The Oak + Willow Therapy Collective | Psychotherapist for Women

Ready to start your healing journey?

HIPAA Privacy Notice

Notice of Privacy Practices

The Oak + Willow Therapy, LLCJohanna Koenig, LCSW‑C

This Notice explains how The Oak + Willow Therapy, LLC protects your privacy, how your health information may be used or shared, and the rights you have regarding your Protected Health Information (PHI). These practices comply with HIPAA and reflect the policies of this practice.

Your Privacy and Out‑of‑Network Care

Because The Oak + Willow Therapy, LLC operates as an out‑of‑network provider, you have the option to limit what information is shared with your insurance company. This practice does accept Kaiser Permanente Mid Atlantic insurance; however, for all other insurance providers, it is considered out of network. If you choose to submit a superbill for reimbursement, certain basic information—such as your name, address, date of birth, diagnosis codes, treatment codes, and dates of service—must be included for your claim to be eligible.

Submitting a superbill is entirely your choice. If you do not submit one, your insurance company will not receive any information from this practice. Paying privately allows you to maintain full control over your clinical information.

How Your Information May Be Used

If you provide consent, federal privacy laws allow your therapist to use or disclose your PHI for treatment, payment, and health care operations.

Treatment

Examples include:

Recording appointment information or clinical notes in your health record.

Consulting with another professional when clinically appropriate and sharing relevant information to support your care.

Payment

Examples include:

Providing you with a superbill that contains PHI you may choose to submit for reimbursement.

Supplying information to credit card companies or collection services if needed to resolve billing disputes or collect overdue balances.

Health Care Operations

Examples include:

Complying with state licensing board audits or reviews, should they occur.

Allowing authorized employees or business associates (such as electronic health record vendors) to access PHI as needed to support practice operations. All business associates are required to follow HIPAA privacy standards.

Your Rights Regarding Your Health Information

Your clinical record is maintained within the encrypted SimplePractice platform. The information within the record belongs to you. You have the right to:

Request restrictions on how your PHI is used or disclosed. While not all requests can be granted, any approved restriction will be honored.

Request a paper copy of this Notice at any time.

Inspect or request a copy of your health and billing records in electronic or mutually agreed‑upon formats.

Appeal a denial of access to your records.

Request an amendment to your record if you believe information is incomplete or incorrect.

Submit a statement of disagreement if an amendment request is denied.

Request an accounting of disclosures made as required by law.

Request alternative communication methods, such as receiving information at a different address or phone number.

Revoke prior authorizations for disclosure, except when information has already been released.

Receive notification if a breach occurs involving unsecured PHI.

Review this Notice before signing any consent forms.

To exercise any of these rights, contact Johanna Koenig, LCSW‑C at [email protected].

Our Responsibilities

The Oak + Willow Therapy, LLC is legally required to:

Maintain the privacy and security of your PHI.

Provide this Notice describing our privacy practices.

Follow the terms of this Notice.

Inform you if a requested restriction cannot be accommodated.

Honor reasonable requests for alternative communication methods.

This practice may update or revise this Notice at any time. You may request a current version by phone or in person.

How to File a Complaint

If you believe your privacy rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services at 202‑619‑0257. You will never be asked to waive your right to file a complaint, nor will you face retaliation for doing so.

Other Permitted Uses and Disclosures

The following situations may require or permit disclosure of your PHI without your written authorization:

Business Associates: Such as SimplePractice, Virtual PBX, Microsoft 365, or website hosting vendors who support practice operations.

Family Notification: Unless you object in writing, limited information may be shared with individuals involved in your care (e.g., scheduling or billing discussions).

Disaster Relief Efforts

Funeral Directors and Coroners

Appointment Reminders and Health‑Related Information

Workers’ Compensation Claims

Public Health Reporting

Abuse or Neglect Reporting

Correctional Institutions (if applicable)

Law Enforcement Requirements

Health Oversight Agencies

Judicial or Administrative Proceedings

Serious Threats to Health or Safety

Specialized Government Functions (e.g., military or national security)

Only the minimum necessary information will be disclosed in these situations.