NOTICE OF PRIVACY PRACTICES

Your Information. Your Rights. Our Responsibilities.

Privacy Officer: Jennifer McCauley 804-796-0790

Effective: January 1, 2025 Revised: February 16, 2026

This document explains how your mental health and medical information may be used, disclosed, and how you can access it. Please read it carefully.

Your Rights

When it comes to your health information, you have the following rights:

We may use or disclose your protected health information (PHI) for treatment, payment, and health care operations with your consent. Here are key definitions to clarify these terms:

You have the right to:

  • Get a copy of your paper or electronic medical record
    • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
    • We will provide a copy or a summary of your health information usually within 30 days of your request. We may charge a reasonable, cost-based fee.
  • Correct your paper or electronic medical record
    • You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
    • We may say no to your request, but we’ll tell you why in writing within 60 days.
  • Request confidential communication
    • You can ask us to contact you in a specific way (for example, home, office, or cell phone) or to send mail to a different address.
    • We will say yes to all reasonable requests.
  • Be notified of a breach
    • If we discover that your unsecured protected health information has been accessed, used, or disclosed in a way that compromises its privacy or security, we will notify you promptly — without unreasonable delay and no later than 60 days after discovery.
  • Ask us to limit the information we share
    • You can ask us not to use or share certain health information for treatment, payment, or our health care operations after you have provided consent for all those purposes. We are not required to agree to your request, and we may say “no” if, for example, it could affect your care. If we agree to your request, we may still share this information in the event that you need emergency treatment.
    • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our health care operations with your health insurer. We will say “yes” unless a law requires us to share that information.
  • Choose someone to act for you
    • If someone has authority to act as your personal representative — for example, if someone holds your medical power of attorney or is your legal guardian — that person can exercise your rights and make choices about your health information.
    • We will verify that the person has this authority and can act for you before we take any action.
  • Get a copy of this privacy notice
    • You can ask for a paper copy of this notice at any time, even if you have agreed to receive it electronically. We will provide one promptly.
  • Get an accounting of disclosures
    • You can ask for an accounting of the times we’ve shared your health information for up to six years prior to the date you ask, who we shared it with, and why.We will include all disclosures except those about treatment, payment, and health care operations, and certain other disclosures such as any you asked us to make.
    • We will provide one accounting per year for free. If you request another within 12 months, we may charge a reasonable, cost-based fee.
  • File a complaint if you believe your privacy rights have been violated
    • You can complain if you feel we have violated your privacy rights by contacting Jennifer McCauley (804) 796-0790 or in writing at 4801 Cox Rd. Ste. 205, Glen Allen, VA 23060.You can file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights: send a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201; call 1-877-696-6775; or visit https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference, talk to us. Tell us what you want us to do, and we will follow your instructions.

  • Information we never share without your written permission: In these cases, we never share your information unless you give us written authorization:
    • Marketing purposesSale of your information
    • Most sharing of psychotherapy notes (see details under Uses and Disclosures below)
  • Sharing Information: In these cases, you have both the right and choice to tell us to:
    • Share information with your family, close friends, or others involved in your care or payment for your care
    • Share information in a disaster relief situation

If you are not able to tell us your preference — for example, if you are unconscious — we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

  • Fundraising
    • We may contact you for fundraising efforts, but you can tell us not to contact you again and we will honor that request.
  • Mental Health Treatment Records
    • Virginia law (Va. Code § 32.1-127.1:03) provides that your psychotherapy notes — notes kept separate from your general health record documenting the content of your counseling sessions — require your written authorization before disclosure, with limited exceptions described in Section 3 below.

Our Uses & Disclosures

We typically use or share your health information in the following ways:

  • Treat you
    • We can use your health information and share it with other professionals who are treating you.
    • Example: A doctor treating you for a chronic condition asks a doctor at our program about your health condition and medications you are taking, for example, to avoid complications.
  • Run our organization
    • We can use and share your health information to run our program, improve your care, and contact you when necessary.
    • Example: We use health information about you to manage your treatment and services.
  • Bill for your services
    • We can use and share your health information to bill and get payment from health plans or other entities.
    • Example: We give information about you to your health insurance plan so it will pay for your services.
  • How else can we use or share your health information?
    • We are allowed or required to share your information in certain ways without your consent – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.
    • In all cases, including those listed below, if we have substance use disorder patient records about you, subject to 42 CFR part 2, we cannot use or share information in those records in civil, criminal, administrative, or legislative investigations or proceedings against you without (1) your consent or (2) a court order and a subpoena.
  • Help With Public Health and Safety Issues
    • We can share health information about you for certain situations such as:
    • Preventing or controlling disease, injury, or disability
    • Reporting suspected abuse, neglect, or domestic violence
    • Reporting adverse reactions to medications or defective products
    • Preventing or reducing a serious and imminent threat to anyone’s health or safety
  • Do Research
    • We can use or share your information to conduct or help with health research. Researchers cannot include any patient identifying information in their reports about the research.
  • Comply With the Law
    • We will share information about you if state or federal laws require it, including with the U.S. Department of Health and Human Services if it requests to verify our compliance with federal privacy law.
  • Respond to Organ and Tissue Donation Requests
    • We can share health information about you with organ procurement organizations.
  • Work With a Medical Examiner or Funeral Director
    • We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
  • Address Workers’ Compensation, Law Enforcement, and Other Government Requests
  • We can use or share health information about you:
  • For workers’ compensation claims (Va. Code §§ 65.2-604, 65.2-607)
    • For law enforcement purposes or with a law enforcement official when required or permitted by law
    • With health oversight agencies for activities authorized by law (e.g., audits, inspections, licensing proceedings)
    • For special government functions such as national security and military activities
  • Respond to Lawsuits and Legal Actions
    • We can share health information about you in response to a court or administrative order, or in response to a subpoena, provided the information is privileged under Virginia law or the request otherwise meets legal requirements. You will be informed in advance where possible. The privilege does not apply when you are being evaluated for a third party or when an evaluation is court-ordered.
  • Mandatory Reporting Under Virginia Law
    • Child Abuse and Neglect (Va. Code § 63.2-1509): If your provider has reasonable cause to suspect that a child has been abused or neglected, they are required to report that belief to the appropriate child protective services authority.
    • Abuse of Adults and Vulnerable Persons (Va. Code § 63.2-1606): If your provider has reasonable cause to believe that a vulnerable adult (a person 18 or older who is incapacitated, or any person 60 or older) has been subjected to abuse, neglect, or exploitation, they are required to report that belief to Adult Protective Services.
    • Duty to Protect Third Parties (Va. Code § 54.1-2400.1): If your provider determines that you present a serious and imminent danger of violence to yourself or to an identifiable third party, they may disclose information necessary to protect you or the intended victim, which may include warning the person, notifying law enforcement, or seeking emergency hospitalization.
  • Health Oversight Proceedings: If your provider is the subject of an inquiry by their licensing board, they may be required to disclose your PHI in proceedings before that board. Your provider will attempt to inform you and explain what information must be disclosed.

Special Protections- Psychotherapy Notes

“Psychotherapy notes” means notes kept separately from your general health record by your mental health provider, documenting or analyzing the contents of your private or group counseling sessions. Under both HIPAA and Virginia law (Va. Code § 32.1-127.1:03), psychotherapy notes are given a higher level of protection than other PHI and require your written authorization before disclosure, except in the following limited circumstances:

  • For our own training programs for supervised mental health practitioners
  • To defend Aspect Counseling and Psychiatry or its staff against an accusation of wrongful conduct
  • In the discharge of the duty to protect third parties from violence or serious harm (Va. Code § 54.1-2400.1)
  • As required in an investigation, audit, or proceeding regarding RCC’s conduct by a duly authorized law enforcement, licensure, accreditation, or professional review entity
  • As otherwise required by law

Note: Psychotherapy notes do not include medication and prescription monitoring notes, counseling session start and stop times, treatment modalities and frequencies, clinical test results, or any summary of symptoms, diagnosis, prognosis, functional status, treatment plan, or progress to date. These items are part of the general health record and are subject to standard HIPAA protections.

Special Protections- Substance Use Disorder (SUD) Records: 42CFR Part 2:

Federal law protects the confidentiality of substance use disorder patient records

Requirements became effective February 16, 2026 that stipulate that records related to your substance use disorder (SUD) diagnosis, treatment, or referral for treatment are protected under federal law knows as 42 CFR Part 2 and carries confidentiality protections beyond standard HIPAA.

Aspect Counseling and Psychiatry may not disclose to a person outside of our practice that you attend this program, or disclose any information identifying you as having or having had a substance use disorder, or disclose any SUD treatment information, except as permitted by federal law.

Legal Proceedings — Strict Prohibition

SUD records subject to 42 CFR Part 2 received from programs subject to that regulation, or testimony relaying the content of such records, shall not be used or disclosed in civil, criminal, administrative, or legislative proceedings against you unless based on:

  • (1) Your written consent; OR
  • (2) A court order after you have been given notice and an opportunity to be heard, as provided in 42 CFR Part 2. A court order authorizing use or disclosure must be accompanied by a subpoena or other legal requirement compelling disclosure before the record is used or disclosed.
  • Permitted Uses of SUD Records Without Your Consent

We may use or share SUD records without your consent only in limited circumstances required by law, including:

  • Medical emergencies, to the extent necessary to meet the emergency
  • Research, audit, or program evaluation under strict conditions (researchers/auditors may not disclose identifying information)
  • Reporting of suspected child abuse or neglect (information limited to what is required by law)
  • Reporting to law enforcement if a patient commits or threatens to commit a crime on our premises or against our staff
  • Cause of death inquiries, as required or allowed by law

Consent for Treatment, Payment, and Health Care Operations

Unlike standard PHI, SUD records generally require your written consent before they may be used or disclosed even for treatment, payment, and health care operations, unless a specific exception under 42 CFR Part 2 applies. You may provide a single consent for all future such uses and disclosures. You may also revoke that consent in writing at any time for future disclosures.

  • Redisclosure

When you consent to uses and disclosures for treatment, payment, and health care operations, we may share your SUD records with other health care providers or entities. If the recipient is a HIPAA-covered entity, they may further use and share your information as HIPAA permits. However, your SUD records still cannot be used in legal proceedings against you without your consent or a court order and subpoena.

  • Fundraising and SUD Records

If we contact you for fundraising, we will provide you with clear and obvious advance notice and a choice about whether to receive fundraising communications that use your SUD information.

  • Your Rights Regarding SUD Records
    • You have the right to request restrictions on disclosures of your SUD records for treatment, payment, and health care operations.
    • You have the right to choose in advance whether to receive fundraising communications using your SUD information.
    • You have the right to an accounting of disclosures of your electronic SUD records.
    • You have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (address and phone listed in Section 1 above) regarding violations of 42 CFR Part 2.

SMS Messaging

Information We Collect

When you opt-in to receive SMS messages, we collect:

  • Your phone number
  • Consent to send SMS messages
  • Your email address
  • Your basic contact information

How We Collect Your Information

We may collect your information directly from you, such as when you complete a form or contact us; automatically, such as when you interact with our website; or from others, such as when we receive information about you from third parties.

How We Use Your Information

We use your information to:

  • Send you the SMS messages you’ve opted in to receive
  • Provide updates, promotions, or other relevant content based on your preferences
  • Choices and Controls
  • To operate our business

Disclosures of Your Information

We may disclose your information to our affiliated companies; to third party service providers, business advisors, or consultants who provide services to us; in connection with a merger, acquisition, reorganization, restructuring, financing transaction, or sale of assets; as required by law or administrative order; to assert claims or rights or to defend against claims

Protection of Information

We take steps to protect your information against unauthorized use or disclosure. We do not share your personal information, phone number, or SMS consent opt-in data with third parties or affiliates for marketing or promotional purposes.

Our Responsibilities

We are required by law to maintain the privacy and security of your protected health information.

We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

We must follow the duties and privacy practices described in this notice and give you a copy of it.

We will not use or share your information other than as described in this notice unless you tell us we can in writing. If you tell us we can, you may change your mind at any time — let us know in writing if you change your mind.

We are required to obtain your written authorization for most uses and disclosures of psychotherapy notes and, where applicable, SUD records.

Virginia law (Va. Code § 32.1-127.1:03) provides privacy protections for health records that are, in some areas, more stringent than HIPAA. Where Virginia law provides greater protection for your privacy, we follow Virginia law.

We respect your privacy and strive to protect your information. In cases where consent is not
required, we still make every effort to avoid sharing your information without your knowledge. If there are changes to our privacy practices or the law, the updated notice will be posted in our office, on our website, and made available upon request.

Health Information Exchange

We may participate in a Health Information Exchange (HIE), which allows electronic sharing of health information among health care providers and health plans for treatment, payment, and health care operations purposes. You may have the right to opt out of certain HIE participation. Ask us for an opt-out form if desired.

Changes to the Terms of this Notice

We are required to follow the terms of this notice that are currently in effect.  We can change the terms of this notice, and the changes will apply to all information we have about you.  The new notice will be available upon request in our office and on our web site.

Let's have a conversation.

Reach out to one of our licensed therapists or PMHNPs to see how we can help.

Contact Us
THERAPY
Treatment For
Medication Management
Richmond, VA Office

4801 Cox Road, Suite 205
Glen Allen, VA 23060

Directions →

Phone: (804) 796-0790
Fax: (804) 796-0799

info@aspectcounseling.com

Aspect Counseling and Psychiatry © 2026
Psychiatrists, Counselors, and Therapists in Richmond, VA
Privacy PolicyTerms of Service