Notice of Privacy Practices

Effective Date: 02/16/2026

NOTICE OF PRIVACY PRACTICES

Your Information. Your Rights. Our Responsibilities.

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

 

I. YOUR PROVIDER'S PLEDGE REGARDING HEALTH INFORMATION

Your provider (Sanjli Mehta) understands that health information about you and your health care is personal. Your provider is committed to protecting health information about you. A record of the care and services you receive from your provider will be created. Your provider needs this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated by this mental health care practice.

This notice will tell you about the ways in which your provider may use and disclose health information about you. It will also describe your rights to the health information your provider keeps about you, and the obligations your provider has regarding the use and disclosure of your health information. Your provider is required by law to:

  • Make sure that protected health information (“PHI”) that identifies you is kept private.

  • Give you this notice of the legal duties and privacy practices with respect to health information.

  • Follow the terms of the notice that is currently in effect.

  • Notify you promptly if a breach occurs that may have compromised the privacy or security of your information.

Your provider can change the terms of this Notice, and such changes will apply to all information your provider has about you. The new Notice will be available upon request and on the website. For more information, visit https://www.hhs.gov/hipaa/for-individuals/notice-privacy-practices/index.html.

Your provider will not use or share your information other than as described in this Notice unless you provide written authorization. If you provide authorization, you may revoke it at any time in writing.

II. HOW YOUR PROVIDER MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU

The following categories describe different ways that your provider may use and disclose health information. For each category of uses or disclosures, your provider will explain what is meant and provide some examples. Not every use or disclosure in a category will be listed. However, all the ways your provider is permitted to use and disclose information will fall within one of the categories.

For Treatment, Payment, or Health Care Operations: Federal privacy rules (regulations) allow health care providers who have a direct treatment relationship with the patient/client to use or disclose the patient/client’s PHI  without the patient’s written authorization, to carry out the health care provider’s own treatment, payment, or health care operations. Your provider may also disclose your PHI for the treatment activities of any health care provider. This too can be done without your written authorization. For example, if a clinician were to consult with another licensed health care provider about your condition, your provider would be permitted to use and disclose your personal health information, which is otherwise confidential, in order to assist the clinician in diagnosing and treating your mental health condition.

Disclosures for treatment purposes are not limited to the minimum necessary standard. Because therapists and other health care providers need access to the full record and/or full and complete information in order to provide quality care. The word “treatment” includes, and is not limited to, the coordination and management of health care providers with a third party, consultations between health care providers, and referrals of a patient for health care from one health care provider to another.

Lawsuits and Disputes: If you are involved in a lawsuit, your provider may disclose health information in response to a court or administrative order. Your provider may also disclose health information about your child in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

Legal Compliance and Government Requests: Your provider may be required or permitted to disclose your PHI in order to comply with legal obligations or government requests. This includes, but is not limited to, the following:

  • Mandated Reporting: Your provider may be required by law to report certain information, including but not limited to suspicions of potential child abuse or neglect, elder or dependent adult abuse or neglect, and potential harm to self or others. The specific information that must be reported and the authorities to whom it must be reported may vary based on state law. Clients are encouraged to research their state’s laws or consult with their provider if they have specific questions about what may be reportable in their jurisdiction. This reporting may involve contacting appropriate authorities to ensure the safety and well-being of individuals.

  • Insurance Audits: Your provider may disclose your PHI in response to audits or requests from insurance companies, including health insurers or managed care organizations, to ensure compliance with insurance requirements or to verify claims.

  • Other Government Requests: Your provider may be required to disclose your PHI to governmental agencies or officials for purposes that include, but are not limited to, law enforcement investigations, health oversight activities, or compliance with other regulatory or statutory requirements.

  • Public Health Laws: Your provider may disclose your PHI to public health authorities for the purpose of preventing or controlling disease, injury, or disability. This includes complying with laws related to reporting diseases, injuries, and vital statistics, as well as responding to public health emergencies.

  • Organ and Tissue Donation: Your provider may disclose your PHI to organ procurement organizations or other entities engaged in organ, eye, or tissue donation and transplantation.

  • Medical Examiners and Funeral Directors: Your provider may disclose your PHI to a coroner, medical examiner, or funeral director when an individual dies, as authorized by law.

  • Department of Health and Human Services: Your provider may disclose your PHI to the Secretary of the Department of Health and Human Services for purposes of determining compliance with federal privacy laws.

III. CERTAIN USES AND DISCLOSURES REQUIRE YOUR AUTHORIZATION

Psychotherapy Notes: Your provider does keep "psychotherapy notes" as that term is defined in 45 CFR § 164.501, and any use or disclosure of such notes requires your authorization unless the use or disclosure is:

  • For your provider's use in treating you.

  • For your provider's use in training or supervising mental health practitioners to help them improve their skills in group, joint, family, or individual counseling or therapy.

  • For your provider's use in defending themselves in legal proceedings instituted by you.

  • For use by the Secretary of Health and Human Services to investigate your provider’s compliance with HIPAA.

  • Required by law and the use or disclosure is limited to the requirements of such law.

  • Required by law for certain health oversight activities pertaining to the originator of the psychotherapy notes.

  • Required by a coroner who is performing duties authorized by law.

  • Required to help avert a serious threat to the health and safety of others.

Marketing Purposes: As a psychotherapist, your provider will not use or disclose your PHI for marketing purposes. 

Sale of PHI: As a psychotherapist, your provider will not sell your PHI in the regular course of their business.

Fundraising: Sunshine Psychological Services LLC does not engage in fundraising activities using patient information.

IV. CERTAIN USES AND DISCLOSURES DO NOT REQUIRE YOUR AUTHORIZATION

Subject to certain limitations in the law, your provider can use and disclose your PHI without your authorization for the following reasons:

  • When disclosure is required by state or federal law, and the use or disclosure complies with and is limited to the relevant requirements of such law.

  • For public health activities, including reporting suspected child, elder, or dependent adult abuse, or preventing or reducing a serious threat to anyone’s health or safety, including your own.

  • For health oversight activities, including audits and investigations.

  • For judicial and administrative proceedings, including responding to a court or administrative order, although your provider’s preference is to obtain an authorization from you before doing so.

  • For law enforcement purposes, including reporting crimes occurring on your provider's premises.

  • To coroners or medical examiners when such individuals are performing duties authorized by law.

  • For research purposes, including studying and comparing the mental health of patients who received one form of therapy versus those who received another form of therapy for the same condition.

  • Specialized government functions, including ensuring the proper execution of military missions; protecting the President of the United States; conducting intelligence or counter-intelligence operations; or helping to ensure the safety of those working within or housed in correctional institutions.

  • For workers’ compensation purposes. Although your provider's preference is to obtain an authorization from you, they may provide your PHI in order to comply with workers’ compensation laws.

  • Appointment reminders and health-related benefits or services. Your provider may use and disclose your PHI to contact you to remind you that you have an appointment. Your provider may also use and disclose your PHI to inform you about treatment alternatives, or other health care services or benefits offered.

V. CERTAIN USES AND DISCLOSURES REQUIRE YOU TO HAVE THE OPPORTUNITY TO OBJECT

Disclosures to Family, Friends, or Others: Your provider may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part. The opportunity to consent may be obtained retroactively in emergency situations.

VI. YOU HAVE THE FOLLOWING RIGHTS WITH RESPECT TO YOUR PHI

  • The Right to Request Limits on Uses and Disclosures of Your PHI: You have the right to ask your provider not to use or disclose certain PHI for treatment, payment, or health care operations purposes. Your provider is not required to agree to your request, and they may say “no” if they believe it would affect your health care.

  • The Right to Request Restrictions for Out-of-Pocket Expenses Paid for In Full: You have the right to request restrictions on disclosures of your PHI to health plans for payment or health care operations purposes if the PHI pertains solely to a health care item or service you have paid for out-of-pocket in full.

  • The Right to Choose How Your PHI is Sent: You have the right to ask your provider to contact you in a specific way (for example, home or office phone) or to send mail to a different address, and your provider will agree to all reasonable requests.

  • The Right to See and Get Copies of Your PHI: Other than “psychotherapy notes,” you have the right to get an electronic or paper copy of your medical record and other information that your provider has about you. Your provider will provide you with a copy of your record, or a summary of it, within 30 days of receiving your written request, and may charge a reasonable, cost-based fee for doing so.

  • The Right to Get a List of the Disclosures Made: You have the right to request a list of instances in which your provider has disclosed your PHI for purposes other than treatment, payment, or health care operations, or for which you provided an authorization. Your provider will respond to your request within 60 days and will provide a list of disclosures made in the last six years unless you request a shorter time. Your provider will provide one accounting per year at no charge but may charge a reasonable, cost-based fee if you request an additional accounting within a 12-month period.

  • The Right to Correct or Update Your PHI: If you believe that there is a mistake in your PHI, or that important information is missing, you have the right to request that your provider correct the information or add the missing information. Your provider may deny your request, but they will tell you why in writing. If your provider denies your request, they will provide the reason in writing within 60 days.

  • The Right to Get a Paper or Electronic Copy of this Notice: You have the right to get a paper copy of this Notice at any time, and even if you have agreed to receive this notice via e-mail, you may still request a paper copy.

  • The Right to Choose Someone to Act for You: If you have given someone medical power of attorney or if someone is your legal guardian, that person may exercise your rights and make choices about your health information. Your provider will verify that the person has this authority before taking action.

VII. WISCONSIN-SPECIFIC LAWS

In addition to federal laws, your provider complies with the privacy and confidentiality laws specific to Wisconsin. These include:

  • Wisconsin Statute § 51.30(4), which provides that certain mental health records may only be disclosed in specific circumstances.

  • Wisconsin Statute § 146.82, which governs the release of patient health care records in Wisconsin.

  • Wisconsin’s mental health services privacy laws require your provider to obtain your consent to disclose mental health records in most cases, except in emergencies or as required by law.

This practice does not operate as a federally assisted substance use disorder treatment program subject to 42 CFR Part 2.

VIII. ELECTRONIC COMMUNICATION AND TELEHEALTH

This practice provides services exclusively via telehealth and uses secure electronic health record systems and telehealth platforms. While reasonable safeguards are in place to protect your information, there are inherent risks associated with electronic communication. Clients are encouraged to discuss any concerns about electronic communication with their provider.

If you are granted access to your health information through a secure online client portal, you may access certain records electronically.

IX. COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with your provider or with the U.S. Department of Health and Human Services, Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. You will not be penalized or retaliated against for filing a complaint.

X. CHANGES TO THIS NOTICE

Your provider may change the terms of this Notice at any time. If there are significant changes, a revised version of this notice will be made available to you.

Contact Information:
If you have any questions or concerns about the privacy of your health information, or if you wish to exercise any of your rights outlined in this Notice, please contact the Chief Privacy Officer through the secure contact form on our website or through the secure client portal.