NOTICE OF PRIVACY PRACTICES
Effective Date: June 1, 2017
Last Revision Date: None
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice serves as a notice for The Herren Project. We will follow the terms of this Notice and may share health information with each other for purposes of treatment, payment and health care operations as described in this Notice and as required under the Health Insurance Portability and Accountability Act of 1996. It also describes your rights as they relate to your PHI. This Notice has been updated in accordance with the HIPAA Omnibus Rule and is effective March 26, 2013. It applies to all protected health information (PHI) as defined by federal regulations.
Understanding Your Health Record/Information
Each time you visit The Herren Project a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information may be used or disclosed to:
• Plan your care and treatment.
• Communicate with other providers who contribute to your care.
• Serve as a legal document.
• Receive payment from you, your plan, or your health insurer.
• Assess and continually work to improve the care we render and the outcomes we achieve.
• Comply with state and federal laws that require us to disclose your PHI.
Understanding what is in your record and how your PHI is used helps you to: ensure its accuracy, better understand who, what, when, where, and why others may access your PHI, and make more informed decisions when authorizing disclosure to others.
Your Health Information Rights
Although your health record is the physical property of The Herren Project, the information belongs to you. You have the right to request to:
• Access, inspect and copy your health record. The Herren Project maintains an electronic medical record (“EMR”). You have the right to access your health record in a machine readable electronic format. You have the right to request an electronic copy of your medical record be given to you or transmitted to another individual or entity. The Herren Project may charge you a reasonable, cost-based fee for the labor and supplies associated with copying or transmitting the electronic PHI.
• Amend your health record which you believe is not correct or complete. The Herren Project is not required to agree to the amendment if you ask us to amend information that is in our opinion: (i) accurate and complete; (ii) not part of the PHI kept by or for The Herren Project; (iii) not part of the PHI which you would be permitted to inspect and copy; or (iv) not created by The Herren Project, unless the individual or entity that created the information is not available to amend the information. If we deny your request, you may submit a written statement of disagreement of reasonable length. Your statement of disagreement will be included in your medical record, but we may also include a rebuttal statement.
• Obtain a written accounting of certain non-routine disclosures of your PHI. We are not required to list certain disclosures, including (i) disclosures made for treatment, payment, and health care operations purposes, (ii) disclosures made with your authorization, (iii) disclosures made to create a limited data set, and (iv) disclosures made directly to you. All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years prior to the date of your request. If we maintain your medical records in an EMR system, you may request that the accounting include disclosures for treatment, payment and health care operations for the three (3) years prior to the date of such request. You must submit your request in writing to the Privacy Officer. The first list you request within a 12-month period is free of charge, but The Herren Project may charge you for additional lists within the same 12-month period. The Herren Project will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
• Communications of your PHI by alternative means (e.g. e-mail) or at alternative locations (e.g. post office box).
• Place a restriction to certain uses and disclosures of your information. In most cases The Herren Project is not required to agree to these additional restrictions, but if The Herren Project does, The Herren Project will abide by the agreement (except in certain circumstances where disclosure is required or permitted, such as an emergency, for public health activities, or when disclosure is required by law). The Herren Project must comply with a request to restrict the disclosure of PHI to a health plan for purposes of carrying out payment or health care operations if the PHI pertains solely to a health care item or service for which we have been paid out of pocket in full.
• Revoke your authorization to use or disclose PHI except to the extent that action has already been taken.
The Herren Project is required to:
• Maintain the privacy of your PHI.
• Provide you with this Notice as to our legal duties and privacy practices with respect to information we collect and maintain about you.
• Abide by the terms of the Notice currently in effect
• Notify you in writing if we are unable to agree to a requested restriction.
• Accommodate reasonable requests you may have to communicate PHI by alternative means or at alternative locations.
• Notify you in writing of a breach where your unsecured PHI has been accessed, acquired, used or disclosed to an unauthorized person. “Unsecured PHI” refers to PHI that is not secured through the use of technologies or methodologies that render the PHI unusable, unreadable, or indecipherable to unauthorized individuals.
We reserve the right to change our practices and to make the new provisions effective for all PHI we maintain. Should our information practices change, such revised Notices will be made available to you.
We will not use or disclose your PHI without your written authorization, except as described in this Notice.
For More Information or to Report a Problem
If have questions and would like additional information, you may contact:
PO Box 131
Portsmouth, RI 02871
If you believe your privacy rights have been violated, you can file a written complaint with The Herren Project’s Privacy Officer, or with the Office for Civil Rights, U.S. Department of Health and Human Services. Upon request, the Privacy Office will provide you with the address. There will be no retaliation for filing a complaint with either the Privacy Officer or the Office for Civil Rights.
Treatment: Information obtained by a nurse, physician, or other member of your health care team will be recorded in your medical record and used to determine the course of treatment that should work best for you. To promote quality care, The Herren Project operates an EMR. This is an electronic system that keeps PHI about you.
The Herren Project may also provide a subsequent healthcare provider with PHI about you (e.g., copies of various reports) that should assist him or her in treating you in the future. The Herren Project may also disclose PHI about you to, and obtain your PHI from, electronic PHI networks in which community healthcare providers may participate to facilitate the provision of care to patients such as yourself. The Herren Project may use a prescription hub which provides electronic access to your medication history. This will assist The Herren Project health care providers in understanding what other medications may have been prescribed for you by other providers.
Payment: A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, diagnosis, procedures, and supplies used.
Health Care Operations: We may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and service we provide.
Business Associates: We may contract with third parties to perform functions or activities on behalf of, or certain services for, The Herren Project that involve the use or disclosure of PHI and disclose your PHI to our business associate so that they can perform the job we’ve asked them to do. We require the business associate to appropriately safeguard your information.
Notification: We may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, your location, and general condition.
Communication from Offices: We may call your home or other designated location and leave a message on voice mail, in reference to any items that assist The Herren Project in carrying out Treatment, Payment and Health Care Operations, such as appointment reminders, insurance items and any call pertaining to your clinical care. We may mail to your home or other designated location any items that assist The Herren Project in carrying out Treatment, Payment and Health Care Operations, such as appointment reminders, patient satisfaction surveys and patient statements.
Communication with Family/Personal Friends: Health professionals, using their best judgment, may disclose to a family member, other relative, close personal friend or any other person you identify, PHI relevant to that person’s involvement in your care or payment related to your care. When a family member(s) or a friend(s) accompany you into the exam room, it is considered implied consent that a disclosure of your PHI is acceptable.
Open Treatment Areas: Sometimes patient care is provided in an open treatment area. While special care is taken to maintain patient privacy, others may overhear some patient information while receiving treatment. Should you be uncomfortable with this, please bring this to the attention of our Privacy Officer.
To Avert a Serious Threat to Health or Safety: We may use your PHI or share it with others when necessary to prevent a serious threat to your health or safety, or the health or safety of another person or the public.
Research: We may disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI. Even without that special approval, we may permit researchers to look at PHI to help them prepare for research, for example, to allow them to identify patients who may be included in their research project, as long as they do not remove, or take a copy of, any PHI. We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research. But we will only disclose the limited data set if we enter into a data use agreement with the recipient who must agree to (1) use the data set only for the purposes for which it was provided, (2) ensure the security of the data, and (3) not identify the information or use it to contact any individual. The Herren Project may use a single compound authorization to combine conditioned and unconditioned authorizations for research (e.g. participation in research studies, creation or maintenance of a research database or repository), provided the authorization: (i) clearly differentiates between the conditioned (provision of research related treatment is conditioned on the provision of a written authorization) and unconditioned research components; and (ii) provides the individual with an opportunity to opt in to the unconditioned research activities.
Coroners, Medical Examiners and Funeral Director: In the unfortunate event of your death, we may disclose your PHI to a coroner or medical examiner. This may be necessary, for example, to determine the cause of death. We may also release this information to funeral directors as necessary to carry out their duties.
Deceased Individuals: In the unfortunate event of your death, we are permitted to disclose your PHI to your personal representative and your family members and others who were involved in the care or payment for your care prior to your death, unless inconsistent with any prior expressed preference that you provided to us. PHI excludes any information regarding a person who has been deceased for more than 50 years.
Organ Procurement Organizations: Consistent with applicable law, we may disclose PHI to organ procurement organizations, federally funded registries, or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
Marketing: We may contact you by mail, e-mail or text to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you. However, we must obtain your prior written authorization for any marketing of products and services that are funded by third parties. You have the right to opt-out by notifying us in writing.
Fund Raising: We may contact you as part of a fund-raising effort. We may also disclose certain elements of your PHI, such as your name, address, phone number and dates you received treatment or services at The Herren Project, to a business associate or a foundation related to The Herren Projectso that they may contact you to raise money for The Herren Project. If you do not wish to receive further fundraising communications, you should follow the instructions written on each communication that informs you how to be removed from any fundraising lists. You will not receive any fundraising communications from us after we receive your request to opt out, unless we have already prepared a communication prior to receiving notice of your election to opt out.
Sale of PHI: The Herren Project may not “sell” your PHI (i.e., disclose such PHI in exchange for remuneration) to a third party without your written authorization that acknowledges the remuneration unless such an exchange meets a regulatory exception.
Health Oversight Activities: We may release your PHI to government agencies authorized to conduct audits, investigations, and inspections of our facility. These government agencies monitor the operation of the health care system, government benefit programs, such as Medicare and Medicaid, and compliance with government regulatory programs and civil rights laws.
Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
Public Health: As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
Workers Compensation: We may disclose PHI to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.
Law Enforcement: We may disclose PHI for law enforcement purposes as required by law.
Inmates and Correctional Institutions: If you are an inmate or you are detained by a law enforcement officer, we may disclose your PHI to the prison officers or law enforcement officers if necessary to provide you with health care, or to maintain safety at the place where you are confined.
Lawsuits and Disputes: We may disclose your PHI if we are ordered to do so by a court that is handling a lawsuit or other dispute. We may also disclose your information in response to a subpoena, discovery request, or other lawful request by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain a court order protecting the information from further disclosure.
As Required by Law: We may use or disclose your PHI if we are required by law.
YOU WILL NOT BE PENALIZED OR RETALIATED AGAINST FOR FILING A COMPLAINT