HIPAA Notice of Privacy Practices | Beatrice Loving Heart

**Effective Date:** August 1, 2016

This Notice of Privacy Practices describes how Beatrice Loving Heart (BLH) may use and disclose your protected health information (PHI) and outlines your rights regarding this information. PHI refers to individually identifiable health information that relates to your past, present, or future physical or mental health or condition, as well as related health care services, which is maintained or transmitted by BLH.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates the use and disclosure of PHI by certain health care providers. We are committed to protecting your medical information and abiding by the terms of this Notice. You may request a paper copy at any time, even if you received this electronically. For questions, contact yourprivacymatters@blhnurses.com

Under federal law, we must:

Ensure that PHI identifying you is kept private.

Provide you with this Notice of our legal duties and privacy practices.

Adhere to the terms of the current Notice.

This Notice applies to all medical records maintained by BLH.

How We May Use and Disclose Your Medical Information

HIPAA permits the use and disclosure of your PHI without your permission for treatment, payment, and health care operations, among other purposes. The following provides examples of common uses and disclosures, though it is not exhaustive. We strive to limit disclosures to the minimum necessary information.

Uses and Disclosures for Treatment, Payment, and Health Care Operations

Treatment: We may use or disclose your PHI to facilitate medical treatment or services. This includes sharing information with healthcare providers, such as doctors, nurses, technicians, or medical students, who are involved in your care. For instance, we may share details with physicians treating you.

Payment: We may use or disclose your PHI to determine eligibility for benefits, facilitate payment for services, assess coverage, or coordinate benefits. Examples include sharing medical history with your health insurance company or assisting in payment collection.

Health Care Operations: We may use or disclose your PHI for operational purposes, such as quality assessment, clinical improvement, medical reviews, audits, fraud detection, business planning, cost management, and administrative activities. For example, we may review information to evaluate program effectiveness.

Fundraising Activities: We may use demographic information (e.g., name, address, contact details, age, gender, birthdate), service dates, programs, providers, and outcomes to contact you for fundraising benefiting BLH. Opt-out instructions are included in all fundraising communications.

Disclosure to Others Involved in Your Care: We may share relevant PHI with relatives, friends, or others you identify if it pertains to their involvement in your care or payment. For example, we may verify claim status for a family member or caregiver with prior knowledge.

Workers’ Compensation: We may disclose PHI for workers’ compensation or similar programs related to work-related injuries or illnesses.

Compliance with Federal and State Requirements: We must disclose PHI when required by law, such as to government agencies, law enforcement, in response to judicial orders or subpoenas, or for public interest matters (e.g., reporting abuse, threats to safety, or national security). We may also disclose to health oversight agencies for audits, investigations, or licensure.

To Avert a Serious Threat to Health or Safety: We may disclose PHI to prevent serious threats to you or others, limited to those who can help mitigate the threat (e.g., in physician licensure proceedings).

Military and Veterans: If you are in the armed forces, we may disclose your PHI as required by military authorities or, for foreign personnel, to the appropriate foreign authorities.

Business Associates: We may share PHI with contracted business associates who assist our operations, under agreements requiring HIPAA compliance.

Other Uses: These include disclosures for organ donation (to procurement organizations), to coroners or medical examiners, or to correctional institutions or law enforcement if you are an inmate.

We may also contact you about treatment alternatives or health-related benefits. Uses and disclosures not described here require your written authorization, including most psychotherapy notes, marketing purposes, or sales of PHI. You may revoke authorizations in writing, except for actions already taken. Stricter state or federal laws will be followed if applicable.

Your Rights Regarding Your Medical Information

You have the following rights concerning PHI we maintain:

Right to Inspect and Copy: You may inspect and obtain a copy of your PHI in a designated record set. We may charge fees for copying, mailing, or supplies. Denials are rare and reviewable. If we do not maintain the information, we will direct you appropriately.

Right to Amend: You may request amendments if information is incorrect or incomplete, providing a written reason. We may deny requests if not in writing, unsupported, or for information not created or maintained by us, not inspectable, or already accurate.

Right to an Accounting of Disclosures: You may request a list of certain disclosures (e.g., for public health or law enforcement) over up to six years (not before April 14, 2003). Exclusions include disclosures for treatment, payment, operations, to you, incidental ones, authorized ones, to family/friends, for national security, or limited data sets. The first request in 12 months is free; subsequent ones may incur costs. For electronic health records, accounting covers up to three years, with specific effective dates based on record creation.

Right to Request Restrictions: You may request limits on uses or disclosures for treatment, payment, operations, or to involved parties. We are not required to agree, but will comply if the disclosure is for non-treatment payment/operations and pertains to fully out-of-pocket services (effective February 17, 2010). Requests must be written, specifying the information, scope, and recipients. Agreed restrictions may be terminated later.

Right to Request Confidential Communications: You may request alternative communication methods or locations (e.g., work only). We will accommodate reasonable written requests without requiring a reason.

Submit requests to the contact at the bottom of this page.

Breach Notification

We are committed to protecting your PHI. In the event of a breach of unsecured PHI under the HITECH Act, we will notify you in writing (or via email if agreed) within 60 days. The notice will include:

A description of the breach.

Types of information involved.

Protective steps you should take.

Our investigation, mitigation, and prevention efforts.

Contact information.

For breaches affecting 10 or more individuals with insufficient contact details, we will post notices on our website or in major media. For fewer than 10, alternative notice methods will be used. Substitute notices include a toll-free number to check involvement.

Changes to This Notice

We may revise this Notice at any time, with changes applying to all existing and future PHI. Revised notices will be posted on the website listed on page 1, and copies are available upon request.

Complaints

If you believe your privacy rights were violated, file a written complaint with us (contact in Section 8) or the Secretary of the U.S. Department of Health and Human Services. No penalties will apply for complaints.

Other Uses of Medical Information

Uses and disclosures not covered by this Notice or applicable laws require your written permission. You may revoke permissions in writing, halting future uses/disclosures, though prior ones cannot be retracted.

Effective Date

August 1, 2016.

Contact Information

Direct all correspondence to: yourprivacymatters@blhnurses.com