En Su Casa Caregivers
Notice of Privacy Practices
Effective March 1, 2017
As Required by the Privacy Regulations Created as a Result of the Health Insurance Portability and Accountability Act of 1996-(HIPAA) Health Information Technology for Economic and Clinical Health Act (HITECH Act), and associated regulations and amendments. This notice describes how health information about you may be used and disclosed, and how you can get access to this information.
PLEASE REVIEW THIS NOTICE CAREFULLY:
If you have any questions or need additional information about this notice contact:
En Su Casa Caregivers, Attn: Privacy Officer, 401 South Presa Street, San Antonio, Texas, 78205 Phone: 210-403-3210 or Email: email@example.com
ABOUT THIS NOTICE:
We understand that health information about you is personal and we are committed to protecting your information. We create a record of the care and services you receive at En Su Casa Caregivers. We need this record to provide care, for payment of care provided, and to comply with certain legal requirements. This Notice will tell you about the ways in which we may use and disclose health information about you. It also describes your rights and certain obligations we have regarding the use and disclosure of health information. We are required by law to follow the terms of this Notice that is currently in effect.
WHAT IS PROTECTED HEALTH INFORMATION (“PHI”)
PHI is information that individually identifies you. We create a record or get from you or from another health care provider, health plan, your employer, or a health care clearinghouse that relates to:
• Your past, present, or future physical or mental health or conditions,
• The provision of health care to you, or
• The past, present, or future payment for your health care.
HOW WE MAY USE AND DISCLOSE YOUR PHI
We may use and disclose your PHI in the following circumstances:
• Treatment. We may use or disclose your PHI to give you medical treatment or services and to manage and coordinate your medical care. For example, your PHI may be provided to a physician or other health care provider (e.g., a specialist or laboratory) to whom you have been referred to ensure that the physician or other health care provider has the necessary information to diagnose or treat you or provide you with a service.
• Payment. We may use and disclose your PHI so that we can bill for the treatment and services you receive from us and can collect payment from you, a health plan, or a third party. This use and disclosure may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we recommend for you, such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities. For example, we may need to give your health plan information about your treatment in order for your health plan to agree to pay for that treatment.
• Health Care Operations. We may use and disclose PHI for our health care operations. For example, we may use your PHI to internally review the quality of the treatment and services you receive and to evaluate the performance of our team members in caring for you. We also may disclose information to physicians, nurses, medical technicians, medical students, and other authorized personnel for educational and learning purposes.
• Service Reminders/Health-Related Benefits and Services. We may use and disclose PHI to contact you related to our service to you, or to contact you to tell you about possible options or alternatives or health related benefits and services that may be of interest to you.
• Minors. We may disclose the PHI of minor children to their parents or guardians unless such disclosure is otherwise prohibited by law.
• Research. We do not use or disclose your PHI for research purposes.
• As Required by Law. We will disclose PHI about you when required to do so by international, federal, state, or local law.
• To Avert a Serious Threat to Health or Safety. We may use and disclose PHI when necessary to prevent a serious threat to your health or safety or to the health or safety of others. But we will only disclose the information to someone who may be able to help prevent the threat.
• Business Associates. We may disclose PHI to our business associates who perform functions on our behalf or provide us with services if the PHI is necessary for those functions or services. For example, we may use another company to do our billing, or to provide transcription or consulting services for us. All of our business associates are obligated, under contract with us, to protect the privacy and ensure the security of your PHI.
• Public Health Risks. We may disclose PHI for public health activities. This includes disclosures to: (1) a person subject to the jurisdiction of the Food and Drug Administration (“FDA”) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity; (2) prevent or control disease, injury or disability; (3) report births and deaths; (4) report child abuse or neglect; (5) report reactions to medications or problems with products; (6) notify people of recalls of products they may be using; and (7) a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
• Abuse, Neglect, or Domestic Violence. We may disclose PHI to the appropriate government authority if we believe a client has been the victim of abuse, neglect, or domestic violence and the client agrees or we are required or authorized by law to make that disclosure.
• Health Oversight Activities. We may disclose PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, licensure, and similar activities that are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
• Data Breach Notification Purposes. We may use or disclose your PHI to provide legally required notices of unauthorized access to or disclosure of your health information.
• Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose PHI in response to a court or administrative order. We also may disclose PHI in response to a subpoena, discovery request, or other legal process from someone else involved in the dispute, but only if efforts have been made to tell you about the request or to get an order protecting the information requested. We may also use or disclose your PHI to defend ourselves in the event of a lawsuit.
• Law Enforcement. We may disclose PHI, so long as applicable legal requirements are met, for law enforcement purposes.
• Deceased Persons. We may disclose protected health information to family members or others who were involved in the decedent’s health care or payment for their care prior to the decedent’s death so long as the disclosure is relevant to the person’s involvement and is not inconsistent with the decedent’s prior expressed wishes.
• Access to Electronic Information. If a client requests an electronic copy of their information, we will generally produce it in the form requested if readily producible. If the client directs the agency in writing to transmit a copy of the electronic information to another person, the agency will generally comply.
• Response to Request for Access. We will generally respond to a client’s request to access their information within 30 days.
• Limits on Disclosures to Insurers. We cannot disclose information about a client’s care to an insurer if (1) the insurer seeks the information for treatment or payment purposes; (2) the client or someone on the client’s behalf paid for the care to which the information pertains; and (3) the client requests that the information be withheld from the insurer. The limit only applies if a client requests nondisclosure; such requests should be directed to the Privacy Officer (listed at the bottom of this document) who can coordinate the efforts among billing, medical records, IT, and other relevant departments to ensure the protected data is sequestered.
• Re-identify/De-identify: We do not attempt to re-identify or further identify Confidential Information or De-identified Information, or attempt to contact any Individuals whose records are contained in the Confidential Information, except for an Authorized Purpose, without express written authorization from HHS or as expressly permitted by the Base Contract.
• Sale of Information. We do not engage in the sale of client information.
• Marketing. We must obtain an authorization for any use or disclosure of confidential/protected health information for marketing, except if the communication is in the form of:
(A) A face-to-face communication made by a covered entity to an individual; or
(B) A promotional gift of nominal value provided by the Agency.
If the marketing involves financial remuneration to the Agency from a third party, the authorization must state that such remuneration is involved.
• Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose PHI to the correctional institution or law enforcement official if the disclosure is necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) the safety and security of the correctional institution.
Uses and Disclosures That Require Us to Give You an Opportunity to Object and/or Opt Out
• Individuals Involved in Your Care. Unless you object in writing, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment.
• Payment for Your Care. Unless you object in writing, you can exercise your rights under HIPAA that your healthcare provider not disclose information about services received when you pay in full out of pocket for the service and refuse to file a claim with your health plan. (See Limits on Disclosures.)
• Disaster Relief. We may disclose your PHI to disaster relief organizations that seek your PHI to coordinate your care, or notify family and friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to such a disclosure whenever we practicably can do so.
• Fundraising Activities. We may use or disclose your PHI, as necessary, in order to contact you for fundraising activities. You have the right to opt out of receiving fundraising communications.
Your Written Authorization if Required for Other Uses and Disclosures
The following uses and disclosures of your PHI will be made only with your written authorization:
• Most uses and disclosures of psychotherapy notes;
• Uses and disclosures of PHI for marketing purposes; and
• Disclosures that constitute a sale of your PHI.
Other uses and disclosures of PHI not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer and we will no longer disclose PHI under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.
Your Rights Regarding Your PHI
You have the following rights, subject to certain limitations, regarding your PHI:
• Inspect and Copy. You have the right to inspect, receive, and copy PHI that may be used to make decisions about your care or payment for your care. We have up to 30 days to make your PHI available to you and we may charge you a reasonable fee for the costs of copying, mailing or other supplies associated with your request. You can only direct us in writing to submit your PHI to a third party not covered in this notice. We may not charge you a fee if you need the information for a claim for benefits under the Social Security Act or any other state or federal needs-based benefit program. We may deny your request in certain limited circumstances. If we do deny your request, you have the right to have the denial reviewed by a licensed healthcare professional who was not directly involved in the denial of your request, and we will comply with the outcome of the review.
• Summary or Explanation. We can also provide you with a summary of your PHI, rather than the entire record, or we can provide you with an explanation of the PHI which has been provided to you, so long as you agree to this alternative form and pay the associated fees.
• Electronic Copy of Electronic Medical Records. If your PHI is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. If the PHI is not readily producible in the form or format you request your record will be provided in a readable hard copy form.
• Receive Notice of a Breach. You have the right to be notified upon a breach of any of your unsecured PHI.
• Request Amendments. If you feel that the PHI we have is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us. A request for amendment must be made in writing to the Privacy Officer at the address provided at the beginning of this Notice and it must tell us the reason for your request. In certain cases, we may deny your request for an amendment. If we deny your request for an amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
• Accounting of Disclosures. You have the right to ask for an “accounting of disclosures,” which is a list of the disclosures we made of your PHI. To request this list or accounting of disclosures, you must submit your request in writing to the Privacy Officer. The first accounting of disclosures you request within any 12- month period will be free. For additional requests within the same period, we may charge you for the reasonable costs of providing the list. We will tell you what the costs are, and you may choose to withdraw or modify your request before the costs are incurred.
• Request Restrictions. You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment, or health care operations. We are not required by federal regulation to agree to your request. If we do agree with your request, we will comply unless the information is needed to provide emergency treatment. To request restrictions, you must make your request in writing to the Privacy Officer. Your request must state the specific restriction requested, whether you want to limit our use and/or disclosure; and to whom you want the restriction to apply.
• Request Confidential Communications. You have the right to request that we communicate with you only in certain ways to preserve your privacy. For example, you may request that we contact you by mail at a specific address or call you only at your work number. You must make any such request in writing and you must specify how or where we are to contact you.
• Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may obtain a copy of this Notice by visiting our website: www.ensucasacaregivers.com or contact the En Su Casa Caregivers’ office you are receiving services from.
Changes to This Notice
We reserve the right to change this Notice. We reserve the right to make the changed Notice effective for PHI we already have as well as for any PHI we create or receive in the future. A copy of our current Notice is posted in our office and on our website.
You will not be penalized for complaints.
If you believe your privacy rights have been violated, you may file a complaint with the En Su Casa Caregivers Privacy Officer, at the address listed at the beginning of this Notice or:
• (Federal) – Secretary of the federal Department of Health and Human Services
200 Independence Avenue, S.W. Washington, DC 20201 Phone: (877) 696-6775 or www.hhs.gov/ocr/hipaa/
• (State of Texas) – Civil Rights Office, Health and Human Services Commission
701 W. 51st Street, MC W206, Austin, Texas 78751
Phone: 1-888-388-6332 or 512-438-4313
HIPAA privacy policies questions, please contact Privacy officer at 210-403-3210 or through email at firstname.lastname@example.org.