The Concerted Care Group
NOTICE OF PRIVACY PRACTICES
Effective Date: 3/29/2021
Purpose: This notice describes how medical information about you may be used and disclosed and how you may access this information. Please review it carefully.
Policy: During the process of providing services to you, The Concerted Care Group (“CCG” or “we”) will obtain, record, and use information about you that is protected health information. ‘‘Protected health information’’ means any information that we have which identifies you and relates to your health payment for health care services, and alcohol or drug, including mental health, treatment that we provide to you. CCG is committed to protecting the privacy and confidentiality of your protected health information (“PHI”). The following notice outlines our privacy practices, legal duties and your rights concerning your PHI.
Medical Records consist of your PHI and may include but are not limited to: name, demographic information, referral information, admission notes, admission paperwork, assessments, evaluations, progress notes, treatment plan, medical and medication protocols, continuing care plan, discharge summary and financial/payment information. These records are necessary to provide you with the best interdisciplinary care, continuing care and to receive payment for treatment services from third party payers and are required by state licensing mandates.
Amendments to this notice may be made in writing by CCG as laws and or policies change.
How We May Use and Disclose Your Health Information
We are permitted under federal law to use and disclose PHI, without your written authorization, for certain routine uses and disclosures, such as those made for treatment, payment, and the operation of our business. The following are examples of the types of routine uses and disclosures of PHI that we are permitted to make. While this list is not exhaustive, it should give you an idea of the routine uses and disclosures we are permitted to make.
Treatment: Your personal health information (PHI) may be disclosed as needed to provide you with the best possible care, the most comprehensive treatment and to assure your physical health and safety. For example, we may disclose your health information to your primary care physician or another health care provider to be sure they have all the information necessary to diagnose and treat you.
Payment: There may be instances when payment for treatment services will require disclosure of your PHI. This is most common when payment is made by a third party such as an insurance company, workers’ compensation, another family member or your personal financial officer. Your PHI will only be disclosed with your express written consent or authorization. It is important to know, however, that your refusal to give such permission may lead to non-payment by that third party as without your written consent or authorization, we will be unable to discuss payment for your treatment services with any third party.
Healthcare Operations: CCG may use and/or disclose your PHI for healthcare operations such as: staff training and evaluation, auditing, medical reviews, compliance, business planning, licensing, quality assurance, accreditation, certification and credentialing activities.
Other Uses and Disclosures That May Be Made Without Your Authorization
Family Members: We may disclose PHI to family members and others involved in your healthcare or payment for care unless you has objected per § 164.510. Under the Omnibus Rule, this exception would also allow disclosures of information about deceased persons to family members and others involved in the deceased person’s care prior to their death unless the deceased person objected prior to their death.
Personal Representatives: We may disclose your PHI to personal representatives.
Required by the Secretary of Health and Human Services: We may be required to disclose your PHI to the Secretary of Health and Human Services to investigate or determine our compliance with the requirements of the HIPAA Privacy Rule.
Required By Law: We may use or disclose your PHI to the extent that the use or disclosure is otherwise required by federal, state, or local law.
Public Health: We may disclose your PHI for public health activities, such as disclosures to a public health authority or other government agency that is permitted by law to collect or receive the information (e.g., the Food and Drug Administration).
Health Oversight: We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
Abuse or Neglect: If you have been a victim of abuse, neglect, or domestic violence, we may disclose your PHI to a government agency authorized to receive such information. In addition, we may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect.
Judicial and Administrative Proceedings: We may disclose your PHI in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), and, in certain conditions, in response to a subpoena, discovery request or other lawful process.
Law Enforcement: We may disclose your PHI, so long as applicable legal requirements are met, for law enforcement purposes, such as providing information to the police about the victim of a crime.
Coroners and Funeral Directors: We may disclose your PHI to a coroner, medical examiner, or funeral director if it is needed to perform their legally authorized duties.
Research: Under certain circumstances, we may use and disclose your PHI for internal and external research purposes to, among other things, develop and improve our services. We may disclose your PHI to organizations that support medical research or that find, investigate, or cure diseases.
Serious Threat to Health or Safety: We may disclose your PHI if we believe it is necessary to prevent a serious and imminent threat to the public health or safety and it is to someone we reasonably believe is able to prevent or lessen the threat.
Specialized Government Functions: When the appropriate conditions apply, may disclose PHI for purposes related to military or national security concerns, such as for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits.
Workers’ Compensation: We may disclose your PHI as necessary to comply with workers’ compensation laws and other similar programs.
Business Associates: We may disclose your PHI to persons who perform functions, activities or services to us or on our behalf that require the use or disclosure of PHI. To protect your health information, we require the business associate to appropriately safeguard your information.
De-identified Information: We may de-identify your PHI in accordance with the HIPAA standards. PHI that is de-identified in accordance with the HIPAA standards is not considered PHI, and therefore, we may use and disclose your de-identified information for any lawful purpose, including without limitation, for research purposes.
Inclusion of your information in the electronic medical record/directory: We may disclose PHI in order to communicate between members of the treatment team at CCG including professionals contracting with CCG involved in your care such as outpatient therapists, psychiatrists or medical doctors.
Your authorization and consent to release information: Although your medical record is the physical property of CCG, you have the right to review and receive a copy of your medical record. You may consent for CCG to release specific information about you in order to facilitate your treatment. A written consent or authorization signed by you regarding such medical records must be obtained prior to the copying and or delivery of those records to you.
You may also request that your PHI be disclosed to any person or agency that you choose for any purpose. You must provide a written consent or authorization for that information to be disclosed even when such a request is made by you. Such consent is valid for one year from the date originally signed unless otherwise specified by you. You have the right to revoke your consent or authorization at any time.
Disclosure to Family and Friends: Only the PHI that you have specified will be disclosed and only to those for which you have provided written consent or authorization. CCG will not confirm or deny your presence at CCG to any individual that you have not signed a consent or authorization for except in the case of an emergency or as required by law. In the event of your incapacity or under emergency circumstances, we will disclose your PHI to the person you had previously designated as your “Emergency Contact Person(s)”.
Other Uses and Disclosures of Your Health Information that Require Written Authorization:
Other uses and disclosures of your health information not covered by this Notice will be made only with your written authorization. Some examples include:
- Psychotherapy Notes: We usually do not maintain psychotherapy notes about you. If we do, we will only use and disclose them with your written authorization except in limited situations.
- Marketing: We may only use and disclose your health information for marketing purposes with your written authorization. This would include making treatment communications to you when we receive a financial benefit for doing so.
- Sale of Your Health Information: We may sell your health information only with your written authorization.
Appointments, Reminders and Alumni contact: We may use and disclose your PHI to contact you (i.e.: telephone calls, voicemails, e-mails, letters) as a reminder of an appointment at CCG, to check on you and your mental health status and regarding alumni events and associations. You have the right to request not to be contacted for such purposes.
Your Rights Under the Federal Privacy Standard
To request that CCG place additional restrictions on certain uses and disclosures of your information: We are not required by law to agree with your request however, except for restrictions regarding disclosure for payment or health care operations, or if the PHI pertains solely to a health care item or service for which the individual, or person other than the health plan on behalf of the individual, has paid CCG in full. However, whenever possible as to not cause undue hardship to the flow of business of CCG, we will honor such requests.
For instance, you may request that your medical record not be made available to a state-licensing representative from the Office of Health Care Quality during their standard audit of CCG. These audits do require that the Office of Health Care Quality have access to any record for those that have received services at CCG and that we do not these audits in any way. Under these circumstances, your request could not be honored.
To obtain a copy of this notice upon request: You have the right to a paper copy of this Notice at any time.
To request a copy of your medical record: You may request a copy of your medical record. CCG may deny such request if it or its representatives believe that such access would cause harm to other patients, CCG personnel or property or yourself. You also do not have the right to access your medical record from CCG in the following instances:
- When information was compiled in reasonable anticipation of or for use in civil, criminal or administrative actions or
- When information was obtained from someone other than a healthcare provider under a promise of confidentiality and the access required would be reasonably likely to reveal the source of the
- When the records were created by a treatment facility or mental health professional that is not a CCG employee or Business Associate.
- There are other situations in which CCG may deny you access to your medical record. If so, CCG is required to provide you with a review of the decision denying such access. Reviewable grounds for denial include but are not limited to:
- When a licensed staff member of CCG has determined, in their professional judgment that access is likely to endanger the life or physical safety of the person receiving services or another
- When the medical record makes reference to another person receiving services at CCG or person other than a provider, and a licensed staff member of CCG has determined that such access is likely to cause substantial harm to the person or another
- When the request is made by the person’s personal representative and a licensed staff member of CCG has determined that such access is likely to cause substantial harm to the person or another
- When the proper written consents/authorization have not been
To request an amendment or correction to your medical record: If CCG staff denies your request for amendment/ correction, we will notify you of why and how you can attach a statement of disagreement to your record (which we may argue) and how you can register a written complaint to our Privacy Officer or the Office of Behavioral Health or Department of Health and Human Services.
If we grant the request, we will make the correction and distribute it to those you identify in writing that you want notified. We do not have to grant the request if CCG staff did not create the record. In this case you must seek the amendment/correction from the party who originally created the record. For instance: CCG staff has obtained your written PHI from another treatment facility or professional, and there is information contained in those records that you disagree with, CCG staff may not legally amend those records in any way.
To request alternative confidential communication: You have the right to request that we communicate with you by alternative means or at alternative locations. Requests need to be made in writing, and must specify the alternative means and location. You may ask that we call you at home, on your cell phone or at home. You may ask that we send mail to a different address.
CCG responsibilities under federal law: In addition to providing you your rights as detailed above, CCG is required to:
- Maintain the privacy of your PHI: CCG will do this by the implementation of reasonable and appropriate physical, administrative and technical
- Provide you with this notice concerning our legal duties and privacy practices with respect to the personal and private information we obtain about you during the course of your treatment at CCG.
- Notify affected individuals following a breach of unsecured PHI.
- Provide a copy and abide by the terms of this
- Train CCG employees, staff and personnel on our privacy and confidentiality
- Implement a disciplinary plan: CCG policy states that any CCG employee who knowingly and/or willfully violates provisions of CCG’s policies and procedures regarding privacy will face administrative disciplinary action that may result in termination of employment.
- Except as set forth in this notice, CCG will not use or disclose your personal and mental health information without your written consent or
- Maintain an account of any non-routine disclosures and uses of your medical records within 60 days of such disclosures. Information provided will include name and address of who received your PHI, a description of the information disclosed, and a statement of the purpose of such disclosure. CCG reserves the right to charge a reasonable fee for this service.
If you have questions, would like further information or believe your privacy rights have been violated you may contact CCG’s Privacy Officer.
Grievances should be made in writing and be addressed to CCG Privacy Officer (firstname.lastname@example.org)
You also have the right to file a grievance with:
The U.S. Department of Health and Human Services at Region III Office for Civil Rights
801 Market Street, Suite 8000
Philadelphia, PA 19107
CCG staff will not retaliate in any way if you choose to file a grievance with CCG or the USDHHS.