Telehealth available seven days a week
Legal & privacy

Notice of Privacy Practices

How we may use and disclose your protected health information (PHI), and your rights under HIPAA and the California Medical Information Act (CMIA).

Effective date: 2026-05-03 · Last updated: 2026-05-03

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

0. About this Notice

Pasadena Clinical Group, together with its supervising clinicians, employees, independent contractors, students, trainees, interns, practicum students, externs, postdoctoral fellows, volunteers, and Business Associates (collectively, the "Practice," "we," "us," or "our"), is required by federal and California law to maintain the privacy of your Protected Health Information ("PHI") and to provide you with this Notice of our legal duties and privacy practices regarding PHI. The Practice is required by law to abide by the terms of this Notice currently in effect.

This Notice is issued under, and the Practice's privacy practices are governed by:

  • The federal Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA"), and the regulations at 45 C.F.R. Parts 160, 162, and 164 (the "Privacy Rule," "Security Rule," and "Breach Notification Rule");
  • The Health Information Technology for Economic and Clinical Health Act ("HITECH," 42 U.S.C. §17921 et seq.);
  • The California Confidentiality of Medical Information Act ("CMIA," Cal. Civ. Code §56 et seq.);
  • The Lanterman-Petris-Short Act, including Welf. & Inst. Code §5328 et seq., providing heightened confidentiality for mental-health records;
  • 42 C.F.R. Part 2, providing heightened protection for federally-assisted substance-use-disorder treatment records;
  • California Health & Safety Code §123100 et seq. (Patient Access to Health Records Act);
  • California Civil Code §43.92 ("Tarasoff" duty to warn or protect);
  • California Penal Code §11164 et seq. (Child Abuse and Neglect Reporting Act, "CANRA");
  • California Welf. & Inst. Code §15630 (mandated reporting of elder and dependent-adult abuse);
  • California Family Code §6924 (minor's right to consent to outpatient mental-health treatment);
  • and any other applicable federal or state law.

Where state and federal law differ, we follow whichever is more protective of you. California law is generally stricter than HIPAA — particularly with respect to mental-health, substance-use, HIV/AIDS, genetic, and reproductive-health records.

1. Uses and disclosures we may make without your authorization

(a) Treatment. We may use and disclose PHI to provide, coordinate, or manage your healthcare and any related services. This includes sharing PHI with other clinicians at the Practice, as well as with outside providers involved in your care (e.g., your primary-care physician, psychiatrist, hospital, or referring clinician), when necessary to coordinate care.

(b) Payment. We may use and disclose PHI to obtain payment for the services we provide, including verifying benefits with your insurer, submitting claims, billing, and collecting outstanding balances. Disclosures to insurers may include diagnosis, dates of service, and procedure (CPT) codes; insurers do not receive session content. Under CMIA Cal. Civ. Code §56.107, you may pay in full out of pocket and direct that the related PHI not be disclosed to a health plan, subject to certain limits.

(c) Healthcare operations. We may use and disclose PHI for our internal operations — quality assessment and improvement, peer review, supervision and training, accreditation, licensing, audits, legal and compliance services, business planning, and customer-service activities.

(d) As required by law. We will use and disclose PHI when required by federal, California, or local law, including without limitation:

  • Mandated reporting of suspected child abuse or neglect under CANRA (Cal. Penal Code §§11164–11174.3);
  • Mandated reporting of suspected elder or dependent-adult abuse (Welf. & Inst. Code §15630);
  • Tarasoff duty to warn or protect identifiable third parties or law enforcement when a patient has communicated a serious threat of physical violence (Cal. Civ. Code §43.92);
  • Imminent danger to self or others — we may take steps reasonably necessary to protect you or another person, including coordinating with emergency services;
  • Public-health activities, including disease prevention and control, FDA-regulated product safety, exposure to communicable diseases, and notification of authorities to prevent serious threats;
  • Health-oversight activities, including audits, inspections, investigations, and licensure proceedings;
  • Judicial and administrative proceedings — in response to a court order, subpoena, discovery request, or other lawful process; we will, where permitted, notify you, limit disclosure to the minimum necessary, and assert applicable privileges (psychotherapist-patient privilege under Cal. Evid. Code §1010 et seq.);
  • Law-enforcement purposes, including pursuant to a court order, warrant, or grand-jury subpoena; to identify or locate a suspect, fugitive, material witness, or missing person; to report a crime in emergency circumstances; or to alert authorities of a death suspected to result from criminal conduct;
  • Coroners, medical examiners, and funeral directors as authorized by law;
  • Workers' compensation as authorized by and to the extent necessary to comply with workers'-compensation laws;
  • Specialized government functions, including military and veterans, national security, and protective services.

(e) Business Associates. We may disclose PHI to "Business Associates" (e.g., billing, electronic-health-record, telehealth, secure-messaging, or analytics vendors) who perform services on our behalf under written Business Associate Agreements that comply with 45 C.F.R. §164.504(e) and obligate them to protect your PHI to the same standards.

(f) Persons involved in your care or payment. Unless you object, we may share with a family member, relative, or close personal friend information directly relevant to that person's involvement with your care or payment for it; we may also use or disclose PHI to notify a person responsible for your care of your location or condition.

(g) Disaster relief. We may disclose PHI to public or private entities authorized by law to assist in disaster-relief efforts.

(h) Research, fundraising, marketing. We do not use or disclose PHI for research without your authorization or an IRB waiver. We do not engage in fundraising. We do not engage in marketing that involves PHI without your written authorization.

(i) De-identified information / limited data sets. We may use de-identified information for any lawful purpose. De-identified information does not contain any data that identifies you.

2. Uses and disclosures requiring your written authorization

Other uses and disclosures of PHI not described above will be made only with your written authorization. This includes, without limitation:

  • Psychotherapy notes — separately maintained process notes that are kept apart from the rest of your medical record; uses and disclosures of psychotherapy notes generally require your written authorization (45 C.F.R. §164.508(a)(2));
  • Disclosures of substance-use-disorder treatment records covered by 42 C.F.R. Part 2;
  • Disclosures of HIV/AIDS test results (Cal. Health & Safety Code §120975 et seq.);
  • Disclosures of genetic information covered by the federal Genetic Information Nondiscrimination Act ("GINA," 42 U.S.C. §2000ff et seq.) and California GINA-equivalent provisions;
  • Disclosures of developmental-disability or mental-health information protected by Welf. & Inst. Code §5328;
  • Most disclosures for marketing purposes;
  • Any sale of PHI (we do not sell PHI).

You may revoke an authorization in writing at any time, except to the extent we have already taken action in reliance on it.

3. Your rights regarding your PHI

You have the following rights with respect to your PHI:

  • Right to inspect and copy. You have the right to inspect and obtain a copy of your medical and billing records, subject to certain limited exceptions (e.g., information compiled in anticipation of litigation; psychotherapy notes are not provided in original form). Cal. Health & Safety Code §123100 et seq.; HIPAA 45 C.F.R. §164.524. We will respond within statutory timeframes (generally fifteen (15) days for inspection and thirty (30) days for copies under California law). A reasonable cost-based fee may apply for copies.
  • Right to amend. You may request amendment of records you believe are inaccurate or incomplete (45 C.F.R. §164.526). We may deny the request in certain circumstances; if denied, you may submit a statement of disagreement that will be included with the record.
  • Right to an accounting of disclosures. You may request a list of disclosures of your PHI made by the Practice for purposes other than treatment, payment, healthcare operations, and certain other excepted purposes, for up to six (6) years prior to the request (45 C.F.R. §164.528).
  • Right to request restrictions. You may request restrictions on certain uses and disclosures of PHI for treatment, payment, or operations. We are not required to agree, except that we will agree to a request to restrict disclosures to a health plan when you have paid out of pocket in full for the service (45 C.F.R. §164.522(a); CMIA §56.107).
  • Right to confidential communications. You may request that we communicate with you at an alternative address or by alternative means (e.g., a different phone or email). We will accommodate reasonable requests.
  • Right to a paper copy of this Notice upon request, even if you have agreed to receive it electronically.
  • Right to be notified of a breach of your unsecured PHI (45 C.F.R. §§164.400–414; Cal. Civ. Code §1798.82).
  • Right to designate a personal representative who may exercise your rights, in compliance with 45 C.F.R. §164.502(g) and California law.

To exercise any of these rights, please contact our Privacy Officer using the contact information at the bottom of this Notice. Most requests must be made in writing.

4. California-specific protections

California law affords protections in addition to those provided under HIPAA, including:

  • CMIA (Cal. Civ. Code §56 et seq.) imposes stricter authorization standards for the use and disclosure of medical information than HIPAA in many circumstances.
  • Welf. & Inst. Code §5328 (Lanterman-Petris-Short) provides heightened confidentiality for records of involuntary or voluntary mental-health treatment, including specific exceptions and disclosure standards.
  • Cal. Health & Safety Code §120975 et seq. protects HIV/AIDS test results.
  • Cal. Family Code §6924 permits minors twelve (12) and older to consent to outpatient mental-health treatment under certain conditions; the minor's records related to such consented care are subject to specific confidentiality rules vis-à-vis the parent or guardian.
  • Cal. Civ. Code §43.92 codifies the "Tarasoff" duty and the corresponding immunity for clinicians who disclose only as required.
  • Cal. Civ. Code §1798.82 requires notification of California residents in the event of a security breach.

5. Mandated reporting — duties that override confidentiality

By law, our clinicians are mandated reporters and must override the ordinary protections of confidentiality in the following circumstances:

  • Suspicion of child abuse or neglect (CANRA, Cal. Penal Code §11164 et seq.);
  • Suspicion of elder or dependent-adult abuse (Welf. & Inst. Code §15630);
  • Communicated serious threat of physical violence against an identifiable third party (Tarasoff, Cal. Civ. Code §43.92);
  • Imminent danger to the patient or others, including credible suicide risk;
  • Court order, subpoena, or warrant valid under California or federal law.

In each such case, we disclose only the minimum information necessary, only to the legally authorized recipient, and we document the basis for the disclosure.

6. Complaints — no retaliation

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer (contact below) or directly with:

  • U.S. Department of Health & Human Services, Office for Civil Rightshhs.gov/ocr/complaints — 1-800-368-1019.
  • California Department of Public Health, Licensing and Certification — for CMIA complaints.
  • California Office of the Attorney Generaloag.ca.gov.
  • The licensing board of the involved clinician (Board of Psychology, Board of Behavioral Sciences, or Medical Board of California).

We will not retaliate against you for filing a complaint.

7. Breach notification

In the event of a breach of unsecured PHI, we will notify you without unreasonable delay and within the time required by law (generally no later than sixty (60) days from discovery for HIPAA breaches; without unreasonable delay for breaches involving California residents under Cal. Civ. Code §1798.82).

8. Information for minors

For minors who consent to their own outpatient mental-health treatment under Cal. Family Code §6924, the minor controls disclosures from the protected portion of the record. Where parental consent is required, the parent or legal guardian generally has access — except where access would create a substantial risk of detrimental effect on the minor's physical safety or psychological well-being, in which case the clinician may, in their professional judgment and consistent with law, limit access (Cal. Health & Safety Code §123115).

9. Changes to this Notice

We reserve the right to change the terms of this Notice at any time. The new Notice will be effective for all PHI we maintain. We will post the current version on the Site and at our office and provide a copy upon request.

Privacy Officer / Contact

Questions, requests, or complaints regarding this Notice or our handling of your PHI may be directed to our Privacy Officer, Pasadena Clinical Group, 301 N. Lake Ave, STE 600, Pasadena, CA 91101, by phone at (626) 354-6440, or by email at office@pasadenaclinicalgroup.com.