THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.
Living Hope Southeast, LLC (LHSE), a provider of behavioral health services, is dedicated to protecting your medical information. A federal regulation, known as the “HIPAA Privacy Rule,” requires that we provide detailed notice in writing of our privacy practices. Your Protected Health Information (PHI) is information that identifies you and that relates to your past, present, or future health or condition, the provision of health care to you, or payment for that health care. We are required by law to maintain the privacy of your PHI and to give you this Notice about our privacy practices that explains your rights as our client and how, when, and why we may use or disclose your PHI. You will be asked to sign an Acknowledgment that you received this Notice.
We are required by law to follow the privacy practices described in this Notice, though we reserve the right to change our privacy practices and the terms of this Notice at any time and to apply those changes to all PHI in our possession. If we change our privacy practices and the terms of this Notice, we will post a copy in each of our sites in a prominent location, have copies of the revised Notice available at each of our sites, and provide you with a copy of the revised Notice upon your request. Our current Notice of Privacy Practices is also available on our website.
This notice describes LHSE’s practices regarding the use of your medical information and that of:
1. Treatment, Payment and Health Care Operations. As described below, we will use or disclose your PHI for treatment, payment, or health care operations. The examples below do not list every possible use or disclosure in a category.
Treatment: We may use and disclose PHI about you to provide, coordinate,or manage your behavioral health care and related services. We may consult with other health care providers regarding your treatment and coordinate and manage your behavioral health care with others. For example, we may use and disclose PHI when you need a prescription. We may also use and disclose PHI about you when referring you to another health care provider. For example, if you are referred to a physician, we may disclose PHI to the physician regarding your need for medical services. We may also disclose PHI about you for the treatment activities of another health care provider. For example, we may send a report about your care from us to another provider, so that the other provider may treat you.
Payment: We may use and disclose PHI so that we can bill and collect payment for the treatment and services provided to you. For example, we may send your insurance company or Medicaid a bill for services or release certain medical information to your health insurance company so that it can determine whether your treatment is covered under the terms of your health insurance policy. We also may use and disclose PHI for billing, claims management, and collection activities. We may also disclose PHI to another health care provider or to a company or health plan required to comply with the HIPAA Privacy Rule for the payment activities of that health care provider, company, or health plan. For example, we may allow a health insurance company to review PHI relating to their enrollees to determine the insurance benefits to be paid for their enrollees’ care.
Health Care Operations: We may use and disclose PHI in performing certain business activities which are called health care operations. Some examples of these operations include our business, accounting, and management activities. These health care operations also may include quality assurance, utilization review, and internal auditing, such as reviewing and evaluating the skills, qualifications, and performance of behavioral health care providers taking care of you and our other clients and providing training programs to help students develop or improve their skills. If another health care provider, company, or health plan that is required to comply with the HIPAA Privacy Rule has or once had a relationship with you, we may disclose PHI about you for certain health care operations of that health care provider or company. For example, such health care operations may include assisting with legal compliance activities of that health care provider or company.
2. Communications To You From Our Office. We may use or disclose medical information in order to contact you as a reminder that you have an appointment for therapy or other services, to tell you about or recommend possible service options or alternatives that may be of interest to you, or to inform you about health-related benefits or services that may be of interest to you.
3. Communications To Family, Friends If You Agree Or Do Not Object; Disaster Relief. We may disclose PHI to your relatives, close friends, or any other person identified by you if the PHI is directly related to that person’s involvement in your care or payment for your care. Generally, except in emergency situations, we will inform you of our intended action prior to making any such uses and disclosures and will, at that time, offer you the opportunity to object. However, if you are not present or are unable to agree or object to such a disclosure, we may disclose such information as necessary, if we determine that it is in your best interest based on our professional judgment. We also may use and disclose your health information for the purpose of locating and notifying your relatives or close personal friends of your location, general condition, or death, and to organizations that are involved in those tasks during disaster situations. We will provide you with an opportunity to agree or object to such disclosures whenever it is practical to do in a disaster relief situation.
4. Other Uses And Disclosures Authorized By The HIPAA Privacy Rule. We may use and disclose PHI about you in the following circumstances, provided that we comply with certain legal conditions set forth in the HIPAA Privacy Rule.
Required By Law: We may use or disclose PHI as required by federal, state, or local law if the disclosure complies with the law and is limited to the requirements of the law.
Public Health Activities: We may disclose PHI to public health authorities or other authorized persons to carry out certain activities related to public health, including to:
Abuse, Neglect, or Domestic Violence: We may disclose PHI to proper government authorities if we reasonably believe that a patient has been a victim of domestic violence, abuse, or neglect.
Health Oversight: We may disclose PHI to a health oversight agency for oversight activities including, for example, audits, investigations, inspections, licensure and disciplinary activities, and other activities conducted by health oversight agencies to monitor the health care system, government health care programs, and compliance with certain laws.
Legal Proceedings: We may disclose PHI as expressly required by a court or administrative tribunal order or in compliance with state law in response to subpoenas, discovery requests, or other legal process when we receive satisfactory assurances that efforts have been made to advise you of the request or to obtain an order protecting the information requested.
Law Enforcement: We may disclose PHI to law enforcement officials under certain specific conditions where the disclosure is:
Coroners, Medical Examiners, or Funeral Directors: We may disclose PHI regarding a deceased patient to a coroner, medical examiner, or funeral director so that they may carry out their jobs. We also may disclose such information to a funeral director in reasonable anticipation of a patient’s death.
Organ Donation: We may disclose PHI to organizations that help procure, locate, and transplant organs in order to facilitate organ, eye, or tissue donation and transplantation.
Threat to Health or Safety: In limited circumstances, we may disclose PHI when we have a good faith belief that the disclosure is necessary to prevent a serious and imminent threat to the health or safety of a person or to the public.
Specialized Government Functions: We may disclose PHI for certain specialized government functions, such as military and veteran activities, national security and intelligence activities, protective services for the president and others, medical suitability determinations, and for certain correctional institutions or in other law enforcement custodial purposes.
Compliance Review: We are required to disclose PHI to the Secretary of the United States Department of Health and Human Services when requested by the Secretary to review our compliance with the HIPAA Privacy Rule.
Workers’ Compensation: We may disclose PHI in order to comply with laws relating to workers’ compensation or other similar programs.
Research: For research purposes under certain limited circumstances for research projects that have been evaluated and approved through an approval process that takes into account clients’ need for privacy. We must obtain a written authorization to use and disclose PHI about you for research purposes except in situations where a research project meets specific, detailed criteria established by the HIPAA Privacy Rule to ensure the privacy of PHI.
Data Breach Notification Purposes: We may use or disclose your PHI to provide legally required notices of unauthorized access to or disclosure of your health information, if that happens, including notifying you within no more than 90 days if a breach occurs that may have compromised the privacy or security of your information.
5. Emergencies. We may use or disclose your PHI in an emergency treatment situation in compliance with applicable laws and regulations.
6. Your Written Authorization is Required for Other Uses and Disclosures. The following uses and disclosures of your PHI will be made only with your written authorization:
7. Fundraising; Patient Directory. We do not use your PHI for fundraising purposes. In addition, we do not maintain a public client directory that would potentially contain any PHI.
Authorization To Release Health Information may take up to 30 days for completion and charges generally apply (see our Medical Records staff for details).
The HIPAA Privacy Rule gives you several rights with regard to your PHI. These rights include:
1. Right to Request Restrictions.
Out of Pocket Payments: Unless otherwise required by law, we are required to agree to your request to restrict use and disclosure of your PHI to a health plan for payment or health care operations when the information you wish to restrict pertains solely to a health care item or service for which you have paid us “out-of-pocket” in full. (In other words, you have requested that we not bill your health insurance plan and have paid us yourself.)
Other Requests: You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment, or health care operations, or that we disclose to those who may be involved in your care or payment for your care. For example, you could ask that we not share information about a particular diagnosis or treatment with your spouse. While we will consider your request for a restriction, we are not required to agree to it. If we do agree to your request, we will comply with your request except as required by law or for emergency treatment. To request restrictions, you must make your request in writing on our Request for Additional Privacy Form to our Privacy Officer (or designee).
2. Right to Receive Confidential Communications. You have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. For example, you may request that we contact you at home, rather than at work. You must make your request in writing by submitting our Request for Alternative Communication Form specifying how you would like to be contacted (for example, by regular mail to your post office box and not your home) to our Privacy Officer (or designee). We will accommodate all reasonable requests.
3. Right to Inspect and Copy. You have the right to inspect and receive a copy of your PHI contained in records we maintain that may be used to make decisions about your care. These records usually include your medical and billing records, but do not include psychotherapy notes; information gathered or prepared for a civil, criminal, or administrative proceeding; or PHI that is subject to law that prohibits access. To inspect and copy your PHI, please contact our Privacy Officer at the address listed on the last page of this Notice. If you request a copy of PHI about you, we may charge you a reasonable fee for the copying, postage, labor, and supplies used in copying your PHI. We may deny your request to inspect and copy PHI only under limited circumstances, and in some cases, a denial of access may be reviewable.
4. Right to an Electronic Copy of Electronic Medical Records. If your PHI is maintained in an electronic format, you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. A request to transmit your record to another individual or entity must be in writing, signed by you, and must clearly identify the designated person and where to send the PHI. We will make every effort to provide access to your PHI in the form or format you request, if it is readily producible in the form or format you request. If not readily producible, your record will be provided in a readable electronic format. We may charge you a reasonable cost-based fee for the labor and supplies associated with creating, transmitting, or providing an electronic copy of the medical record.
5. Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information for as long as such information is kept by or for us. You must submit your request to amend in writing to our Privacy Officer and give us a reason for your request. We will respond to your request to amend your PHI within 60 days. We may deny your request in certain cases. If your request is denied, you may submit a written statement disagreeing with the denial, which we will keep on file and distribute with all future disclosures of the information to which it relates.
6. Right to Receive an Accounting of Disclosures. You have the right to request a list of certain disclosures of PHI made by us during a specified period of up to six years prior to the request, except disclosures for treatment, payment, or health care operations; made to you; to persons involved in your care, or for the purpose of notifying your family or friends of your whereabouts; for national security or intelligence purposes; made pursuant to your written authorization; incidental to another permissible use or disclosure; for certain notification purposes (including national security, intelligence, correctional, and law enforcement purposes); or made before April 14, 2003. If you wish to make such a request, please contact our Privacy Officer (or designee). The first accounting that you request in a 12-month period will be free, but we may charge you for our reasonable costs of providing additional lists in the same 12-month period. We will tell you about these costs, and you may choose to cancel your request at any time before costs are incurred.
7. Right to Get Notice of a Breach. If there is a breach of any of your unsecured PHI, you have the right to be notified.
8. Right to a Paper Copy of this Notice. You have a right to receive a paper copy of this Notice at any time. You are entitled to a paper copy of this Notice even if you have previously agreed to receive this Notice electronically. To obtain a paper copy of this Notice, please contact our Privacy Officer.
9. Right to Choose Someone to Act for You. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. We will make sure that the person has this authority and can legally act for you before we take any action. Then you may complete a Healthcare Proxy Attestation to authorize this person to act for you.
If you believe your privacy rights have been violated, you may file a complaint with us, or the Secretary of the United States, Department of Health and Human Services. To file a complaint with our office, please contact our Privacy Officer.
To file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights, send a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201 or call 1-877-696-6775 or visit www.hhs.gov/ocr/privacy/hipaa/complaints/.
We will not take action against you or retaliate against you in any way for filing a complaint.
If you have any questions or need additional information about this Notice, please contact our Privacy Officer.
You may contact our Privacy Officer at the following address and phone number:
Krystle Cable
10025 West Markham, Suite 150
501-663-5473
krystlec@lhsoutheast.com
EFFECTIVE DATE: This notice was published and first became effective on 10/01/13.