Notice of Privacy Practices Notice of Privacy Practices
This notice describes:
Federal law and regulations (see HIPAA at 45 CFR Parts 160 & 164 and 42 CFR Part 2) protect the confidentiality of substance use disorder patient records. Unless Federal law and regulations permit or require the use or disclosure of records without that patient’s written consent, the Program may NOT disclose a person’s status as a current or former patient, any information that could identify that person as a patient, nor any Protected Health Information (“PHI”) contained in that person’s record. Violation of the Federal law and regulations by a Program is a crime. Federal law and regulations permit or require the use or disclosure of records without the patient’s written consent in the following circumstances: (1) Crimes on Program premises or against Program personnel. The restrictions on use and disclosure do not apply to communications from Program personnel to law enforcement agencies or officials which: (a) Are directly related to a patient’s commission of a crime on the Program premises or against Program personnel, or to a threat to commit such a crime; and (b) Are limited to the circumstances of the incident, including the individual’s name and address. (2) Reports of suspected child abuse and neglect. The restrictions on use and disclosure do not apply to the reporting under State law of incidents of suspected child abuse and neglect to the appropriate State or local authorities. (3) Vital statistics. Patient identifying information relating to the cause of death of a patient may be disclosed under laws requiring the collection of death or other vital statistics or permitting inquiry into the cause of death. (4) Medical emergencies. Patient identifying information may be disclosed to medical personnel to the extent necessary to: (a) Meet a bona fide medical emergency in which the patient’s prior written consent cannot be obtained; or (b) Meet a bona fide medical emergency in which the Program is closed and unable to provide services or obtain the prior written consent of the patient, during a temporary state of emergency declared by a state or federal authority as the result of a natural or major disaster, until such time that the Program resumes operations. (5) Management audits, financial audits, and program evaluation. Patient identifying information may be disclosed in the course of a review of records of the Program to any person who performs the audit or evaluation on behalf of: (a) Any federal, state, or local governmental agency that provides financial assistance to the Program or is authorized by law to regulate the activities of the Program; (b) Any person which provides financial assistance to the Program, which is a third-party payer or health plan covering patients in the Program, or which is a quality improvement organization (QIO) performing a QIO review, or the contractors, subcontractors, or legal representatives of such person or QIO; or (c) Any entity with direct administrative control. (6) Disclosures for public health. The Program may disclose records for public health purposes without patient consent so long as: (a) The disclosure is made to a public health authority as defined in 42 CFR Part 2; and (b) The content has been de-identified. (7) Court order authorizing use and disclosure. If a court of competent jurisdiction enters an order under 42 CFR Part 2 authorizing a use or disclosure of patient information. Records, or testimony relaying the content of such records, shall not be used or disclosed in any civil, administrative, criminal, or legislative proceedings against the patient unless based on specific written consent or a court order. Records shall only be used or disclosed based on a court order after notice and an opportunity to be heard is provided to the patient or the holder of the record, where required by law. A court order must be accompanied by a subpoena or other similar legal mandate compelling disclosure before the record is used or disclosed. The Program will make all other uses and disclosures not described above only with the patient’s written consent. Uses and disclosures that require written consent include, without limitation: (1) Disclosures for treatment, payment, and health care operations; (2) Disclosures to prevent multiple enrollments; (3) Disclosures to elements of the criminal justice system; and (4) Disclosures to prescription drug monitoring programs. A patient may provide a single consent for all future uses or disclosures for treatment, payment, and health care operation purposes. Records that are disclosed to a part 2 program, covered entity, or business associate pursuant to the patient’s written consent for treatment, payment, and health care operations may be further disclosed by those entities, without the patient’s written consent, to the extent the HIPAA regulations permit such disclosure. A patient may revoke written consent at any time in writing, except to the extent the Program has already acted on it or when it involves the criminal justice system. Patient Rights. Patients have the right to:
The Program reserves the right to change its privacy practices and to make new provisions effect for all Protected Health Information it holds or maintains. Should the Program’s privacy practices change, it will post the amended Notice of Privacy Practices in its offices and on its website. If you believe your privacy rights have been violated, you may file a written complaint with Program’s Compliance Officer or with the U.S. Department of Health and Human Services at OCRComplaint@hhs.gov. You will not be retaliated against for filing a complaint. |