Privacy Policies & Forms

Information disclosed during your sessions is strictly confidential. Your written permission is required before any information about your contact with Hosford Clinic is released to anyone outside of the Clinic. This means that if your partner, family member, employer, roommate, friend, or other person contacts us about you, we will not acknowledge that we know of you. It also means if you want us to release information to someone else, we cannot do so until you complete a Release of Information Form.

However, there are four specific situations in which we are required to release information:

1. If a minor child, elderly individual, or a dependent adult is at risk of being physically or sexually abused or neglected, a clinician is required to report that information to the appropriate agency to assure the safety of the person.

2. If you present an imminent risk of serious injury to yourself, the clinician would take action to assure your safety. However the clinician is also obligated to release only as much information as is judged to be necessary to protect your safety.

3. If you threaten serious harm to another person, the clinician is required to take action to warn and protect the other person. Typically, this involves contacting the person who is being threatened and contacting the police. However, the clinician is obligated to release only as much information as is judged to be necessary to protect your safety.

4. When a release of records is court mandated.

HIPAA & Confidentiality

A Federal law, known as "HIPAA" (the Health Insurance Portability and Accountability Act of 1996) requires health care providers to implement a comprehensive approach to protect the privacy of personal health information (PHI). There are nine parts to HIPAA, but our immediate compliance will focus on three areas:

Privacy Rule:
The Privacy Rule regulates the use and distribution of identifiable health information and gives individuals the right to determine and restrict access to their health information. Compliance with HIPAA's privacy regulations was required beginning April 14, 2003. Substantial penalties, both civil and criminal, may be imposed for non-compliance.

Security Rule:
The HIPAA Security Rule mandates that reasonable and appropriate technical, physical, and administrative safeguards be implemented with electronic identifiable health information. We must ensure the confidentiality, integrity, and availability of all electronic protected health information we create, receive, maintain or transmit. Compliance date for the Security Rule is October 16, 2003.

Transactions and Codes:
HIPAA requires DHHS to adopt standards to facilitate Electronic Data Interchange (EDI). HIPAA transaction standards apply to any health care provider that transmits any health information in electronic form.

A summary of the Act can be found at and at by clicking on the HIPAA "Administrative Simplification" link.

UCSB Notice of Privacy Practices - Hosford Clinic

Adult Consent Form

Child/Dependent Adult Consent Form

Authorization to Release Information

Ethical Conduct

All clinicians are expected to be familiar with the American Psychological Association Ethical Principles and to act in accordance with them. Supervisors are also expected to be familiar with ethical guidelines for supervisors.


Diversity Statement

The Hosford Clinic provides services to clients from all cultural and economic backgrounds. Clients include children, adolescents, adults, and elders. Services are frequently available in Spanish and occasionally other languages as well.