Skip to contentSkip to content
HIPAA Compliant Practice

Privacy Policy

Notice of Privacy Practices - How we protect your health information

Last Updated: January 30, 2026
Effective: February 16, 2026

Privacy Policy

Mary DiOrio, LCSW, LLC

Introduction

This Notice of Privacy Practices describes how medical and mental health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

HIPAA Compliance

Mary DiOrio, LCSW, LLC is committed to protecting your privacy and maintaining the confidentiality of your protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and applicable state laws.

This notice applies to all records of your care generated by this practice, whether created by Mary DiOrio, LCSW or other professionals involved in your care.

02

Practice Information

Mary DiOrio, LCSW, LLC

New York Office

3 Columbus Circle, Suite 15/f
New York, NY 10019

Portland Office

1220 SW Morrison, Suite 905
Portland, OR 97205

Telehealth Services Available

New York • New Jersey • Florida • Oregon

For questions about this notice or to exercise your privacy rights, contact us at info@marydioriolcsw.com

Protected Health Information We Collect

In the course of providing psychotherapy services, we may collect the following types of protected health information (PHI):

Contact & Demographic Information

  • Name, address, phone number, email
  • Date of birth
  • Emergency contact information
  • Insurance information (if applicable)

Clinical Information

  • Reason for seeking treatment
  • Mental health history and diagnoses
  • Treatment plans and progress notes
  • Psychological assessments
  • Medication information

Session Information

  • Dates and times of appointments
  • Session notes and observations
  • Treatment outcomes
  • Referrals to other providers

Billing Information

  • Payment history
  • Insurance claims information
  • Superbills and receipts
04

How We Use & Disclose Your Information

We may use and disclose your PHI for the following purposes without your written authorization:

Treatment

To provide, coordinate, or manage your mental health care. This may include consultation with other healthcare providers involved in your care, with your knowledge.

Payment

To bill and collect payment for services provided. This may include submitting claims to your insurance company, providing superbills for out-of-network reimbursement, or discussing payment arrangements.

Healthcare Operations

For administrative activities necessary to run our practice, including quality assessment, training, and compliance activities.

Psychotherapy Notes

Psychotherapy notes (process notes kept separate from your medical record) receive special protection under HIPAA. These notes are not disclosed without your explicit written authorization, except in very limited circumstances as required by law.

Required & Permitted Disclosures

The law protects the relationship between a client and a psychotherapist. Information cannot be disclosed without your written permission, except in the following circumstances:

01

Suspected Abuse

If I have reason to suspect child abuse, dependent adult abuse, or elder abuse, I am required by law to report this to the appropriate authorities immediately.

02

Threat of Harm to Others

If you communicate a serious threat of physical violence against an identifiable potential victim, I must take protective actions including notifying the potential victim, contacting the police, or seeking hospitalization.

03

Risk of Self-Harm

If you present an imminent risk of harm to yourself, I will make every effort to work with you to ensure your safety. If you do not cooperate, I may take further measures provided by law to protect your safety.

04

Court Orders

If a court of law issues a legitimate court order requiring disclosure of your records, I am bound to comply with that order.

05

Government Oversight

Disclosures may be required to health oversight agencies for activities authorized by law, such as audits and investigations.

In all other situations, I will obtain your written authorization before disclosing your information.

06

Substance Use Disorder Records

If you receive treatment for substance use disorders, your records related to that treatment receive additional protections under federal law (42 CFR Part 2).

Additional Protections Include:

  • Written consent or a court order is required to use such records in civil, criminal, administrative, or legislative proceedings against you
  • Stricter limitations on disclosure apply compared to other medical information
  • You have the right to revoke consent for disclosure at any time

Your Privacy Rights

Under HIPAA and applicable state laws, you have the following rights regarding your protected health information:

Right to Access

You have the right to inspect and obtain a copy of your health records. Requests must be made in writing. I may charge a reasonable fee for copying.

Right to Amend

You may request amendments to your health information if you believe it is incorrect or incomplete. I may deny the request under certain circumstances but will provide a written explanation.

Right to Restrict Disclosures

You may request restrictions on how your PHI is used or disclosed for treatment, payment, or healthcare operations. I am not required to agree to all restrictions, but will comply with requests to restrict disclosure to health plans for services you pay for in full out-of-pocket.

Right to Confidential Communications

You may request that I communicate with you in a specific way or at a specific location. I will accommodate reasonable requests.

Right to an Accounting of Disclosures

You may request a list of disclosures I have made of your PHI, except for disclosures for treatment, payment, healthcare operations, and certain other exceptions.

Right to a Paper Copy

You have the right to obtain a paper copy of this Notice of Privacy Practices at any time.

Right to Revoke Authorization

If you have provided written authorization for disclosure of your PHI, you may revoke that authorization at any time in writing, except to the extent action has already been taken based on your authorization.

To exercise any of these rights, please submit a written request to our office.

Website Data & Cookies

In addition to health information collected in the course of treatment, this website may collect certain information automatically:

Information Collected Automatically

  • • Browser type and version
  • • Operating system
  • • Pages visited and time spent
  • • Referring website
  • • IP address (anonymized where possible)

This website uses essential cookies necessary for site functionality. We do not use advertising cookies or sell your data to third parties. Any analytics tools used are configured to respect user privacy and do not track individual users.

Information collected through the website is kept separate from your protected health information and is used solely to improve website functionality and user experience.

Electronic Communications & Contact Forms

When you submit information through our website contact form or communicate with us electronically, we take steps to protect your privacy.

How We Protect Your Form Submissions

  • Your information is transmitted using industry-standard encryption (TLS/HTTPS)
  • We use HIPAA-compliant cloud services to process and handle your submission
  • You may receive an automated confirmation email acknowledging your inquiry
  • Automated confirmations do not include details of your message to protect your privacy

Important Note About Email

While we use encryption for email transmission, standard email cannot guarantee end-to-end encryption. If you have concerns about email privacy, please contact us by phone at (503) 984-2926 to discuss alternative communication methods.

By providing your email address through our contact form, you consent to receive electronic communications from us, including automated confirmation emails. You may request alternative communication methods at any time.

10

State-Specific Rights

Depending on your state of residence, you may have additional privacy rights. Below are summaries for the states in which we are licensed:

New York

  • Mental health records receive additional protections under NY Mental Hygiene Law
  • HIV-related information requires specific written consent for disclosure
  • You may designate a personal representative for healthcare decisions

New Jersey

  • Additional protections for mental health and substance abuse records
  • Right to request restrictions on disclosure to family members
  • Specific consent requirements for sharing information with employers

Florida

  • Records may not be furnished to any person without written consent except as provided by law
  • Specific protections for clinical records and communications with mental health providers
  • Right to confidentiality extends to licensed clinical social workers

Oregon

  • Strong protections for mental health information under Oregon Revised Statutes
  • Specific consent requirements for disclosure of mental health records
  • Right to restrict disclosure to health plans for self-paid services

Breach Notification

In the unlikely event of a breach of your unsecured protected health information, we will notify you as required by law. Notification will include:

  • A description of what happened and the date of the breach
  • The types of information involved
  • Steps you should take to protect yourself
  • What we are doing to investigate and mitigate the breach
  • Contact information for questions

Changes to This Notice

We reserve the right to change this Notice of Privacy Practices at any time. Any changes will apply to information we already have about you as well as any information we receive in the future.

The current notice will always be posted on our website and available in our office. The effective date of the current notice is listed at the top of this page.

Note: This notice was last updated to comply with the February 2026 HIPAA requirements regarding substance use disorder records and other regulatory updates.

13

Filing a Complaint

If you believe your privacy rights have been violated, you may file a complaint:

With This Practice

Contact Mary DiOrio, LCSW, LLC at info@marydioriolcsw.com

With the U.S. Department of Health & Human Services

Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201

Website: www.hhs.gov/ocr
Phone: 1-877-696-6775

You will not be retaliated against for filing a complaint.

Contact Information

For questions about this Notice of Privacy Practices or to exercise any of your privacy rights, please contact:

Mary DiOrio, LCSW, LLC

Privacy Officer

Email: info@marydioriolcsw.com

New York: 3 Columbus Circle, Suite 15/f, New York, NY 10019

Portland: 1220 SW Morrison, Suite 905, Portland, OR 97205