HIPAA NOTICE OF PRIVACY PRACTICES
For
Insert Name of Behavioral Health Agency
(referred to in this document as “the Agency”)
THIS NOTICE DESCRIBES HOW
MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET
ACCESS TO THIS INFORMATION. PLEASE
REVIEW IT CAREFULLY. PLEASE NOTE THAT THIS NOTICE IS SEPARATE FROM THE NOTICE
YOU HAVE RECEIVED RELATIVE TO YOUR RIGHTS UNDER THE MICHIGAN MENTAL HEALTH
CODE.
I. Uses and Disclosures of Protected
Health Information:
The Agency may use or disclose your protected health
information for purposes of providing treatment, obtaining payment for
treatment, and conducting health care operations. Your protected health information may be used or disclosed only
for these purposes unless the Agency has obtained your authorization or the use
or disclosure is otherwise permitted by the HIPAA Privacy Rule or State
law. Note that the Agency may be
required under Michigan law to obtain consent from you in connection with
certain disclosures that fall within the below listed categories.
Treatment. We will use and
disclose your protected health information to provide, coordinate, or manage
your care and any related services.
This includes the coordination or management of your health care with a
third party for treatment purposes. For
example, we may disclose your protected health information to a pharmacy to
fulfill a prescription or to a subcontracted provider who is also providing
services for you. We may also disclose
protected health information to physicians who may be treating you or
consulting with the Agency with respect to your care. In some cases, we may also disclose your protected health
information to an outside treatment provider for purposes of the treatment
activities of the other provider.
Payment. Your protected health information will be used and disclosed, as
needed, to obtain payment for the services that we provide. This may include certain communications to
your health insurer to get approval for the treatment that we recommend. For example, if a certain level of service
is recommended, we may need to disclose information to your health insurer to
get prior approval for the level of service.
We may also disclose protected health information to your insurance
company to determine whether you are eligible for benefits or whether a
particular service is covered. In order
to get payment for your services, we may also need to disclose your protected
health information to your insurance company to demonstrate the medical
necessity of the services or to demonstrate that required documentation exists.
We may also disclose patient information to another provider involved in your
care for the other provider’s payment activities.
Operations.
We may use or disclose your protected health information, as necessary,
for our own health care operations in order to facilitate the function of the
Agency and to provide quality care to all consumers. Health care operations include such activities as:
·
Quality assessment and improvement
activities.
·
Employee review activities.
·
Training programs including those in
which students, trainees, or practitioners in health care learn under
supervision.
·
Accreditation, certification,
licensing or credentialing activities.
·
Review and auditing, including
compliance reviews, medical reviews, legal services and maintaining compliance
programs.
·
Business management and general
administrative activities.
In certain situations, we may
also disclose consumer information to another provider or health plan for their
health care operations.
Other Uses and Disclosures. As part of treatment, payment and healthcare operations, we may
also use or disclose your protected health information for the following
purposes:
·
To remind you of an appointment
including the use of post cards and/or messages left on answering machines.
·
To inform you of potential treatment
alternatives or options.
·
To inform you of health-related
benefits or services that may be of interest to you.
II.
Uses and Disclosures Beyond Treatment, Payment, and Health Care
Operations Permitted Without Authorization or Opportunity to Object:
The HIPAA Privacy Rule also
allows us to use or disclose your protected health information without your
permission or authorization for a number of reasons including the
following:
When
Legally Required. We will disclose your protected health information when we are
required to do so by any Federal, State or local law.
When There
Are Risks to Public Health. We may disclose your protected health information for the
following public activities and purposes:
·
To
prevent, control, or report disease, injury or disability as permitted by law.
·
To
report vital events such as birth or death as permitted or required by law.
·
To
conduct public health surveillance, investigations and interventions as
permitted or required by law.
·
To
collect or report adverse events and product defects, track FDA regulated
products, enable product recalls, repairs or replacements to the FDA and to
conduct post marketing surveillance.
·
To
notify a person who has been exposed to a communicable disease or who may be at
risk of contracting or spreading a disease as authorized by law.
·
To
report to an employer information about an individual who is a member of the
workforce as legally permitted or required.
To Report
Abuse, Neglect Or Domestic Violence. We may
notify government authorities if we believe that a consumer is the victim of
abuse, neglect or domestic violence. We
will make this disclosure only when specifically required or authorized by law
or when the consumer agrees to the disclosure.
To Conduct
Health Oversight Activities. We may
disclose your protected health information to a health oversight agency for
activities including audits; civil, administrative, or criminal investigations,
proceedings, or actions; inspections; licensure or disciplinary actions; or
other activities necessary for appropriate oversight as authorized by law. We will not disclose your health information
if you are the subject of an investigation and your health information is not directly
related to your receipt of health care or public benefits.
In
Connection With Judicial And Administrative Proceedings. We may disclose your protected health information in the course
of any judicial or administrative proceeding in response to an order of a court
or administrative tribunal as expressly authorized by such order or in response
to a signed authorization (in a format approved by the Michigan Court
Administrator).
For Law
Enforcement Purposes. We may disclose your
protected health information to a law enforcement official for law enforcement
purposes as follows:
·
As
required by law for reporting of certain types of wounds or other physical
injuries.
·
Pursuant
to court order, court-ordered warrant, subpoena, summons or similar process.
·
For
the purpose of identifying or locating a suspect, fugitive, material witness or
missing person.
·
Under
certain limited circumstances, when you are the victim of a crime.
·
To
a law enforcement official if the Agency has a suspicion that your death was
the result of criminal conduct.
·
In
an emergency in order to report a crime.
To
Coroners, Funeral Directors, and for Organ Donation. We may disclose protected health
information to a coroner or medical examiner for identification purposes, to
determine cause of death or for the coroner or medical examiner to perform
other duties authorized by law. We may
also disclose protected health information to a funeral director, as authorized
by law, in order to permit the funeral director to carry out their duties. Protected health information may be used and
disclosed for cadaveric organ, eye or tissue donation purposes.
For
Research Purposes. We
may use or disclose your protected health information for research when the use
or disclosure for research has been approved by an institutional review board
or privacy board that has reviewed the research proposal and research protocols
to address the privacy of your protected health information.
In the
Event of A Serious Threat To Health Or Safety. We may, consistent with applicable law and ethical standards of
conduct, use or disclose your protected health information if we believe, in
good faith, that such use or disclosure is necessary to prevent or lessen a
serious and imminent threat to your health or safety or to the health and
safety of the public.
For
Specified Government Functions. In certain
circumstances, the Federal regulations authorize the Agency to use or disclose
your protected health information to facilitate specified government functions
relating to military and veterans activities, national security and
intelligence activities, protective services for the President and others,
medical suitability determinations, correctional institutions, and law enforcement custodial situations.
For
Worker's Compensation. The Agency may release your
health information to comply with worker's compensation laws or similar
programs.
III. Uses and
Disclosures Permitted Without HIPAA Authorization But With Opportunity to
Object:
Although HIPAA does not require that we
obtain a written HIPAA authorization for disclosures made to family members in
certain circumstances, Michigan law requires that we obtain your written
consent prior to disclosing your health information to a family member who is
not your personal representative. The
Agency will continue to follow its current policy to obtain written consent
under State law when disclosing patient information to a family member or
friend who is not a personal representative of the patient.
IV. Uses
and Disclosures That You Authorize:
Other than as stated above, we will not disclose
your health information other than with your written authorization. You may revoke your authorization in writing
at any time except to the extent that we have taken action in reliance upon the
authorization.
In addition to other rights you may have under State
law, such as the rights you have under Michigan Mental Health Code, you have the following rights under HIPAA
regarding your health information:
The right to inspect and copy your protected health information. You may inspect and obtain a copy of your protected health
information that is contained in a designated record set for as long as we
maintain the protected health information.
Subject to limitations imposed upon us by MCL 330.1748 (4) of the
Michigan Mental Health Code, under Federal law, however, you may not inspect or
copy the following records: information
compiled in reasonable anticipation of, or for use in, a civil, criminal, or
administrative action or proceeding; and protected health information that is
subject to a law that prohibits access to protected health information. Depending on the circumstances, you may have
the right to have a decision to deny access reviewed. We may deny your request
to inspect or copy your protected health information if, in our professional
judgment, we determine that the access requested is likely to endanger your
life or safety or that of another person, or that it is likely to cause
substantial harm to another person referenced within the information. You have the right to request a review of
this decision.
To inspect and copy your health
information, you must submit a written request to the Privacy Officer whose
contact information is listed on the last pages of this Notice. If you request a copy of your information,
we may charge you a fee for the costs of copying, mailing or other costs
incurred by us in complying with your request. Please
contact our Privacy Officer if you have questions about access to your health
record.
The right to request a restriction on uses and disclosures of your
protected health information. You may ask us not to use or disclose
certain parts of your protected health information for the purposes of
treatment, payment or health care operations.
Your request must state the specific restriction requested and to whom
you want the restriction to apply. The Agency is not required to agree to a
restriction that you may request. We
will notify you if we deny your request to a restriction. If the Agency does agree to the requested
restriction, we may not use or disclose your protected health information in
violation of that restriction unless it is needed to provide emergency
treatment. Under certain circumstances,
we may terminate our agreement to a restriction. You may request a restriction by contacting the Privacy Officer.
The right to request to receive confidential communications from
us by alternative means or at an alternative location. You have the right to
request that we communicate with you in certain ways. We will accommodate reasonable requests. We may condition this accommodation by
asking you for information as to how payment will be handled or specification
of an alternative address or other method of contact. We will not require you to provide an explanation for your
request. Requests must be made in
writing to our Privacy Officer.
The right to request amendments to your protected health
information. You may request an amendment of protected health information
about you in a designated record set for as long as we maintain this
information. In certain cases, we may
deny your request for an amendment. For
example, if we believe that the information is correct as is. If we deny your request for amendment, you
have the right to file a statement of disagreement with us and we may prepare a
rebuttal to your statement and will provide you with a copy of any such
rebuttal. Requests for amendment must
be in writing and must be directed to our Privacy Officer. In this written request, you must also
provide a reason to support the requested amendments.
The right to receive an accounting. For
accountings that we are required to make under HIPAA you have the right to
request an accounting of certain disclosures of your protected health
information made by the Agency. The
request for an accounting must be made in writing to our Privacy Officer. The request should specify the time period
sought for the accounting. We are not required to provide a HIPAA accounting
for disclosures that take place prior to April 14, 2003. HIPAA accounting requests may not be made
for periods of time in excess of six years.
We will provide the first accounting you request during any 12-month
period without charge. Subsequent
accounting requests under HIPAA may be subject to a reasonable cost-based
fee. We are also required to track
certain disclosures under Michigan law.
We will continue to do so.
The right to obtain a paper copy of this notice. Upon request, we will
provide a separate paper copy of this notice even if you have already received
a copy of the notice or have agreed to accept this notice electronically.
VI. Our Duties:
The Agency is required by law to maintain
the privacy of your health information and to provide you with this
Notice. We are required to abide by
terms of this Notice as may be amended from time to time. We reserve the right to change the terms of
this Notice and to make the new Notice provisions effective for all protected
health information that we maintain.
VII. Complaints:
You have the right to express complaints
to the Agency and to the Secretary of Health and Human Services if you believe
that your privacy rights have been violated.
You may complain to the Agency by contacting the Agency’s Privacy Officer
verbally or in writing, using the contact information below. We encourage you to express any concerns you
may have regarding the privacy of your information. You will not be retaliated against in any way for filing a
complaint.
The Agency’s contact person for all issues regarding
patient privacy and your rights under HIPAA is the Privacy Officer. Information regarding matters covered by
this Notice can be requested by contacting the Privacy Officer. Complaints against the Agency, can be mailed
to the Privacy Officer by sending it to:
The Montcalm Center for Behavioral Health
611 N. State St.
Stanton, MI 48888
ATTN:
Privacy Officer
The Privacy Officer can be contacted by telephone at
1-800-377-0974
This Notice is effective April 14, 2003.