CMIA NOTICE OF PRIVACY PRACTICES

Last updated: 03/09/2025

 

At Grey Insight, your privacy is a top priority. This Privacy Policy explains how we and Dr. Michael Grey, Licensed Marriage and Family Therapist, authorized to provide services within California (LMFT #136636), handle and protect your medical information in accordance with the California Confidentiality of Medical Information Act (CMIA) and other applicable state laws. As a cash-only therapy practice offering teletherapy services, we do not bill insurance or engage in electronic transactions covered by the federal Health Insurance Portability and Accountability Act (HIPAA), but we are committed to safeguarding your personal and health-related information, including during remote sessions.

OUR PLEDGE REGARDING HEALTH INFORMATION

I understand that health information about you and your health care is personal. I am committed to protecting health information about you. I create a record of the care and services you receive from me. I need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all the records of your care generated by this mental health care practice. This notice will tell you about the ways in which I may use and disclose health information about you. It also describes your rights to the health information I keep about you and describes certain obligations I have regarding the use and disclosure of your health information.

WHAT INFORMATION WE COLLECT

We collected “medical information” as defined by CMIA, which includes any individually identifiable information about your mental or physical health, treatment, or history. This may include:

·      Your name, contact details, and demographic information provided during intake.

·      Notes form our therapy sessions, including diagnoses, treatment plans, or progress.

·      Payment records (e.g. dates and amounts of cash payments).

·      Technical data related to teletherapy (e.g. session timestamps, platform used) though we minimize collection of such data.

·      Other information you share during our work together.

HOW WE USE YOUR INFORMATION

We use your medical information solely for the purpose of providing you with therapy services, such as:

·      Assessing and treating your mental health needs, whether in-person or via teletherapy.

·      Scheduling appointments and communicating about session logistics

·      Maintaining accurate records of our sessions

  HOW WE PROTECT YOUR INFORMATION

We take reasonable steps to keep your medical information confidential and secure, including during teletherapy:

·      Paper records (e.g. session notes) are stored in a locked filing cabinet accessible only to Dr. Grey.

·      Any electronic records or communications are password-protected and stored on a secure device

·      For teletherapy, we use the Simple Practice EMR system that offers end-to-end encryption and complies with privacy standards. We also maintain a compliant Zoom account in case there are connectivity issues. We do not record sessions unless you provide written consent.

·      We avoid using unsecured methods like standard text messaging or unencrypted email for sensitive information unless you authorize doing so in writing, acknowledging the risks involved.

·      We do not share your information with third parties unless required or permitted by law (see below).

 

DISCLOSURES OF YOUR INFORMATION

In compliance with CMIA, we will not disclose your medical information without your written authorization, except in the following limited circumstances:

·      Treatment: To coordinate your care with another healthcare provider (e.g. psychiatrist), only with your written permission unless it is an emergency.

·      Legal Requirements: If we are required by law, such as a valid court order, subpoena, or to report suspected abuse, neglect, or imminent danger to you or others.

·      Public Health: To report certain conditions as mandated by California law (e.g. communicable disease, though this is rare in therapy sessions such as ours).

·      Teletherapy Platforms: Minimal data (e.g. your name or email) may be shared with teletherapy platforms to facilitate sessions, but only with providers who agree to protect your privacy and comply with all privacy laws.

We will notify you in writing if we must disclose your information under any of these exceptions, unless prohibited by law.

 

YOUR RIGHTS UNDER CMIA

You have the following rights regarding your medical information:

·      Access: You may request to inspect or obtain a copy of your records. We will respond within thirty (30) days and may charge a reasonable fee for copying.

·      Authorization: You control who can receive your medical information by providing or revoking written authorization at any time.

·      Notification: If your medical information is improperly disclosed (e.g., such as lost records or a breach of data), we will notify you promptly as required by law.

To exercise these rights, please submit a written request to us at Legal@GreyInsight.Co

 

TELETHERAPY SPECIFIC CONSIDERATIONS

Teletherapy involves remote communication, which carries unique risks and responsibilities:

·      Technology Security:  We use secure, encrypted platforms for video or phone sessions. However, no technology is 100% immune to breaches, such as hacking. We will inform you if a platform-related breach occurs.

·      Your Responsibilities: To protect your privacy, please join sessions from a private location and use a secure internet connection (e.g., avoid public Wi-Fi or public locations). We are not responsible for breaches caused by your device, network, or choice of location.

·      Communication: Appointment reminders or follow-ups may be sent via the Simple Practice EMR system, but we will limit sensitive content unless you authorize otherwise in writing.

·      Recordings: Sessions are not recorded unless you provide written consent. If you record a session on your end, you must give us prior notification, and you are responsible for securing that recording.

PAYMENT AND CASH ONLY PRACTICE

As a cash-only practice, we do not submit claims to insurance companies, nor do we share your information with third-party payers. Your payment records are kept confidential and used only for our internal bookkeeping.

 

BREACH NOTIFICATION

In the unlikely scenario that your medical information is accessed, used, or disclosed in an unauthorized way (e.g., theft of records), we will notify you in writing as soon as possible and, if required, the California Department of Public Health. We will, of course, take steps to mitigate any harm and prevent future incidents.

COMPLAINTS

If you believe your privacy rights have been violated, you may:

·      Contact us directly at 714-975-8893 to resolve the issue.

·      File a complaint with the California Attorney General’s Office or the California Department of Public Health.

CHANGES TO THIS POLICY

We may update this Privacy Policy as needed. If the changes affect how we handle your medical information, we will provide you with an updated copy at your next session or by mail.

CONTACT INFORMATION

For questions about this policy or your privacy, please reach out to Dr. Michael Grey at (714) 975-8893 or Legal@GreyInsight.Co