Notice of Privacy Practices
Effective Date: March 19, 2018
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (“Notice”) describes how we, U.S. Acute Care Solutions (“USACS”), use or disclose your protected health information (“PHI”). PHI is information that identifies you and relates to health care services, the payment of health care services or your physical or mental health or condition, in the past, present or future. This Notice applies to all the PHI created and/or maintained by USACS in your record, including any information that we receive from other health care providers or facilities. This notice also describes your rights to access and control your PHI.
OUR PRIVACY PRACTICES
Federal law requires that we maintain the privacy of your PHI and provide to you this Notice of our legal duties and privacy practices. We are required to notify affected individuals following a breach of unsecured PHI. We are required to abide by the terms of this Notice, which may be amended from time to time. We reserve the right to change the terms of this Notice and to make the new Notice provisions effective for all PHI that we maintain. We will promptly revise and post this Notice whenever there is a material change to the uses or disclosures, your rights, our duties, or other practices stated in this Notice. Except when required by law, a material change to this Notice will not be implemented before the effective date of the new Notice in which the material change is reflected.
Most USACS medical providers and entities participate in Organized Health Care Arrangements (“OHCA”) at the hospitals or facilities where they practice and operate. OHCAs are made up of the various physicians and other health care providers who provide you with medical care and treatment while you are at the emergency department, hospital and/or other medical facility.
Each of these OHCAs maintains a Joint Notice of Privacy Practices, which is like USACS’s Notice. The Joint Notice of Privacy Practices describes the ways in which the members of the OHCA may use or disclose your PHI, and it describes your rights with respect to that information. Absent an emergent situation, a hospital or facility staff member will provide you or your personal representative with a copy of the Joint Notice of Privacy Practices at the time of registration.
USES AND DISCLOSURES OF YOUR PHI
Uses and Disclosures for Treatment, Payment and Health Care Operations
USACS may use and disclose your PHI to provide Treatment, to obtain Payment for your treatment, and to perform Health Care Operations. These three terms are defined and examples provided below:
- For Treatment. USACS and its health care providers may use and disclose your PHI to provide medical care and other services to treat you. For example, doctors, nurses and other health care professionals involved in your care will use information in your medical record and information that you provide about your symptoms to plan a course of treatment for you that may include procedures, medications, lab tests, x-rays, etc. USACS may also disclose your PHI to another health care provider, or to a health care professional who is not a member of our group, or affiliated in an OHCA but who is or will be providing treatment to you. For instance, your personal physician or a subsequent health care provider may receive information from us to assist him or her in treating you once you are discharged from the emergency department, hospital, and/or other medical facility.
- To Obtain or Provide Payment. USACS may use and disclose your PHI as necessary for USACS to process your medical bill and receive payment for the professional services provided to you. USACS may seek payment from you, an insurance company, or another third party for the health care services you received. For instance, USACS may forward information regarding your medical treatment to your insurance company to arrange payment for the services provided to you, or may use your information to prepare a bill to send to you or the person responsible for your payment.
- To Conduct Healthcare Operations. USACS may use and disclose your PHI as necessary, and as permitted and/or limited by law, for its own health care operations, which includes, but is not limited to: clinical improvement, professional peer review, business management, accreditation and licensing, and accounting and legal services. For example, USACS may use or disclose your PHI for purposes of improving the clinical treatment and care of patients. If USACS participates in an OHCA at the hospital or facility where you received medical care from us, USACS may also disclose your PHI to other members of the OHCA for such things as quality assurance and case management, but only if that hospital or facility also has or had a patient relationship with you.
- Family and Friends Involved in Your Care. As permitted or limited by law, USACS may disclose to a family member, other relative, or close friend, PHI directly relevant to such person’s involvement with your health care or payment related to your health care. This is to help these individuals care for you or make payments for your care. If you are unavailable, incapacitated or facing an emergency medical situation, USACS may determine that a limited disclosure is in your best interest. In this case, USACS may share limited PHI with such individuals without your approval or consent. USACS is also permitted to disclose limited PHI to a public or private entity that is authorized to assist in disaster relief efforts so that entity may locate a family member or other persons that may be involved in some aspect of caring for you.
- Business Associates. Certain aspects of USACS’s business operations may be performed through contracts with outside persons or organizations. These may include electronic billing, auditing, legal and other services. At times, it may be necessary for us to provide your PHI to one or more of these outside persons or organizations. In all cases, we require these business associates to contract with us and promise us that they have appropriate safeguards in place to protect the privacy and security of your PHI.
Uses and Disclosures of PHI for Appointment Reminders, Treatment Alternatives, or Fundraising Activities.
USACS may use and disclose your PHI to contact you as a reminder that you have an appointment. USACS may use and disclose your PHI to advise you or recommend possible treatment options or alternatives that may be of interest to you. USACS may contact you for fundraising activities. However, you will be provided the opportunity to opt out of receiving such fundraising communications.
Disclosures You May Authorize Us to Make
USACS will not use or disclose your PHI without your written authorization, except as described in this Notice. The types of disclosures that require an Authorization are (1) any use or disclosure not permitted by law; (2) most disclosures of psychotherapy notes (private notes of a mental health professional kept separately from the medical record); (3) disclosures for marketing purposes; or (4) sale of your PHI.
You may give us written authorization to use and/or disclose your PHI to anyone for any purpose. A HIPAA-compliant authorization is available on the form section of the USACS website. You have the right to revoke the authorization in writing, unless we have already acted in reliance on the authorization. To revoke a current authorization on file at USACS, you should write to: U.S. Acute Care Solutions, Attention: Privacy Officer, 4535 Dressler Road NW, Canton, Ohio 44718.
If use, disclosure, or release of your PHI is prohibited or limited by state law, USACS will comply with applicable state law.
Other Specific Uses or Disclosures. Covered entities, such as USACS, are also permitted or required by law to make the following uses and disclosures of your PHI without your authorization:
- When Legally Required. USACS will disclose your PHI when required by any Federal, State or local law.
- In the Event of a Serious Threat to Life, Health or Safety. USACS may, consistent with applicable law and ethical standards of conduct, disclose your PHI if we, in good faith, believe that such disclosure is necessary to prevent or lessen a serious and imminent threat to your life, health or safety, or to the health and safety of the public.
- Where There Are Risks to Public Health. USACS may disclose your PHI for public activities and purposes allowed by law to prevent or control disease, injury or disability; report disease, injury, and vital events such as birth or death; conduct public health surveillance, investigations and interventions; or notify a person who has been exposed to a communicable disease or who may be at risk of contracting or spreading a disease.
- To Report Abuse, Neglect or Domestic Violence. USACS may notify government authorities if we believe you are the victim of abuse, neglect or domestic violence. USACS will make this disclosure only when required or authorized by law, or when you authorize such disclosure.
- To Conduct Health Oversight Activities. USACS may disclose your PHI to a health oversight agency for activities including audits, civil administrative or criminal investigations, inspections, licensure or disciplinary action. However, USACS may not disclose your PHI if you are the subject of an investigation and your PHI is not directly related to your receipt of health care or public benefits.
- In Connection with Judicial and Administrative Proceedings. USACS may disclose your PHI for any judicial or administrative proceeding in response to an order of a court or administrative tribunal as expressly authorized by such order, or, in response to a subpoena, discovery request or other lawful process, if we determine that reasonable efforts have been made by the party seeking the information to either notify you about the request or to secure a qualified protective order regarding your health information.
- For Law Enforcement Purposes. As permitted or required by law, USACS may disclose specific and limited PHI about you for certain law enforcement purposes.
- For Research Purposes. USACS may, under very limited circumstances, use your PHI for research. Before USACS may disclose any of your PHI for such research purposes in a way that you could be identified, the project will be subject to an extensive review and approval process.
- For Specified Government Functions. Federal regulations may require or authorize us to use or disclose your PHI to facilitate specified government functions relating to military and veterans; national security and intelligence activities; protective services for the President and others; medical suitability determinations; and inmates and law enforcement custody.
- For Workers’ Compensation. USACS may use or disclose your PHI for workers’ compensation or similar programs.
- Transfer of Information at Death. In certain circumstances, USACS may disclose your PHI to funeral directors, medical examiners, and coroners to carry out their duties consistent with applicable law.
- Organ Procurement Organizations. Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purposes of tissue donation and transplant.
Your Rights with Respect to PHI
You have the following rights regarding PHI that we maintain:
- Right to a Personal Representative. You may identify persons to us who may serve as your authorized personal representative, such as a court-appointed guardian, a properly executed and specific power-of-attorney granting such authority, a Durable Power of Attorney for Health Care if it allows such person to act when you are able to communicate on your own, or other method recognized by applicable law. We may, however, reject a personal representative if, in our professional judgment, we determine that it is not in your best interest.
- Right to Request Restrictions. You may request restrictions on certain uses and disclosures of your PHI. You have the right to request a limit on our disclosure of your PHI to someone who is involved in your care or the payment of your care. Although we will consider your request, please be aware that we are under no obligation to accept it or to abide by it unless the request concerns a disclosure of PHI to a health plan for purposes of carrying out payment or health care operations, and the PHI pertains solely to a health care service for which the provider has been paid out of pocket in full. To request such restrictions, please contact the USACS Privacy Officer at (800) 828-0898.
- Right to Receive Confidential Communications. You have the right to request that we communicate with you in a confidential manner. For example, you may ask us to conduct communications pertaining to your health information only with you privately, with no other family members present. If you wish to receive confidential communications, please contact the USACS Privacy Officer at (800) 828-0898.
- Right to Inspect and Copy Your PHI. Unless your access to your records is restricted for clear and documented treatment reasons, you have a right to see your PHI upon request. You have the right to inspect and/or copy such health information, including billing records, at a reasonable time and place. A request to inspect and copy records containing your PHI may be made to the USACS Privacy Officer at (800) 828-0898. If you request a copy of such health information, we may charge reasonable copying, processing, and personnel fees. If the PHI that is the subject of a request is maintained in one or more designated record sets electronically and if you request an electronic copy of such information, we will provide you with access to the PHI in the electronic form and format requested if readily producible in such form and format; or, if not, in a readable electronic form and format as agreed upon by us and you.
- Right to Amend Your PHI. You have the right to request that we amend your records, if you believe that your PHI is incorrect or incomplete. That request may be made as long as we maintain the information. A request for an amendment of records must be made in writing to the USACS Privacy Officer at 4535 Dressler Rd. NW, Canton, OH 44718. We may deny the request if it is not in writing, or does not include a reason for the amendment. The request also may be denied if your health information records were not created by us, if the records you are requesting are not part of our records, if the health information you wish to amend is not part of the health information you are permitted to inspect and copy, or if, in our opinion, the records containing your health information are accurate and complete. We take the position that amendments may take the form of including a written statement from you and may not include changing, defacing or destroying any necessary information related to your health care.
- Right to Know What Disclosures Have Been Made. You have the right to request an accounting of disclosures of your PHI made by us for certain reasons, including reasons related to public purposes authorized by law, and certain research. The request for an accounting must be made in writing to the USACS Privacy Officer at 4535 Dressler Rd. NW, Canton, OH 44718. The request must specify the time period for the accounting, but may not be made for periods of time more than six (6) years prior to the date on which the accounting is requested. We will provide the first accounting you request during any 12-month period without charge. Subsequent accounting requests may be subject to a reasonable, cost-based fee.
- Right to a Paper Copy of This Notice. You have a right to receive a paper copy of this Notice at any time, even if you have received this Notice previously. To obtain a paper copy, please contact the USACS Privacy Officer at (800) 828-0898.
- Right to Notice of a Breach of Certain Information. We are required to notify you by first-class mail or e-mail (if you have told us you prefer to receive information by e-mail) of a breach of your PHI. A breach is any unauthorized acquisition, access, use, or disclosure of certain categories of PHI that compromises the security or privacy of that PHI.