Notice of Privacy Practices
This notice describes how medical and mental health information about you may be used and disclosed, and how you can get access to this information.
Bedre Health is committed to protecting the privacy of your health information. We are required by law to maintain the privacy of your Protected Health Information (PHI), to provide you with this notice, and to follow the terms of the notice currently in effect.
If you have questions about anything in this notice, please contact us at (781) 488-6163 or info@bedrehealth.com. We are happy to explain anything in plain language.
How We Use and Disclose Your Protected Health Information
Protected Health Information (PHI) includes any information that can identify you and relates to your past, present, or future physical or mental health condition, the provision of health care to you, or payment for that health care.
The following table summarizes the primary ways we use and share your PHI, and whether your written authorization is required:
| Purpose | Description | Auth Required? |
|---|---|---|
| Treatment | Providing, coordinating, or managing your psychiatric care and related services. We may share your information with other providers involved in your treatment. | Not Required |
| Payment | Billing your insurance company, obtaining payment for services, or verifying coverage. Only the minimum necessary PHI is disclosed for payment functions. | Not Required |
| Healthcare Operations | Internal functions such as quality review, staff training, licensing, audits, and practice management activities necessary to run our practice. | Not Required |
| As Required by Law | Disclosures required by federal, state, or local law, including mandatory reporting obligations. | Not Required |
| Public Health Activities | Reporting to public health authorities to prevent or control disease, injury, or disability as required by law. | Not Required |
| Abuse or Neglect Reporting | Reporting suspected child abuse, neglect, or domestic violence to appropriate government authorities as required or permitted by law. | Not Required |
| Health Oversight | Disclosure to a health oversight agency for activities such as audits, civil and criminal investigations, or inspections authorized by law. | Not Required |
| Judicial / Administrative Proceedings | In response to a court order, subpoena, or other lawful legal process, subject to HIPAA requirements. | Not Required |
| Law Enforcement | Limited disclosures to law enforcement as required by law or to report a crime committed on our premises. | Not Required |
| Serious Threat to Safety | To prevent or lessen a serious and imminent threat to the health or safety of you or another person when disclosure is necessary. | Not Required |
| Psychotherapy Notes | Detailed notes recorded by a mental health professional during a session. These receive heightened protection under HIPAA. | Required |
| Marketing | We do not use your PHI for marketing purposes without your explicit written authorization. | Required |
| Sale of PHI | We do not sell your PHI under any circumstances. | Required |
Other Permitted Uses and Disclosures
Minimum Necessary Standard
When using or disclosing PHI or requesting PHI from another provider, Bedre Health makes reasonable efforts to limit PHI to the minimum amount necessary to accomplish the intended purpose. This standard does not apply to disclosures to treating providers or disclosures made pursuant to your authorization.
Business Associates
We may share your PHI with third-party "business associates" — such as billing services, IT support, or scheduling platforms — that perform functions on our behalf. All business associates are required by contract and by law to safeguard your PHI and use it only for the purposes for which it was shared.
Workers' Compensation
We may disclose your PHI as authorized by and to the extent necessary to comply with workers' compensation or similar programs.
Incidental Disclosures
Certain incidental disclosures that occur as a by-product of a permitted use or disclosure are allowed under HIPAA, provided we have applied reasonable safeguards and the minimum necessary standard.
Uses and Disclosures Requiring Your Written Authorization
For any use or disclosure of your PHI not described above — including psychotherapy notes, marketing communications, or any sale of PHI — we will obtain your signed written authorization before proceeding.
You have the right to revoke any authorization you have given at any time by submitting a written revocation to us. Upon receipt, we will stop using or disclosing your PHI as specified — however, revocation does not affect any actions already taken in reliance on your original authorization while it was in effect.
Your Rights Regarding Your Health Information
You have the following rights with respect to PHI that Bedre Health maintains about you. To exercise any of these rights, please submit a written request to us using the contact information at the bottom of this page.
Right to Inspect and Copy
You have the right to inspect and obtain a copy of your PHI contained in a designated record set, such as your medical or billing records. We may charge a reasonable cost-based fee. We may deny access in limited circumstances permitted by law.
Right to Amend
If you believe PHI we hold about you is inaccurate or incomplete, you may request an amendment. We may deny the request if the information was not created by us, is not part of a designated record set, or is accurate and complete. We will respond within 60 days.
Right to an Accounting of Disclosures
You may request a list of disclosures of your PHI made in the past 6 years (or shorter period you specify), other than disclosures for treatment, payment, or healthcare operations, and certain other exceptions.
Right to Request Restrictions
You may request that we restrict how we use or disclose your PHI for treatment, payment, or healthcare operations. We are not required to agree, except in limited circumstances. If we agree, we are bound by the restriction unless an emergency requires the use of that information.
Right to Confidential Communications
You may request that we communicate with you in a specific way or at a specific location (e.g., only by email, or only at a particular phone number). We will accommodate reasonable requests. We will not ask you to explain your reason for the request.
Right to a Copy of This Notice
You have the right to a paper or electronic copy of this Notice of Privacy Practices at any time, even if you have previously agreed to receive it electronically. Request a copy at any time by contacting us.
Right to Opt Out of Fundraising
If Bedre Health ever uses PHI for fundraising activities, you have the right to opt out of receiving such communications at any time.
Right to Electronic Copy
If your PHI is maintained in an electronic health record, you have the right to request an electronic copy of your PHI in a format that is accessible to you.
Our Duties
Bedre Health is required by law to:
- Maintain the privacy of your Protected Health Information
- Provide you with this notice of our legal duties and privacy practices with respect to your PHI
- Notify you following a breach of unsecured PHI that affects you
- Abide by the terms of the notice currently in effect
- Not use or disclose psychotherapy notes, use PHI for marketing, or sell PHI without your written authorization
Transmission and Security of PHI
PHI may be transmitted by mail (priority or certified), fax, or through our HIPAA-compliant, end-to-end encrypted patient portal. Standard email is not used to transmit PHI unless encrypted. All staff are trained in HIPAA compliance and are subject to confidentiality obligations.
Staff Responsibilities
All Bedre Health personnel are required to:
- Access PHI only as required by their specific work duties
- Never share login credentials or leave systems with PHI unattended
- Refrain from discussing patient information in public areas, hallways, or any setting where it could be overheard
- Report any suspected breach of patient confidentiality to the practice administrator immediately
Violations of our privacy policies may result in disciplinary action up to and including termination of employment, and may subject individuals to civil or criminal liability under applicable law.
Changes to This Notice
Bedre Health reserves the right to change this Notice of Privacy Practices at any time, and to make the revised notice effective for PHI we already hold as well as any information we receive in the future. The effective date appears at the top of the notice.
We will post any revised notice on our website at bedrehealth.com/notice-of-privacy-practices/. You may request a current paper copy at any time by contacting us. Material changes to your rights or our practices will be communicated by appropriate means.
How to File a Complaint
If you believe that Bedre Health has violated your privacy rights, you have the right to file a complaint — with us directly, or with the U.S. Department of Health & Human Services Office for Civil Rights. We will not retaliate against you in any way for filing a complaint.
📬 File with Bedre Health
Bedre HealthWinchester, Massachusetts 01890
(781) 488-6163
info@bedrehealth.com
🏛️ File with HHS / OCR
U.S. Dept. of Health & Human ServicesOffice for Civil Rights
200 Independence Ave., S.W.
Washington, D.C. 20201
1-877-696-6775
www.hhs.gov/ocr
Contact Bedre Health
For questions about this Notice of Privacy Practices, to request a copy, or to exercise any of your privacy rights, please reach out to us directly. All privacy requests should be submitted in writing.
Privacy Requests — Bedre Health
Winchester, Massachusetts 01890
📞 (781) 488-6163 | ✉️ info@bedrehealth.com
Also see: Website Privacy Policy · Terms & Conditions