HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

If you have any questions about this notice, please contact our HIPAA Compliance Team at:
16120 NE 8th Street, Bellevue, WA 98008 |ย  HIPAA@kindering.org | 425-747-4004

Your health record contains personal information about you and your health. State and Federal law protects the confidentiality of this information. Protected Health Information (PHI) is information about you, including demographic information that may identify you and that relates to your past, present, or future physical and mental health, or condition, and related health care services. If you suspect a violation of these legal protections, you may file a report with the appropriate authorities in accordance with Federal and State regulations.

We are required by law to maintain the privacy of your PHI and to provide you with notice of our legal duties and privacy practices with respect to your PHI. This Notice of Privacy Practices describes how we may use and disclose your PHI in accordance with all applicable law. Itย  also describes your rights regarding how you may gain access to and control your PHI. We are required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI. We are required to abide by the terms of this Notice of Privacy Practices. We reserve the right to change the terms of our Notice of Privacy Practices at any time. Any new Notice of Privacy Practices will be effective for all PHI that we maintain at that time. We will make available a revised Notice of Privacy Practices by sending you an electronic copy, sending a copy to you in the mail upon your request, or providing one to you in person.

How We Are Permitted to Use and Disclose Your Protected Health Information (PHI)

For Treatment. We may use medical and clinical information about you to provide treatment services.

For Payment. We may use and disclose medical information about you so that we can receive payment for the treatment services provided to you.

For Healthcare Operations. We may use and disclose your protected PHI for certain purposes in connection with the operation of Kindering, including supervision and consultation.

Without Your Authorization. State and Federal law also permits us to disclose information about you without your authorization in a limited number of situations, such as with a court order.

With Authorization. We must obtain written authorization from you for other uses and disclosures of your PHI. You may revoke such authorizations in writing.

Incidental Use and Disclosure. We are not required to eliminate every risk of incidental use or disclosure of your PHI.ย  Specifically, a use or disclosure of your PHI that occurs as a result of, or incident to an otherwise permitted use or disclosure is permitted as long as we have adopted reasonable safeguards to protect your PHI, and the information being shared was limited to the minimum necessary.

Examples of How We May Use and Disclose Your PHI

Listed below are examples of the uses and disclosures that we may make of your PHI.ย  These examples are not meant to be a complete list of all possible disclosures, rather, they are illustrative of the types of uses and disclosures that may be made.

TREATMENT. Your PHI may be used and disclosed by us for the purpose of providing, coordinating, or managing your health care treatment and any related services. This may include coordination or management of your health care with a third party, consultation or supervision activities with other health care providers, or referral to another provider for health care services.

PAYMENT. We may use your PHI to obtain payment for your health care services. This may include providing information to a third-party payor, or, in the case of unpaid fees, submitting your name and amount owed to a collection agency.

If your child participates in IDEA Part C services, your childโ€™s health and education information will be disclosed to Washington State Early Support for Infants and Toddlers; Division of Disabilities Administration; King County DDD or Snohomish County EIP (as applicable) and Children with Special Health Care Needs. These disclosures include the minimum necessary information required for payment and may consist of third-party reports.

HEALTHCARE OPERATIONS. We may use or disclose your PHI in order to support the business activities of our professional practice including; disclosures to others for health care education, or to provide planning, quality assurance, peer review, or administrative, legal, financial, or actuarial services to assist in the delivery of health care, provided we have a written contract with the business that prohibits it from re-disclosing your PHI and requires it to safeguard the privacy of your PHI. We may also contact you to remind you of your appointments.

Other Uses and Disclosures That Do Not Require Your Authorization

Required by Law. We may use or disclose your PHI to the extent that the use or disclosure is required by law, made in compliance with the law, and limited to the relevant requirements of the law. Examples of this type of disclosure include healthcare licensure related reports, public health reports, and law enforcement reports. Under the law, we must make certain disclosures of your PHI to you upon your request. In addition, we must make disclosures to the US Secretary of the Department of Health and Human Services for the purpose of investigating or determining our compliance with the requirements of privacy rules.

Health Oversight. We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies and organizations that provide financial assistance to the program (such as third-party payors) and peer review organizations performing utilization and quality control. If we disclose PHI to a health oversight agency, we will have an agreement in place that requires the agency to safeguard the privacy of your information.

Abuse or Neglect. We may disclose your PHI to a state or local agency that is authorized by law to receive reports of abuse or neglect. However, the information we disclose is limited to only that information which is necessary to make the required mandated report.

Deceased Clients. We may disclose PHI regarding deceased clients for the purpose of determining the cause of death, in connection with laws requiring the collection of death or other vital statistics or permitting inquiry into the cause of death.

Research. We may disclose PHI to researchers if (a) an Institutional Review Board reviews and approves the research and a waiver to the authorization requirement; (b) the researchers establish protocols to ensure the privacy of your PHI; and (c) the researchers agree to maintain the security of your PHI in accordance with applicable laws and regulations.

Criminal Activity or Threats to Personal Safety. We may disclose your PHI to law enforcement officials if we reasonably believe that the disclosure will avoid or minimize an imminent threat to the health or safety of yourself or any third party.

Compulsory Process. We may be required to disclose your PHI if a court of competent jurisdiction issues an appropriate order, and if the rule of privilege has been determined not to apply. We may be required to disclose your PHI if we have been notified in writing at least fourteen days in advance of a subpoena or other legal demand, no protective order has been obtained, and a competent judicial officer has determined that the rule of privilege does not apply.

Essential Government Functions. We may be required to disclose your PHI for certain essential government functions. Such functions include assuring proper execution of a military mission, conducting intelligence and national security activities that are authorized by law, providing protective services to the President, making medical suitability determinations for U.S. State Department employees, protecting the health and safety of inmates or employees in a correctional institution, and determining eligibility for or conducting enrollment in certain government benefit programs.

Law Enforcement Purposes. We may be authorized to disclose your PHI to law enforcement officials for law enforcement purposes under the following six circumstances, and subject to specified conditions: (1) as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) in response to a law enforcement officialโ€™s request for information about a victim or suspected victim of a crime; (4) to alert law enforcement of a personโ€™s death, if we suspect that criminal activity caused the death; (5) when we believe that protected health information is evidence of a crime that occurred on our premises; and (6) in a medical emergency not occurring on our premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.

Psychotherapy Notes. If kept as separate records, we must obtain your authorization to use or disclose psychotherapy notes with the following exceptions. We may use the notes for your treatment.ย  We may also use or disclose, without your authorization, the psychotherapy notes for our own training, to defend ourself in legal or administrative proceedings initiated by you, as required by the Washington Department of Health or the US Department of Health and Human Services to investigate or determine our my compliance with applicable regulations, to avoid or minimize an imminent threat to anyoneโ€™s health or safety, to a health oversight agency for lawful oversight, for the lawful activities of a coroner or medical examiner or as otherwise required by law.

Uses and Disclosures of PHI With Your Written Authorization

Other uses and disclosures of your PHI will be made only with your written authorization. We will not make any other uses or disclosures of your psychotherapy notes, we will not use or disclose your PHI for marketing purposes, and we will not sell your PHI without your authorization. You may revoke your authorization in writing at any time. Such revocation of authorization will not be effective for actions we may have taken in reliance on your authorization of the use or disclosure.

Your Rights

You have the following rights regarding PHI we maintain about you. Any requests with respect to these rights must be in writing.ย  A brief description of how you may exercise these rights is included.

Right of Access to Inspect and Copy. You have a right to inspect and obtain a copy of your PHI that is contained in a designated record set for a long as we maintain the record. A “designated record set” contains medical and billing records and any other records that we use for making decisions about you. Your request must be in writing.ย  We may charge you a reasonable cost-based fee for the copying and transmitting of your PHI. We can deny you access to your PHI in certain circumstances. In some of those cases, you will have a right of recourse to the denial of access. Please contact our Record Request team at recordrequests@kindering.org or 425-747-4004 if you have questions about access to your medical record.

RIGHT TO AMEND. You may request, in writing, that we amend your PHI that has been included in a designated record set. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. To request an amendment, you must make your request in writing to our HIPAA Compliance Team at HIPAA@kindering.org or 425-747-4004.

RIGHT TO AN ACCOUNTING OF DISCLOSURES. You may request an accounting of disclosures made for treatment purposes or made as a result of your authorization, for a period of up to six years, excluding disclosures made to you.ย  We may charge you a reasonable fee if you request more than one account in any 12-month period.ย  Please contact our Record Request team at recordrequests@kindering.org or 425-747-4004 if you have questions about accounting of disclosures.

RIGHT TO REQUEST RESTRICTIONS. ย You have the right to ask us not to use or disclose any part of your PHI for treatment, payment or health care operations or to family members involved in your care.ย  Your request for restrictions must be in writing, and we are not required to agree to such restrictions.ย  To request an amendment, you must make your request in writing to our HIPAA Compliance Team at HIPAA@kindering.org or 425-747-4004. ย You also have the right to restrict certain disclosures of your PHI to your health plan if you pay out of pocket in full for the health care we provide for you.

RIGHT TO REQUEST CONFIDENTIAL COMMUNICATION. You have the right to request to receive confidential communications from us by alternative means or at an alternative location.ย  We will accommodate reasonable written requests.ย  We may also condition this accommodation by asking you for information regarding how payment will be handled or specification of an alternative address or other method of contact.ย  Please contact HIPAA Compliance Team at HIPAA@kindering.org or 425-747-4004 if you would like to make this request.

RIGHT TO A PAPER COPY OF THIS NOTICE. ย You have the right to obtain a copy of this notice from us. Any questions you have about the contents of this document should be directed to HIPAA Compliance Team at HIPAA@kindering.org or 425-747-4004.

Right to Notice of Breach.ย  You have the right to be notified of any breach of your unsecured PHI.

Right to Opt Out.ย  You have the right to choose not to receive fundraising communications.ย  However, we will not contact you for fundraising purposes.

Security of Donor Information and Family Participation

All security measures pertaining to protected health information provide protection to any donor information that passes through our website including:

  • Limited Access:ย Access to Kindering donor information is restricted to authorized personnel who require it to perform their duties. All staff members undergo regular training on data protection protocols to maintain the highest standards of confidentiality.
  • Password Protection:ย Our donor databases and information systems are secured with robust password protection policies (including password aging and complexity requirements along with 2 factor authentication. Regular audits and updates are conducted to ensure the effectiveness of these security measures.
  • Encryption Technology:ย We utilize industry standard encryption technologies such as SSL (Secure Sockets Layer) and TLS (Transport Layer Security) to protect personal information during data transfers. This ensures that data is transmitted securely between donor internet browsers and our servers
  • Right to Review or Change:ย If donors would like to review or change the way Kindering uses information, please contact the Kindering Advancement Department atย development@kindering.org

Complaints

If you believe we have violated your privacy rights, you may file a complaint in writing with our HIPAA Compliance Team, at HIPAA@kindering.org. You also have the right to file a complaint in writing to Kindering, the Washington Department of Health, the Office of Civil Rights, to the US Secretary of Health and Human Services, or the US Department of Education.ย  We will not retaliate against you in any way for filing a complaint.

Contact Information

Our HIPAA Compliance team can be reached at:

16120 NE 8th Street, Bellevue, WA 98008

HIPAA@kindering.org

(425) 747-4004

Effective Date

Effective date of this notice: October 2, 2025