We may use protected health information about you to provide you with treatment or services.  We may disclose medical information about you to doctors, nurses, technicians, or other agency personnel who are involved in delivering services to you.  For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process.  In addition, the dietician may need to tell the Residential Department if you have diabetes so that we can coordinate your services in accordance with your needs. Different departments of the agency also may share medical information about you in order to coordinate the different things you need, such as prescriptions, lab work, follow-up care and needs assessments.  We also may disclose protected health information about you to people outside the agency who may be involved in your care and services, such as family members, advocates, employers or others we use to provide services that are part of your plans of service.

We may use and disclose protected health information about you so that the treatment and services you receive from the agency may be billed to and payment may be collected from you, Medicaid, an insurance company, or a third party.  For example, we may need to give your health plan information about clinic services you received at the agency so your health plan will pay us or reimburse you for the visits.  We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.

We may use and disclose protected health information about you for agency operations.  These uses and disclosures are necessary to ensure that all people receiving services receive quality care.  For example, we may use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you.  We may also combine medical information about many people receiving services to decide what additional services the agency should offer, what services are not needed, and whether certain new programs are effective.  We may also disclose information to doctors, nurses, technicians, and other agency personnel for review and learning purposes.  We may also combine the protected health information we have with protected health information from other agencies to compare how we are doing and see where we can make improvements in the care and services we offer.  We will remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning who the specific patients are.

We may use and disclose medical information to contact you by telephone or email, as a reminder that you have an appointment for treatment or services at the agency.

We may use and disclose protected health information to tell you about or recommend possible treatment options, alternatives, or other services that may be of interest to you. 

We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you. 

The agency must obtain your prior written authorization to use your protected health information for marketing purposes, except for a face-to-face encounter or a communication involving a promotional gift of nominal value.  We may not sell your protected health information or use your health information for marketing purposes without your prior authorization.

We may use protected health information to send fundraising communications to you.  We must offer you the opportunity to opt out of future fundraising communications.

We may release protected health information about you to a family member, friend, or other person you identify as being involved in your care or payment for care. In an emergency or when you are not capable of agreeing or objecting, we will use and disclose your protected health information as we determine is in your best interest. We will inform you after the emergency and give you the opportunity to object to future disclosures to family and friends. We may also give information to someone who helps pay for your care.  In addition, we may disclose protected health information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.

We may use or disclosure your protected health information for the purposes of research when you have agreed to participate in the research and an Institutional Review Board or Privacy Committee has approved the use of the health information for the research purposes.

We will disclose protected health information about you when required to do so by federal, state or local law. We may disclose your protected health information in the course of any judicial or administrative proceeding as allowed or required by law, or as directed by court order.

We may use and disclose protected health information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.  Any disclosure, however, would only be to someone able to help prevent the threat.  We may also disclose your protected health information to public authorities as required by law or regulation to report abuse or neglect.

We may use and disclose your protected health information to Worker’s Compensation or similar programs that provide benefits for work-related injuries or illnesses, for your compensation.

We may disclose medical information about you for public health activities.  These activities generally include prevention or control of disease, injury, or disability, reporting of births, deaths, child abuse/neglect, reactions to medications/problems with products, notification to individuals regarding recall of products, and notification to an individual who may have been exposed to a disease or may be at risk for contracting or spreading a disease.

We may disclose protected health information to an oversight agency for activities authorized by law.  These oversight activities include, for example, audits, investigations, inspections, and licensure.  These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

We may disclose protected health information about you in the course of any administrative or judicial proceeding.  If you are involved in such a proceeding, we will disclose health information if the judge or presiding officer orders us to do so.

We may release protected health information if asked to do so by a law enforcement official:

·       In response to a court order, subpoena, warrant, summons or similar process;

·       To identify or locate a suspect, fugitive, material witness, or missing person;

·       About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person's agreement;

·       About a death we believe may be the result of criminal conduct;

·       About criminal conduct at the agency; and

·       In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime. 

We may release protected health information to a coroner or medical examiner.  This may be necessary, for example, to identify a deceased person or determine the cause of death.  We may also release protected health information about people receiving services from the agency to funeral directors as necessary to carry out their duties. 

If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official.  This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.

We may use and disclose most psychotherapy notes, where appropriate, only with your prior authorization. 

We may use and disclose protected health information for marketing purposes or for disclosures constituting a sale of protected health information only with your prior authorization.

Under New York State Law, confidential HIV-related information (information concerning whether or not you have had an HIV-related test, or have HIV infection, HIV-related illness, or AIDS, or which could indicate that a person has been potentially exposed to HIV), cannot be disclosed except to those people you authorize it writing to have it.

Other uses and disclosures of protected health information not covered by this notice or the laws that apply to us will be made only with your written authorization.  If you provide us authorization to use or disclose protected health information about you, you may revoke that authorization, in writing, at any time.  If you revoke your authorization, we will no longer use or disclose protected health information about you for the reasons covered by your written authorization.

You have the right to inspect and copy protected health information that may be used to make decisions about your care.  Usually, this includes medical and billing records, but does not include psychotherapy notes. If we maintain electronic health records, you have the right to obtain an electronic copy of your records.  You may also, by written request, ask us to send your health information directly to another party.

To inspect and copy protected health information that may be used to make decisions about you, you must submit your request in writing to HIPAA Privacy Officer, 18 Main St. Mt. Morris, NY 14510.  If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request. 

We may deny your request to inspect and copy in certain very limited circumstances.  If you are denied access to protected health information, you may request that the denial be reviewed.  Another professional chosen by the agency will review your request and the denial. The person conducting the review will not be the person who denied your request.  We will comply with the outcome of the review. 

If you feel that protected health information we have about you is incorrect or incomplete, you may ask us to amend the information.  You have the right to request an amendment for as long as the information is kept by or for the agency. 

To request an amendment, your request must be made in writing and submitted to HIPAA Privacy Officer, 18 Main St. Mt. Morris, NY 14510.  In addition, you must provide a reason that supports your request. 

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request.  In addition, we may deny your request if you ask us to amend information that:

·            Was not created by us

·            Is not part of the protected health information kept by or for the agency;

·            Is not part of the information which you would be permitted to inspect and copy; or

·            Is accurate and complete.

You have the right to request an "accounting of disclosures."  This is a list of the disclosures we made of medical information about you, excluding information used for treatment, health care operations and payment, or disclosures made to you or made to others with your permission.

To request this list or accounting of disclosures, you must submit your request in writing to HIPAA Privacy Officer, 18 Main St. Mt. Morris, NY 14510. Your request must state a time period, which may not be longer than six years and may not include dates before April 14, 2003.  Your request should indicate in what form you want the list (for example, on paper, electronically).  The first list you request within a 12-month period will be free.  For additional lists, we may charge you for the costs of providing the list.  We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. 

You have the right to request a restriction or limitation on the protected health information we use or disclose about you for treatment, payment or health care operations.  You also have the right to request a limit on the protected health information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend.  For example, you could ask that we not use or disclose information about a clinic appointment you had.

We are not required to agree to your request.  If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.

We are required to agree to any request by you to restrict disclosure of protected health information to a health plan if the disclosure is for payment or health care operations and pertains to a health care item or service for which you have paid out of pocket in full.

To request restrictions, you must make your request in writing to HIPAA Privacy Officer, 18 Main St. Mt. Morris, NY 14510.  In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.

You have the right to be notified following a breach of your unsecured health information. We are required to notify you if your protected health information has been (or is reasonably believed to have been) accessed, acquired, or disclosed due to a breach.  Our business associates have a similar duty to provide notification of health information breaches.

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.  For example, you can ask that we only contact you at work or by mail.  Your request must specify how or where you wish to be contacted.

To request confidential communications, you must make your request in writing to HIPAA Privacy Officer, 18 Main St. Mt. Morris, NY 14510. We will not ask you the reason for your request.  We will accommodate all reasonable requests.

You have a right to obtain a paper copy of this Notice.  Copies are available at our agency and upon request.