top of page

Aviso de prácticas de privacidad

POLICY

This notice describes how medical information about you may be used and disclosed and how you can get access to this information.

FORMS:

Notice of Privacy Practices and Acknowledgement of Receipt

 

PROCEDURE:

This Notice describes the practices of BHRAGS Home Care relating to your medical information and the practices of:

  • any health care professional authorized to enter information into your medical record; 

  • all departments and units of the organization; 

  • all employees, volunteers, staff of the organization and other agency personnel; 

  • any other entities, sites and locations that have agreed to participate with the organization as part of an organized health care arrangement for purposes of complying with the Health Insurance Portability and Accountability Act of 1996 and regulations passed there under, commonly known as HIPAA. A complete list of these entities, sites and locations is provided at the end of this Notice, although this list may change from time to time. In addition, these entities, sites and locations may share medical information with each other for purposes of treatment, payment and certain health care operations related to the organized health care arrangement. 

 

USES OR DISCLOSURES OF YOUR MEDICAL INFORMATION

The organization understands that medical information about you and your health is personal. Provider is committed to protecting your medical information. Provider will create a record of the care and services you receive from Provider. This record is necessary in order to provide you with quality care and to comply with legal requirements. This Notice applies to all of the records of your care generated by the organization or on agency premises.

This Notice will tell you about the ways in which the organization may use and disclose your medical information. This Notice also describes your rights and certain obligations of the organization regarding the use and disclosure of your medical information.

The organization is required by HIPAA and the Mega Rule to:

  • patients have the right to be notified of a data breach;

  • PHI authorization for:

    • Psychotherapy notes (where appropriate)

    • Use and disclosure for Marketing purposes

    • Sale of PHI

  • maintain the privacy of your medical information in compliance with legal requirements; 

  • give you this Notice of the organization legal duties and privacy practices with respect to your medical information; and 

  • follow the terms of this Notice that are currently in effect. 

 

Generally, the organization may not use or disclose your medical information without your permission, except as otherwise permitted under HIPAA or other applicable law. Further, once your permission has been obtained, the organization must use or disclose your medical information in accordance with the specific terms of your permission. The following are the circumstances under which the organization is permitted by law to use or disclose your medical information. 

USE OR DISCLOSURE OF YOUR MEDICAL INFORMATION WITHOUT YOUR AUTHORIZATION

Without your authorization, HIPAA allows the organization to use or disclose your medical information in order to provide you with services and the treatment you require or request, or to collect payment for those services, and to conduct other related health care operations otherwise permitted or required by law. Also, the organization is permitted to disclose your medical information within and among its workforce and other entities that have agreed to be bound by these policies in order to accomplish these same purposes. However, even with your authorization, the organization is still required to limit such uses or disclosures to the minimal amount of medical information that is reasonably required to provide those services or complete those activities.

The following categories describe different ways that the organization uses and discloses medical information. For each category of uses or disclosures, this Notice will explain what the organization means and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways in which the organization is permitted to use and disclose information without your authorization should fall within one of the categories below:

  • For Treatment - the organization may use medical information about you to provide you with medical treatment or services. The organization may disclose medical information about you to doctors, nurses, technicians, volunteers, medical students, residents, other agency personnel or members of its workforce who are involved in taking care of you on the organization premises. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so that arrangements can be made for appropriate meals. Different departments of the organization also may share medical information about you in order to coordinate the different things you need, such as prescriptions, lab work and x-rays. The organization also may disclose medical information about you to people outside of the organization who may be involved in your medical care after you leave the organization, such as family members, clergy or others whom Provider uses or who you or another responsible party have selected to provide services that are part of your care. 

  • For Payment - the organization may use and disclose medical information about you so that the treatment and services you receive from the organization can be billed to, and payment can be collected from, you, an insurance company or third party payer. For example, the organization may need to give your health plan information about surgery you received so your health plan will pay the organization or reimburse you for the surgery. The organization may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.

  • For Health Care Operations - the organization may use and disclose medical information about you for the organization operations. These uses and disclosures are necessary to run the organization, to comply with accreditation and other standards and to make sure that all Provider patients receive quality care. For example, the organization may use your medical information to review its treatment and services and to evaluate the performance of the organization staff in caring for you. The organization may also combine medical information about many of the organization's patients to decide what additional services the organization should offer, what services are not needed, and whether certain new treatments are effective. The organization may also disclose information to doctors, nurses, technicians, medical students, residents, professional students, trainees or practitioners in health care, non-health care professionals and other agency personnel or members of its workforce for review, education, teaching and learning purposes. The organization may also combine the medical information it has with medical information from other providers to compare how the organization is doing and to see where the organization can make improvements in its care and services. The organization may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning your identity or the identity of any specific patient.

In addition, under HIPAA, the organization may use and disclose medical information, without your authorization, as follows:

  • To Send You Treatment Reminders and Information about Treatment Alternatives or Health-Related Benefits and Services - the organization may contact you as a reminder that you have an appointment for treatment or medical care with the organization or inform you about or recommend possible treatment options, alternatives or health-related benefits or services that may be of interest to you.

  • Fundraising Activities - the organization may contact you in an effort to raise money for the organization and its operations. The organization may disclose medical information to a foundation related to the organization so that the foundation may contact you in raising money for the organization. The organization would only release (i) contact information, such as your name, address and phone number; (ii) demographic information, such as your age, gender, insurance status and employer name; and (iii) the dates you received treatment or services from the organization. If you do not want the organization to contact you for fundraising efforts, you must notify the Privacy Officer in writing to opt out of fundraising communications.

  • Provider Directory - the organization may include certain limited information about you in the organization directory while you are a patient on the organization premises. This information may include your name, location in the organization (e.g., floor, unit or wing), your general condition (e.g., fair, stable, etc.) and your religious affiliation. The directory information, except for your religious affiliation, may also be released to people who ask for you by name (either in person or by telephone, electronic mail, etc.). This is so your family, friends and clergy can visit you and generally know how you are doing. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. If you would like to restrict or prohibit Provider's use or disclosure of your information for the organization directory, you must notify the Privacy Officer in writing, or, if the organization is a Hospital, you may notify the organization Admissions Department orally at the time of your admission to the organization.

  • Individuals Involved in Your Care or Payment for Your Care - the organization may release medical information about you to a family member, personal representative or friend who is involved in your medical care or who helps pay for your care. The organization may also tell these persons about your condition and your location in the organization or attempt to locate or identify your family, representative or friends. In addition, the organization may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location. Further, the organization may make disclosures to a parent, guardian or other person acting in place of a parent if such person has the authority to act on behalf of a minor. Additionally, the organization may make disclosures to a person appointed by you as your durable power of attorney for health care.

  • Patients can ask to withhold information about any treatment from their health plan if they pay out of pocket – this is something that would inhibit their getting insurance in the future. Note if a Medicare patient it will be documented in the Medical Chart. 

  • Public Health Activities – the organization may disclose information about you for public health activities, such as: 

    • to prevent or control disease, injury or disability; 

    • to report births and deaths; 

    • to report child abuse or neglect; 

    • to collect or report reactions to medications, food supplements or dietary supplements; 

    • to collect or report product problems or defects; 

    • to notify persons of recalls, replacements or repairs relating to products they may be using; and 

    • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.

  • Disclosures About Victims of Abuse, Neglect or Domestic Violence – the organization may disclose medical information to notify the appropriate government authority if the organization believes a patient has been the victim of abuse, neglect or domestic violence. The organization will only make this disclosure if the patient agrees or when required or authorized by law.

  • Health Oversight Activities - the organization may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections and licensure or disciplinary actions. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws.

  • As Required by Law – the organization will disclose medical information about you when required to do so by federal, state or local law.

  • To Avert a Serious Threat to Health or Safety - Consistent with New York law, the organization may use and disclose certain medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. In addition, the organization may use and disclose medical information if Provider believes that the use or disclosure is necessary for law enforcement to identify or apprehend an individual who has escaped from a correctional institution or from custody. 

  • Organ and Tissue Donation - the organization may use or disclose information to an organ procurement or transplant organization or other similar entity.

  • Workers' Compensation - the organization may release information about you as authorized by (or as necessary to comply with) workers' compensation laws. For example, the organization may release information to a party responsible for payment of workers' compensation benefits and to an agency responsible for administering and/or adjudicating claims for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.

  • Law Enforcement or Judicial or Governmental Proceedings - the organization may disclose medical information for law enforcement purposes or for judicial or governmental proceedings. For example, the organization may disclose medical information:

    • to report certain types of wounds or injuries; 

    • in response to a court order or court-ordered subpoena (or court-ordered discovery request) or in response to a subpoena or discovery request if the patient privilege has been waived; 

    • in response to a court-ordered warrant, subpoena or summons issued by a judicial officer, or a governmental request (including a governmental subpoena or summons) if certain standards are satisfied; 

    • in response to a law enforcement official's request for the purpose of identifying or locating a suspect, fugitive, material witness or missing person, but only certain types of information may be disclosed; 

    • to provide information about the victim of a crime, although the organization would try to obtain the individual's consent unless the individual is incapacitated or except under certain limited circumstances; 

    • about an individual that has died to a law enforcement official for the purpose of alerting law enforcement of the death if the organization has a suspicion that such death may have resulted from criminal conduct; 

    • about criminal conduct that occurred on the organization premises; and 

    • in emergency circumstances to report a crime; the location of the crime or victims of the crime; or the identity, description or location of the person who committed the crime.

 

Coroners, Medical Examiners and Funeral Directors - the organization may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or to determine the cause of death. The organization may also release medical information to funeral directors as necessary to carry out their duties.

 

For Specific Government Functions - the organization may release medical information of military personnel (and foreign military personnel) in certain situations, and the organization may release the medical information of inmates to correctional facilities in certain situations. The organization may also release medical information for national security reasons, such as the protection of the President of the United States or for national security activities.

 

Student Immunization to Schools – without a HIPAA authorization where states require school to have such prior to admitting student provided:

  • CE obtains agreement from an adult student (maybe oral) or guardian if a minor.

  • Such agreement is documented

  • Agreement to permit is effective until revoked.

 

Other uses and disclosures not described in this notice will be made only with authorization from the patient.

NEW YORK STATE LAW MAY BE MORE STRINGENT THAN HIPAA

Certain provisions of NYS law may be more stringent than HIPAA or may be, in the future, determined to be more stringent than HIPAA. If such provisions are more stringent than HIPAA, then, according to HIPAA, the organization must comply with the more stringent provisions of New York law. 

OTHER USES OF MEDICAL INFORMATION REQUIRE AUTHORIZATION

 

Other uses and disclosures of medical information not covered by this Notice or the laws that apply to the organization will be made only with your written authorization. If you give the organization authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, the organization will no longer use or disclose medical information about you for the reasons covered by your written authorization, unless you authorized disclosure for a research study and your information is needed to protect the integrity of the study. 

You understand that the organization is unable to take back any disclosures which the organization has already made with your authorization, and that the organization is required to retain its records of the care, which the organization provides to you. All notices that you are revoking your authorization must be in writing and delivered by U.S. mail, in person, or by other reasonable means to the Privacy Officer. 

YOUR RIGHTS REGARDING YOUR MEDICAL INFORMATION

You have the following rights regarding medical information, which the organization maintains about you:

  • Right to Inspect and Copy - You have the right to inspect and have a copy made of the medical information contained in your designated record set. A "designated record set" contains medical and billing records and any other records that the organization uses for making decisions about you. Usually, you have the right to access medical and billing records, subject to certain limitations. For example, you do not have the right to obtain information if its disclosure would have an adverse effect on you or if the information is compiled by the organization in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding. Under HITECH, if a covered entity maintains an electronic health record for an individual, the individual may request access to the information in an electronic format or have the information transmitted electronically to a designated recipient.  

 

To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to the organization Privacy Officer. If you request a copy of the information, the organization may charge a reasonable, cost-based fee to cover the costs associated with your request. 

 

The organization may deny your request in very limited circumstances. If you are denied access to your medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by the organization will review your request and the denial. The person conducting the review will not be the person who denied your request. The organization will comply with the outcome of the review.

  • Right to Amend - If you feel that the medical information in the designated record set which Provider maintains about you is incorrect or incomplete, you may ask the organization to amend the information. You have the right to request an amendment for as long as the information is kept by or for the organization.

 

To request an amendment, you must make the request in writing and submit it to the Privacy Officer. In addition, you must provide a reason that supports your request.

 

The organization may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, the organization may deny your request if you ask the organization to amend information that: 

    • was not created by the organization, unless the person or entity that created the information is no longer available to make the amendment; 

    • is not part of the medical information kept by or for the organization; 

    • is not part of the information which you would be permitted to inspect and copy; or 

    • is accurate and complete.   

 

  • Right to an Accounting of Certain Disclosures - You have the right to request an accounting of certain disclosures, which the organization made of your medical information within the six years prior to your request. This right applies to disclosures for purposes other than treatment, payment or health care operations as described in this Notice. It excludes disclosures we may have made to you, with your authorization, for a facility directory, to family members or friends involved in your care, or for notification purposes. The right to receive this information is subject to certain exceptions, restrictions and limitations. Under HITECH, individuals may now receive an accounting of routine disclosures of PHI if the PHI is maintained in an electronic health records system, for the three year period prior to the date of the request. 

 

To request this list or an accounting of the disclosures of your medical information, you must submit your request in writing to the Privacy Officer. Your request must state a time period, which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a 12-month period will be free. For additional lists, the organization may charge you a reasonable, cost-based fee for the cost of providing the list. Provider will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

  • Right to Request Restrictions - You have the right to request a restriction or limitation on the medical information the organization uses or discloses about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information the organization discloses about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that Provider not use or disclose information about a surgery you had. Under HITECH, a covered entity must comply with a patient's request to restrict information if the information is to be sent to a health plan for payment or health care operations purposes and the disclosure relates to products or services that were paid for solely out-of-pocket (unless the disclosure is otherwise required by law).

  • Provider is NOT required to agree to your request. If the organization does agree, the organization will comply with your request unless the information is needed to provide you with emergency treatment.

 

To request restrictions, you must make your request in writing to the Privacy Officer. In your request, you must tell the Privacy Officer: (i) what information you want to limit; (ii) whether you want to limit the organization use, disclosure or both; and (iii) to whom you want the limits to apply, for example, disclosure to your spouse or your former clergy.

  • Right to Request Change in Communications - You have the right to request that the organization communicate with you about your medical information in a certain way or at a certain location. For example, you can ask that the organization only contact you at work or by mail.

 

To request a change in the manner or method of how the organization communicates with you about your medical information, you must make your request in writing to the Privacy Officer. The organization will not ask you the reason for your request. The organization will use reasonable efforts to accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

 

Right to Electronic copy of PHI – if available will be e-mailed or made available through patient portal provided the safeguards are in place. 

 

Right to a Paper Copy of This Notice - You have the right to receive a paper copy of this Notice. You may ask the organization to give you a copy of this Notice at any time.

To obtain a paper copy of this Notice, please contact the Privacy Officer. 

There will be a charge for this service up to .75 cents per page the State imposed fee limit per page.

CHANGES TO THIS NOTICE

 

Provider reserves the right to change this Notice. The organization reserves the right to make the revised or changed Notice effective for all medical information which the organization already has about you as well as any information the organization receives or creates in the future. The Notice will prominently display its effective date. The organization will post a copy of its current Notice at Provider's location and at in the lobby of the organization. 

 

COMPLAINTS

 

If you believe your privacy rights have been violated, you may file a complaint with the organization or with the Secretary of the Department of Health and Human Services. To file a complaint with the organization, contact the Privacy Officer. All complaints must be submitted in writing.

You will not be penalized by the organization on the grounds that a complaint was filed.

If you have any questions about this Notice, please contact compliance hotline 718-345-5940 x 255.

bottom of page