Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information.

Spectra Behavioral Health, LLC is dedicated to protecting the confidentiality of all clients and their families. We will keep Protected Health Information (PHI) secure in accordance with HIPAA standards. We are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. We are required to abide by the terms of the notice currently in effect.

You also have the right to receive a paper copy of this Notice and may ask us to give you a copy of this Notice at any time.  If you received this Notice electronically, you are entitled to a paper copy of this Notice.  We must follow the privacy practices that are described in this Notice while it is in effect. If you have any questions about this Notice, please contact a Director at Spectra Behavioral Health, LLC.

What is Protected Health Information

PHI is any information in a medical record that can be used to identify an individual, and that was created, used, or disclosed to a covered entity and/or their business associate(s) in the course of providing a health care service, such as a diagnosis or treatment.

Examples (not a comprehensive list)

  • Patient names

  • Addresses — In particular, anything more specific than state, including street address, city, county, precinct, and in most cases zip code, and their equivalent geocodes.

  • Dates — Including birth, discharge, admittance, and death dates.

  • Telephone and fax numbers

  • Email addresses

  • Social Security numbers

  • Driver’s License information

  • Medical record numbers

  • Account numbers

  • Health plan beneficiary numbers

  • Certification/license numbers

  • Vehicle identifiers and serial numbers, including license plate numbers

  • Device identifiers and serial numbers

  • Names of relatives

  • Internet Protocol (IP) address numbers

  • Biometric identifiers — including finger and voice prints.

  • Full face photographic images and any comparable images.

Storage and Transfer of PHI

Spectra Behavioral Health, LLC will use secure means to transfer and store Protected Health Information (PHI). Our record storage is HIPAA compliant and password protected. All records are backed up regularly. If someone is traveling with PHI or a means to access PHI (e.g., computer, briefcase) the PHI will be protected by two locks and not visible to unauthorized individuals. 

HIPAA Privacy Notice

Spectra Behavioral Health, LLC shares information within the organization on an as-needed basis to facilitate case collaboration, peer review as well as for supervision and billing purposes.

Release of Information

Spectra Behavioral Health, LLC must receive a signed “Release of Information” form (Found in the Caregiver Handbook or available from a supervisor at any time) to authorize release of PHI outside of the organization.

Consent for Use of Identifying Information

In accordance with the HIPAA Privacy Rule, when PHI is to be used or disclosed for purposes other than treatment, training, payment, or business operations, Spectra Behavioral Health, LLC will use and disclose it in terms with a valid, written authorization, unless such use or disclosure is otherwise permitted or required by law. .

Exceptions to Authorization Requirements

PHI may be disclosed without an authorization if the disclosure is:

  1. Requested by the client or his personal representative (authorization is never required);

  2. For the purpose of treatment, including the provision, coordination or management of care, and related services. For example, information may be disclosed in order to coordinate the different things the client needs, or to support and maintain the client’s continuum of care;

  3. For the purpose of training staff of Spectra Behavioral Health, LLC; 

  4. For the purpose of Spectra Behavioral Health, LLC’s payment activities, or the payment activities of the entity receiving the PHI. For example, a bill may be sent to you or a third party payer. The information accompanying the bill may include information that identifies you and/or your child, as well such diagnosis, procedures and supplies used;

  5. For the purpose of Spectra Behavioral Health, LLC’s health care operations. Health care operations include but are not limited to quality assessment activities and licensing activities. For example, we may disclose the client’s information to third parties that perform various business activities (e.g., billing or computer software services) provided we have a written contract with the business that requires it to safeguard the privacy of your protected health information;

  6. In limited circumstances, for the health care operations of another Covered Entity, if the other Covered Entity has or had a relationship with the client;

  7. To the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the HIPAA Privacy Rule; or

  8. To notify or assist in notifying a family member, personal representative, or another person responsible for the client’s care, of the client’s location, and general condition in an emergency situation.

  9. To a public health authority that is permitted to collect or receive the information.  We may be required to report information to help prevent or control disease, injury, or disability.  We may also disclose information, if directed by the public health authority, to a foreign government agency that collaborates with the public health authority.  This includes reporting child abuse or neglect, FDA regulated product or activity, and exposure to communicable diseases.

  10. To an authorized governmental entity or agency if we believe the client has been a victim of abuse or neglect as defined by applicable federal and/or state laws. We may also disclose the client’s information to a public health entity that is authorized to receive reports of child abuse and neglect.

  11. To appropriate authorities for activities including but not limited to monitoring, investigating, inspecting, and disciplining or licensing those who work in the healthcare system or for government benefit programs.

  12. In response to an order of a court or administrative tribunal, and under certain conditions in response to a subpoena, discovery request or other lawful process.

  13. For law enforcement purposes as required by law, or in response to a valid subpoena.

  14. To coroners and medical examiners for the purpose of identifying a deceased individual, determining a cause of death, or carrying out other duties permitted by law. Additionally, we may disclose decedent's information to funeral directors as authorized by law.

  15. To specified authorities if we believe in good faith that a disclosure of the client’s health information is necessary to prevent or minimize a serious threat to the client or the public's health or safety

  16. In the event the client, or you on behalf of the client, should file suit against us, we may disclose health information necessary to defend such action.  Also, we must make disclosures to the client and when required by the Secretary of the Department of Health and Human Services to investigate and determine our compliance with the law.

  17. Required by other state or federal law.

Use or Disclosure Pursuant to an Authorization

PHI may never be used or disclosed in the absence of a valid written authorization if the use or disclosure is: 

  1. Of treatment notes as defined by the HIPAA Privacy Rule, except if the disclosure is to carry out treatment, training, payment, or business operations:

    • Use or disclosure by Spectra Behavioral Health, LLC to defend itself in a legal action or other proceeding brought by the individual;

  2. For the purpose of marketing.

  3. The sale of PHI.

Limited Use of Electronic Media

When communicating with clients/caregivers via portable electronic media, the following protective steps will be taken:

Text Messaging:

  1. Staff must sign confidentiality policy acknowledgement to maintain privacy of all clients and caregivers that they are communicating with. 

  2. Staff must use an end to end encrypted messaging platform to communicate with caregivers.

  3. Staff must use an end to end encrypted messaging platform to communicate with other staff members regarding client information. Staff should only communicate with other staff members regarding client information. When possible, staff should use non-HIPAA qualifying identifiers, such as initials in their communication regarding clients.

  4. Text messages outside of the end to end encrypted messaging service must be deleted as soon as possible., Electronic devices must be password protected.

Email: 

  1. All client identifiers should not be within the subject line (i.e., initials, name, etc).  

  2. The sender will verify the "to" field prior to sending the message, to ensure correct identification of the recipient of the email..

  3. All emails must contain a statement that ensures confidentiality. 

  4. Clients' email messages may be forwarded to others for permissible purposes.

Your Rights Regarding Your Protected Health Information

The following is a statement of your rights with respect to your Protected Health Information and a brief description of how you may exercise these rights:

  1. You may request, in writing, that we not use or disclose the client’s information for treatment, payment, or administrative purpose, or to persons involved in your care except when specifically authorized by you, when required by law, or in emergency situations.  To request a restriction on who may have access to the client’s protected health information, you must submit a written request to the Spectra Behavioral Health, LLC. Your request must state the specific restriction requested and to whom you want the restriction to apply.  Practitioner is not required to agree to a restriction that you may request, unless you are asking us to restrict the use and disclosure of your protected health information to a health plan for payment or health care operation purposes and such information you wish to restrict pertains solely to a health care item or service for which you have paid us “out-of-pocket” in full. If we do agree to the requested restriction, we may not use or disclose the client’s protected health information in violation of that restriction unless it is needed to provide emergency treatment.

  2. You have the right to request that the client’s health information be communicated to you in a confidential manner, in certain situations, such as sending mail to an address other than your home.

  3. Within the limits of the State of Nebraska statutes and regulations, you have the right to inspect and copy the client’s health information.  You may not inspect or copy psychotherapy notes, information compiled in anticipation of litigation, or information subject to a law that prohibits access.  The decision to deny access may be reviewable in certain cases.

  4. If you believe that information in the client’s record is incorrect or if important information is missing, you have the right to submit a request to us to amend your health information by correcting the existing information or adding the missing information.  We may, under certain circumstances, deny your request.

  5. You have the right to receive an accounting of disclosures of the client’s health information.  This includes disclosures made other than for treatment, payment, healthcare operation, for a facility directory, to family member or friends involved in the client’s care, requests made by you, pursuant to an authorization, or for notification purposes.  The right to receive this information is subject to certain exceptions and limitations.

  6. If this notice was sent to you electronically, you may obtain a paper copy of the notice upon request.

Confidentiality Training

Staff will under-go training on the confidentiality policy once per year.

Communication if PHI is wrongly shared

Spectra will follow the requirements for notification of Breach of PHI from the Department of Health and Human Services.

Breach Notification

 Spectra takes confidentiality very seriously and consequences up to termination will be applied at the first breach of the policy. Consequences may also include reporting to the Office of Civil Rights, where a monetary penalty may be imposed.

Complaints or Questions

If you believe your privacy rights have been violated, you may complain to us or to the Secretary of the U.S. Department of Health and Human Services. If you have a question about this Notice or wish to file a complaint with us, please contact Spectra Behavioral Health, LLC at the address listed below. All complaints must be submitted in writing. Spectra Behavioral Health, LLC will not retaliate against you for filing a complaint.

Changes to this Notice

We reserve the right to change this Notice at any time. The new Notice will be effective for all health information we already have about you as well as any information we receive in the future. You can also obtain a revised Notice by contacting the Privacy Officer at the address listed below and such revised Notice will be available on our website.