NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION (PHI)
ABOUT YOU MAY BE USED AND DISCLOSED
AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
THE PRIVACY OF YOUR HEALTH INFORMATION IS IMPORTANT TO US.
OUR LEGAL DUTY
The Federal Trade Commission (FTC) has jurisdiction over Human Care Systems’ compliance with the Privacy Shield.
We are also required by law in all other countries and states in which we operate to maintain the privacy of your health information.
We must follow the privacy practices that are described in this Notice, which take effect on August 1, 2016.
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. If we do so, we will make the new version available on our website and upon your request.
You may request a copy of our Notice at any time. For more information about our privacy practices, or for additional copies of this Notice, please contact us using the information listed at the end of this Notice.
USES AND DISCLOSURES/ONWARD TRANSFERS OF HEALTH INFORMATION
We may use and disclose health information about you for treatment, payment, and healthcare operations. For example:
Treatment: We may disclose your health information to a physician or other healthcare provider providing treatment to you.
Payment: We may use and disclose your health information to assist you with insurance coverage and/or co-payment assistance you may be eligible to receive.
Healthcare Operations: We may use and disclose your health information in connection with our healthcare operations. Healthcare operations include quality assessment and improvement activities, reviewing the competence or qualifications and performance of healthcare professionals, conducting training programs, accreditation, certification, licensing or credentialing activities.
Your Authorization: In addition to our use of your health information for treatment, payment or healthcare operations, you may give us verbal or written authorization to use your health information or to disclose it to anyone for any purpose. If you give us an authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect. Unless you give us a verbal or written authorization, we cannot use or disclose your health information for any reason except those described in this Notice.
To You and Your Family and Friends: We must disclose your health information to you, as described in the Patient Rights section of this Notice. We may disclose your health information to a family member, friend or other person to the extent necessary to help with your healthcare or with payment for your healthcare, but only if you agree that we may do so.
Persons Involved In Care: We may use or disclose health information to notify, or assist in the notification of (including identifying or locating) a family member, your personal representative or another person responsible for your care, of your location, your general condition, or death. If you are present, then prior to use or disclosure of your health information, we will provide you with an opportunity to object to such uses or disclosures. In the event of your incapacity or emergency circumstances, we will disclose health information based on a determination using our professional judgment disclosing only health information that is directly relevant to the person’s involvement in your healthcare. We will also use our professional judgment and our experience with common practice to make reasonable inferences of your best interest in allowing a person to pick up filled prescriptions, medical supplies, x-rays, or other similar forms of health information.
Marketing Health-Related Services: We will not use your health information for marketing communications without your verbal or written authorization.
Required by Law: We may use or disclose your health information when we are required to do so by law.
Abuse or Neglect: We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, or domestic violence or the possible victim of other crimes. We may disclose your health information to the extent necessary to avert a serious threat to your health or safety or the health or safety of others.
Public Health: We may disclose your health information to public health officials. We may disclose your health information to a health oversight agency such as the United States Department of Health and Human Services or state department of health or government benefit programs such as Medicare or Medicaid for purposes relating to oversight of the health care system.
We may disclose your health information as authorized by, and in compliance with, laws relating to workers’ compensation and similar programs established by law that provide benefits for work-related illnesses and injuries without regard to fault.
National Security: We may disclose to military authorities the health information of Armed Forces personnel under certain circumstances. We may disclose to authorized federal officials health information required for lawful intelligence, counterintelligence, and other national security activities.
Law Enforcement and Judicial Processes: We may disclose to a correctional institution or law enforcement official having lawful custody of an inmate or patient under certain circumstances. We may disclose your health information to law enforcement officials for law enforcement purposes. We may disclose your health information in the course of a judicial or administrative proceeding in response to a court order, subpoena, discovery request or other lawful process. We may disclose your health information to a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other purposes as authorized by law. We may also disclose your PHI to funeral directors as necessary to carry out their duties. We may disclose your health information to organizations involved in the procurement, banking, or transplantation of cadaveric organs, eyes or tissue, for the purpose of facilitating organ and tissue donation where applicable.
Research: We may disclose your health information for the purpose of research. We will only disclose your health information for research purposes without your express authorization if the research protocol has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
Appointment Reminders: We may use or disclose your health information to provide you with appointment reminders (such as voicemail messages, text messages, postcards, emails, or letters).
Business Associates: We may disclose your health information to business associates who provide activities on behalf of us. Examples of when we may use a business associate include consulting and quality assurance activities provided by an outside consultant, audits performed by an outside auditor, and other legal and consulting services provided from time to time. If we provide your health information in such a manner, we will require our business associate to appropriately protect your information.
Human Care Systems is liable for appropriate onward transfers of personal data to third parties.
Access: You have the right to look at or get copies of your health information, with limited exceptions. You may request that we provide copies in a format other than photocopies. We will use the format you request unless we cannot possibly do so. You may request and receive an electronic copy of your health information if we maintain your information in an electronic health record. You must make a verbal or written request to obtain access to your health information. You may obtain a form to request access to or a copy of your health information from us. We may charge you a reasonable cost-based fee for expenses such as copies and staff time. If you request an alternative format, we may charge a cost-based fee for providing your health information in that format. If you prefer, we will prepare a summary or an explanation of your health information for a fee.
Disclosure Accounting: You have the right to receive a list of instances in which we or our business associates disclosed your PHI for purposes other than treatment, payment, healthcare operations and certain other activities for the last 6 years. However, if you request an accounting of disclosures of your health information, the accounting may include disclosures made for the purpose of treatment, payment and health care operations to the extent that disclosures are made through an electronic health record. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests.
Restriction: You have the right to request that we place additional restrictions on our use or disclosure of your health information. We are not required to agree to these additional restrictions unless you pay for a service entirely out-of-pocket. If you pay for services out-of-pocket, you may request that information regarding the service be withheld and not provided to a health coverage carrier. If we do agree to additional restrictions, we will abide by our agreement (except as permitted or required by law).
Alternative Communication: You have the right to request that we communicate with you about your health information by alternative means or to alternative locations. Your request must specify the alternative means or location, and provide satisfactory explanation how payments will be handled under the alternative means or location you request.
Amendment: You have the right to request that we revise your health information, and must explain why the information should be revised. We may deny your request under certain circumstances.
RENEWAL & VERIFICATION
Human Care Systems will renew its EU Privacy Shield certification annually, unless it subsequently determines that it no longer needs such certification or if it employs a different adequacy mechanism.
Prior to re-certification, Human Care Systems will conduct an in-house verification to ensure that its attestations and assertions with regard to its treatment of health information are accurate and that the company has appropriately implemented these practices. Specifically, as part of the verification process, Human Care Systems will undertake the following:
3. Ensure that this Policy continues to comply with the Privacy Shield principles
4. Confirm that you are made aware of the process for addressing complaints and any independent dispute resolution process
5. Review its processes and procedures for training Employees about Human Care Systems’ participation in the Privacy Shield program and the appropriate handling of health information.
QUESTIONS AND COMPLAINTS
If you want more information about our privacy practices or have questions or concerns, please contact us.
If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made about access to your health information or in response to a request you made to revise or restrict the use or disclosure of your health information or to have us communicate with you by alternative means or at alternative locations, you may send a complaint to: Thom Doyle at firstname.lastname@example.org or 84 State St, Boston, MA 02109. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request.
We support your right to the privacy of your health information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
In compliance with the US-EU Privacy Shield Principles, Human Care Systems commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with questions or concerns about the use of their Personal Data should contact us at: email@example.com.
If a Customer’s question or concern cannot be satisfied through this process, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism.
EU Data Protection Authorities (DPAs) are Human Care Systems’ independent recourse mechanism for Privacy Shield Complaints. Human Care Systems commits to cooperating with EU data protection authorities (DPAs) with regard to human resources and non-human resources data transferred from the EU in context of the employment relationship.