Notice of
Privacy Practices
VNA GROUP, INC.
Date Published:
Effective Date Of Privacy Notice:
THIS NOTICE
DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW
YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE
REVIEW THIS NOTICE CAREFULLY!
As
a patient receiving services and care, we understand you may be concerned about
how your medical and other health-related information
may be handled. That is why we, as an
organization, are committed to ensuring patient privacy and confidentiality to
you and others that we serve. That is
also why we have developed this Notice, made it available to you, and why we,
as an organization, are dedicated to abiding by the terms of the Notice, as
currently in effect. To the extent you
may have any questions or concerns relating to the matters and issues addressed
in this Notice, please do not hesitate to contact
I.
General
This Notice is drafted and provided to you, consistent with the
requirements of the privacy rules (“Privacy Rules”) of the Health Insurance
Portability and Accountability Act (“HIPAA”). As a health care provider, we are
committed to meet the requirements of the law to maintain the privacy of your
and other patients’ Protected Health Information, and to provide you with this
Notice of your legal duties and our privacy practices relating to your
Protected Health Information.
As
you may already know, the privacy rules of the Health Insurance Portability and
Accountability Act (“HIPAA”) have come into effect. The HIPAA Privacy Rules mark this nation’s
first set of comprehensive standards to ensure patient privacy and
confidentiality. We, as a health care
provider, are subject to the requirements of the HIPAA Privacy Rules. Equally, or perhaps more important, we are
committed as an organization to continually strive to act consistently with the
underlying purpose and philosophy of the HIPAA Privacy Rules – to properly
safeguard and protect from improper disclosure health information that either
identifies you or can be reasonably used to ascertain your identity, and which
is transferred or maintained to another party in electronic or other form. This information is what this Notice refers
to as “Protected Health Information”.
II.
Uses/Disclosures Related to
Treatment, Payment or Health Care Operations
The law permits us to use and/or disclose Protected Health Information
to carry out treatment, payment and other health care operations.
Treatment: An example of when we might use/disclose your
Protected Health Information for treatment/care purposes is when your
medical/health information is needed by another health care provider, such as a
hospital, to better understand your medical/health condition, properly
diagnose, care and treat you. Another
example is when we might disclose certain information about a patient to
facilitate a pharmacy’s filling that your prescription.
Payment: An example of when we might use/disclose your
Protected Health Information for payment purposes is when we disclose your
Protected Health Information to your insurance company to facilitate our
ability to receive reimbursement from that health insurance company. When we disclose information for payment
purposes, we will work to only disclose that Protected Health Information which
is minimally necessary to ensure and timely payment of claims.
Health Care
Operations: Best described, the term Health
Care Operations means those other functions and activities that we perform,
which allow us to best serve you as a health care provider. Some examples of what constitute Health Care
Operations are when we use and/or disclose your Protected Health Information
for quality assessment and improvement activities – to make us a better health
care provider to serve you. Another
example may be when we use and/or disclose Protected Health Information to
better manage our operations, such as when we share information with a Business
Associate to ensure proper accounting and record-keeping relating to our
services.
III.
Uses/Disclosures When an
Authorization is not Required
In some cases,
the law permits us to use and/or disclose Protected Health Information, without
requiring you to sign an Authorization.
In many cases, these types of uses and/or disclosures are permitted to
promote the government’s need to ensure a safe and healthy society. In other cases, the law does not require an
Authorization because it would be impracticable to require an Authorization.
The
law also permits us to use/disclose Protected Health Information for certain
specific purposes, where we are not specifically required to obtain your
advance written Authorization. Whenever
doing so, we are committed to make sure that we meet the necessary
prerequisites before using/disclosing your Protected Health Information for
those purposes, and to not use/disclose more of your Protected Health
Information than is otherwise required/permitted under
the law.
There are several types of areas
where the law permits us to use/disclose Protected Health Information in good
faith, and consistent with the requirements of the HIPAA Privacy Rules and
other laws. Sometimes, emergency
circumstances may dictate your need to use and/or disclose projected Health
Information without obtaining an Authorization, to properly treat and care for
patients.
In
other cases, the law emphasizes society’s need for disclosing Protected Health
Information, without first requiring patients to enter into an Authorization.
These types of uses/disclosures of Protected Health Information include those:
to avert communicable or spreading diseases; for public health activities; for
federal intelligence, counter-intelligence and national security purposes; to
properly assist law enforcement to carry out their duties; when a judge or
administrative tribunal order the release of such Protected Health Information;
for cadaveric organ, eye and tissue donations (where
appropriate); to help apprehend criminals; to assist armed forces personnel and
operations; for military service, veterans affairs separation/discharge
matters; for coroner/medical examiner purposes; for health oversight purposes
(such as when the government requests certain information from us); to assist
victims of abuse, neglect or domestic violence; to address work-related
illness/workplace injuries and for workers’ compensation purposes; to carry out
clinical research that involves treatment where the proper body has determined
the importance for doing so; for FDA-related purposes; for certain health and
safety purposes; for funeral/funeral director purposes; to help determine
veterans eligibility status; to protect Presidential and other high-ranking
officials; to correctional institutions/law enforcement officials acting in a
custodian capacity;.
In
addition, the law recognizes that there are certain instances where using
and/or disclosing Protected Health Information, without first requiring an
Authorization, would not unduly intrude upon a patient’s rights to privacy and
confidentiality, and where it would be too administratively burdensome to
require an Authorization. An immediate
example is when the use and/or disclosure of the Protected Health Information is made to the patient, him/herself, or to a personal
representative of the patient who the law requires to be treated as the
patient. Other types of uses/disclosures
include those made to prepare and maintain facility directories, to notify
family members and close others about a patient’s condition and/or location; or
for disaster relief purposes. In those
cases, although an Authorization is not required, we will attempt to provide
you with the opportunity to verbally or otherwise agree/object to the
use/disclosure, to the extent required by the HIPAA Privacy Rules.
IV.
Uses/Disclosures where an
Authorization is Required
For other
types of uses and/or disclosures of Protected Health Information, the law
requires us to obtain what is known as an Authorization. An Authorization can
be revoked by you at any time, as long as we have not already reasonably relied
on it to make a particular use and/or disclosure.
Some
examples of where the Authorization form would be required include when the uses/disclosures
are made to a patient’s employer for disability, fitness for duty or drug
testing purposes. Other examples include
certain types of marketing activities.
V.
Appointment Reminders and
Information on Treatment Alternatives
We may use and/or disclose your Protected
Health Information, as appropriate, for appointment reminders and to provide
you with information on potential treatment alternatives.
From
time to time, we may need to use and/or disclose your Protected Health
Information to provide you with appointment reminders or provide you with
information about treatment alternatives or other health-related benefits and
services that may be of interest to you.
VI.
Uses/Disclosures for
Fundraising Purposes
To the extent permitted by the HIPAA Privacy
Rules, we may use and/disclose
your Protected Health Information for fundraising purposes.
From
time to time, we - consistent with the limits posed by the HIPAA Privacy Rules
- may use and/or disclose your Protected Health Information. In doing so, we are committed to meeting the
requirements of the HIPAA Privacy Rules to best ensure patient privacy and
confidentiality. In some instances, you
may have the right under the HIPAA Privacy Rules to opt out of such
communications.
VII.
Your Right to Request
Additional Restrictions on the Use/Disclosure of Protected
Health
Information
You have the right to request additional
restrictions relating to the use and/or disclosure
of your Protected Health Information.
Although we are not legally required to grant such
additional restrictions, it is your right to make such a request.
As
an organization committed to recognizing patient privacy and confidentiality,
we recognize and respect your right as a patient to request additional
restrictions on how you are otherwise permitted to use and/or disclose
Protected Health Information, beyond those otherwise required under the HIPAA
Privacy Rules. This includes your right
to request confidential communications when their Protected Health Information
is involved. Please know, however, that
we are not legally required under the HIPAA Privacy Rules to agree to the
requested restriction.
VIII.
Your Right to Obtain Access to
Protected Health Information
You have the
right to obtain access to your Protected Health Information,
consistent with the provisions of the
HIPAA Privacy Rules.
You
have the right to request and obtain access to your Protected Health
Information, to the extent required by and consistent with the HIPAA Privacy
Rules. We reserve the right to deny access
to Protected Health Information that is not otherwise required to be given
under the HIPAA Privacy Rules or other applicable law.
We
reserve the right to charge you a reasonable, cost-based fee for copying
(including the cost of supplies and labor) any Protected Health Information
required to be copied to adequately respond to your access request, as well as
any postage costs and costs associated with preparing an explanation or summary
for the Protected Health Information necessary to adequately respond to your
access request (unless otherwise precluded by applicable State or other law).
IX.
Your Right to Amend
Protected Health Information
You have the right to amend your Protected
Health Information, to the extent permitted and consistent with the provisions
of the HIPAA Privacy Rules.
You
have the right to request that we amend your Protected Health Information, to
the extent of and consistent with the HIPAA Privacy Rules. Please note that we reserve the right to,
among other things, deny requests for amendments that are not required to be
granted under the HIPAA Privacy Rules, including when the Protected Health
Information at issue is accurate and complete.
X.
Your Right to an Accounting of
Disclosures of Protected Health Information
You have the right to an accounting of
disclosures of your Protected Health Information, to the extent permitted and
consistent with the provisions of the HIPAA Privacy Rules.
You
have the right to request and obtain a proper accounting of disclosures we have
made of your Protected Health Information, consistent with the requirements of
the HIPAA Privacy Rules. Please note
that, under this section, we reserve the right to, among other things, limit
any such accountings to disclosures made after the compliance date of the HIPAA
Privacy Rules, as well as deny accounting requests that are otherwise not
required under the HIPAA Privacy Rules.
In
providing you with an accounting of your Protected Health Information, we
reserve the right to charge you a reasonable, cost-based fee in connection with
any second or other subsequent accounting request you may make during a twelve
(12) month period. In reserving the
right to charge you such fees, you should note that you have the opportunity to
withdraw or modify any such second or other such accounting request made during
that twelve (12) month period, to permit you to avoid/reduce the fees charged.
XI.
Your Right to Obtain a Paper
Copy of this Notice
You have the right to obtain a paper copy of
this Notice.
You
have the right to obtain a paper copy of
this Notice. If you do not already have
a paper copy of this Notice, please do not hesitate to contact
XII.
Your Right to Complain about
how your Protected Health Information is Handled
We recognize
and respect your right to file a complaint against us, if you believe in good
faith
that we have violated
your privacy rights, including under the HIPAA Privacy Rules. We do not retaliate against persons who file
such complaints either with us or with the United States Department of Health
and Human Services Office of Civil Rights.
You have the right to complain to us about how
we handle your Protected Health Information, including if you believe in good
faith that we may have violated your privacy rights under the law. To register a complaint with us, you may
write, call or request to see
We
do not have a rigid set of requirements for you to file a complaint. Rather, we simply as that you provide us with
the necessary information to properly and timely follow-up on your
concerns/complaint, so that we may be able to address it in the most proactive
and effective manner.
In
addition, if you believe we have not been attentive and have violated your
privacy rights, you also have the right to contact the United States Department
of Health and Human Services (“HHS”) about us.
The office within HHS responsible for processing and reviewing
complaints relating to the HIPAA Privacy Rules, and for enforcing the HIPAA
Privacy Rules is the HHS Office of Civil Rights (“OCR”).
You
may contact the HHS OCR about any complaints you have, as follows: Medical
Privacy, Complaint Division, Office of Civil Rights, United States Department
of Health and Human Services, 200 Independence Avenue, S.W., Room 509F, HHH
Building, Washington, D.C. 20201; Voice Hotline Number (800) 368-1019; Internet
Address www.hhs.gov/ocr.
We
again emphasize that it is against our policies and procedures to retaliate
against any patient who has filed a privacy complaint, either with us or the
HHS OCR. Should you believe that you
might have been retaliated against in any way, upon your filing a complaint
with us or the HHS OCR, please immediately contact the organizations Chief
Compliance Officer, so that we may properly address that issue for you.
XIII.
Changes to the Terms of our
Notice of Privacy Practices
We
reserve the right to change the terms of our Notice of Privacy Practices at any
time and to make the new notice provisions effective for all protected health
information that we maintain, including that created or received by us prior to
the effective date of the new notice.
XIV.
Contact Information
Should
you have any questions, concerns or issues relating to the topics covered in
this Notice, we have established a specific contact person/office for you to
contact. In addition, we have also
designated a person/office to receive and properly handle any privacy
complaints you have, including where you in good faith believe that we have
violated your privacy rights under the HIPAA Privacy Rules.
You
may contact the following person/office in the event you may have any
questions, concerns or issues relating to the matters addressed in this Notice,
or to file any complaints you may have on how we handle your Protected Health
Information, including if you believe in good faith that we might have violated
your privacy rights under the HIPAA Privacy Rules. All complaints should be submitted in
writing.
The
person/office we have designated to receive, process and properly follow-up on
your complaint is:
Phyllis Gallagher
Privacy Officer
VNA Home Health Systems
Phone: 949-263-4700
Fax: 949-263-4809
Changes to this Notice
VNA
Group, Inc. may change the terms of this Notice of Privacy Practices at any
time. If the terms of the Notice are changed, the new terms will apply to all
of your health information, whether created or received by VNA Group, Inc.
before or after the date on which the Notice is changed. We will notify you of
changes to this Notice by mailing you a copy of the new Notice within 60 days
of the date on which it becomes effective.