(760) 363-0051

Notice of Privacy Practices

Effective Date: 11/20/2025
Last Updated: 11/20/2025

Provider: Lindsay Elledge, LCSW

Email: [email protected]

Phone: 760-363-0051

This Notice Describes How Your Protected Health Information (PHI) May be Used and Disclosed, and How You Can Access This Information. Please Review it Carefully.

Federal law (HIPAA), California law (CMIA—Confidentiality of Medical Information Act), and professional standards (Board of Behavioral Sciences—BBS) protect the privacy of your mental health information. This Notice explains your rights and how your information may be used for treatment, payment, health care operations, and other lawful purposes.

1. My Responsibilities

Under HIPAA and California law, as your mental health provider, I am required to:

  • Maintain the privacy of your Protected Health Information (PHI).
  • Provide you with this Notice of Privacy Practices.
  • Notify you if a breach occurs involving your unsecured PHI.
  • Follow the terms of this Notice unless it is revised.
  • Provide you with copies of any updated Notice.

2. How I May Use and Disclose Your Protected Health Information

A. Uses and Disclosures for Treatment, Payment, and Healthcare Operations (Allowed Without Consent)

I may use or share your PHI for:

1. Treatment

To provide evaluation, dyadic therapy, infant–parent psychotherapy, collateral sessions, coordination with other involved providers, or referrals.

2. Payment

To bill you, provide superbills, verify services for FSA/HSA reimbursement, or process payments through HIPAA-compliant systems.

3. Health Care Operations

For practice management, quality assessment, staff training, supervision/consultation, compliance audits, and administrative purposes.

3. Uses or Disclosures Requiring Your Authorization

I will not use or disclose your PHI without your written authorization for:

  • Release of records to third parties (schools, courts, agencies, other providers).
  • Involvement of extended family members.
  • Marketing, sales, or fundraising.
  • Most non-treatment communications.

You may revoke any authorization at any time in writing.

4. Uses or Disclosures Permitted or Required by Law (No Authorization Needed)

I may use or disclose your PHI without your permission in situations such as:

A. Danger to Self or Others

If you present a serious threat to your own safety or to identifiable others, I may disclose information to prevent harm, consistent with CA law and Tarasoff responsibilities.

B. Suspected Child, Elder, or Dependent Adult Abuse

Mandated reporting applies under state law.

C. Health Oversight Activities

To the Board of Behavioral Sciences (BBS) or other agencies during audits, investigations, or licensing matters.

D. Legal Requirements

In response to court orders, lawful subpoenas, or warrants. California laws provide additional protections for mental health records, and I will assert privilege whenever possible.

E. Coroners, Medical Examiners, or as Required for Public Health

As legally mandated.

F. Specialized Government Functions

National security or protective service situations.

5. Client rights under HIPPA and California Law

You have the right to:

1. Access Your PHI

Request to inspect or receive copies of your clinical records.
California law requires a response within 5 business days for inspection and 15 days for copies.

2. Request Amendments

Ask for corrections to your record.

3. Request Restrictions

Ask to limit disclosures to certain individuals or entities.
I am not required to agree, except in certain payment-related situations.

4. Request Confidential Communications

Specify preferred methods of contact (email, phone, portal).

5. Receive an Accounting of Disclosures

You may request a list of disclosures made in the past six years.

6. Receive a Paper or Digital Copy of This Notice

Available at any time.

6. How your information is stored and protected

  • All PHI is stored in SimplePractice, a HIPAA-compliant EHR.
  • Communication through the client portal is encrypted.
  • Email, SMS, or other non-secure communication will be used only with your informed consent.
  • Website contact forms are not HIPAA-secure and should not contain clinical information.

7. Telehealth Privacy

Telehealth services comply with HIPAA security requirements. You are responsible for choosing a private location free from interruptions or unauthorized access.

8. Minor Clients & Dual-Parent Rights

Under CA law:

  • Parents/guardians with legal authority may access a minor’s records unless I determine access would be harmful.
  • In separated/divorced households, either legal guardian may access PHI unless restricted by court orders.
  • For dyadic/infant-parent work, the “client” is the dyad, and records reflect that.

A full Dual-Parent Communication Policy is available in your consent document.

9. Complaints

If you believe your privacy rights have been violated, you may file a complaint:

With the Practice:

(Your practice contact information)

With the U.S. Department of Health and Human Services:

Office for Civil Rights
www.hhs.gov/ocr/privacy/hipaa/complaints

With the California Board of Behavioral Sciences (BBS):

www.bbs.ca.gov

You will not face retaliation for filing a complaint.

10. Changes to this Notice

I reserve the right to change this Notice and will post updated versions on my website and in the client portal.