I. Understanding your medical health information

Each time you visit a hospital, physician, or other healthcare provider, the provider makes a record of your visit. Typically, this record contains your health history, current symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information, often referred to as your medical record, serves as a:

·          Basis for planning your care & treatment

·          Means of communication between those professionals that contribute to your care

·          Legal document describing the care you received

·          Means by which you and your payer source can verify charges for services

·          A medical education tool

·          A source of information for public health officials charged with improving community health

·          A tool to assess the appropriateness and quality of care you receive

·          A tool to improve the quality of healthcare and achieve better patient outcomes

Understand what is in your health records and how your health information is used helps you to:

·          Ensure its accuracy and completeness

·          Understand who, what, where, why and how others may have access to your health information

·          Make informed decision about authorizing disclosure to others

·          Better understand the health information rights detailed below

II. Your rights under the Federal Privacy Standard

 Although your health records are the physical property of your healthcare provider, you have certain rights with regard to the information contained in your records. You have the right to:

·          Request restriction on uses and disclosures of your health information for treatment, payment, and health care operations. “Health care operations” consist of activities that are necessary to carry out the operations of the provider, such as quality assurance and peer review. The right to request restriction does not extend to uses or disclosures permitted or required under HHS 164.502 (a)(2)(l) (disclosures to you), or 164.512(uses and disclosures not requiring a consent or an authorization). The latter uses and disclosures include, for example, those required by law, like mandatory communicable disease reporting. In those cases, you do not have a right to request restriction. The Consent to use and disclose your individually identifiable health information providers the ability to request restriction. We do not, however, have to agree to the restriction. If we do, however, we will adhere to it unless you request otherwise or we will give you advance notice. You may also ask us to communicate with you by alternate means and, if the method of communication is reasonable, we must grant the alternate communication request. Again, see the consent form.

·          Obtain a copy of this notice of information practices. We have posted copies in prominent locations throughout our facilities, and we have posted this on our website; however, you have a right to a hard copy upon request.

·          Revoke your consent(s) or authorization(s) to use or disclose health information, except to the extent that we have already taken action in reliance on the consent and authorization.

·          Inspect and copy your health information upon request. Again, this right is not absolute. In certain situations, such as if access would cause harm, we can deny access. You do not have a right to access any of the following:

o         Psychotherapy notes. Such notes comprise those that are recorded in any medium by a healthcare private counseling session or a group, joint, or family counseling session and that are separated from the rest of your medical record.

o         Information compiled in reasonable anticipation of or for use in civil, criminal, or administrative actions or proceedings.

o         Protected Health Information (PHI) that is subject to the Clinical Laboratory Improvement Amendments of 1988 (CLIA), 42 U.S.C. 263a, to the extent that the provision of access to the individual would be prohibited by law.

o         Information was obtained from someone other than a healthcare provider under the promise of confidentiality and access requested would be reasonably likely to reveal the source of information.

o         In other situations, the provider may deny you access but, if it does, the provider must provide you with a review of the decision denying access. These “reviewable” grounds for denial may include:

§          Licensed healthcare professional has determined, in the exercise of professional judgment, that the access is reasonably likely to endanger the life or physical safety of the individual or another person.

§          PHI makes reference to another person (other than a healthcare provider) and a licensed healthcare provider has determined, in the exercise of professional judgment, that the access is likely to cause substantial harm to such other person.

§          The request if made by the individual’s personal representative and a licensed healthcare professional has determined, in the exercise of professional judgment, that the provider of access to personal information is reasonably likely to cause substantial harm to the individual or another person.

For these reviewable grounds, another licensed professional must review the decision of the healthcare provider denying access within 60 days. If we deny you access, we will explain why and what your rights are, including how to seek review. If we grant access, we will tell you what, if anything, you will have to do to get access. We reserve the right to charge a reasonable, cost-based fee for making copies of your medical record.

·          Request amendment/correction of your health information. We do not have to grant the request if:

o         We did not create the record. If, as in the case of a consultation report from another provider, we did not create the record, we cannot validate its accuracy. Thus, in such cases, you must seek amendment and/or correction from the provider creating the record. If they amend or correct the record, we will include the corrected information in our records.

o         The records are not available to you on grounds noted above.

o         The record is accurate and complete

If we deny your request for amendment and/or correction, we will notify you why, how you can attach a statement of disagreement to your records (which we may rebut), and how you can complain. If we grant the request, we will make the correction and distribute the correction to those who need it and those you identify to us that you want to receive the corrected information.

·          Obtain an accounting of “non-routine” uses and disclosures-those other than for treatment, payment and health care operations. We are not required to provide an accounting for:

o         National security or intelligence purposes under HHS 164.512(k) (2)(disclosures not requiring consent, authorization, or an opportunity to object, see chapter 16).

o         Correctional institutions or law enforcement officers under HHS 164.512(k)(5) (disclosures not requiring consent, authorization, or an opportunity to object).

o         A “non-routine” use and disclosure that occurred before April 15, 2003.

We must provide an accounting within 60 days of your request. The accounting must include:

o         Date of each disclosure;

o         Name and address of the organization and/or person who received the protected health information (PHI);

o         Brief description of the information disclosed;

o         Brief statement of the purpose of the disclosure that reasonably informs you of the basis for the disclosure, or, in lieu of such statement, a copy of your signed authorization, or a copy of the request for disclosure.

The first accounting in any 12-month period is free. Thereafter, we reserve the right to charge a reasonable, cost-based fee.

III.               Our Responsibilities under the Federal Privacy & Security Standards

In addition to identifying your rights detailed above, the federal privacy & security standards require us to:

o         Maintain the privacy of your health information, including implementing reasonable and appropriate physical, administrative, and technical safeguards to protect the information.

o         Provide you with this notice as to our legal duties and privacy practices with respect to individually identifiable health information that we collect and maintain about you.

o         Abide by the terms of this notice.

o         Educate our personnel concerning privacy, security, and confidentiality.

o         Implement a sanction policy to discipline those who breach privacy/security/confidentiality rules or our policies with regard thereto.

o         Lessen the harm of any breach of privacy/security/confidentiality.

Cornerstone of Recovery, Inc. reserves the right to change our practices and to make the new provisions effective for all individually identifiable health information we maintain. Should we change our information practices, we will provide a revised notice to the address you have supplied us, at your request.

If you have any questions or would like additional information, you may contact the Director of Information Management & Privacy Officer at Cornerstone of Recovery, Inc. at 865-970-7747.

Revision September, 2007