The GYG Mental Health Agency (GYG) privacy policy addresses the collection, use, and disclosure of information about clients to the extent necessary to provide services while maintaining reasonable safeguards to protect the integrity and confidentiality of the information consistent with the requirements of the Health Insurance Portability and Accountability Act of 1996 and the federal regulations implementing the Act (collectively referred to as "HIPAA"), as well as other applicable federal and state laws and regulations.

GYG is a community mental health center that provides a wide range of programs, services and activities. GYG may obtain, collect, maintain, use, transmit, share and/or disclose information about clients in the administration of its programs, services and activities, and as necessary to assist clients in accessing and receiving services. GYG will safeguard confidential information about clients, inform clients about the agency’s privacy practices and respect client privacy rights.

GYG will use or disclose only the minimum amount of information necessary to provide services to clients. GYG staff work in clinical teams and team members may, in the course of their job duties, need to use/disclose information on a variety of clients. This will only be done in the course of providing services to a client and only those staff members needing to use and disclose a particular client’s information will have access to that information. Staff groups, such as Facilities, Human Resources, Accounting, Support Services, and Information Systems will only have access to client information necessary to carry out the duties of their job.

GYG will inform clients about the agency’s privacy practices. Staff will provide a copy of the Notice of Privacy Practices to all clients at the time of their intake assessment or first service and to any person who requests information on GYG privacy practices. The client will acknowledge receipt in writing by signing the Consents Form signature sheet. The GYG Notice of Privacy Practices shall contain all information required under federal regulations.

The HIPAA Privacy Rules, as well as other federal and state laws and regulations, describe specific actions that a client can take or request to be taken with regard to the uses and disclosures of their information.