This Notice Describes how Medical Information May Be Used and Disclosed, and How You Can Get Access to this Information.
Please Review This Notice Carefully. The Privacy of Your Protected Health Information is Important to Us
Your Protected Health Information
This Notice of Privacy Practices is directed to all our clients. It describes how we may collect, use and disclose your Protected Health Information, and your rights concerning your Protected Health Information.
The privacy of your health information is important and our commitment is to Protect Health Information about you. We are required by federal and state laws to protect the privacy of your health information. We must give you notice of our legal duties and privacy practices concerning your health information, including:
- We must protect information that we have created or received about your past, present, or future health condition, health care we provide to you, or payment for your health care.
- We must notify you about how we protect your health information.
- We must explain how, when and why we use or disclose your health information.
- We may only use or disclose your health information as we have described in this Notice.
- We must abide by the terms of this Notice.
We reserve the right to change the terms of this Notice and to make new Notice provisions effective for all health information that we maintain. We will post a revised Notice in our offices, make copies available to you upon request and post the revised Notice on our web site, www.cctwincities.org.
Question or Complaints
If you want more information about our privacy practices or have questions or concerns, please contact our Privacy Officer. If you are concerned that your privacy rights have been violated, you may file a complaint with our Privacy Officer. You may also submit a written complaint to the U.S. Department of Health and Human Services. The address is provided at the bottom of this notice.
We support your right to the privacy of your health information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
Privacy Officer Contact Information
Name: Elizabeth Knight, Catholic Charities Privacy Officer
Address: 1200 Second Avenue South, Minneapolis, MN 55403
This notice takes effect October 16, 2013
Permitted Uses and Disclosures of Protected Health Information
We use and disclose Protected Health Information in a number of different ways. The following are only a few examples of the types of uses and disclosures of your Protected Health Information that we are permitted by law to make without your authorization:
- Treatment – We may disclose your Protected Health Information to health care providers (doctors, dentists, social workers, hospitals, and other caregivers) who request it in connection with your health care treatment.We may also disclose your Protected Health Information to health care providers in connection with preventive health, early detection and disease and case management programs.
- Payment – We may use or disclose your health information to bill and collect payment for the treatment and services provided to you. For example: A bill may be sent to you, or your health plan, or another third party payer. The information on, or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, supplies used, and other information about your care.
- Health Care Operations – We may use or disclose your health information inside and outside Catholic Charities to allow us to perform necessary business functions. These uses help us operate Catholic Charities and to improve our health care services to you. For example, we may use your health information to help us train new staff and conduct quality improvement activities. We may, also disclose your information to consultants and other business associates who help us with these activities, but not limited to, billing, computer support, transcription services, licensing, legal and accounting services, and other operational and management activities.We will always try to ensure that the medical information used or disclosed will be limited to a “Designated Record Set” and to the “Minimum Necessary” standard, as defined by HIPAA and other Federal laws and regulations.
Specific Other Uses and Disclosures of Your Health Information
- Minors and incapacitated Persons – In most circumstances, we may disclose health care information to a parent or guardian of a minor; and to the guardian or personal representative of an incapacitated person. There are, however, limited circumstances in which a minor may choose to not have certain specific information about them shared with a parent or guardian.
- Emergencies/Other situations – We may release your health care information in a medical emergency when we cannot obtain your consent because of your condition or the nature of the emergency. Under limited circumstances, unless you notify us that you object, we may disclose limited information about you to a personal representative or another person responsible for or involved in your care, in order to notify such person about your current location or general condition. We may also disclose medical information about you to a friend, relative, or any other person you identify, provided that the information is directly relevant to that person’s involvement either directly in your health care or for payment of that care.
Uses and Disclosures Authorized by Law
Under certain other circumstances we are authorized by law to use or disclose your health information without getting a consent or authorization form from you. These may include when the use or disclosure is:
- For public health activities – as permitted or required by law. For example, when reporting to public health authorities the exposure to certain communicable diseases or risks of contracting or spreading a disease or condition, births and deaths.
- For health oversight activities – for example, when disclosing health information to a state or federal health oversight agency so it can appropriately monitor the health care system. For example by conducting audits, investigations and inspections.
- Required by state, federal or local law.
- Related to victims of abuse and neglect.
- For organ donation and transplantation purposes.
- For judicial and administrative proceedings – for example, court order, subpoena, warrant, etc.
- For certain law enforcement purposes – for example, when complying with laws that require the reporting of certain types of wounds or injuries, or in some circumstances, to identify or locate a suspect, or missing person, obtain information about the victim of a crime, or information about a criminal act on our premises.
- To a coroner or medical examiner – to allow them to carry out their duties.
- To avert a serious threat to health or safety – of you, another person or the public.
- Related to specialized government functions – for example, to respond to military and veterans’ activities or national security.
- Related to Workers’ Compensation.
- Related to correctional institutions and other custody situations.
- Military and Veterans – If you are a member of the armed forces, we may release medical information about you as required by military command authorities.
- Business Associates – we may disclose your medical information to our business and program associates (defined as ‘business associates’ under HIPAA) only as needed to help us run our programs. We enter into contracts with these entities requiring them to only use and disclose your information as we are permitted to do so under HIPAA.
- For certain research purposes – under limited circumstances.
Questions & Answers
Q: Will you give my Protected Health Information to my family or others?
A: We may share Protected Health Information about you with a family member or another in two ways:
- You are present, either in person or on the telephone, and give us permission to talk to the other person; or
- You sign an Authorization Form.
Q: Who should I contact to get more information or to get an additional copy of this notice?
A: For additional information, questions about this Notice of Privacy Practices, or if you want another copy, please visit the web site at www.cctwincities.org. You may also call or write Secretary of the U.S. Department of Health and Human Services or the Catholic Charities’ Privacy Officer.
Q: What should I do if I believe my privacy rights have been violated?
A: If you think that we may have violated your privacy rights, or you disagree with a decision we made about access to your protected health information, you may either:
- Call us at (612) 204-8412
- File a written complaint with our Privacy Officer at: 1200 Second Avenue South Minneapolis, MN 55403
- Notify the Secretary of the U.S. Department of Health and Human Services (HHS). Send your complaint to:
Complaint Division Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Avenue SW
Room 509F, HHH Building
Washington DC, 20201
We emphasize that we will not take retaliatory action against you if you file a complaint about out privacy practices either with us or HHS.
Your Rights Concerning Your Protected Health Information
We would like you to know that you have additional rights with respect to your protected health information:
- Right to Request Restrictions on Uses and Disclosures of Your Health Information – You have the right to request that we restrict our use or disclosure of your health information. We ask that your request be made in writing. We are not required to agree to your request for a restriction. If we do agree, we will comply with our agreement, unless there is an emergency or we are otherwise required to use or disclose the information.
- Right to Request Confidential Communications – You have the right to request that we communicate with you in a specific way or at a specific location. For example, you may request that we contact you at your work address or by email. Your request must be made in writing, signed and dated. We will make efforts to accommodate reasonable requests.
- Right to Receive Notice of Breach. You have the right to be notified following the discovery of any ‘breach’ of your unsecured protected health information, as defined in the HITECH Act. We will notify you in writing, by first class mail, or alternatively by email if you have previously agreed to receive notices electronically. You will be notified without unreasonable delay, and in no case later than 60 days following the discovery of the breach. In some cases, we have the option to post information relating to the breach on our website.
- Right to Receive a Copy of This Notice – You have the right to receive a paper copy of this Notice at any time.
- Right to Request an Amendment of Protected Health Information – You have the right to request that we amend your health information if you feel that records are incorrect or incomplete. If you wish to have your health information corrected or completed, your request must be made in writing, signed and dated, and explain your reason for the amendment, and identify the record you are requesting be amended. Under limited circumstances we may deny your request. If we do so, you may file a statement of disagreement with us. You may also ask that any future disclosures of your health information include your requested amendment and our denial of your request.
- Right to Request an Accounting of Certain Disclosures – You have the right to request an accounting of certain disclosures we make of your health information. Your request must be made in writing, signed and dated. Certain disclosures, such as those made with your consent and/or for treatment, payment or health care operations, and other disclosures exempted by law, will not be included in the accounting provided to you. Your request must state a time period, which may not be longer than six (6) years and may not include dates before April 14, 2003. The first accounting you request within a 12-month period will be free. For additional accountings, we may charge you for the costs of providing the accounting. We will notify you in advance of the cost involved. Your request should indicate in what form you want the list (for example paper or electronic).
You do not have a right to an accounting of disclosures where such disclosures were made:
- For treatment, payment or health care operations.
- To you about your own health information.
- Incidental to other permitted disclosures.
- Where authorization was provided.
- To family or friends involved in your care (where disclosure is permitted without authorization).
- As part of a ‘limited data set’ where the information disclosed does not include identifying information.