Notice of Privacy Practices
OXIDIAN HEALTH, LLC
NOTICE OF PRIVACY PRACTICES (HIPAA) & CONFIDENTIALITY
Privacy Officer: Jeffrey Thomas, APN
971 US Highway 202N, Suite 8081
Branchburg, NJ 08876
Phone: (908) 545-9692 | Email: info@oxidianhealth.com
Effective Date: 6/15/2026 | Version: 2.0
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice describes how Oxidian Health, LLC protects your privacy and how your information may be used and disclosed in connection with telehealth psychiatric services. This Notice is posted on our website and is also available through your Client Portal. You may download or request a printed copy at any time.
OUR RESPONSIBILITIES
We are required by law to:
Maintain the privacy and security of your protected health information (PHI).
Provide you with this Notice and follow it while it is in effect.
Notify you promptly following a breach of unsecured PHI.
Use or disclose your PHI only as described in this Notice, unless you give written authorization for other uses.
Changes to This Notice: We may change our privacy practices and this Notice at any time. Updates will apply to information we already have and to new information. When changes occur, we will post the updated Notice in the Client Portal and provide it upon request at no cost.
Retention of Records: Your health information is retained for at least seven (7) years in accordance with New Jersey record-keeping requirements.
YOUR RIGHTS
Access Your Records: You may see or obtain a copy of your PHI and have it sent to you or a third party you choose. Requests should be made through the SimplePractice Client Portal or in writing to the Privacy Officer. We will respond within 30 days, with one possible 30-day extension if needed. A reasonable, cost-based fee may apply for copies.
Request a Correction: If you believe information in your record is wrong or incomplete, you may request an amendment in writing through the Client Portal or to the Privacy Officer. We will respond within 60 days, with one possible 30-day extension. If we deny the request, we will explain why in writing and allow you to submit a statement of disagreement to be added to your record.
Request Confidential Communications: You may ask that we contact you in a specific way (for example, at a particular phone number or address). We will honor reasonable requests.
Request Restrictions: You may ask us to limit how we use or share your PHI. We are not required to agree, except that we must agree to a request to restrict disclosure to a health plan when you pay in full out of pocket for a specific service and ask that information about that service not be shared with your plan.
Accounting of Disclosures: You may request a list of certain disclosures we have made, generally excluding those for treatment, payment, and health care operations. One list in any 12-month period is free; a reasonable, cost-based fee may apply for additional requests.
Copy of This Notice: You may request a paper or electronic copy of this Notice at any time, even if you previously agreed to receive it electronically.
Personal Representative: You may authorize someone to act on your behalf, such as through a health care power of attorney. We will verify legal authority before granting access.
File a Complaint: If you believe your privacy rights have been violated, you may contact our Privacy Officer or the U.S. Department of Health & Human Services (see contact information below). We will not retaliate against you for filing a complaint.
HOW WE USE AND DISCLOSE YOUR INFORMATION
Treatment: To provide, coordinate, and manage your care, including sharing information with other providers, pharmacies, laboratories, and health information exchanges involved in your treatment.
Payment: To bill and collect payment from you, your health plan, or another payer.
Health Care Operations: For activities such as quality improvement, training, auditing, accreditation, risk management, and business operations.
Appointment Reminders and Health-Related Communications: We may use and disclose your PHI to contact you with appointment reminders and to tell you about treatment alternatives or other health-related benefits and services that may be of interest to you. You may ask us to contact you in a specific way or to stop these communications.
Other Permitted Disclosures: Subject to limits in the law, we may also disclose information:
As required by law.
For public health and safety activities (for example, reporting certain diseases).
To prevent or reduce a serious and imminent threat to health or safety.
To report suspected abuse, neglect, or domestic violence.
For health oversight activities such as audits or investigations.
In response to a court order, subpoena, or other lawful process.
For law enforcement purposes, under specific circumstances.
For specialized government functions (for example, military or national security).
To coroners, medical examiners, or funeral directors, as permitted by law.
To comply with workers' compensation laws.
Disclosures to Family, Friends, or Others Involved in Your Care: Unless you object, we may share information directly relevant to your care or payment for your care with a family member, friend, or other person you identify as being involved in your care, and we may use or disclose your information to notify such a person of your location or general condition. If you are not present or are unable to agree or object because of an emergency or incapacity, we will use professional judgment to determine whether the disclosure is in your best interest. You may ask us to limit or stop these disclosures at any time.
USES AND DISCLOSURES REQUIRING YOUR AUTHORIZATION
We will obtain your written authorization before using or disclosing your PHI for:
Marketing communications.
Sale of PHI.
Most uses or disclosures of psychotherapy notes, if any such notes are created.
Any use or disclosure not described in this Notice.
You may revoke an authorization at any time in writing. Revocation does not affect disclosures already made in reliance on that authorization.
SPECIAL RULES FOR MENTAL HEALTH INFORMATION
Psychotherapy Notes: This practice does not routinely create "psychotherapy notes" (the separately kept process notes of a counseling session, as defined under HIPAA). If any such notes are created, they are kept separate from your medical record, and we will obtain your written authorization before using or disclosing them, except in limited situations permitted by law, such as use by the note's author, training, or our defense in a legal action you bring.
Duty to Warn or Protect: If there is a serious and imminent threat of harm to you or others, we may share information with persons who can help prevent or lessen the threat, such as emergency services or identifiable potential victims.
Substance Use Disorder Records (42 CFR Part 2): Oxidian Health does not operate a federally assisted substance use disorder program as defined under 42 CFR Part 2 ("Part 2"). We may, however, receive or maintain records that are protected under Part 2 — for example, substance use disorder treatment records sent to us by another provider or program. We handle any such records in accordance with Part 2's confidentiality requirements, which in some respects are stricter than HIPAA.
Part 2 records are not treated the same as other protected health information. We use and disclose them for treatment, payment, and health care operations only as permitted by Part 2 and HIPAA. You may give a single written consent covering all future uses and disclosures of your Part 2 records for treatment, payment, and health care operations; once you do, we and any other recipient may use and disclose those records for those purposes in accordance with HIPAA until you revoke your consent in writing. You may revoke a Part 2 consent at any time in writing, except to the extent we have already acted in reliance on it. When we disclose Part 2 records based on your consent, the disclosure will include the notice against redisclosure that Part 2 requires.
Part 2 also provides additional protection in legal matters: except with your written consent or as otherwise permitted by Part 2, your Part 2 records — and any testimony describing them — may not be used or disclosed in any civil, criminal, administrative, or legislative proceeding against you, and may be used in such a proceeding only with your written consent or a court order that meets Part 2's requirements. You also have the right to request an accounting of disclosures of your Part 2-protected records and to request restrictions on how they are used and disclosed.
TELEHEALTH PRIVACY AND SECURITY
All telehealth services are provided through the SimplePractice platform, which is HIPAA-compliant and covered by a Business Associate Agreement. All telehealth sessions are encrypted and accessible only to authorized participants. To protect your privacy, please use a private, quiet, well-lit location and a secure internet connection. Other than the audio captured by our AI documentation assistant described below — which you may decline — we do not record telehealth sessions without your prior written consent. Please do not record sessions without prior written agreement.
DOCUMENTATION TOOLS
We use a HIPAA-compliant, third-party artificial intelligence (AI) documentation assistant (a clinical "scribe") to help create accurate and timely visit notes, and we may use more than one such tool over time, including a documentation feature built into our records system. Unless you opt out, this tool captures and transcribes the audio of your session to generate a draft note, which your clinician reviews and approves before it becomes part of your record. The audio is automatically deleted after the note is created, your information is not used to train AI models, and any vendor used operates under a Business Associate Agreement. These tools support — and do not replace — your clinician's professional judgment. You may opt out by submitting a written request through the Client Portal before your appointment; opting out will not affect the quality of your care.
BREACH NOTIFICATION
If a breach of unsecured PHI occurs, we will notify you without unreasonable delay and no later than required by law, either through the Client Portal or by mail.
QUESTIONS OR COMPLAINTS
Privacy Officer:
Jeffrey Thomas, APN
Oxidian Health, LLC
971 US Highway 202N, Suite 8081
Branchburg, NJ 08876
Phone: (908) 545-9692 | Email: info@oxidianhealth.com
U.S. Department of Health & Human Services:
Office for Civil Rights
200 Independence Avenue SW
Washington, DC 20201
Phone: 1-877-696-6775
Website: www.hhs.gov/ocr/privacy
We will not retaliate against you for filing a complaint.