HIPAA Notice of Privacy Practices
In compliance with HIPAA - The Health Insurance Portability and Accountability Act of 1996
If you are a client of Dunwoody Homecare, this notice describes how your medical information may be used and disclosed and how you can get access to this information. Please review this notice carefully.
I. USES AND DISCLOSURES
The Agency will not disclose your health information without your authorization, except as described in this notice.
Plan of Care/Treatment. The Agency will use your health information for the plan of care/treatment; for example, information obtained by a nurse/therapist will be recorded in your record and used to determine the course of treatment. Your nurse/therapist and other health care professionals will communicate with one another personally and through the case record to coordinate care provided. You may receive more than one service (program) during your treatment period with such information shared between programs.
Payment. The Agency will use your health information for payment for services rendered. For example, the Agency may be required by your health insurer to provide information regarding your health care status so that the insurer will reimburse you or the Agency. The Agency may also need to obtain prior approval from your insurer and may need to explain to the insurer your need for home care and the services that will be provided to you.
Health Care Operations. The Agency will use your health information for health care operations. For example, Agency therapist, nurses, field staff, supervisors and support staff may use information in your case record to assess the care and outcomes of your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of services we provide. Regulatory and accrediting organizations may review your case record to ensure compliance with their requirements.
Notification. In an emergency, the Agency may use or disclose health information to notify or assist in notifying a family member, personal representative or another person responsible for your care, of your location and general condition.
Workers' Compensation. The Agency may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to workers´ compensation or other similar programs established by the law.
Public Health. As required by federal and state law, the Agency may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury or disability.
Law Enforcement. As required by federal and state law, the Agency will notify authorities of alleged abuse/neglect; and risk or threat of harm to self or others. We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena.
Charges against the Agency. In the event you should file suit against the Agency, the Agency may disclose health information necessary to defend such action.
Duty to Warn. When a client communicates to the Agency a serious threat of physical violence against himself, herself or a reasonably identifiable victim or victims, the Agency will notify either the threatened person(s) and/or law enforcement.
The Agency may also contact you about appointment reminders, treatment alternatives or for public relations activities.
In any other situation, the Agency will request your written authorization before using or disclosing any identifiable health information about you. If you choose to sign such authorization to disclose information, you can revoke that authorization to stop any future uses and disclosures.
II. INDIVIDUAL RIGHTS
You have the following rights with respect to your protected health information:
1. You may request in writing that the Agency not use or disclose your information for treatment, payment or administration purposes or to persons involved in your care except when specifically authorized by you, when required by law, or in emergency situations. The Agency will consider your request; however, the Agency is not legally required to accept it. You have the right to request that your health information be communicated to you in a confidential manner such as sending mail to an address other than your home. Patients may request a copy of their electronic medical record in an electronic form. The Agency will charge you a reasonable amount, as allowed by statute for providing a copy of the electronic medical record.
2. Within the limits of the statutes and regulations, you have the right to inspect and copy your protected health information. If you request copies, the Agency will charge you a reasonable amount, as allowed by statute.
3. If you believe that information in your record is incorrect or if important information is missing, you have the right to submit a request to the Agency to amend your protected health information by correcting the existing information or adding the missing information.
4. You have the right to receive an accounting of disclosures of your protected health information made by the Agency for certain reasons, including reason related to public purposes authorized by law and certain research. The request for an accounting must be made in writing to Privacy Officer. The request should specify the time period for the accounting starting on or after April 14, 2003. Accounting request may not be made for periods of time in excess of six (6) years. The Agency would provide the first accounting you request during any 12-month period without charge. Subsequent accounting request may be subject to a reasonable cost based fee.
5. If this notice was sent to you electronically, you may obtain a paper copy of the notice upon request to the Agency.
6. When patients pay by cash they can instruct this agency not to share information about their treatment with their health plan/ insurance provider.
7. This agency will not disclose genetic information.
8. This agency will not use patient information for the purpose of fundraising or marketing. This agency will not sale patient health information.
III. AGENCY´S DUTIES
1. The Agency is required by law to maintain the privacy of protected health information and to provide individuals with notice of its legal duties and privacy practices with respect to protected health information.
2. The Agency is required to abide by the terms of this Notice of its duties and privacy practices. The Agency is required to abide by the terms of this Notice as may be amended from time to time.
3. The Agency reserves the right to change the terms of this Notice and to make the new Notice provisions effective for all protected health information that it maintains. Prior to making any significant changes in our policies, Agency will change its Notice and provide you with a copy. You can also request a copy of our Notice at any time. For more information about our privacy practices, please contact the office 610-359-4503.
4. It is the duty of this agency to notify the patient of a breach of their protected health information. This agency will notify the patient within 15 business days of discovery of any breach in the patients protected health information. Notification will occur regardless of whether the breach was accidental or if a business associate was the cause. A “breach” of PHI is any unauthorized access, use or disclosure of unsecured PHI, unless a risk assessment is performed that indicates there is a low probability that the PHI has been compromised. The risk assessment must be performed after both improper uses and disclosures, and include the nature and extent of the PHI involved, a list of unauthorized persons who used or received the PHI, if the PHI was in fact acquired or viewed, and the degree of mitigation. This agency and if any business associate was involved must consider all the following factors in assessing the probability of a breach:
- the nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification;
- the unauthorized person who used the protected health information or to whom the disclosure was made;
- whether the protected health information was actually acquired or viewed; and
- the extent to which the risk to the protected health information has been mitigated.
“Unsecured” protected health information means protected health information that is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology.
5. If the breach is determined to have no or low probability of risk to the patient then the patient will not be notified. Any other risk factor requires the agency to notify the patient in writing within 15 business days of the conclusion of the determination.
If you are concerned that the Agency has violated your privacy rights, or you disagree with a decision the Agency made about access to your records, you may contact the office at 610-359-4503. You may also send a written complaint to the Federal Department of Health and Human Services. The Dunwoody at Home office staff can provide you with the appropriate address upon request. Under no circumstances will you be retaliated against for filing a complaint.
V. CONTACT INFORMATION
The Agency is required by law to protect the privacy of your information, provide this Notice about our information practices, and follow the information practices that are described in this Notice.
If you have any questions or complaints, please contact the Agency President.
You may contact at this person at:
3500 West Chester Pike
Newtown Square, PA 19073
Complaints my also be directed to State Licensing Authority without fear of retaliation.
Pennsylvania Department of Health
Division of Home Health
132 Kline Plaza, Suite A
Harrisburg, PA 17104-1579
Phone: (717) 783-1379
Fax: (717) 772-0232
You may also contact the Ombudsman:
Office of the State Long-Term Care Ombudsman
Pennsylvania Department of Aging
555 Walnut Street, 5th floor
Harrisburg, Pa. 17101-1919