THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.
NOTICE OF PRIVACY PRACTICES
The following is the Notice of Privacy Practices of Molly Carmel, LCSW PLLC dba The Beacon Program. HIPAA is a federal law that requires us to maintain the privacy of your protected health information and to provide you with notice of our legal duties and privacy policies with respect to your protected health information. We are required by law to abide by the terms of this Notice of Privacy Practices.
Your Protected Health Information
Your “protected health information” (PHI) broadly includes any health information, oral, written or recorded, that is created or received by us, other healthcare providers, and health insurance companies or plans, that contains data, such as your name, address, social security or patient identification number, and other information, that could be used to identify you as the individual patient who is associated with that health information.
Rules on How We May Use or Disclosure Your Protected Health Information
Generally, we may not “use” or “disclose” your PHI without your permission, and must use or disclose your PHI in accordance with the terms of your permission. “Use” refers generally to activities within our office. “Disclosure” refers generally to activities involving parties outside of our office. The following are the circumstances under which we are permitted or required to use or disclose your PHI. In all cases, we are required to limit such uses or disclosures to the minimal amount of PHI that is reasonably required.
Without Your Written Authorization, Treatment, Payment and Health Operations
Without your written authorization, we may use within our office, or disclose to those outside our office, your PHI in order to provide you with the treatment you require or request, to collect payment for our services, and to conduct other related health care operations as follows:
Treatment activities include: (a) use within our office by our professional staff for the provision, coordination, or management of your health care at our office; and (b) our contacting you to provide appointment reminders or information about treatment alternatives or other health-related services that may be of interest to you.
Payment activities include: (a) if you initially consent to treatment using the benefits of your contract with your health insurance plan, we will disclose to your health plans or plan administrators, or their appointed agents, PHI for such plans or administrators to determine coverage, for their medical necessity reviews, for their appropriateness of care reviews, for their utilization review activities, and for adjudication of health benefit claims; (b) disclosures for billing for which we may utilize the services of outside billing companies and claims processing companies with which we have Business Associate Agreements that protect the privacy of your PHI; and (c) disclosures to attorneys, courts, collection agencies and consumer reporting agencies, of information as necessary for the collection of our unpaid fees, provided that we notify you in writing prior to our making collection efforts that require disclosure of your PHI.
Health care operations include: (a) use within our office for training of our professional staff and for internal quality control and auditing functions (b) use within our office for general administrative activities such as filing, typing, etc.; and (c) disclosures to our attorney, accountant, bookkeeper and similar consultants to our healthcare operations, provided that we shall have entered into Business Associate Agreements with such consultants for the protection of your PHI.
PLEASE NOTE THAT UNLESS YOU REQUEST OTHERWISE, AND WE AGREE TO YOUR REQUEST, WE WILL USE OR DISCLOSE YOUR PERSONAL HEALTH INFORMATION FOR TREATMENT ACTIVITIES, PAYMENT ACTIVITIES, AND HEALTHCARE OPERATIONS AS SPECIFIED ABOVE, WITHOUT WRITTEN AUTHORIZATION FROM YOU.
Without Your Written Authorization, Special Situations and As Required By Law
In limited circumstances, we may use or disclose your PHI without your written authorization and in accord with HIPAA or as required by law. Examples include: (a) disclosures regarding reports of child abuse or neglect, including reporting to social service or child protective services agencies; (b) disclosures to State authorities of imminent risk of danger presented by patients to self or others for the purpose of restricting patient access to firearms; (c) health oversight activities including audits, civil, administrative, or criminal investigations, inspections, licensure or disciplinary actions, or civil, administrative, or criminal proceedings or actions, or other activities necessary for appropriate oversight of government benefit programs; (d) judicial and administrative proceedings in response to an order of a court or administrative tribunal, or other lawful process; (e) to the extent necessary to protect you or others from a serious imminent risk of danger presented by you; (f) for worker’s compensation claims, (g) as required by the Secretary of Health and Human Services to investigate or determine our compliance with federal regulations, including those regarding government programs providing public benefits, (h) for research projects where your PHI has been de-identified, that is no longer identifies you by name or any distinguishing marks, and cannot be associated with you, (i) to a public or private entity to assist in disaster relief efforts authorized by law, (j) to family members, friends and others involved in your care, but only if you are present and give oral permission
Minimum Necessary Rule: We will use or disclose your PHI without your authorization for the above purposes only to the extent necessary, and will release only the minimum necessary amount of PHI to accomplish the purpose.
All Other Situations, With Your Specific Written Authorization
Except as otherwise permitted or required as described above, we may not use or disclose your PHI without your written authorization. Written authorization is required, among other uses and disclosures, for (1) most uses and disclosures of Psychotherapy Notes, (2) uses and disclosures for marketing purposes, (3) uses and disclosures that involve the sale of PHI and (4) other uses and disclosures not described in this Notice. Further, we are required to use or disclose your PHI consistent with the terms of your authorization. You may revoke your authorization to use or disclose any PHI at any time, except to the extent that we have taken action in reliance on such authorization, or, if you provided the authorization as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy. We will not sell your PHI or use your PHI for paid marketing or fundraising purposes without your written authorization; we do not plan to use your PHI in marketing or fundraising.
Special Handling of Psychotherapy Notes
“Psychotherapy Notes” are defined as records of communications during individual or family counseling which may be maintained in addition to and separate from medical or healthcare records. Psychotherapy Notes are only released with your specific written authorization except in limited instances, including: (a) if you sue us or place a complaint, we may use Psychotherapy Notes in our defense; (b) to the United States Department of Health and Human Services in an investigation of our compliance with HIPAA; (c) to health oversight agencies for a lawful purpose related to oversight of our practice; and (d) to the extent necessary to protect you or others from a serious imminent risk of danger presented by you. Health insurers may not condition treatment, payment, enrollment, or eligibility for benefits on obtaining authorization to review, or on reviewing, Psychotherapy Notes.
Your Rights With Respect to Your Protected Health Information
Under HIPAA, you have certain rights with respect to your PHI. The following is an overview of your rights and our duties with respect to enforcing those rights.
Right To Request Restrictions On Use Or Disclosure
You have the right to request restrictions on certain uses and disclosures of your PHI. While we are not required to agree to any requested restriction, if we agree to a restriction, we are bound not to use or disclose your protected healthcare information in violation of such restriction, except in certain emergency situations. We will not accept a request to restrict uses or disclosures that are otherwise required by law. If you have paid for our services in full yourself, out-of-pocket, then we must comply with your request to restrict those disclosures of your PHI that would otherwise be made for payment or healthcare operations, that are unnecessary because of your manner of payment. We require that all requests for restrictions be in writing and specify (1) the information to be restricted, (2) the type of restriction being requested, and (3) to whom the limits apply. You must also state a reason for the request. We will respond in writing to all requests within 30 days or receipt.
Right To Receive Confidential Communications By Alternative Means And At Alternative Locations
We must permit you to request and must accommodate reasonable requests by you to receive communications of PHI from us by alternative means or at alternative locations. We will ask you how you wish us to communicate with you. We must agree to your request if you inform us that certain of means of communicating with you will place you in danger.
Right To Inspect and Copy Your Protected Health Information, Including In Electronic Format
You have the right of access in order to inspect, and to obtain a copy of your PHI, including any PHI maintained in electronic format, except for (a) personal notes and observations of the treating provider, (b) information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, (c) health information maintained by us to the extent to which the provision of access to you is at our discretion, and we exercise our professional judgment to deny you access, and (d) health information maintained by us to the extent to which the provision of access to you would be prohibited by law.
We require written requests for copies of your PHI; they should be sent to our Privacy-Security Officer at the mailing address below. You may request your PHI in the format of your choice, and where feasible, we will comply. If you request a copy of your PHI, we will charge a fee for copying, or for electronic records, for labor and supplies. We reserve the right to deny you access to and copies of all or certain PHI as permitted or required by law. Upon denial of a request for access or request for information, we will provide you with a written denial specifying the basis for denial, a statement of your rights, and a description of how you may file an appeal or complaint.
Right To Amend Your Protected Health Information
You have the right to request that we amend your PHI, for as long as your medical record is maintained by us. We have the right to deny your request for amendment. We require that you submit written requests and provide a reason to support the requested amendment.
If we deny your request, we will provide you with a written denial stating the basis of the denial, your right to submit a written statement disagreeing with the denial, and a description of how you may file a complaint with us and/or the Secretary of the U.S. Department of Health and Human Services (DHHS). If we accept your request for amendment, we will make reasonable efforts to provide the amendment within a reasonable time to persons identified by you as having received PHI of yours prior to amendment and persons that we know have the PHI that is the subject of the amendment and that may have relied, or could foreseeably rely, on such information to your detriment. All requests for amendments shall be sent to our Privacy-Security Officer at the mailing address below.
Right To Receive An Accounting Of Disclosures Of Your PHI And Electronic Health Records
You have the right to receive a written accounting of all disclosures of your PHI for which you have not provided an authorization that we have made within the six (6) year period immediately preceding the date on which the accounting is requested. You may request an accounting of such disclosure for a period of time less than six (6) years from the date of the request. We require that you request an accounting in writing on a form that we will provide to you.
The accounting of disclosures will include the date of each disclosure, the name and, if known, the address of the entity or person who received the information, a brief description of the information disclosed, and a brief statement of the purpose and basis of the disclosure or, instead of such statement, a copy of your written authorization or written request for disclosure pertaining to such information. We are not required to provide accountings of disclosures for the following purposes: (a) treatment, payment, and healthcare operations, (b) disclosures pursuant to your authorization, (c) disclosures to you, (d) to other healthcare providers involved in your care, (e) for national security or intelligence purposes, (f) to correctional institutions, and (g) with respect to disclosures occurring prior to 4/14/2003. We reserve the right to temporarily suspend your right to receive an accounting of disclosures to health oversight agencies or law enforcement officials, as required by law. We will provide the first accounting to you in any twelve (12) month period without charge, but will impose a reasonable cost-based fee for responding to each subsequent request for accounting within that same twelve (12) month period. All requests for an accounting shall be sent to our Privacy-Security Officer at the mailing address below.
If we maintain any PHI in electronic form, then you may also request and receive an accounting of any disclosures of your electronic health records made for purposes of treatment, payment and health operations during the prior three (3) year period. Upon request, one list will be provided for free every twelve (12) months.
Right To Notification If There Is A Breach of Your Protected Health Information If there is a breach in our protecting your PHI, we will follow HIPAA guidelines to evaluate the circumstances of the breach, document our investigation, retain copies of the evaluation, and where necessary, report breaches to DHHS. Where a report is required to DHHS, we will also give you notification of any breach.
Business Associate Rule
Business Associates are entities that in the course of our business with them will obtain access to your PHI. They may use, transmit, or view your PHI on our behalf. Business Associates are prohibited from re-disclosing your PHI without your written consent, or unless disclosure is required by law. We enter into confidentiality agreements with our Business Associates called Business Associate Agreements, and they in turn enter into confidentiality agreements with their subcontractors, if any.
You may file a complaint with us and with the Secretary of DHHS if you believe that your privacy rights have been violated. Please submit any complaint to us in writing by mail to our Privacy-Security Officer at the mailing address below. A complaint must name the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable requirements of HIPAA or this Notice of Privacy Practices. A complaint must be received by us or filed with the Secretary of DHHS within 180 days of when you knew or should have known that the act or omission complained of occurred. You will not be retaliated against for filing any complaint. To file a complaint with the Secretary of DHHS, write or call:
The US Department of Health & Human Services
Office of Civil Rights
200 Independence Avenue, SW
Washington, DC 20201
Amendments to this Notice of Privacy Practices
We reserve the right to revise or amend this Notice of Privacy Practices at any time. These revisions or amendments may be made effective for all PHI we maintain even if created or received prior to the effective date of the revision or amendment. Upon your written request, we will provide you with notice of any revisions or amendments to this Notice of Privacy Practices, or changes in the law affecting this Notice of Privacy Practices, by mail or electronically within 60 days of receipt or your request.
Ongoing Access to Notice of Privacy Practices
We will provide you with a copy of the most recent version of this Notice of Privacy Practices at any time upon your written request sent to our Privacy-Security Officer at the mailing address below. For any other requests or for further information regarding the privacy of your PHI, and for information regarding the filing of a complaint, please contact us at the address, telephone number, or e-mail address listed above.
To Contact Us
This is our contact information referred to above.
Our Privacy-Security Officer is: Amorette Rojas. Our mailing address is: 295 Madison Avenue, New York, NY 10017. Our telephone number is: 646-559-9019. Our fax number is 646-957-9297. Our email address is [email protected]