Privacy Policy – KimYkema.com

Who we are

Our website address is: https://kimykema.com.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW THIS NOTICE CAREFULLY.
Your health record contains personal information about you and your health. This information about
you that may identify you and that relates to your past, present, or future physical or mental health or
condition and related health care services is referred to as Protected Health Information (“PHI”). This
Notice of Privacy Practices describes how we may use and disclose your PHI in accordance with
applicable law including the Health Insurance Portability and Accountability Act (“HIPAA”), regulations
promulgated under HIPAA including the HIPAA Privacy and Security Rules, and the NASW Code of Ethics.
It also describes your rights regarding how you may gain access to and control your PHI.
We are required by law to maintain the privacy of PHI and to provide you with notice of our legal duties
and privacy practices with respect to PHI. We are required to abide by the terms of this Notice of
Privacy Practices. We reserve the right to change the terms of our Notice of Privacy Practices at any
time. Any new Notice of Privacy Practices will be effective for all PHI that we maintain at that time. We
will provide you with a copy of the revised Notice of Privacy Practices by posting a copy on our website,
sending a copy to you in the mail upon request, or providing one to you at your next appointment.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU
For Treatment. Your PHI may be used and disclosed by those who are involved in your care for the
purpose of providing, coordinating, or managing your health care treatment and related services. This
includes consultation with clinical supervisors or other treatment team members. We may disclose PHI
to any other consultant only with your authorization.
For Payment. We may use and disclose PHI so that we can receive payment for the treatment services
provided to you. This will only be done with your authorization. Examples of payment-related activities
are: making a determination of eligibility or coverage for insurance benefits, processing claims with
your insurance company, reviewing services provided to you to determine medical necessity, or
undertaking utilization review activities. If it becomes necessary to use collection processes due to lack
of payment for services, we will only disclose the minimum amount of PHI necessary for purposes of
collection.
For Health Care Operations. We may use or disclose, as needed, your PHI in order to support our
business activities including, but not limited to, quality assessment activities, employee review activities,
licensing and conducting or arranging for other business activities. For example, we may share your PHI
with third parties that perform various business activities (e.g., billing or typing services) provided we
have a written contract with the business that requires it to safeguard the privacy of your PHI. For
training or teaching purposes, PHI will be disclosed only with your authorization.
2 of 4
2019.07.01
Required by Law. Under the law, we must disclose your PHI to you upon your request. In addition, we
must make disclosures to the Secretary of the Department of Health and Human Services for the
purpose of investigating or determining our compliance with the requirements of the Privacy Rule.
Without Authorization. Following is a list of the categories of uses and disclosures permitted by HIPAA
and state law without an authorization. Applicable law and ethical standards permit us to disclose
information about you without your authorization only in a limited number of situations.
As a social worker licensed in the state of Washington and as a member of the National Association of
Social Workers, is it our practice to adhere to more stringent privacy requirements of disclosures
without an authorization. The following language addresses these categories to the extent consistent
with the NASW Code of Ethics and HIPAA.
Child Abuse or Neglect. We may disclose your PHI to a state or local agency that is authorized by law to
receive reports of child abuse or neglect.
Vulnerable Adult Abuse or Neglect. We may disclose your PHI to a state or local agency that is
authorized by law to receive reports of abuse or neglect to a vulnerable adult as defined by RCW
74.34.020.
Deceased Patients. We may disclose PHI regarding deceased patients as mandated by state law, or to a
family member or friend that was involved in your care or payment for care prior to death, based on
your prior consent. A release of information regarding deceased patients may be limited to an executor
or administrator of a deceased person’s estate or the person identified as next-of-kin. PHI of persons
that have been deceased for more than fifty (50) years is not protected under HIPAA.
Medical Emergencies. We may use or disclose your PHI in a medical emergency situation to medical
personnel only in order to prevent serious harm. Our staff will try to provide you a copy of this notice as
soon as reasonably practicable after the resolution of the emergency.
Family Involvement in Care. We may disclose information to close family members or friends directly
involved in your treatment based on your consent or as necessary to prevent serious harm.
Health Oversight. If required, we may disclose PHI to a health oversight agency for activities authorized
by law, such as audits, investigations, and inspections. Oversight agencies seeking this information
include government agencies and organizations that provide financial assistance to the program (such as
third-party payors based on your prior consent) and peer review organizations performing utilization
and quality control.
Law Enforcement. We may disclose PHI to a law enforcement official as required by law, in compliance
with a subpoena (with your written consent), court order, administrative order or similar document, for
the purpose of identifying a suspect, material witness or missing person, in connection with the victim of
a crime, in connection with a deceased person, in connection with the reporting of a crime in an
emergency, or in connection with a crime on the premises.
Specialized Government Functions. We may review requests from U.S. military command authorities if
you have served as a member of the armed forces, authorized officials for national security and
intelligence reasons and to the Department of State for medical suitability determinations, and disclose
your PHI based on your written consent, mandatory disclosure laws and the need to prevent serious
harm.
Public Health. If required, we may use or disclose your PHI for mandatory public health activities to a
public health authority authorized by law to collect or receive such information for the purpose of
preventing or controlling disease, injury, or disability, or if directed by a public health authority, to a
government agency that is collaborating with that public health authority.
3 of 4
2019.07.01
Public Safety. We may disclose your PHI if necessary to prevent or lessen a serious and imminent threat
to the health or safety of a person or the public. If information is disclosed to prevent or lessen a
serious threat it will be disclosed to a person or persons reasonably able to prevent or lessen the threat,
including the target of the threat.
Research. PHI may only be disclosed after a special approval process or with your authorization.
Fundraising. We may send you fundraising communications at one time or another. You have the right
to opt out of such fundraising communications with each solicitation you receive.
Verbal Permission. We may also use or disclose your information to family members that are directly
involved in your treatment with your verbal permission.
With Authorization. Uses and disclosures not specifically permitted by applicable law will be made only
with your written authorization, which may be revoked at any time, except to the extent that we have
already made a use or disclosure based upon your authorization. The following uses and disclosures will
be made only with your written authorization: (i) most uses and disclosures of psychotherapy notes
which are separated from the rest of your medical record; (ii) most uses and disclosures of PHI for
marketing purposes, including subsidized treatment communications; (iii) disclosures that constitute a
sale of PHI; and (iv) other uses and disclosures not described in this Notice of Privacy Practices.
YOUR RIGHTS REGARDING YOUR PHI
You have the following rights regarding PHI we maintain about you. To exercise any of these rights,
please submit your request in writing to our Privacy Officer Kimberle Ykema at 908 Georgiana Street,
Port Angeles, WA 98362.
• Right of Access to Inspect and Copy. You have the right, which may be restricted only in
exceptional circumstances, to inspect and copy PHI that is maintained in a “designated record
set”. A designated record set contains mental health/medical and billing records and any other
records that are used to make decisions about your care. Your right to inspect and copy PHI will
be restricted only in those situations where there is compelling evidence that access would
cause serious harm to you or if the information is contained in separately maintained
psychotherapy notes. We may charge a reasonable, cost-based fee for copies. If your records
are maintained electronically, you may also request an electronic copy of your PHI. You may
also request that a copy of your PHI be provided to another person.
• Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may
ask us to amend the information although we are not required to agree to the amendment. If
we deny your request for amendment, you have the right to file a statement of disagreement
with us. We may prepare a rebuttal to your statement and will provide you with a copy. Please
contact the Privacy Officer if you have any questions.
• Right to an Accounting of Disclosures. You have the right to request an accounting of certain of
the disclosures that we make of your PHI. We may charge you a reasonable fee if you request
more than one accounting in any 12-month period.
• Right to Request Restrictions. You have the right to request a restriction or limitation on the
use or disclosure of your PHI for treatment, payment, or health care operations. We are not
required to agree to your request unless the request is to restrict disclosure of PHI to a health
plan for purposes of carrying out payment or health care operations and the PHI pertains to a
4 of 4
2019.07.01
health care item or service that you paid for out of pocket. In that case, we are required to
honor your request for a restriction.
• Right to Request Confidential Communication. You have the right to request that we
communicate with you about health matters in a certain way or a certain location. We will
accommodate reasonable requests. We may require information regarding how payment will
be handled or specification of an alternative address or other method of contact as a condition
for accommodating your request. We will not ask you for an explanation of why you are making
the request.
• Breach Notification. If there is a breach of unsecured PHI concerning you, we may be required
to notify you of this breach, including what happened and what you can do to protect yourself.
• Right to a Copy of this Notice. You have the right to a copy of this notice.
COMPLAINTS
• If you believe we have violated your privacy rights, you have the right to file a complaint in
writing with our Privacy Officer Kim Ykema at 908 Georgiana Street, Port Angeles, WA 98362 or
with the Secretary of Health and Human Services at 200 Independence Avenue, S.W.,
Washington, D.C. 20201 in writing by mail, fax, e-mail, or via the OCR Complaint Portal. Refer to
the HHS website for complaint forms and contact information. We will not retaliate against
you for filing a complaint.
The effective date of this Notice is July 1, 2019.