Notice of Privacy Practices
Effective Date: October 1, 2025
Last Updated: October 1, 2025
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. Our Pledge Regarding Health Information
At Regenesis Neuro, we understand that health information about you and your care is personal. We are committed to protecting your health information. We create and maintain a record of the care and services you receive from our clinic. This record is necessary to provide you with quality care and to comply with legal requirements.
This Notice applies to all of the records of your care generated by our clinic. It explains how we may use and disclose your health information and describes your rights and our obligations under HIPAA and the California Confidentiality of Medical Information Act (CMIA).
We are required by law to:
Make sure that protected health information (PHI) that identifies you is kept private.
Provide you with this Notice of our legal duties and privacy practices.
Follow the terms of the Notice currently in effect.
Ask you to acknowledge receipt of this Notice when provided at intake.
In the event of a breach of unsecured health information, we will notify you without unreasonable delay, as required by federal and California law.
We reserve the right to modify the terms of this Notice, and such modifications will apply to all information we maintain. The updated Notice will be available upon request at our clinic and on our website.
What is PHI?
PHI refers to information that identifies you and relates to your past, present, or future physical or mental health conditions, related care services, or payment for health care. PHI may be in written, electronic, or oral form. HIPAA regulates the use and disclosure of PHI nationally, and CMIA regulates how PHI can be disclosed in California.
II. How We May Use and Disclose Health Information
The law permits us to use or disclose PHI for the following purposes without your written authorization, as permitted or required by law:
Treatment, Payment, and Health Care Operations: We may use or disclose your PHI to other healthcare providers to coordinate your care, obtain payment for services, or carry out clinic operations, such as quality improvement and compliance reviews. Example: A clinician may consult with another licensed healthcare provider regarding your protocol.
Business Associates: We may share PHI with third-party service providers (“Business Associates”) who perform functions for us (such as billing, data hosting, or transcription). All Business Associates are bound by contract to safeguard PHI in accordance with HIPAA.
Public Health and Safety: We may disclose PHI for public health activities, such as preventing disease, reporting suspected abuse, neglect, or domestic violence, or averting a serious threat to health or safety.
Health Oversight: We may share PHI with government agencies that oversee the health-care system, including audits, inspections, or licensure actions.
Legal Proceedings and Law Enforcement
We may disclose PHI in response to a valid court or administrative order, subpoena, warrant, or other lawful process after making reasonable efforts to notify you or to obtain a protective order. We may also disclose PHI to law enforcement to report crimes on our premises.
Coroners, Medical Examiners, and Funeral Directors: We may release PHI to identify a deceased person or determine cause of death.
Workers’ Compensation: We may disclose PHI as authorized by laws relating to workers’ compensation or similar programs.
Research: We may use or disclose PHI for research if the information has been de-identified or an institutional review board (IRB) or privacy board has approved the research in accordance with HIPAA.
Specialized Government Functions: We may disclose PHI for lawful military, national-security, or protective-services purposes.
Appointment Reminders and Health-Related Benefits: We may contact you with reminders or information about treatment alternatives or health-related products and services that may be of interest to you.
Breach Notification
In the event of a breach of unsecured health information, we will notify you without unreasonable delay, as required by federal and California law.
III. Uses and Disclosures That Require Your Written Authorization
Psychotherapy Notes
Our clinic does not create or maintain “psychotherapy notes” as defined in 45 CFR § 164.501. We do, however, maintain session notes and care records related to neurofeedback and associated services. These records are part of your medical record and are protected under HIPAA and CMIA.
Any use or disclosure of your PHI beyond what is permitted by law (e.g., for treatment, payment, or health care operations) will require your written authorization.
Marketing and Sale of PHI
We will not use or disclose your health information for marketing purposes or sell your health information without your written authorization.
Authorization Forms
Any written authorization you provide for disclosure of medical information will be presented in 14-point font and will meet the requirements of California law. You may revoke your authorization at any time in writing.
Other Non-Routine Uses: Any other use or disclosure not described in this Notice requires your authorization.
You may revoke an authorization in writing at any time, except to the extent that we have already acted in reliance on it. All authorization forms will comply with California Civil Code §56.11 and will be printed in at least 14-point font.
IV. Uses and Disclosures That Allow You to Object (Opt Out)
We may disclose PHI to a family member, friend, or other person involved in your care or payment for care, unless you object. If you are unable to object due to incapacity or emergency, we may disclose relevant information as necessary and give you the opportunity to object later.
V. Your Rights Regarding PHI
You have the right to:
Request Limits: Ask us not to use or disclose certain PHI for treatment, payment, or operations. We are not always required to agree, but will consider requests.
Restrictions for Out-of-Pocket Payments: Request that PHI not be disclosed to a health plan if you pay for the related service in full out-of-pocket.
Confidential Communications: Request that we contact you in a specific way (e.g., home vs. office phone). We will honor reasonable requests.
Access: Request an electronic or paper copy of your medical records (excluding psychotherapy notes, which we do not create). We will respond within 30 days and may charge a cost-based fee.
Accounting of Disclosures: Request a list of certain non-routine disclosures made in the past six years.
Correction/Amendment: Request correction or completion of your PHI if you believe it is inaccurate or incomplete. We may deny your request but will explain the reason in writing.
Copy of This Notice: Request a paper copy of this Notice, even if you received it electronically.
Record Retention
We maintain medical records as required by California law: for adults, at least 7 years from the date of last service; for minors, at least 1 year past the age of 18, but never less than 7 years.
VI. Data Security and Breach Notification
We maintain administrative, technical, and physical safeguards designed to protect PHI against unauthorized access, loss, or misuse.
If a breach of unsecured PHI occurs, we will notify affected individuals without unreasonable delay and in accordance with HIPAA (45 CFR §164.404) and California Civil Code §§1798.29 and 1798.82.
VII. Questions or Complaints
If you have questions about this Notice or believe your privacy rights have been violated, contact:
Privacy Officer
Sara Kershaw
Phone: 602-568-3027
Email: info@regenesisneuro.com
You may also file a complaint with:
U.S. Department of Health and Human Services – Office for Civil Rights
200 Independence Avenue SW, Washington, DC 20201
www.hhs.gov/ocr/privacy/
Or with the California Department of Public Health, Office of Health Information Integrity (CalOHII).
You will not be retaliated against for filing a complaint.