employees and interns of my practice regarding
the importance privacy and confidentiality. At a minimum, these
Office Policies and Procedures will be reviewed and discussed,
as will the content of the Notice of Privacy Practices. The training
will take place as soon as possible after the individual is hired
or the intern is acquired.
(6) I will not maintain or use patient sign-in sheets, and never
(7) Conversations regarding confidential material or information
will take place in an area and in a manner where they will not
be easily overheard.
(8) Patient records will be kept in locked file cabinets in my
individual office. My individual office is locked when I am not
there. Patient records will not be left in places in my office
where others are able to see its contents. I will take steps to
assure that patient records are accessed only by me or by those
in my employ with my permission, who may need to access them on
my behalf or on the patient's behalf.
(9) Computers and fax machines will be place appropriately so
that access is limited to office personnel and so that confidential
information transmitted or received is not seen by others.
(10) With respect to electronic equipment such as computers, I
will delete and change the passwords of terminated employees or
interns promptly upon their termination.
(11) With respect to office keys, terminated employees or interns
will be asked to return all keys to the office that they may possess.
I also realize that it may be necessary to change one or more
locks within my office from time to time, depending on circumstances.
(12) For those in my employ or interns who violate these policies
and procedures or who compromise the confidentiality or privacy
of a patient, I will take such actions, as I believe are warranted
by the situation. Since I have a small private practice, I have
not had the need to develop and implement a formal disciplinary
policy. I will act in good faith and will do my best to correct
errors or deficiencies that become know to me.
(13) Information and records concerning a patient may be disclosed
as described in the Notice of Privacy Practices and in accordance
with applicable law or regulation. Generally, I will obtain a
written authorization from the patient before releasing information
to third parties for purposes other than treatment payment, and
health care operations, unless disclosure is required by law or
permitted by law.
(14) If an adverse party subpoenas mental health records, I will
assert the psychotherapist-patient privilege on behalf of the
patient. I will thereafter act according to the wishes of the
patient and the patient's attorney, unless a Court orders me or
other lawful authority to release records or portions thereof.
(15) To the extent that I keep patient records electronically
(e.g. on my computer), I will backup the computer files on a weelkly
basis and will store the backup offsite. By doing so, I will be
prepared in the case of an incident of some kind that causes destruction,
deletion, of damage to electronically stored patient records.
(16) I keep patient records for at least seven years from the
date of the last treatment or session. With respect to the records
of a minor, I keep those records for at least seven years or until
the patient is twenty-one years old, whichever is longer. Thereafter,
I may destroy patient record. When records are destroyed, they
will be destroyed in a manner that protects patient privacy and
(17) I will attempt to find out from patients, as early as possible,
whether they have any objection to me or others in my office in
sending correspondence to their residence (e.g., claim forms,
bills) and whether I am permitted to call them at their residence
or elsewhere to change appointment times or dates, or to discuss
matters related to their treatment.
(18) If I share protected health information about a patient with
third party business associates as part of my health care operations
(e.g., a billing or transcription service), I will have a written
contract with that business associate that contains terms that
will protect the privacy of the patient's protected health information.
(19) I will do my best to ensure that electronic information,
such as billing records and correspondence, is protected from
computer viruses and unauthorized intruders.