Your privacy is fundamental to your care
At Shanti Mental Health Center, protecting the privacy of your health information is not just a legal obligation — it is something we take seriously as part of the trust you place in us. The care you share in your appointments is some of the most personal information there is, and we treat it accordingly.
This page summarizes how we handle your protected health information (PHI), what your rights are, and how to reach us if you have questions or concerns. It reflects our Notice of Privacy Practices, which you will also receive and be asked to sign as part of your new patient paperwork.
We are required by the Health Insurance Portability and Accountability Act (HIPAA) — and by our own values — to maintain the confidentiality of your health information and to follow the practices described here.
What is protected health information?
Protected health information — referred to as PHI — is any information we create or receive that relates to your past, present, or future physical or mental health, the care we provide to you, or the payment for that care, and that could reasonably be used to identify you.
In the context of a psychiatric practice, this includes your diagnosis, the content of your appointments, your medications, your treatment plan, and your billing records. All of this information is protected under HIPAA and Wisconsin state law.
Wisconsin law affords mental health patients heightened privacy protections beyond what federal HIPAA requires — particularly for psychotherapy notes, substance use records, and HIV-related information. Where state law is more protective than federal law, we follow the more protective standard.
How we use and share your information
There are three routine ways we use your health information that do not require your separate written authorization. Everything else requires your explicit written consent.
Treatment
We use your information to provide and coordinate your care. With your authorization, we may share relevant information with your primary care physician, a specialist, or another mental health provider involved in your treatment.
Payment
We use your information to bill for services. When we submit a claim to your insurance company, that claim will include your diagnosis, the services provided, and other details your insurer requires to process payment.
Health care operations
We use your information internally to run our practice — for example, for quality improvement, staff training, compliance activities, and licensing.
Any use or sharing of your health information that falls outside of treatment, payment, and operations requires your written authorization. This includes disclosures to employers, family members not involved in your care, and most third parties. You may revoke a written authorization at any time.
Limits on confidentiality
Confidentiality is the foundation of good mental health care. There are, however, a small number of circumstances in which we are required or permitted by law to share information without your authorization:
- Mandatory reporting of abuse or neglect — Wisconsin law requires us to report suspected abuse or neglect of children, elderly individuals, or vulnerable adults.
- Duty to warn — If a patient discloses a credible, serious threat of harm to an identifiable third party, we may be required to take steps to protect that person, including contacting law enforcement.
- Risk of harm to self — If we have reason to believe a patient is in immediate danger of harming themselves, we may take clinically necessary steps to ensure their safety.
- Court orders and legal proceedings — We may be required to disclose records in response to a valid court order, subpoena, or other lawful legal process.
- Public health and oversight activities — Disclosures to government health agencies for authorized oversight or public health purposes may be required by law.
Outside of these specific circumstances, your information stays with us.
Notes recorded by your provider during psychotherapy sessions are kept separately from your medical record and receive heightened legal protection under both federal HIPAA rules and Wisconsin state law. We will not disclose psychotherapy notes without your specific written authorization, except as required by law.
Your rights regarding your health information
HIPAA gives you important rights over your own health information. All requests should be submitted in writing to our office.
Inspect & copy
You may request to see or receive copies of your medical records. We may charge a reasonable fee for copies.
Request amendment
If you believe information in your record is incorrect or incomplete, you may ask us to amend it.
Accounting of disclosures
You may request a list of certain disclosures we've made in the past six years, other than for treatment, payment, or operations.
Request restrictions
You may ask us to limit how we use or share your information. We'll consider all reasonable requests carefully.
Confidential communications
You may ask us to contact you in a specific way or send correspondence to a specific address.
Paper copy of this notice
You may request a printed copy of our full Notice of Privacy Practices at any time.
Breach notification
We are required to notify you promptly if there is ever a breach of your unsecured health information.
File a complaint
You may file a complaint with our practice or directly with the U.S. Dept. of Health and Human Services.
Privacy rights for minor patients
Parents and legal guardians generally have the right to access their minor child's mental health records. However, Wisconsin law creates several important exceptions:
When parental access to a minor's records may be limited
- Physical placement denied (Wis. Stat. §§ 51.30(5)(bm) and 146.835): A parent denied physical placement by a court order generally does not have the right to access the minor's mental health records. We ask about custody and placement for all pediatric patients at intake.
- Provider determination of harm (Wis. Admin. Code § DHS 92.05): The provider may restrict parental access to specific records if there is clinical reason to believe that disclosure would harm the minor patient.
- Age-14 autonomy (Wis. Stat. § 51.30(5)): A minor who is 14 years of age or older may independently access their own mental health records and authorize release of their information without parental consent.
Confidentiality is always overridden when safety is at stake. If a minor discloses a risk of harm to themselves or others, or if there is reason to suspect abuse or neglect, we are required by law to act regardless of age or confidentiality status.
Security safeguards
We maintain physical, administrative, and technical safeguards to protect your health information in accordance with the HIPAA Security Rule, including a secure HIPAA-compliant electronic health record system, encrypted data transmission and storage, a secure patient portal (OnPatient by DrChrono) for messaging and record access, locked storage of all physical documents, and regular staff training on privacy and security practices.
All secure messages, records requests, and appointment-related communications should be sent through the OnPatient patient portal at onpatient.com. Portal communications are encrypted and HIPAA-compliant. Please avoid sending sensitive health information by standard email.
Reach us or file a complaint
If you have questions about this notice, would like to exercise any of your privacy rights, or believe your privacy rights have been violated, please contact our office directly. We will never retaliate against you for filing a complaint.
You also have the right to file a complaint directly with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) at hhs.gov/ocr.
This page summarizes our Notice of Privacy Practices. The full signed document is provided to all patients at intake. You may request a printed copy at any time by calling our office.