HIPAA Notice of Privacy Practices

1. Our Legal Duties

ETG is required by law to:

• Maintain the privacy and security of your PHI
• Provide you with this Notice of Privacy Practices
• Follow the duties and privacy practices described in this Notice
• Notify you if a breach occurs that may have compromised the privacy or security of your PHI
• Not retaliate against you for filing a privacy complaint or exercising your rights

ETG reserves the right to change the terms of this Notice. If we make changes, the revised Notice will apply to all PHI we maintain, including PHI created or received before the change.

2. How We May Use and Disclose Your PHI

ETG may use and disclose PHI in the ways described below.

3. Treatment

ETG may use and disclose your PHI to provide, coordinate, or manage your therapy services.

Examples include:

• Documenting intake, assessment, diagnosis, treatment plans, progress notes, and clinical recommendations
• Consulting with another treating provider when appropriate
• Coordinating care with a physician, psychiatrist, therapist, school, hospital, or other provider when permitted or authorized
• Referring you to another clinician, specialist, higher level of care, or emergency provider

4. Payment

ETG may use and disclose your PHI to obtain payment for services or support payment-related activities.

Examples include:

• Processing payments
• Providing invoices, superbills, or receipts
• Verifying payment information
• Working with third-party payment or insurance-support platforms
• Responding to billing questions
• Supporting claims or reimbursement processes when applicable

ETG does not bill insurance directly. If you choose to use a third-party platform for insurance verification, claims, reimbursement, or payment support, that platform may have its own privacy policies and terms.

5. Healthcare Operations

ETG may use and disclose PHI for healthcare operations.

Examples include:

• Quality review and improvement
• Clinical supervision or consultation
• Provider credentialing
• Compliance activities
• Staff training
• Business management
• Recordkeeping
• Technology and security operations
• Legal or professional consultation
• Auditing, risk management, or administrative review

6. Uses and Disclosures That May Occur Without Your Authorization

ETG may use or disclose PHI without your written authorization when permitted or required by law.

These situations may include:

Required by Law

ETG may disclose PHI when required by federal, state, or local law.

Public Health and Safety

ETG may disclose PHI to prevent or control disease, injury, disability, or serious threats to health or safety when permitted or required by law.

Abuse, Neglect, or Exploitation

ETG may disclose PHI to report suspected abuse, neglect, exploitation, or domestic violence when required or permitted by law.

Serious Threat of Harm

ETG may disclose PHI if necessary to prevent or reduce a serious threat to your health or safety or the health or safety of another person.

Health Oversight Activities

ETG may disclose PHI to licensing boards, regulatory agencies, or oversight authorities for activities authorized by law, such as audits, investigations, inspections, licensure, or disciplinary proceedings.

Judicial and Administrative Proceedings

ETG may disclose PHI in response to a court order, subpoena, discovery request, administrative order, or other lawful process, subject to applicable legal requirements.

Law Enforcement

ETG may disclose PHI for certain law enforcement purposes when permitted or required by law.

Workers’ Compensation

ETG may disclose PHI as authorized by and to the extent necessary to comply with workers’ compensation or similar programs.

Coroners, Medical Examiners, and Funeral Directors

ETG may disclose PHI to coroners, medical examiners, or funeral directors when permitted or required by law.

Specialized Government Functions

ETG may disclose PHI for certain specialized government functions when required or permitted by law.

7. Uses and Disclosures Requiring Your Written Authorization

ETG will generally obtain your written authorization before using or disclosing PHI for purposes not described in this Notice.

Written authorization is generally required for:

• Disclosure of psychotherapy notes, except in limited circumstances permitted by law
• Marketing communications involving PHI when authorization is required
• Sale of PHI
• Sharing PHI with family members, attorneys, schools, employers, outside providers, or other third parties when authorization is required and no legal exception applies

You may revoke an authorization in writing at any time, except to the extent ETG has already relied on the authorization.

8. Psychotherapy Notes

Psychotherapy notes, if maintained by ETG, are treated differently from the general clinical record.

Psychotherapy notes are records made by a mental health professional that document or analyze the contents of a private counseling session, or of a group, joint, or family counseling session, and are kept separate from the rest of the medical record.

Psychotherapy notes do not include:

• Medication prescription or monitoring information
• Counseling session start and stop times
• Treatment modalities and frequencies
• Results of clinical tests
• Diagnosis
• Functional status
• Treatment plan
• Symptoms
• Prognosis
• Progress notes

ETG will not use or disclose psychotherapy notes without written authorization except where permitted or required by law.

9. Communication With You

ETG may contact you to:

• Schedule or confirm appointments
• Send appointment reminders
• Provide administrative notices
• Request completion of forms
• Discuss billing or payment matters
• Communicate about treatment-related issues
• Provide information about services you requested

Communication may occur by phone, voicemail, email, text message, secure portal, telehealth platform, or mail, depending on your preferences and ETG’s systems.

You may request confidential communications or ask ETG to contact you in a specific way or at a specific location. ETG will accommodate reasonable requests when possible.

10. Text, Email, and Portal Communication

Standard email and text messaging may not be fully secure. ETG encourages clients to use secure portals or approved secure platforms when available.

If you choose to communicate through email or text message, you understand that those channels may carry privacy risks.

Do not use email, text messaging, portal messages, or website forms for emergencies or crisis situations.

11. Business Associates

ETG may work with third-party vendors that perform services involving PHI. These vendors may include electronic health record systems, telehealth platforms, scheduling systems, secure form providers, payment processors, billing support platforms, IT providers, or other administrative service providers.

When required by HIPAA, ETG enters into Business Associate Agreements with vendors that create, receive, maintain, or transmit PHI on ETG’s behalf.

12. Your Rights Regarding PHI

You have rights regarding your PHI. Some rights may be limited by law, clinical standards, safety concerns, professional obligations, or recordkeeping requirements.

Right to Inspect and Receive a Copy

You may request to inspect or receive a copy of your health record or other PHI maintained by ETG.

ETG may charge a reasonable, cost-based fee where permitted by law.

In limited circumstances, ETG may deny access as permitted by law. If access is denied, you may have the right to request a review of the denial.

Right to Request an Amendment

You may ask ETG to correct or amend PHI that you believe is inaccurate or incomplete.

ETG may deny the request if the information is accurate and complete, was not created by ETG, is not part of ETG’s records, or is not available for amendment under applicable law.

If ETG denies your request, you may submit a written statement of disagreement where permitted.

Right to Request Restrictions

You may request that ETG restrict certain uses or disclosures of your PHI.

ETG is not required to agree to all requested restrictions, except where HIPAA requires agreement, such as certain disclosures to a health plan when you have paid out of pocket in full, and the disclosure is for payment or healthcare operations.

Right to Request Confidential Communications

You may request that ETG contact you in a certain way or at a certain location.

For example, you may request that ETG contact you at a specific phone number or email address.

ETG will accommodate reasonable requests when possible.

Right to an Accounting of Disclosures

You may request a list of certain disclosures ETG has made of your PHI.

This accounting does not include all disclosures, such as disclosures for treatment, payment, healthcare operations, disclosures you authorized, or certain other disclosures excluded by law.

Right to Receive a Paper Copy of This Notice

You may request a paper copy of this Notice at any time, even if you previously agreed to receive it electronically.

Right to File a Complaint

You may file a complaint with ETG if you believe your privacy rights have been violated.

You may also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

ETG will not retaliate against you for filing a complaint.

13. Requests Related to Your PHI

To make a request related to your PHI, contact ETG in writing:

ETG may require requests to be submitted in writing and may require identity verification before processing certain requests.

14. Minors

Therapy services for minors require appropriate consent from a parent, guardian, or legally authorized person unless an exception applies under Alabama law.

Parent or guardian access to a minor’s PHI may be limited in certain circumstances by law, safety concerns, court order, professional ethics, or clinical judgment.

ETG will handle minor records in accordance with applicable law, licensing rules, professional obligations, and clinical standards.

15. Personal Representatives

ETG may treat a legally authorized personal representative as having authority to act on your behalf regarding PHI, subject to applicable law.

ETG may decline to treat a person as your personal representative in certain circumstances permitted by law, including safety concerns or concerns involving abuse, neglect, or endangerment.

16. De-Identified Information

ETG may use or disclose information that has been de-identified according to applicable law. De-identified information does not identify you and is not reasonably likely to identify you.

17. Fundraising and Marketing

ETG does not sell PHI.

ETG will not use PHI for marketing without written authorization, where authorization is required by law.

ETG may send limited service-related or administrative communications, such as appointment reminders, practice updates, or information about services you requested.

18. Data Breach Notification

If ETG determines that a breach of unsecured PHI has occurred, ETG will notify affected individuals as required by law.

Depending on the circumstances, ETG may also be required to notify the U.S. Department of Health and Human Services and, in some cases, the media.

19. Record Retention

ETG retains therapy records according to applicable federal law, Alabama law, licensing board requirements, payer requirements, professional ethics, and clinical recordkeeping standards.

Records may be retained longer for minors, audits, legal holds, payer requirements, risk-management purposes, or professional obligations.

When records are no longer required, they may be securely archived, destroyed, or deleted according to applicable law and confidentiality standards.

20. Crisis and Emergency Limitations

ETG is not a crisis center and does not provide emergency, on-call, or after-hours crisis services.

If you are experiencing a medical or mental health emergency, call 911 or go to the nearest emergency room.

If you are in emotional distress or experiencing suicidal thoughts, call or text the Suicide & Crisis Lifeline at 988.

Do not use email, text messaging, website forms, or client portal messages for emergencies.

21. Changes to This Notice

ETG may change this Notice from time to time.

Any revised Notice will apply to PHI ETG already maintains as well as PHI ETG creates or receives in the future.

The current Notice will be available upon request and may be posted on ETG’s website.

22. Acknowledgment of Receipt

ETG may ask you to sign an acknowledgment that you received this Notice of Privacy Practices.

Signing the acknowledgment does not mean you agree to any specific use or disclosure of PHI. It only confirms that you received the Notice.

If you decline to sign, ETG may document that acknowledgment was requested but not obtained.

23. Contact for Questions or Complaints

For privacy questions, PHI requests, or complaints, contact:

You may also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

ETG will not retaliate against you for filing a complaint or exercising your privacy rights.