Privacy Policy for The Samadhi Center Medical Clinic, Inc.
Effective Date: May 20, 2025
The Samadhi Center Medical Clinic Inc, located in Sacramento California, is committed to protecting the privacy and confidentiality of your personal health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the California Confidentiality of Medical Information Act (CMIA), and other applicable state and federal laws. This Privacy Policy outlines how we collect, use, disclose, and protect your PHI, including policies related to telephone calls, text messaging, voicemail, and medical record transfers. By engaging with our services, you acknowledge and agree to the terms of this Privacy Policy.
1. Information We Collect
We collect individually identifiable information, including but not limited to:
We use your PHI for the following purposes:
a. Telephone Calls
We may disclose your PHI without your authorization in the following circumstances:
6. Your Privacy Rights
Under HIPAA and California law, you have the following rights regarding your PHI:
7. Security Measures
We implement physical, technical, and administrative safeguards to protect your PHI, including:
For telehealth services, we use HIPAA-compliant platforms to ensure the security of your PHI. You must provide your physical location at the start of each session, and both you and the provider may withdraw consent for telehealth at any time. All telehealth communications are stored in your medical record, and documentation includes the method of telehealth used.
9. Data Breaches
In the event of a breach of your PHI, we will notify you and the appropriate authorities as required by HIPAA and California law (Health & Safety Code § 1280.15). We maintain protocols to mitigate risks and prevent future breaches.
10. Social Media Policy
We do not accept friend or follower requests from patients on personal social media accounts to protect your privacy and maintain professional boundaries. We will not respond to personal information shared on public platforms (e.g., Google Reviews, Healthgrades) to avoid disclosing PHI. Please refrain from contacting us via personal social media.
11. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in our practices or legal requirements. The updated policy will be posted on our website at [Insert Website URL] and included in our company policies. You will be notified of significant changes via email or other reasonable means.
12. Contact Us
If you have questions, concerns, or wish to exercise your privacy rights, please contact our Privacy Officer:
[Insert Practice Name]
[Insert Address]
[Insert Phone Number]
[Insert Email Address]
For complaints, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights or the California Department of Public Health.
13. Acknowledgment
By engaging with our services or visiting our website, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use our services or provide personal information.
Notice of Privacy Practices: This policy serves as our Notice of Privacy Practices as required by HIPAA. A copy is available upon request.
Last Updated: [Insert Date, e.g., May 20, 2025]
Effective Date: May 20, 2025
The Samadhi Center Medical Clinic Inc, located in Sacramento California, is committed to protecting the privacy and confidentiality of your personal health information (PHI) in compliance with the Health Insurance Portability and Accountability Act (HIPAA), the California Confidentiality of Medical Information Act (CMIA), and other applicable state and federal laws. This Privacy Policy outlines how we collect, use, disclose, and protect your PHI, including policies related to telephone calls, text messaging, voicemail, and medical record transfers. By engaging with our services, you acknowledge and agree to the terms of this Privacy Policy.
1. Information We Collect
We collect individually identifiable information, including but not limited to:
- Personal Information: Name, address, phone number, email address, and other contact details.
- Health Information: Medical history, mental health conditions, treatment plans, diagnoses, medications, and psychotherapy notes.
- Billing Information: Insurance details, payment information, and financial records related to services provided.
- Communication Data: Information provided through calls, text messages, voicemails, or emails related to your care.
We use your PHI for the following purposes:
- Treatment: To provide psychiatric care, coordinate with other healthcare providers, or refer you to specialists.
- Payment: To bill insurance companies or process payments for services rendered.
- Healthcare Operations: For administrative purposes, such as scheduling, quality improvement, or compliance with legal requirements.
- Communication: To contact you regarding appointments, treatment plans, or other care-related matters via calls, texts, voicemails, or emails, as permitted.
a. Telephone Calls
- We may use your provided phone number to contact you for appointment reminders, treatment-related discussions, or follow-ups.
- All calls involving PHI are conducted with reasonable safeguards to ensure confidentiality, such as verifying your identity before discussing sensitive information.
- In emergencies, we may contact you or others involved in your care, as permitted by law, to ensure your safety.
- Telephone calls are routed through the third-party vendor Ring Central.
- Text messaging may be used for appointment reminders, follow-up communications, or other administrative purposes only with your explicit written or verbal consent.
- We use HIPAA-compliant text messaging platforms that encrypt messages in transit and at rest to protect your PHI.
- You will be informed of the risks of texting, such as potential interception by third parties, and we will confirm your phone number before sending PHI.
- To opt out of text communications, please notify us in writing.
- Text messages are routed through the third-party vendor Ring Central.
- We may leave voicemails for appointment reminders or non-sensitive communications at the phone number you provide.
- Voicemails containing PHI will only be left with your explicit consent and on a HIPAA-compliant voicemail system with secure storage and restricted access.
- Our voicemail greeting includes a notice to call 911 or visit the nearest emergency room in case of a medical or psychiatric emergency, reducing potential liability.
- You may opt out of receiving voicemails by notifying us in writing.
- Voicemails are routed through the third-party vendor Ring Central.
- Emails containing PHI will only be sent using secure, encrypted platforms, and we will confirm your email address before sending sensitive information.
- You will be informed of the risks of unencrypted email communication, such as interception or access by unauthorized parties.
- To opt out of email communications, please notify us in writing.
- Emailing through gmail has significant limitations and the patient portal embedded in the EHR DrChrono is recomended for the most secure transfer of data.
- Access and Inspection: Under California’s Patient Access to Health Records Act (Health & Safety Code § 123110), you or your authorized representative may request to inspect or obtain a copy of your medical records upon written request. Reasonable clerical costs may apply.
- Transfer to Other Providers: With your written authorization, we will transfer your medical records to another healthcare provider or entity. Records will be sent securely via encrypted electronic methods or physical delivery, as appropriate.
- Psychotherapy Notes: Disclosure of psychotherapy notes requires specific written authorization, except in limited circumstances (e.g., to prevent harm or comply with legal mandates).
- Denial of Access: In rare cases, we may deny access to records if deemed not in your best interest (e.g., potential harm), as determined by a licensed professional. You have the right to challenge such decisions.
We may disclose your PHI without your authorization in the following circumstances:
- Treatment, Payment, or Healthcare Operations: To coordinate care, bill insurance, or manage practice operations, as permitted by HIPAA and CMIA.
- Legal Requirements: When required by law, such as reporting abuse, neglect, or threats of harm to yourself or others.
- Public Health and Safety: To prevent or lessen a serious threat to health or safety, or for public health activities.
- Court Orders: In response to a court order or subpoena, as permitted by law.
- Business Associates: To third-party vendors (e.g., electronic medical record systems) who sign a Business Associate Agreement (BAA) to ensure HIPAA compliance. Current third-party vendors include RingCentral and Zoom for telecommunications and DrChrono for electronic health record management.
6. Your Privacy Rights
Under HIPAA and California law, you have the following rights regarding your PHI:
- Right to Access: You may request to inspect or receive a copy of your medical records.
- Right to Amend: You may request corrections to inaccurate or incomplete information in your records.
- Right to an Accounting: You may request a list of disclosures of your PHI made by our practice.
- Right to Request Restrictions: You may request limits on how we use or disclose your PHI, though we are not required to agree to all requests.
- Right to Confidential Communications: You may request alternative communication methods (e.g., a different phone number or email). We will accommodate reasonable requests.
- Right to Opt Out: You may opt out of receiving communications via text, voicemail, or email by notifying us in writing.
7. Security Measures
We implement physical, technical, and administrative safeguards to protect your PHI, including:
- Encryption of electronic communications and stored data.
- Secure storage of physical and electronic records.
- Access controls limiting PHI to authorized personnel only.
- Regular staff training on HIPAA and CMIA compliance.
- Business Associate Agreements with third-party vendors handling PHI.
For telehealth services, we use HIPAA-compliant platforms to ensure the security of your PHI. You must provide your physical location at the start of each session, and both you and the provider may withdraw consent for telehealth at any time. All telehealth communications are stored in your medical record, and documentation includes the method of telehealth used.
9. Data Breaches
In the event of a breach of your PHI, we will notify you and the appropriate authorities as required by HIPAA and California law (Health & Safety Code § 1280.15). We maintain protocols to mitigate risks and prevent future breaches.
10. Social Media Policy
We do not accept friend or follower requests from patients on personal social media accounts to protect your privacy and maintain professional boundaries. We will not respond to personal information shared on public platforms (e.g., Google Reviews, Healthgrades) to avoid disclosing PHI. Please refrain from contacting us via personal social media.
11. Changes to This Privacy Policy
We reserve the right to update this Privacy Policy to reflect changes in our practices or legal requirements. The updated policy will be posted on our website at [Insert Website URL] and included in our company policies. You will be notified of significant changes via email or other reasonable means.
12. Contact Us
If you have questions, concerns, or wish to exercise your privacy rights, please contact our Privacy Officer:
[Insert Practice Name]
[Insert Address]
[Insert Phone Number]
[Insert Email Address]
For complaints, you may also contact the U.S. Department of Health and Human Services Office for Civil Rights or the California Department of Public Health.
13. Acknowledgment
By engaging with our services or visiting our website, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use our services or provide personal information.
Notice of Privacy Practices: This policy serves as our Notice of Privacy Practices as required by HIPAA. A copy is available upon request.
Last Updated: [Insert Date, e.g., May 20, 2025]
