Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Premise Health Holding Corp, on behalf of its affiliates and professional associations, corporations, or similarly structured professional organizations with whom it has a managed services agreement is required by law to maintain the privacy of Protected Health Information (“PHI”) and to provide you with notice of our legal duties and privacy practices with respect to PHI. References to “Premise Health”, “we”, “us”, and “our” include the employees and workforce members of Premise Health Holding Corp who are involved in providing and coordinating health care. We are all bound to follow the terms of this Notice of Privacy Practices (“Notice”).
The Notice is also being posted on our website and will be available at our facilities and locations where you receive health care products and services from us. Upon request, we will provide additional copies of any Notice to you. We reserve the right to change our practices and any such change(s) will be published in an updated Notice, which will be provided to you when you obtain care.
How We May Use and Disclose Your PHI
PHI is information in verbal, paper, or electronic format which may identify you and that relates to your past, present or future physical or mental health or condition, the provision of health care products or services to you, or payment for such services.
The following categories describe different ways that we use and disclose your PHI. We have provided you with examples in certain categories; however, not every permissible use or disclosure will be listed in this Notice. Note that some types of PHI, such as HIV information, genetic information, alcohol and/or substance abuse records, and mental health records may be subject to special confidentiality protections under applicable state or federal law and we will abide by these special protections.
I. Uses and Disclosures of PHI That Do Not Require Your Prior Authorization
Except where prohibited by federal or state laws that require special privacy protections, we may use and disclose your PHI for treatment, payment and healthcare operations without your prior authorization as follows:
Treatment. We may use and disclose your PHI to provide and coordinate the treatment, medications and services you receive. For example, we may use your PHI to diagnose your health condition and to provide you with health care services. We may disclose your PHI to pharmacists, doctors, nurses, technicians and other personnel involved in your health care. We may also disclose your PHI with other third parties, such as hospitals, pharmacies and other health care facilities and agencies to facilitate the provision of health care services, medications, equipment and supplies you may need. This helps to coordinate your care and make sure that everyone who is involved in your care has the information that they need about you to meet your health care needs. We may share your information with other providers through our electronic medical records system. This system allows both in person and telehealth services to ensure a complete record for review and facilitation of your treatment.
We may share information that we obtain or create about you with other health care providers, other health care entities, such as your health plan or health insurer, as permitted by law, and through Health Information Exchanges (HIEs) in which we participate. For example, information about your past medical care and current medical conditions and medications can be available to us or to your non- Premise Health providers, including Emergency Rooms, for example, if they participate in the HIE. Exchange of health information can provide fast access, better coordination of care and assist providers and public health officials in making more informed decisions. In certain circumstances, you may have the right to opt-out of such information sharing. If you wish to opt-out, please request the form from your local provider. For states in which an opt-in to the HIE is required, you have been provided with paperwork to opt-in. You have the right to change your mind and may opt-out at any time by contacting the Health Center manager. If you change your mind, you can opt back in again.
Payment. We may use and disclose your PHI to obtain payment for the health care products and services that we provide to you and for other payment activities related to the services that we provide. For example, we may contact your insurer, pharmacy benefit manager or other health care payor to determine whether it will pay for health care products and services you need and to determine the amount of your co-payment. We will bill you or a third-party payor for the cost of health care products and services we provide to you. The information on or accompanying the bill may include information that identifies you, as well as information about the services that were provided to you or the medications you are taking. We may also disclose your PHI to other third-party health care providers or HIPAA covered entities who may need it for their payment activities.
Health Care Operations. We may use and disclose your PHI for our health care operations. Health care operations are activities necessary for us to operate our health care business. For example, we may use your PHI to monitor the performance of the health care providers and staff providing treatment to you. We may use your PHI as part of our efforts to continually improve the quality and effectiveness of the health care products and services we provide. We may also analyze PHI to improve the quality and efficiency of health care, for example, to assess and improve outcomes for health care conditions. We may disclose your PHI to other HIPAA covered entities that have provided services to you so that they can improve the quality and effectiveness of the health care services that they provide. We may use your PHI to create de-identified data, which is stripped of your identifiable data and no longer identifies you.
We may also use and disclose your PHI without your prior authorization for the following purposes:
Business Associates. We may contract with third parties to perform certain services for us, such as billing services, copy services or consulting services. These third-party service providers, referred to as Business Associates, may need to access your PHI to perform services for us. They are required by contract and law to protect your PHI and only use and disclose it as necessary to perform their services for us.
To Communicate with Individuals Involved in Your Care or Payment for Your Care. We may disclose to a family member, other relative, close friend, or any other person if directly relevant to that person’s involvement in your care or payment related to your care. Additionally, we may disclose PHI to your “personal representative.” If a person has the authority by law to make health care decisions for you, we will generally regard that person as your “personal representative” and treat him or her the same way we would treat you with respect to your PHI.
Food and Drug Administration (“FDA”). We may disclose to persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacement.
Worker’s Compensation. To the extent necessary to comply with law, we may disclose your PHI to worker’s compensation or other similar programs established by law.
Employers. Where the provision of healthcare comes as result of employer sponsorship, such as pre-employment physicals, work-readiness determination, occupational health, biometric / wellness and/or similar assessments, we may disclose PHI, including record of your participation, to the employer-sponsor or their designee. If you do not want us to make such disclosures, you have the right to refuse. However, refusal may preclude you from the assessment itself, or related participation-dependent employer incentives.
Public Health. We may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability, including the FDA. In certain circumstances, we may also report work-related illnesses and injuries to employers for workplace safety purposes.
Law Enforcement. We may disclose your PHI for law enforcement purposes as required or permitted by law – for example, in response to a subpoena or court order, in response to a request from law enforcement, and to report limited information in certain circumstances.
As Required by Law. We will disclose your PHI when required to do so by federal, state or local law.
Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs and compliance with civil rights laws.
Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.
Coroners, Medical Examiners and Funeral Directors. We may release your PHI to coroners or medical examiners so that they can carry out their duties. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties. The HIPAA Privacy Protections do not apply to your PHI 50 years after death.
Organ or Tissue Procurement Organizations. Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for tissue donation and transplant.
Notification. We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.
Disaster Relief. We may use and disclose your PHI to organizations for purposes of disaster relief efforts. We may share your PHI with the American Red Cross or another similar federal, state, or local disaster relief agency or authority, to help the agency locate persons affected by the disaster.
Correctional Institution. If you are or become an inmate of a correctional institution, we may disclose to the institution, or its agents, PHI necessary for your health and the health and safety of other individuals.
Fundraising. Premise Health does not engage in fundraising. However, we advise that, should fundraising be undertaken, you can “opt-out” of such communications by contacting the Privacy Officer.
To Avert a Serious Threat to Health or Safety. As required by law and standards of ethical conduct and if we believe in good faith, we may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Military and Veterans. If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
National Security, Intelligence Activities, and Protective Services for the President and Others. We may release PHI about you to federal officials for intelligence, counterintelligence, protection of the President, and other national security activities authorized by law.
Victims of Abuse or Neglect. We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.
II. Uses and Disclosures of PHI that Require Your Prior Authorization.
Specific Uses or Disclosures Requiring Authorization. We will obtain your written authorization for the use or disclosure of psychotherapy notes, use or disclosure of PHI for marketing, and for the sale of PHI, except in limited circumstances where applicable law allows such uses or disclosure without your authorization.
Other Uses and Disclosures. We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice or otherwise permitted by law. You may revoke an authorization in writing at any time by contacting the Privacy Officer. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already acted in reliance on the authorization.
Your Health Information Rights:
Obtain a paper copy of the Notice upon request. You may request a copy of our current Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. You may obtain a paper copy at the site where you obtain health care services from us or by contacting the Privacy Officer.
Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use or disclosure of your PHI by sending a written request to the Privacy Officer. We are not required to agree to the restrictions, except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you, or a person on your behalf, has paid in full.
Inspect and obtain a copy of PHI. With a few exceptions, you or your personal representative have the right to access and obtain a copy of the PHI that we maintain about you. You also have a right to request a copy of your completed test results. If we maintain an electronic health record containing your PHI, you have the right to request to obtain the PHI in an electronic format. To inspect or obtain a copy of your PHI, you must send a written request to the Privacy Officer. You may ask us to send a copy of your PHI to other individuals or entities that you designate. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you may request that the denial be reviewed. We may charge you a cost-based fee which may include copying and/or mailing your health record or completed test results to you.
Request an amendment of PHI. If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send a written request to the Privacy Officer. You must include a reason that supports your request. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it.
Receive an accounting of disclosures of PHI. Except for certain disclosures, you have a right to receive a list of the disclosures we have made of your PHI, in the six years prior to the date of your request, to individuals or entities other than you. To request an accounting, you must submit a request in writing to the Privacy Officer. Your request must specify a period. If you request a record of disclosures more than once per year, we may charge a fee for providing the list.
Request communications of PHI by alternative means or at alternative locations. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For instance, you may request that we contact you at a different residence or post office box, or via e-mail or other electronic means. Please note if you choose to receive communications from us via e-mail or other electronic means, those may not be a secure means of communication and your PHI that may be contained in our e-mails to you will not be encrypted. This means that there is risk that your PHI in the e-mails may be intercepted and read by, or disclosed to, unauthorized third parties. To request confidential communication of your PHI, you must submit a request in writing to the Privacy Officer. Your request must tell us how or where you would like to be contacted. We will accommodate all reasonable requests. However, if we are unable to contact you using the ways or locations you have requested, we may contact you using the information we have.
Notification of a Breach. You have a right to be notified following a breach of your unsecured PHI, and we will notify you in accordance with applicable law.
Where to obtain forms for submitting written requests. You may obtain forms for submitting written requests by contacting the Privacy Office at 5500 Maryland Way, Brentwood, TN 37027, or by telephone at (615) 628-9317.
For More Information or to Report a Problem
If you have questions or would like additional information about our privacy practices, you may contact the Privacy Officer at 5500 Maryland Way, Brentwood TN 37027 or by telephone at (615) 628-9317. If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer or with the Secretary of Health and Human Services. There will be no retaliation for filing a complaint.
This Revised Notice is effective as of February 1, 2018.