Privacy Policy - HIPAA Notice of Privacy Practices

This notice describes how protected health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Privacy is a very important concern for all those who work with me. This Notice of Privacy Practices describes how I protect your personal health information, tells how I may use and disclose your clinical information, and explains certain rights you have regarding this information. I am providing you with this notice in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and will comply with the terms as stated. I will obey the rules of this notice as long as it is in effect, but if I change it I will update it immediately on my website and inform you if you choose to continue service with me. You can get a copy from me at any time, and it will be posted here on my website.

  1. Company Statement

This website, https://www.yogamindedbyjess.com/ and its contents and the business, Yoga Minded by Jess, are owned by Jessica D. Buck, M.S., C-IAYT, RYT-500. 

Jessica D. Buck is committed to protecting your Personal Health Information. Jessica will only collect or use your Personal Health Information in accordance with the Privacy Policy herein.

  • How I Use and Disclose Your Personal Health Information.

I protect your personal health information from inappropriate use and disclosure. Your information is obtained in the course of providing services to you and is related to your medical records/SOAP notes/assessments, integrative therapeutic visits, and payment information. It is likely to include your health history, reasons you came for yoga therapy, therapeutic treatment plans or home plan of cares, progress notes I make after sessions (but not therapy notes I may choose to make (recorded meditations, handouts, awareness-based practices, etc. for my own use), records I get from others who worked or work with you or evaluate you, and billing information, including payment of services rendered. I will not disclose any personal health information without your written authorization, unless such disclosure is permitted or required by law.

The law permits me to disclose your health information without a signed authorization from you when I am using it to provide you with your integrative clinical care. For example, I use your clinical information to plan your care, to decide how well your therapeutic process is working, when I talk with other professionals on a health care team who are also treating you, for teaching and training other professionals/students, and for yoga therapy research.

  • How your protected health information can be used and shared. 

When your information is read by me, in the law that is called “use.” If the information is shared with or sent to others outside this office, in the law that is called “disclosure.” Except in some special circumstances, when I use your PHI here or disclose it to others, I share only the minimum necessary for those other people to do their jobs. The law gives you rights to know about your PHI, how it is used and to have a say in how it is disclosed (shared), and so I will tell you more about what I do with your information.

2. Uses and disclosures of PHI in healthcare with your consent. 

This Notice is provided on my website. You will be asked to sign a separate consent form before the initial intake session to allow me to use and share your personal health information. In almost all cases, I intend to use your personal health information here, or to share your personal health information with other people or organizations to provide effective therapy practices to you, to arrange for payment for my services, or some other business functions involved in health care operations.

Generally, I may use or disclose your PHI for three purposes: 1.) during therapeutic interventions to inform me of your overall health condition, 2.) to bill for your services, and what are called health care operations, in other words, 3.) to run this private practice.

A. Care Management 

I need information about you to provide care to you. You agree to let me collect the information in the intake process and to use it and share it to care for you properly. Therefore you must sign the Consent statement in the initial intake form before I begin to work with you, because if you do not agree and consent, then I cannot collaborate with you.

Health information about you may be used or disclosed to assist treatment by other health care providers. This would include treatment provided to you by me, and coordinating your care with other providers such as psychotherapists, physicians, hospitals, or nursing homes. For example, I may refer you to other health-care or medical professionals or consultants for services I cannot provide and/or are out of my scope of practice. When I do this, I need to tell them some things about you and your conditions. I will get back their findings and opinions, and those will go into your records here. If you receive treatment in the future from other professionals, I can also share your health information with them.

B. Uses and Disclosures for Payment 

I will make uses and disclosures of your protected health information as necessary for payment purposes. During the normal course of business operations, I may also use your information to prepare a bill to send to you or to the person responsible for your payment.

C. Health Care Operations 

Health information may be used and disclosed to carry out health care operations, which includes using your health information to see where I can make improvements in the care and services I provide. I may be required to supply some information to some government health agencies so they can study disorders and treatment and make plans for services that are needed. If I do, your name and personal information will be removed from what I send. Information may be disclosed to a law enforcement agency to respond to a subpoena, to help identify or locate a suspect or missing person, or to provide information about a victim of a crime. Information may also be shared for certain types of public health efforts involving communicable diseases. In addition, information may be disclosed to the appropriate governmental authorities to avoid a serious threat to your health and safety or that of another person or the public, or when there is reason to suspect neglect, abuse or domestic violence. Information will also be shared about a deceased person when necessary with coroners, medical examiners, funeral directors or with organizations involved with organ, eye or tissue donations.

  1. To individuals involved in your care. Your health information may be disclosed to a family member, other relative or close personal friend assisting you in receiving or obtaining payment for health care services. I will disclose your health information to these individuals only if you tell me to do this or if I can reasonably infer that you do not object. I may also disclose your health information to disaster relief organizations such as the Red Cross to assist your family members or friends in locating you or learning about your general condition in the event of a disaster.

  2. Appointments, Information or Services. I may contact you to provide appointment reminders or information about care alternatives or other health-related services that may be of interest to you. I may also use or disclose your health information for judicial or administrative proceedings, for specialized government functions, for workers’ compensation or similar purposes. If you want me to call or write to you only at your home or your work or prefer some other way to reach you, I can usually arrange that. Just tell me.

  3. Business Associates. There are some tasks I may hire other businesses to do for me. Examples include a copy service used to make copies of your health records, and a bookkeeper or accountant to help me organize the finances related to this private practice. These business associates need to receive some of your health information to do their jobs properly. To protect your privacy, they agree in their contract with me to safeguard your information.

  4. Obtaining Your Authorization for Other Uses and Disclosures. I will not use or disclose your health information for any purpose not specified in this Notice of Privacy Practices unless I obtain your express written authorization to do so. If you give me your authorization, you may revoke it at any time in writing, in which case we will no longer use or disclose your health information for the purpose you authorized, except to the extent we have relied on your authorization in providing benefits. I may refuse to enroll or continue to provide benefits to you if you decide not to sign an authorization form.

3. Your Rights Regarding Your Health Information. 

  1. Right to Inspect and Copy. You have the right to inspect or request a copy of personal health information about you that I maintain and that I may use in making decisions about your care. Your request should describe the information you want to review. In limited circumstances, you may not be able to review or copy certain information. These include clinical yoga therapy notes, or information collected in anticipation of a claim or legal proceeding. If I determine that reviewing your records may cause substantial and identifiable harm to you or others or would have a detrimental effect on your treatment, on our professional relationship, or on your relationship with parents, guardians, spouses, or children, I may deny access to your records. A patient over the age of twelve may be notified of any request by a qualified person to review his or her record, and if the patient objects to the disclosure, I may deny the request for access. I may charge you a reasonable fee for copying.

  2. Right to Request Amendments. You have the right to request changes to any health information I maintain about you if you state a reason why this information is incorrect or incomplete. I may not agree to make the changes you request. If I do not believe the changes you requested are appropriate, I will notify you in writing how you can have your objection to my decision included in my records.

  3. Right to an Accounting of Disclosures. You have the right to receive a list of disclosures of your health information that have been made by me. The list will not include disclosures made for certain types of purposes, such as disclosures for treatment, payment or health care operations or disclosures you authorized in writing. Your request should specify the time period for which you want this list, which can be no longer than six years and may not include dates prior to February 18th, 2024. The first time you ask for a list of disclosures in any 12-month period, I will provide it for free. If you request additional lists during a 12-month period, I may charge you a fee to cover our costs in providing the additional lists.

  4. Right to Request Restrictions. You have the right to request restrictions on the ways in which I use and disclose your health information for treatment, payment and health care operations, or disclose this information to disaster relief organizations or individuals who are involved in your care. I may not agree to the restrictions you request.

  5. Right to Request Confidential Communications. You have the right to ask me to send health information to you in a different way or at a different location if you believe that you may be endangered by my ordinary form of communication. You must state in your request that you believe you will be endangered by my ordinary form of communication but you do not have to explain why you believe this is the case. You may ask me to send health information to you in a different way or at a different location. Your request should also specify where and/or how I should contact you. We will accommodate all reasonable requests.

  6. Right to Paper Copy of Notice. You have the right to receive a paper copy of this Notice of Privacy Practices at any time. You may receive a paper copy even if you have previously requested to receive this Notice electronically. You may also print out a copy of this Notice by going to my website at https://www.yogamindedbyjess.com/.

  7. Right to Notice of Breach. I take very seriously the confidentiality of my patients’ information, and I am required by law to protect the privacy and security of your protected health information through appropriate safeguards. I will notify you in the event a breach occurs involving or potentially involving your unsecured health information and inform you of what steps you may need to take to protect yourself. In order to comply with Fair Information Practices, I will take the following responsive action, should a data breach occur: I will notify you via email within 5 business days of any known breach.

4. Uses and disclosures where you have an opportunity to object.

If I want to use your information for any purpose besides those described above, I need your permission on an authorization form. If you do authorize me to use or disclose your health information, you can cancel that permission, in writing, at any time. After that time I will not use or disclose your information for the purposes that we agreed to. Of course, I cannot take back any information that I had already disclosed with your permission or that I had used in my office.

Occasionally, with your permission and if we determine this to be helpful to your care, I can share some information about you with your family or close others. I will only share information with those involved in your care and anyone else you choose such as close friends or family. I will ask you about whom you want me to tell what information about your condition or treatment. You can tell me what you want, and I will honor your wishes, as long as it is not against the law.

If it is an emergency, so that we cannot ask if you disagree, I can share information if I believe that this is what you would want and if I believe it will help you if I do share it. If I do share information in an emergency, I will tell you as soon as I can. If you don’t approve I will stop, as long as it is not against the law.

5. CAN-SPAM Act of 2003.

The CAN-SPAM Act is a U.S. law which establishes rules for commercial email messages, gives you the right to stop certain commercial emails from being sent to you, and outlines certain penalties for commercial entities or persons who violate the law.

I collect your email address and name so I can:

  • - Send information, respond to inquiries, and/or other requests or questions.

  • - Process orders and to send information and updates pertaining to orders of a course, product, or service.

  • - Send you additional information related to your course, product and/or service.

  • - Market to my mailing list or continue to send emails to you after the original transaction has occurred.

  • - Email you a newsletter with free information and advertising certain Products, Services, and/or Courses we offer.

In accordance with the CAN-SPAM Act, we agree to the following:

  • - I WILL NOT  use false or misleading subjects or email addresses.

  • - I WILL  identify the email message as an advertisement in some reasonable way.

  • - I WILL include my business mailing address and/or physical address in our emails.

  • - I WILL  monitor third-party email marketing services for compliance. 

  • - I WILL honor opt-out/unsubscribe requests quickly.

  • - I WILL  allow users to unsubscribe by using the appropriate link at the bottom of each email.

TO UNSUBSCRIBE

If at any time you would like to unsubscribe from receiving future emails, you can email me at jessicabuckyoga@gmail.com or follow the instructions at the bottom of any email you receive from us and we will promptly remove you from future correspondence(s). However, unsubscribing from one list or set of emails may not unsubscribe you from receiving ALL future emails from us. If you experience any problems unsubscribing, please email Jess at jessicabuckyoga@gmail.com and I will promptly handle your removal.

6. Your General Data Protection Regulation ("GDPR") Rights

If you are located within the European Union ("EU"), you are entitled to certain rights under the GDPR. You have the right to:

  • Know how long I’ll keep your information. I’ll keep your personal information until: the earlier of: (1) you either ask me to delete your information or (2) the Business decides it no longer needs the data and the cost of retaining it outweighs the value of keeping it.

  • Access, rectify or erase your personal information. Withdraw your consent to the Business' processing of your data, which shall have no effect on the lawfulness of the processing of your personal information prior to your withdrawal.

  • Lodge a complaint with a supervisory authority that has jurisdiction over GDPR issues.

  • Provide only your personal information which is reasonably required to enter into a contract with me. Jessica will not ask for your consent to provide unnecessary personal information on the condition of entering into a contractual relationship

7. Third-Party Links:

Occasionally, at my discretion, I may include or offer third-party products, services, or links to articles/blogs/sites on my website. These third-party sites may or may not have separate and independent privacy policies. I, therefore, have no responsibility or liability for the content and activities of these linked sites and/or their privacy policy (or lack thereof). Nonetheless, I seek to protect the integrity of my website, https://www.yogamindedbyjess.com/, and welcome any feedback about any issues you experience with linked-to sites by emailing me at jessicabuckyoga@gmail.com 

8. If you have questions or problems.

If you need more information or have questions about the privacy practices described above, please speak to me. If you have a problem with the way your health information has been handled, or if you believe your privacy rights have been violated, contact me. You have the right to file a complaint with me and with the Secretary of the Department of Health and Human Services.You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.

 I promise that I will not in any way limit your care here or take any actions against you if you complain.

9. Effective Date

This Notice of Privacy Practices is effective as of February 18th, 2024. 

Updated on February 18th, 2024 by Jessica D. Buck