top of page
Evergreen Logo Head 03__edited.png

Evergreen Behavioral & Mental Healthcare

Child and Adolescent Focused

HIPPA Privacy Policy


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates the management of access to Protected Health Information (PHI) to ensure the integrity, confidentiality, and availability of electronic PHI (ePHI) data. This policy establishes the guidelines for ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy and security of Protected Health Information (PHI). It applies to all employees, contractors, and business associates of Evergreen Mental Health and Wellness PLLC (Evergreen Behavioral & Mental Healthcare) who have access to PHI within our system. This includes all administrative, clinical, and support staff.


Protected Health Information (PHI) is defined as any information, whether oral or recorded in any form, that relates to the health, provision of health care, or payment for health care that can be linked to an individual. Business Associate is defined as person or entity that performs activities or services for or on behalf of a Covered Entity involving the use or disclosure of PHI. Covered Entity is defined as a healthcare provider, health plan, or healthcare clearinghouse that processes PHI.

When it comes to your health information, you have certain rights. You have the right to understand and control how your PHI is used. You have the right to access and obtain a copy of your PHI. You have the right to request amendments to your PHI if you believe it is inaccurate or incomplete. You have the right to request restrictions on certain uses and disclosures of your PHI. You have a right to privacy, knowing that we will not disclose your PHI without your authorization, except as permitted or required by law. You have a right to request confidential communications from us, in a specific manner. 

The are special situations regarding how minors are protected under HIPPA rules. Generally, a parent or guardian of a minor child is regarded as the personal representative of the minor child. Per the HIPAA Privacy Rule, a personal representative is authorized to exercise the HIPAA rights of the individual whom he or she represents, on that person’s behalf. Therefore, a parent who is a personal representative can exercise a minor’s HIPAA Privacy Rule rights with respect to protected health information (PHI), consistently with state law. Additionally, personal representatives have the right to exercise other HIPAA Privacy Rule rights, such as providing written authorization for disclosure of PHI. The rule also gives a personal representative the general right to make medical decisions on the minor’s behalf. 

A minor is a person under the age of 18. An emancipated minor is a minor who may be treated as an adult for most legal purposes, including consent to medical treatment. Under most state laws, the only emancipated minors are those who are married, have been granted an order of emancipation by a court, or who are serving in the armed forces. An unemancipated minor is a person under 18 who is not emancipated as described above. They are subject to the supervision and control of his or her parents. (See your individual state laws.) The general rules for emancipated minors are: The minor must sign authorizations for disclosure. The minor’s parents are not allowed access to the minor’s PHI.

The HIPAA Privacy Rule specifies three circumstances under which the parent is not the personal representative with respect to certain health information about his or her unemancipated minor child. These exceptions generally involve the ability of minors to obtain specified health care without parental consent under state laws, or standards of professional practice. In these situations, the parent does not control the minor’s health care decisions, and therefore under the HIPAA Privacy Rule, does not control the protected health information (PHI) related to that care. 
The three circumstances when a parent is not the minor’s personal representative are:

  1. When state or other law does not require the consent of a parent or other person before a minor can obtain a particular health care service, and the minor consents to the health care service. (See your individual state laws.)

  2. When someone other than the parent is authorized by law to consent to the provision of a particular health service to a minor and provides such consent. 

  3. When a parent agrees to a confidential relationship between the minor and a health care provider.

The HIPAA Privacy Rule does not infringe upon state laws that expressly address the ability of parents to obtain health information about minors. If state law allows access, the HIPAA Privacy Rule also allows. If state law prohibits disclosure, HIPAA does as well.


Security Procedures have been put in place to safeguard PHI. There are regular assessments of potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI. Physical safeguards are in place to prohibit physical access to PHI. There is the implementation of appropriate technical safeguards such as encryption, secure data storage, and controlled access to protect PHI. Additionally, there are procedures for responding to security incidents, including immediate containment and mitigation. If there is a breach involving PHI, that may have compromised the privacy or security of your information, Evergreen Mental Health and Wellness PLLC (Evergreen Behavioral & Mental Healthcare) will notify those affected.  All staff members of Evergreen Mental Health and Wellness PLLC (Evergreen Behavioral & Mental Healthcare)   will be knowledgeable of HIPAA policies and procedures, and will be held accountable for adherence to such.
This policy will be reviewed periodically and modified as necessary to ensure compliance with HIPAA regulations and to reflect changes in federal law and state law. If you have any questions or concerns about our HIPAA Privacy Policy, please contact us at info@evergreenbmh.com.

bottom of page