HIPAA Notice of Privacy Practices
This notice describes how protected health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
If you have any questions about this notice please contact us.
By law, we are required to maintain the privacy of your protected health information and to provide you with Notice of our legal duties and privacy practices with respect to your protected health information. We are required to abide by the terms of our Notice of Privacy Practices currently in effect.
Protected health information may be information about health care we provide to you. It may also be information about your past, present, or future physical or mental health and medical condition.
Please know that any part of the HIPAA Privacy Rule that is contrary to a provision of Massachusetts law generally will replace Massachusetts law. But in general, if a Massachusetts law protects your health information more than the Privacy Rule does or gives you greater access to your protected health information, we will follow the Massachusetts law.
We may change this Notice in the future and the way your protected health information is used and/or disclosed. We reserve the right from time to time to make changes and to make the changed Notice effective for all of your protected health information that we maintain, including information we created or obtained before the Notice was changed. If we make changes to the Notice, we will post the new Notice in our common area and on our website and provide you with a copy of the new Notice when requested.
The rest of this Notice will tell you how we may use and disclose your protected health information; what your rights are with respect to your information; and how and where you can file a privacy-related complaint.
- How we will use and disclose your protected health information
We are required by law to disclose your protected health information to you in most circumstances upon your request. We are required by law to disclose your protected health information when required by the Secretary of Health and Human Services or the Secretary’s designee to investigate or determine our compliance with HIPAA.Here are examples of the types of use and disclosure of your protected health information that we may make. Other uses and disclosures may be made to the extent permitted or required by law: Treatment: We may use and disclose your protected health information to provide, coordinate, or manage your health care and any related services, including with a third party and for treatment activities of another health care provider. This may include talking with and writing to other health care providers, inside and outside of our organization, about your treatment, and coordinating and managing your health care with others. Payment: We may use and disclose your protected health information to get or give reimbursement for the provision of health care to you. This means we may use and disclose your protected health information to get paid (including determining eligibility, preparing bills and managing accounts). We may also give your protected health information to others (such as insurers, utilization reviewers, collection agencies, consumer reporting agencies, and lawyers) for payment purposes, and to a health plan covered by the Privacy Rule or a health care clearinghouse or another health care provider for that provider’s payment activities. Sometimes we may give your protected health information to an insurance plan before you receive certain health care services, because we need to know whether the insurance plan will pay for a service. Health care operations: We may use and disclose your protected health information in performing many business activities, called health care operations. For example, we may use or disclose your protected health information when we:
- Conduct quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines;
- Review the competence or qualifications of health care professionals, and evaluate practitioner and provider performance;
- Conduct training programs in which students, trainees, or practitioners in areas of health care learn under supervision to practice or improve their skills;
- Accreditation, certification, licensing, and credentialing activities;
Note: for the preceding four purposes, and for the purpose of health care fraud and abuse detection or compliance, we may also disclose your protected health information to a health plan covered by the Privacy Rule, to a health care clearinghouse, or to another covered health care provider, for their health care operations, if the recipient has or had a relationship with you, and the information pertains to such relationship.
- Medical review, legal and auditing functions, including compliance programs, business planning and development, business management, and general administrative activities; Persons involved in your care: We may disclose protected health information directly relevant to your care or payment related to your care to a family member, other relatives, or close personal friend, or any other person you identify. We may also, in general, use or disclose your protected health information to tell, or assist in telling (including identifying or finding) your personal representative, or another person responsible for your care, of your location, general condition or death. You can tell us, before such uses or disclosures, that they are or are not acceptable to you.If you are not present or could not tell us whether such uses or disclosures are okay, we can, in the exercise of our professional judgment, decide whether such uses or disclosures are in your best interests and directly relevant to the person’s involvement with your health care. We may also use or disclose your protected health information for disaster relief purposes. Organization directories: Unless you tell us not to, we may use your name, your room number, your general condition (without specific medical information) and your religious affiliation, to maintain an organization directory. We may disclose this directory information to members of the clergy and (except for religious affiliation) to individuals who ask for you by name. You have the right to opt out if you do not want your information disclosed for directory purposes. Notify us in writing of your decision to opt out and we will honor your request. Required by law: We will use or disclose your protected health information if our use or disclosure is required by and is limited to the relevant requirements of law. There are many Massachusetts and other state and federal laws that may require the use or disclosure of protected health information. For example, Massachusetts law requires us to report known or suspected abuse or neglect to the Department of Public Health. National and other priority use and disclosure: When required or permitted by law, we may use or disclose protected health information about you without your permission for some activities that are recognized as national priorities. In other words, the government says that sometimes it is so important to disclose protected health information that it is okay to disclose the information without your permission, when we are permitted or required to do so by law. Here are descriptions of some national priority activities with respect to which disclosures without your authorization may be recognized by law: threat to health or safety; public health activities; national security or intelligence; abuse, neglect or domestic violence; health oversight activities; correctional institutions; organ and tissue donation; United States Food and Drug Administration adverse events and oversight; court proceedings and law enforcement; coroners, medical examiner, and funeral directors; workers’ compensation; and certain government functions, such as military and veterans’ activities and national security and intelligence activities. Authorization: Other than the uses and disclosures described in this Notice and may otherwise be permitted or required by law, we will not use or disclose your protected health information without your, or your personal representative’s, written and dated authorization. Sometimes we may want to use or disclose your protected health information and we may ask – but not require – that you sign an authorization. We will give you a copy of your signed authorization. Sometimes you may ask us to disclose protected health information and we will ask you that you first sign an authorization.If you sign an authorization permitting us to use or disclose your protected health information, you may cancel your authorization in writing (except in very limited circumstances related to obtaining insurance coverage). If you want to cancel your you should tell us in writing that you revoke your authorization or you should fill out an Authorization Revocation Form, which you can get from our Medical Records Manager. If you cancel your authorization, we will follow your instructions, except to the extent that we have already acted in reliance upon your authorization.Because we don’t do all of our health care activities and functions by ourselves, we need help from our business associates who are not members of our workforce. In general, we are allowed to share your protected health information with our business associates, so long as we get satisfactory assurances from them in writing that they will safeguard the information. We don’t need your authorization to share your information with our business associates.We may also give you appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you, without your authorization. Special Uses and Disclosures Requiring Authorization: In general, Massachusetts or federal laws require that we obtain your written authorization before using or disclosing your information about genetic testing or genetic test results, HIV testing or test results, drug, alcohol and other substance abuse rehabilitation treatment programs, treatment for venereal or other sexually transmitted diseases (except legally required disclosures to public health officials), certain information that is legally privileged, psychotherapy notes (except sharing with your therapist), marketing and the sale of protected health information.
- You have these rights with respect to your protected health information, A right to a copy of this Notice: You have a right to have a paper copy of our Notice of Privacy Practices at any time. In addition, a copy of this Notice is posted in our common area and on our website. A right of access to inspect and copy your protected health information: You have the right to see, review and get a copy of your protected health information that we keep in certain groups of records. If you want to see or get a copy of your protected health information, ask us or write to us, or fill out our Access Request Form available from our Medical Records Manager. If you want a copy of your information, we may charge you a reasonable fee to cover the costs of the copying. If your medical information is maintained in an electronic health record, you also have the right to request that an electronic copy of your record be sent to you or to another individual or entity. We may charge you a reasonable cost based fee limited to the labor costs associated with transmitting the electronic health record. We may be able to provide you with a summary or explanation of the information. Ask our Medical Records Manager if you want to know more about these services and any possible additional fees. A right to ask us to amend your protected health information: You have the right to ask us to amend your protected health information that we keep in certain groups of records. If you believe that our information is either inaccurate or incomplete, we may amend the information (if we agree with you) and tell others who have copies of the inaccurate or incomplete information about the amendment. If you want us to amend your information, ask us or fill out our Amendment Request Form available from our Medical Records Manager, and explain why you want us to amend your information. If we are unable, we will tell you why in writing. You can tell us why you disagree, and we will share your disagreement whenever we disclose the information. A right to an accounting of certain disclosures: You have the right to an accounting (which means a detailed listing) of certain disclosures that we made for the previous six (6) years. If you want an accounting, you may write to us or fill out an Accounting Request Form available from our Medical Records Manager.Our accounting will not include certain disclosures, including disclosures for treatment, payment or health care operations, disclosures to you or your personal representative, or disclosures authorized by you or your personal representative. If you ask for an accounting more than once every twelve (12) months, we may charge you a fee to cover the costs of the accounting. A right to request restrictions on uses and disclosures: You have the right to ask that we restrict the use and disclosure of your protected health information to carry out treatment, payment or health care operations. In general, we don’t have to say yes to your request. If we say yes, we must follow the restrictions we agree to (except if information is needed for emergency treatment). If you paid out-of-pocket for a specific item or service, you have the right to request that medical information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we are required to honor that request. You may cancel your restrictions at any time. We may cancel a restriction at any time, so long as we tell you about the cancellation and continue to apply the restriction to information collected before the cancellation. A right to request an alternative method of contact or communication: You have the right to ask to be contacted at a different location or in a different way. For example, you may want to have all written information mailed to your work address instead of to your home address or to one relative rather than another. We will agree to any reasonable request for other ways of contacting you. If you would like to ask for another way of being contacted, please submit your request in writing to our Medical Records Manager.Email – We can contact you or your representative by email if you request. Please be aware that email may compromise the security and privacy of your protected health information. Right to Receive Notice of a Breach: We are required to notify you by first class mail or by e-mail (if you have indicated a preference to receive information by e-mail), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than sixty (60) days following the discovery of the breach. “Unsecured Protected Health Information” is information that is not secured through the use of a technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the Protected Health Information unusable, unreadable, and undecipherable to unauthorized users. The notice is required to include the following information:
- a brief description of what happened, including the date of the breach and the date of its discovery, if known;
- a description of the type of Unsecured Protected Health Information involved in the breach;
- steps you should take to protect yourself from potential harm resulting from the breach;
- a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches;
- contact information, including a toll-free telephone number, e-mail address, Web site or postal address to permit you to ask questions or obtain additional information.In the event the breach involves 10 or more residents whose contact information is out of date we will post a notice of the breach on the home page of our Web site or in a major print or broadcast media. If the breach involves more than 500 residents in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 residents, we are required to immediately notify the Secretary. We also are required to submit an annual report to the Secretary of a breach that involved less than 500 residents during the year and will maintain a written log of breaches involving less than 500 residents.
- How you may file a privacy-related complaintIf you believe that your privacy rights set out in this Notice have been violated or you believe we are not complying with the HIPAA Privacy Rule, we urge you to tell our Director of Nursing or Administrator as soon as possible. You may file a complaint with us or with the federal government. There will be no retaliation for filing a complaint.To file a complaint with us, you may contact us at time. To file a complaint with the federal government, send your complaint to:Office for Civil Rights U. S. Department Health and Human Services
J. F. Kennedy Federal Building – Room 1875
Boston, Massachusetts 02203
Phone (800) 368-1019
Fax (617) 565-3809
TDD (800) 537-7697
Please know that a complaint filed with the Office for Civil Rights must be filed within 180 days of when you knew or should have known of the act or omission believed to be in violation, unless this time limit is waived by the government.