NOTICE OF PRIVACY PRACTICES (HIPAA)
Effective Date: 12/20/2025
Elira Health LLC
Elira Health LLC is committed to maintaining and protecting the confidentiality of your Protected Health Information (“PHI”). We are required by federal and state law, including the Health Insurance Portability and Accountability Act (“HIPAA”), to protect the privacy and security of your PHI and to provide you with this Notice of Privacy Practices (“Notice”) describing our legal duties, privacy practices, and your rights.
When we use or disclose your PHI, we are required to follow the terms of this Notice (or any revised Notice currently in effect).
I. Our Pledge Regarding Your Health Information
We understand that information about you and your health care is personal. We are committed to protecting your health information. We create a record of the care and services you receive from us. We need this record to provide you with quality care and to comply with certain legal requirements.
This Notice applies to all records of your care created or maintained by Elira Health LLC (mental health and primary care).
We are required by law to:
Maintain the privacy of your PHI.
Provide you with this Notice of our legal duties and privacy practices regarding your PHI.
Follow the terms of the Notice that is currently in effect.
We may change the terms of this Notice at any time. Any changes will apply to all PHI we maintain. The revised Notice will be available upon request, in our office, and on our website.
II. How We May Use and Disclose Your Health Information
The following categories describe ways Elira Health LLC may use and disclose your PHI. Not every use or disclosure in a category will be listed.
Except for the purposes described below, we will use and disclose PHI only with your written authorization. You may revoke an authorization at any time by submitting your request in writing to Elira Health LLC, Attention: Privacy Officer.
1) For Treatment
We may use and disclose your PHI to provide, coordinate, or manage your health care and related services.
Example: We may disclose PHI to doctors, nurses, technicians, or other personnel (including people outside Elira Health LLC) involved in your care, so they can provide treatment.
2) For Payment
We may use and disclose your PHI so we (or others) can bill and receive payment for services you received.
Example: We may provide information to your insurance plan to determine whether it will cover a treatment or service.
3) For Health Care Operations
We may use and disclose your PHI for practice operations, quality assessment, training, accreditation, licensing, credentialing, and general business management.
Example: We may use PHI to evaluate staff performance and improve patient care.
4) Appointment Reminders, Treatment Alternatives, and Health-Related Benefits/Services
We may contact you to remind you of appointments, discuss treatment options, or provide information about health-related benefits or services that may interest you.
5) Research
Under certain circumstances, we may use and disclose PHI for research purposes. Typically, we will ask for your written authorization unless the law allows limited research use without authorization under specific safeguards.
6) Incidental Uses and Disclosures
We are not required to eliminate all risk of incidental use or disclosure of PHI. Incidental disclosures are permitted when they occur as a by-product of an otherwise permitted use or disclosure, as long as we have reasonable safeguards in place and only the minimum necessary information is shared.
III. Special Situations in Which We May Disclose PHI Without Your Written Permission
As Required by Law
We will disclose PHI when required by federal, state, or local law.
To Avert a Serious Threat to Health or Safety
We may use and disclose PHI when necessary to prevent or reduce a serious and imminent threat to the health or safety of you or another person. Disclosures will be made only to persons reasonably able to help prevent or lessen the threat (such as law enforcement or a potential victim).
Law Enforcement
We may disclose PHI for law enforcement purposes as permitted or required by law, including in response to a court order, subpoena, warrant, summons, or similar process, and in other limited circumstances allowed by HIPAA.
Abuse, Neglect, or Domestic Violence
We may disclose PHI to a government authority authorized by law to receive reports of abuse, neglect, or domestic violence. Disclosures are limited to what is necessary to comply with reporting requirements.
Health Oversight Activities
We may disclose PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, licensure, and other oversight functions.
Lawsuits and Disputes
If you are involved in a lawsuit or dispute, we may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process, as permitted by law.
Business Associates
We may disclose PHI to third parties (“Business Associates”) that perform services for us (e.g., billing, IT, secure email/portal vendors) if the information is needed for them to provide services. Business Associates are required to protect the privacy and security of your PHI.
Essential Government Functions
We may disclose PHI for certain specialized government functions as permitted by law (e.g., national security, protective services, correctional institutions, or lawful activities of coroners/medical examiners).
Psychotherapy Notes (If Applicable)
If psychotherapy notes are kept separately from the medical record, we generally must obtain your written authorization to use or disclose them, except in limited circumstances permitted by law (e.g., for certain oversight activities, legal defense, or to prevent a serious and imminent threat).
IV. Your Rights Regarding Your PHI
You have the following rights regarding your PHI:
1) Right to Request Restrictions
You may request restrictions on certain uses or disclosures of PHI for treatment, payment, or health care operations. We are not required to agree to most requests and may deny a request if it would affect your care.
2) Right to Request Restrictions When You Pay Out of Pocket in Full
If you pay out of pocket in full for a specific item or service, you may request that we not disclose related PHI to your health plan for payment or operations purposes. We must honor this request unless the disclosure is required by law.
3) Right to Request Confidential Communications
You may request that we contact you in a specific way (e.g., home vs. work phone) or send mail to a different address. We will accommodate reasonable requests.
4) Right to Inspect and Obtain Copies
You have the right to inspect and obtain a paper or electronic copy of your medical record and other PHI we maintain about you, except in certain limited cases (including psychotherapy notes, if kept separately). We will provide access as required by law and may charge a reasonable, cost-based fee.
5) Right to Request an Amendment
If you believe information in your record is incorrect or incomplete, you may request an amendment. We may deny your request, but we will provide a written explanation within the timeframe required by law.
6) Right to an Accounting of Disclosures
You may request a list of certain disclosures of your PHI made for purposes other than treatment, payment, or health care operations, and other disclosures allowed by law. We will respond as required by law and may charge a reasonable fee for additional requests within a 12-month period.
7) Right to Receive a Paper Copy of This Notice
You have the right to receive a paper copy of this Notice at any time, even if you agreed to receive it electronically.
8) Right to Be Notified of a Breach
You have the right to be notified if a breach of unsecured PHI occurs, as required by law.
V. Complaints
If you believe your privacy rights have been violated, you may file a complaint with Elira Health LLC or with the U.S. Department of Health and Human Services (HHS). Filing a complaint will not affect your care or result in retaliation.