HIPAA Notice of Privacy Practices (NPP)

ijayMD Mental Health & Wellness Care d/b/a ijayMD.com Effective Date: October 31st, 2025 • Version: 1.0 Privacy Officer: privacyofficer@ijayMD.comPhone: 443-371-3181
This Notice describes how medical/mental health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Safety Note: ijayMD provides scheduled telepsychiatry care and is not an emergency service. If you are in crisis, call 911 or 988.

Who we are

ijayMD is a psychiatric telehealth practice serving patients located in Maryland. We own/operate the CliniClark electronic medical record (EMR) connector and may also use SimplePractice. We follow the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable Maryland law. When Maryland law is more protective than HIPAA, we follow Maryland law.

Our duties

We are required by law to:
  • Maintain the privacy and security of your Protected Health Information (PHI).
  • Provide you with this Notice explaining our legal duties and privacy practices.
  • Follow the terms of the Notice that is currently in effect.
  • Notify you following a breach of unsecured PHI as required by law.

How we may use and disclose your PHI without your authorization

We may use or share your PHI in the following ways. We apply the minimum necessary standard when appropriate.

1) Treatment

To provide, coordinate, or manage your care. Examples: intake and diagnostic evaluation; prescribing and medication management; reviewing screening measures (PHQ‑9/PHQ‑A, GAD‑7, SCARED, Vanderbilt); consulting with or referring to other clinicians; sending prescriptions to your pharmacy; verifying your location at each telehealth visit; checking the Prescription Drug Monitoring Program (PDMP) when controlled substances are considered.

2) Payment

To collect payment for services we provide. Examples: processing deposits and session payments (cash‑pay) through our payment processor; sending itemized receipts or statements you request; supporting Good Faith Estimates for self‑pay patients. We do not submit insurance claims.

3) Health Care Operations

For our operations, quality, and administration. Examples: Measurement‑Based Care and outcomes tracking; quality assessment and improvement; licensing; audits; compliance; training; cybersecurity and incident response; de‑identified analytics.

4) Health Information Exchanges (HIE)

Where allowed by law, we may share information with a Maryland Health Information Exchange (e.g., CRISP) to support continuity of care, unless you opt out where such an option exists.

5) Public health and safety

To public health authorities for reporting and preventing disease or serious threats; to report abuse, neglect, or domestic violence as required by law; to FDA regarding adverse events; to prevent or lessen a serious and imminent threat to health or safety.

6) Law enforcement, oversight, and legal proceedings

To health oversight agencies for lawful audits/investigations; in response to a court/administrative order or subpoena (with required safeguards); to law enforcement as permitted by law; to coroners/medical examiners as needed.

7) Research

We may use/disclose PHI for research with your authorization or when an Institutional Review Board (IRB) or privacy board approves a waiver of authorization and privacy protections are in place.

8) Worker’s compensation and other specialized government functions

As required to comply with worker’s compensation or similar programs; for specialized government functions (e.g., national security) as permitted by law.

9) Business associates

We may disclose PHI to Business Associates (e.g., telehealth platforms, secure messaging/e‑fax, hosting, e‑prescribing services, payment processors when applicable) that perform services for us and are bound by Business Associate Agreements (BAAs) to safeguard your PHI.
We do not sell your PHI and we do not use PHI for third‑party marketing.

Uses and disclosures that require your written authorization

We will obtain your written authorization before we:
  • Use or disclose psychotherapy notes (as defined by HIPAA), except for limited permitted uses.
  • Use or disclose PHI for marketing communications that are not otherwise permitted by law.
  • Sell your PHI.
  • Share information with schools/employers/third parties beyond what is permitted without an authorization.
  • Release information to family/friends/caregivers if you object.
You may revoke an authorization at any time in writing, except to the extent we have already acted in reliance on it.
Substance use disorder records (42 CFR Part 2): ijayMD does not operate a federally assisted substance use disorder treatment program. If such records are created or received from a Part 2 program, they are protected by 42 CFR Part 2 and require specific consent for most disclosures.

Your rights regarding your PHI

You have the following rights. To exercise a right, contact our Privacy Officer listed at the end of this Notice. We will respond within the timeframes required by law.

1) Right to access and obtain copies

You may request to see or get a copy of your PHI in a designated record set (medical/ billing records) in paper or electronic form. We will provide access within 30 days (with one 30‑day extension if needed). Reasonable, cost‑based fees may apply as permitted by law. We will transmit records directly to a third party at your written direction.

2) Right to request an amendment

If you believe information is incorrect or incomplete, you may request an amendment. We may deny your request in certain circumstances (for example, if we did not create the record or it is accurate and complete). If denied, you may submit a statement of disagreement to be included in the record.

3) Right to an accounting of disclosures

You may request an accounting of disclosures of your PHI made in the prior six (6) years that were not for treatment, payment, or health care operations and not otherwise excluded by law.

4) Right to request restrictions

You may request that we restrict uses or disclosures of your PHI. We are not required to agree, except we must agree to restrict disclosure of PHI to a health plan if the disclosure is for payment or health care operations and the service has been paid in full out‑of‑pocket.

5) Right to request confidential communications

You may request that we contact you at an alternative address, phone, or email or by alternative means. We will accommodate reasonable requests.

6) Right to receive a paper or electronic copy of this Notice

You can ask for a paper copy of this Notice at any time, even if you agreed to receive it electronically. The current version is also available on our website/portal.

7) Right to choose someone to act for you

If you have given legal authority (e.g., medical power of attorney) or if you are a parent/guardian of a minor, that person may exercise your rights and make choices about your PHI, consistent with Maryland law and HIPAA.

8) Rights of minors and adolescents (Maryland)

Certain services for minors may be confidential to the minor under Maryland law. We follow applicable Maryland rules regarding minor consent, parental access, and confidentiality. We will explain how these rules apply during intake.

Our telehealth practices

  • Virtual‑only care: Evaluations and follow‑ups are delivered by telehealth. We verify your physical location at each visit and must confirm that you are in Maryland.
  • Platforms: Visits may occur via Zoom, Google Meet, or Whereby using HIPAA‑eligible business services with BAAs. Recording is disabled by default.
  • Your environment: You agree to participate from a private location and take steps to prevent others from overhearing your session.
  • Electronic prescribing and PDMP: We may e‑prescribe to your chosen pharmacy and query the Maryland PDMP for controlled‑substance safety, as required or permitted by law.

Communications

  • Secure messaging and forms occur in our EMR/portal(s).
  • Email/SMS: We limit PHI in standard email/SMS. If you request unencrypted communications, we will honor your request at your risk after documenting your preference.

Complaints and questions

If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). We will not retaliate against you for filing a complaint. To contact us: Privacy Officer — privacyofficer@ijayMD.com ijayMD Mental Health & Wellness Care 200 Washington Avenue, Floor 5 PMB 1003 Towson, MD 21204 Phone: 443-371-3181 To contact HHS/OCR: Visit hhs.gov/ocr/privacy/hipaa/complaints for instructions and regional office contact details.

Changes to this Notice

We may change our privacy practices and this Notice at any time, as permitted by law. Changes apply to PHI we already have and to PHI we receive in the future. The Effective Date at the top indicates when this Notice was last revised. We will make the revised Notice available upon request, post it on our website/portal, and provide a copy at your next visit upon request.

Acknowledgment of receipt (for patient records)

We will ask you to sign a separate Acknowledgment of Receipt of the NPP. Your treatment will not be conditioned on your signature, but we will document our good‑faith effort to obtain your acknowledgment.

Special Maryland notes (informational)

  • We comply with the Maryland Confidentiality of Medical Records Act and other applicable Maryland privacy laws. In the event of a conflict with HIPAA, the more protective law applies.
  • Maryland participates in health information exchange initiatives. Where applicable, you may have the right to opt out of certain information exchange functions.

Cross‑references

  • Privacy Policy (website practices and cookies)
  • Telepsychiatry Consent (telehealth logistics, risks/benefits, patient responsibilities)
  • Financial Policy (deposits, self‑pay terms, Good Faith Estimate)
  • Messaging & Communications Policy (channels, response times, after‑hours)
 

You are agreeing to version: 1.0