Confidentiality & Privacy Policy
(HIPAA and Maryland Law Compliant)
Insightful Life Therapeutic Services, LLC (ILTS) is committed to protecting the privacy and confidentiality of all client health information in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), its implementing regulations (45 C.F.R. Parts 160 and 164), and applicable Maryland state confidentiality laws, including the Maryland Health–General Article.
General Confidentiality Protections
The law protects the confidential relationship between a client and a licensed psychotherapist. All information disclosed during assessment, treatment, psychotherapy sessions, and related services constitutes Protected Health Information (PHI) and is maintained in a confidential manner.
PHI will not be disclosed to any individual, agency, or organization without the client’s written authorization, except as permitted or required by federal or Maryland law.
ILTS uses, maintains, and discloses PHI only for purposes of treatment, payment, and healthcare operations, as permitted under HIPAA, or as otherwise authorized by the client in writing.
Client Rights Under HIPAA
Clients have the right to:
-
Access and obtain copies of their clinical records, subject to applicable legal limitations
-
Request amendments to their records
-
Request restrictions on certain uses or disclosures of PHI
-
Receive an accounting of disclosures, as required by law
-
Receive a copy of ILTS’s Notice of Privacy Practices
Limits to Confidentiality (Mandated Disclosures)
Confidentiality may be breached without client authorization under the following legally required circumstances:
1. Abuse, Neglect, or Exploitation
In accordance with Maryland law, clinicians are mandated reporters. If there is reasonable suspicion of:
-
Child abuse or neglect
-
Abuse, neglect, or exploitation of a vulnerable adult
-
Elder abuse
The clinician is legally required to make an immediate report to the appropriate protective services or authorities.
2. Risk of Serious Harm to Others
If a client communicates a credible threat of serious bodily harm to an identifiable person or group, the clinician is required to take reasonable steps to protect potential victims. This may include:
-
Notifying law enforcement
-
Warning the identified individual(s)
-
Taking other protective actions consistent with Maryland duty-to-warn and duty-to-protect laws
3. Risk of Self-Harm
If a client expresses intent or imminent risk of self-harm, the clinician will make every reasonable effort to collaborate with the client to ensure safety. If the client is unwilling or unable to cooperate, the clinician may take necessary protective actions without client authorization, including:
-
Contacting emergency services
-
Initiating emergency evaluation or hospitalization
These actions are taken in accordance with HIPAA’s emergency disclosure provisions and Maryland law.
4. Court Orders and Legal Proceedings
PHI may be disclosed without client authorization in response to a valid court order, subpoena, or as otherwise required by law. When possible, reasonable efforts will be made to limit disclosures to the minimum necessary information.
Minimum Necessary Standard
When disclosure of PHI is required or permitted without authorization, ILTS complies with HIPAA’s minimum necessary standard, releasing only the information necessary to fulfill the legal or clinical purpose.
Electronic Records and Telehealth
ILTS utilizes electronic health records and telehealth platforms that are HIPAA-compliant. Reasonable administrative, technical, and physical safeguards are in place to protect PHI from unauthorized access, disclosure, or breach.
Acknowledgment
Clients are informed of these confidentiality protections and limitations as part of the informed-consent process and acknowledge understanding that confidentiality is not absolute and is subject to federal and state law.
