Our Privacy Practices
Our Duty to Safeguard Your Protected Health Information
Individually identifiable information about your past, present, or future health or condition, the provision of health care to you, or payment for health care is considered “Protected Health Information” (PHI). We are required to extend certain protections to your PHI, and to give you this Notice about our privacy practices that explains how, when and why we may use or disclose your PHI. Except in specified circumstances, we must use or disclose only the minimum necessary PHI to accomplish the intended purpose of the use or disclosure. We are required to follow the privacy practices described in this Notice though we reserve the right to change our privacy practices and the terms of this Notice at any time. You may request any new notice from us.
How We May Use and Disclose Your Protected Health Information
We use and disclose Personal Health Information for a variety of reasons. We have a limited right to use and/or disclose your PHI for purposes of treatment, payment and for our health care operations. For uses beyond that, we must have your written authorization unless the law permits or requires us to make the use or disclosure without your authorization. If we disclose your PHI to an outside entity in order for that entity to perform a function on our behalf, we must have in place an agreement from the outside entity that it will extend the same degree of privacy protection to your information that we must apply to your PHI. However, the law provides that we are permitted to make some uses/disclosures without your con-sent or authorization. The following describes and offers examples of our potential uses/disclosures of your PHI.
Uses and Disclosures Relating to Treatment, Payment, or Health Care Operations.
Generally, we may use or disclose your PHI as follows:
For treatment: We may disclose your PHI to doctors, nurses, and other health care personnel who are involved in providing your health care. For example, your PHI will be shared among members of your treatment team. Your PHI may also be shared with outside entities performing ancillary services relating to your treatment, such as for consultation purposes, or ADAMH/CMH Boards and/or community mental health agencies involved in the provision or coordination of your care.
To obtain payment: We may use/disclose your PHI in order to bill and collect payment for your health care services. For example, we may contact your employer to verify employment status, and/or release portions of your PHI to the Medicaid program, the ODMH central office, the local ADAMH/CMH Board through the Multi-Agency Community Information Services Information System (MACSIS), and/or a private insurer to get paid for services that we delivered to you. We may release information to the Office of the Attorney General for collection purposes.
For health care operations: We may use/disclose your PHI in the course of operating our Behavioral Health Program. For example, we may use your PHI in evaluating the quality of services provided, or disclose your PHI to our accountant or attorney for audit purposes. Since we are an integrated system, we may disclose your PHI to designated support staff in our facilities, for similar purposes. Release of your PHI to the Multi-Agency Community Services Information System and/or state agencies might also be necessary to determine your eligibility for publicly funded services.
Appointment reminders: Unless you provide us with alternative instructions, we may send appointment reminders and other similar materials to your home.
Uses and Disclosures of PHI Requiring Authorization
For uses and disclosures beyond treatment, payment and operations purposes we are required to have your written authorization, unless the use or disclosure falls within one of the exceptions described below. Authorizations can be revoked at any time to stop future uses/disclosures except to the extent that we have already under-taken an action in reliance upon your authorization.
Uses and Disclosures of PHI from Mental Health Records Not Requiring Consent or Authorization
The law provides that we may use/disclose your PHI from mental health records without consent or authorization in the following circumstances:
When required by law: We may disclose PHI when a law requires that we report information about suspected abuse, neglect or domestic violence, or relating to suspected criminal activity, or in response to a court order. We must also disclose PHI to authorities that monitor compliance with these privacy requirements.
For public health activities: We may disclose PHI when we are required to collect information about disease or injury, or to report vital statistics to the public health authority.
For health oversight activities: We may disclose PHI to our central office, the protection and advocacy agency, or another agency responsible for monitoring the health care system for such purposes as reporting or investigation of unusual incidents, and monitoring of the Medicaid program.
Relating to decedents: We may disclose PHI related to a death to coroners, medical examiners or funeral directors, and to organ procurement organizations relating to organ, eye, or tissue donations or transplants.
For research purposes: In certain circumstances, and under supervision of a privacy board, we may disclose PHI to internal research staff and their designees in order to assist medical/psychiatric research.
To avert threat to health or safety: In order to avoid a serious threat to health or safety, we may disclose PHI as necessary to law enforcement or other persons who can reasonably prevent or lessen the threat of harm.
For specific government functions: We may disclose PHI of military personnel and veterans in certain situations, to correctional facilities in certain situations, to government benefit programs relating to eligibility and enrollment, and for national security reasons, such as protection of the President.
Uses and Disclosures of PHI from Alcohol and Other Drug Records Not Requiring Consent or Authorization
The law provides that we may use/disclose your PHI from alcohol and other drug records without consent or authorization in the following circumstances:
When required by law: We may disclose PHI when a law requires that we report information about suspected child abuse and neglect, or when a crime has been committed on the program premises or against program personnel, or in response to a court order.
Relating to decedents: We may disclose PHI relating to an individual’s death if state or federal law requires the information for collection of vital statistics or inquiry into cause of death.
For research, audit or evaluation purposes: In certain circumstances, we may disclose PHI for re-search, audit or evaluation purposes.
To avert threat to health or safety: In order to avoid a serious threat to health or safety, we may disclose PHI to law enforcement when a threat is made to commit a crime on the program premises or against program personnel.
Your Rights Regarding Your Protected Health Information
You have the following rights relating to your protected health information:
To request restrictions on uses/disclosures: You have the right to ask that we limit how we use or disclose your PHI. We will consider your request, but are not legally bound to agree to the restriction. To the extent that we do agree to any restrictions on our use/disclosure of your PHI, we will put the agreement in writing and abide by it except in emergency situations. We cannot agree to limit uses/disclosures that are required by law.
To choose how we contact you: You have the right to ask that we send you information at an alternative address or by an alternative means. We must agree to your request as long as it is reasonably easy for us to do so.
To request amendment of your PHI: If you believe that there is a mistake or missing information in our record of your PHI, you may request, in writing, that we correct or add to the record. We will respond within 60 days of receiving your request. We may deny the re-quest if we determine that the PHI is: (1) correct and complete; (2) not created by us and/or not part of our records, or; (3) not permitted to be disclosed. Any denial will state the reasons for denial and explain your rights to have the request and denial, along with any statement in response that you provide, appended to your PHI. If we approve the request for amendment, we will change the PHI and so inform you, and tell others that need to know about the change in the PHI.
To find out what disclosures have been made: You have a right to get a list of when, to whom, for what purpose, and what content of your PHI has been re-leased other than instances of disclosure: for treatment, payment, and operations; to you, your family, or the facility directory; or pursuant to your written authorization. The list also will not include any disclosures made for national security purposes, to law enforcement officials or correctional facilities, or disclosures made before April 2003. We will respond to your written request for such a list within 60 days of receiving it. Your request can relate to disclosures going as far back as six years. There will be no charge for up to one such list each year. There may be a charge for more frequent requests.
To inspect and request a copy your PHI: Unless your access to your records is restricted for clear and documented treatment reasons, you have a right to see your protected health information upon your written request. We will respond to your request within 30 days. If we deny your access, we will give you written reasons for the denial and explain any right to have the denial reviewed. If you want copies of your PHI, a charge for copying may be imposed, depending on your circumstances.
You have a right to choose what portions of your information you want copied and to have prior information on the cost of copying.
If you have questions or concerns regarding this information, please ask to speak with the HIPAA privacy officer of Greenleaf Family Center.
You Have the Right to Receive this Notice
You have a right to receive a paper copy of this Notice.
How to Complain About Our Privacy Practices
If you think we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI, you may file a complaint with Greenleaf Family Center HIPAA Privacy Officer, or the Client Rights Officer of Greenleaf Family Center. You also may file a written complaint with the Secretary of the U.S. Department of Health and Human Services at 200 Independence Avenue SW, Washington D.C., 20201 or call 1-877-696-6775. We will take no retaliatory action against you if you make such complaints.