HIPAA PRIVACY PRACTICES NOTICE
In accordance with the federal mandates of the Health Insurance Portability and Accountability Act (HIPAA), Services for the Developmentally Challenged, Inc. (also referred to as the “Agency” or “SDC”), assures that all Protected Health Information (PHI), including electronic data, that SDC obtains in the process of providing services, is treated as confidential and is not given or shared with any person other than those who need and are permitted to know. Protected Health Information includes all information that relates to the past, present, or future physical or mental health of an individual as well as to the provision of healthcare to an individual, and identifies or could reasonably be used to identify the individual. This includes information maintained or transmitted in any form, including electronic information, paper records and oral communications. SDC prohibits the release of health information to anyone outside the organization unless required for purposes of treatment, billing/payment, health care operations or other exceptions as described in this privacy notice.
SDC collects and records information about a client’s health and, every time a service is provided, additions are made to the client’s record. This record, which may be an electronic and/or physical record, is the way that staff documents the client’s needs. Health information helps the agency to:
-Ensure proper/correct/effective treatment and services
-Better understand whom, what, when, where, and why others may access health information
-Make more informed decisions when making authorized disclosure to others
Our Duty and Privacy Practices
SDC is required to:
-Maintain the privacy of an individual’s health information
-Provide the individual with a privacy notice
-Abide by the terms of this notice
-Notify the individual if we are unable to agree to any requested restriction
-Accommodate reasonable requests to communicate health information by alternative means or at alternative locations
SDC, all personnel, staff, consultants, and business associates, will not disclose or use health information without the client’s authorization, except under the following circumstances:
-We will use medical health information to provide treatment, obtain payment/process bills, and for service operations.
-We may disclose health and service information about the client to other staff members, technicians, students, or other personnel who are involved in providing services. Different departments of the Agency also may share health and service information about the individual in order to coordinate his or her different needs, such as prescriptions, assessments, and other services. SDC may also disclose health and service information to persons outside the Agency who may be involved in the individual’s care.
-For law enforcement purposes or in response to a valid subpoena or other court order
-In response to lawsuits/legal actions
-If a correctional facility requires it by law
-If it is necessary for public health or safety
-If it is for workers’ compensation
-For quality assurance purposes and for certain approved research
-As source data for Agency planning and operation
-For the grievance/appeal process
SDC does not market or sell personal information.
As an Integrated Service Delivery Agency, we may need to refer a client to other programs. If these programs are for services other than for health treatment, payment or operations, the client’s authorization will be required to release any protected health information (e.g., applying public assistance).
SDC has business associations with other people, groups or organizations, and some services provided to the Agency through contracts will involve them having access to protected health information. Our business associates are also obligated by law to keep protected health information confidential. SDC assures protection of private health information by having the business associate properly sign a contract to that effect. Any breach of protected health information by a business associate must be reported to SDC, and SDC is required to report a breach to the affected client(s).
Federal laws and regulations do not protect any information about a crime committed by a client either at an SDC program or against any person who works for SDC or about any threat to commit such a crime. Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.
Each individual receiving services through SDC has the right to:
-Ask to see or get an electronic or paper copy of his or her medical record/health information. We will provide a copy or a summary of the health information.
-Correct the paper or electronic medical record if an error has been made
-Request confidential communication
-Ask us to limit the information we share
-Get a list of those with whom we’ve shared the individual’s information
-Get a copy of this privacy notice
-Elect to have a medical power of attorney or legal guardian act on their own behalf
-Revoke authorization to use or disclose health information except to the extent of action already taken
-File a complaint if the client believes his or her privacy rights have been violated, by contacting the Agency’s Privacy Officer at (718) 432-8469, and/or the U.S. Department of Health and Human Services at www.hhs.gov/ocr/privacy/hipaa/complaints/.
Changes to the Terms of this Notice
SDC may change the terms of this notice, and the changes will apply to all information we have about you.