Your privacy is a fundamental part of your care. East End Neuropsych, P.C. ("we," "us," "our") is committed to protecting the confidentiality of your protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA), New York State Mental Hygiene Law § 33.13, and 42 CFR Part 2 (where applicable to substance use treatment records).
1. Information We Collect
Protected Health Information (PHI)
When you become a patient, we collect the information necessary to provide your care, including:
- Identifying information: name, date of birth, address, phone, email, emergency contacts
- Insurance information: payer, member ID, group number, cards, eligibility records
- Medical history: diagnoses, medications, allergies, prior providers, family history
- Behavioral health history: mental health diagnoses, substance use history, treatment history
- Clinical records: progress notes, psychiatric evaluations, lab results, imaging, outside records
- Payment information: payments made, balances, credit card details (processed via PCI-compliant vendors, not stored on our servers)
- Communications: phone calls, text messages, portal messages, email correspondence
Website & Digital Information
When you visit our website (eastendneuropsych.com) or use our patient portal, we may collect:
- Information you submit through contact forms, intake forms, or appointment requests
- Basic technical data: IP address, browser type, device type, pages visited (for security and analytics)
- Cookies (only essential cookies for form functionality; no advertising or tracking cookies)
2. How We Use Your Information
We use your information for three primary purposes permitted under HIPAA:
Treatment
- Providing psychiatric evaluations, medication management, psychotherapy, and other clinical services
- Coordinating care with your other providers (primary care, specialists, therapists, hospitals)
- Consultations with colleagues for clinical decision-making
- Electronic prescribing and laboratory orders
Payment
- Billing your insurance and collecting payment for services
- Verifying insurance eligibility and benefits
- Pre-authorization for medications, procedures, and treatments
- Reviewing medical necessity with payers
Health Care Operations
- Quality improvement and outcomes measurement
- Staff training and education
- Compliance audits and legal obligations
- Appointment reminders (by phone, text, or email, based on your preferences)
3. AI-Assisted Clinical Documentation
With your explicit consent only, East End Neuropsych uses Nextvisit AI, a HIPAA-compliant AI clinical documentation platform, to help create accurate clinical notes. This service operates under a Business Associate Agreement (BAA) with strict privacy protections:
- Audio is transmitted over encrypted (TLS 1.2+) connections
- Audio recordings are not retained after the note is generated
- Data is not used to train third-party AI models
- Your provider reviews and finalizes every note
- You may withdraw consent at any time without affecting your care
4. When We Share Your Information
We will share your information without further authorization for:
- Treatment: With other healthcare providers involved in your care
- Payment: With your insurance company for billing
- Operations: With business associates (billing company, EHR vendor, AI scribe vendor) under signed BAAs
- Legal obligations: When required by law, court order, or subpoena
- Public health: Mandated reporting (e.g., child abuse, elder abuse, certain communicable diseases)
- Safety: If we believe you pose an imminent danger to yourself or others (duty to warn/protect)
- Workers' compensation: For cases involving work-related injuries
We will obtain your written authorization before sharing for:
- Marketing communications (we do not currently engage in marketing)
- Sale of your information (we do not sell your information, ever)
- Psychotherapy notes (separate from clinical records, protected under enhanced HIPAA rules)
- Disclosure to family, employers, schools, or other third parties not involved in your care
5. Your Rights Under HIPAA
You have the following rights regarding your PHI:
- Right to Access: You may request copies of your medical records. Standard copy fees apply per New York State law. We will respond within 10 business days.
- Right to Amend: You may request corrections to your records if you believe information is inaccurate or incomplete.
- Right to Accounting of Disclosures: You may request a list of disclosures we have made of your PHI for purposes other than treatment, payment, or operations.
- Right to Request Restrictions: You may request that we limit how we use or disclose your PHI. We will consider all reasonable requests.
- Right to Confidential Communications: You may request that we contact you in a specific way (e.g., only by email, or at a specific phone number).
- Right to Paper Copy of This Notice: You may request a paper copy of this policy at any time.
- Right to File a Complaint: You may file a complaint with us or with the U.S. Department of Health and Human Services Office for Civil Rights.
6. Data Security
We use reasonable administrative, physical, and technical safeguards to protect your information:
- Encrypted data transmission (TLS 1.2+) for all electronic communications
- Encrypted data storage with access controls and audit logs
- HIPAA-compliant electronic health records (EHR) platform
- Business Associate Agreements (BAAs) with all vendors handling PHI
- Staff training on HIPAA, confidentiality, and data security
- Regular security risk assessments
- Physical security of our office (locked records, alarm systems, limited access)
Despite these safeguards, no system is perfectly secure. In the event of a breach affecting your information, we will notify you as required by law.
7. Children's Privacy
Our services are directed at adults and minors receiving psychiatric care with parental/guardian consent. We do not knowingly collect information from children under 13 without verified parental consent. Parents or guardians may request to review, correct, or delete their child's information by contacting us.
8. Third-Party Links
Our website may contain links to third-party sites (such as the patient portal, Google Maps, social media). We are not responsible for the privacy practices of these sites. Please review their policies before providing any information.
9. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top indicates when changes were made. For material changes, we will post notice on our website and, where appropriate, notify you directly.
10. Contact Us
If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact our Privacy Officer:
Privacy Officer / HIPAA Compliance Contact
East End Neuropsych, P.C.
2539 Middle Country Rd, Suite 4
Centereach, NY 11720
Phone: (631) 737-6434
Email: compliance@eastendneuropsych.com
You may also file a complaint with:
We will not retaliate against you for filing a complaint.