THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU
MAY BE USED AND DISCLOSED,
AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW THIS NOTICE CAREFULLY.
The following information is mandatory legal information we are required to give all clients. If you work with The HAVEN Place as a client you will be given a copy and asked to sign a receipt stating this information has been reviewed with you and a copy given to you.
Maintaining your privacy and confidentiality is important to us. The following is mandatory information we have to review with all our clients. At the end of the document we’ve listed several ways you can file a complaint if you feel we’ve violated your privacy. We would like you to address any privacy concerns you might have with us first, but you are always free to file a complaint without notifying us.
Your health record contains personal information about you and your health. This is information that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services. This information is referred to as Protected Health Information (“PHI”). This Notice of Privacy Practices describes how The HAVEN Place may use and disclose your PHI in accordance with applicable law, including the Health Insurance Portability and Accountability Act (“HIPAA”), regulations promulgated under HIPAA including the HIPAA Privacy and Security Rules, and the NASW Code of Ethics. It also describes your rights regarding how you may gain access to and control your PHI.
The HAVEN Place is required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI. The HAVEN Place is required to abide by the terms of this Notice of Privacy Practices. The HAVEN Place reserves the right to change the terms of our Notice of Privacy Practices at any time. Any new Notice of Privacy Practices will be effective for all PHI that we maintain at that time. We will provide you with a copy of the revised Notice of Privacy Practices by posting a copy on our website, sending a copy to you in the mail upon request or providing one to you at your next appointment.
Information In this section describes how we protect your privacy internally. Following sections describe how your personal information may be legally used as well as how you may file a complaint if you feel your privacy has been violated.
If we see each other in public we will not greet you or acknowledge you in order to protect your privacy. You are free to approach and greet us if you choose to do so.
We will not divulge any information about you without your written permission, with the following exceptions:
- We have to and will report anything we hear or see that may indicate your intent to hurt yourself or others.
- We have to and will report anything we hear or see that may indicate child abuse or neglect.
- We have to and will report anything we hear or see that may indicate elder abuse or neglect.
- We do not keep secrets in family or couples therapy. What one party tells us the other party has a right to know about unless doing so would, in our opinion, endanger a person in that couple or family. In such a case we will report the concern to the appropriate authorities.
The hardcopy assessment package you provide us will contain PHI. We protect this hardcopy data with an alarmed facility and three physical locks. You will be assigned a unique sequence number during your assessment. This number will not be tied (hardcopy or electronic record) to your name or other PHI. Electronic data / notes will not contain PHI but will reflect your unique sequence number. Electronic data is protected by four layers of passwords. At the conclusion of therapy, PHI in hardcopy data will be blacked out and your data will then be scanned into a secure, password protected file for long term storage.
We maintain a separate database containing contact information. This database does not contain either your unique identifier or clinical data. This database is protected by three layers of passwords. There is a separate database containing your first name, last initial, unique identifier and password for that identifier. This database is again protected by three layers of passwords.
If you download PDF files from the website we will record your name and email address. That information will not be divulged by The HAVEN Place without your written permission.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU
For Treatment. Your PHI may be used and disclosed by those who are involved in your care for the purpose of providing, coordinating, or managing your health care treatment and related services. This includes consultation with clinical supervisors or other treatment team members. We may disclose PHI to any other consultant only with your authorization.
For Payment. We may use and disclose PHI so that we can receive payment for the treatment services provided to you. This will only be done with your authorization. Examples of payment-related activities are: making a determination of eligibility or coverage for insurance benefits, processing claims with your insurance company, reviewing services provided to you to determine medical necessity, or undertaking utilization review activities. If it becomes necessary to use collection processes due to lack of payment for services, we will only disclose the minimum amount of PHI necessary for purposes of collection. [NOTE: The HAVEN Place does not bill insurance. This paragraph is null and void at this time.]
For Health Care Operations. We may use or disclose, as needed, your PHI in order to support our business activities including, but not limited to, quality assessment activities, employee review activities, licensing, and conducting or arranging for other business activities. For example, we may share your PHI with third parties that perform various business activities (e.g., billing or typing services) provided we have a written contract with the business that requires it to safeguard the privacy of your PHI. For training or teaching purposes PHI will be disclosed only with your authorization.
Required by Law. Under the law, we must disclose your PHI to you upon your request. In addition, we must make disclosures to the Secretary of the Department of Health and Human Services for the purpose of investigating or determining our compliance with the requirements of the Privacy Rule.
Without Authorization. Following is a list of the categories of uses and disclosures permitted by HIPAA without an authorization. Applicable law and ethical standards permit us to disclose information about you without your authorization only in a limited number of situations.
As a social worker licensed in this state and as a member of the National Association of Social Workers, it is my practice to adhere to more stringent privacy requirements for disclosures without an authorization. The following language addresses these categories to the extent consistent with the NASW Code of Ethics and HIPAA.
Child Abuse or Neglect. We may disclose your PHI to a state or local agency that is authorized by law to receive reports of child abuse or neglect.
Judicial and Administrative Proceedings. We may disclose your PHI pursuant to a subpoena (with your written consent), court order, administrative order or similar process.
Deceased Patients. We may disclose PHI regarding deceased patients as mandated by state law, or to a family member or friend that was involved in your care or payment for care prior to death, based on your prior consent. A release of information regarding deceased patients may be limited to an executor or administrator of a deceased person’s estate or the person identified as next-of-kin. PHI of persons that have been deceased for more than fifty (50) years is not protected under HIPAA.
Medical Emergencies. We may use or disclose your PHI in a medical emergency situation to medical personnel only in order to prevent serious harm. Our staff will try to provide you a copy of this notice as soon as reasonably practicable after the resolution of the emergency.
Family Involvement in Care. We may disclose information to close family members or friends directly involved in your treatment based on your consent or as necessary to prevent serious harm.
Health Oversight. If required, we may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies and organizations that provide financial assistance to the program (such as third-party payors based on your prior consent) and peer review organizations performing utilization and quality control.
Law Enforcement. We may disclose PHI to a law enforcement official as required by law, in compliance with a subpoena (with your written consent), court order, administrative order or similar document, for the purpose of identifying a suspect, material witness or missing person, in connection with the victim of a crime, in connection with a deceased person, in connection with the reporting of a crime in an emergency, or in connection with a crime on the premises.
Specialized Government Functions. We may review requests from U.S. military command authorities if you have served as a member of the armed forces, authorized officials for national security and intelligence reasons and to the Department of State for medical suitability determinations, and disclose your PHI based on your written consent, mandatory disclosure laws and the need to prevent serious harm.
Public Health. If required, we may use or disclose your PHI for mandatory public health activities to a public health authority authorized by law to collect or receive such information for the purpose of preventing or controlling disease, injury, or disability, or if directed by a public health authority, to a government agency that is collaborating with that public health authority.
Public Safety. We may disclose your PHI if necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. If information is disclosed to prevent or lessen a serious threat it will be disclosed to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat.
Research. PHI may only be disclosed after a special approval process or with your authorization.
Verbal Permission. We may also use or disclose your information to family members that are directly involved in your treatment with your verbal permission.
With Authorization. Uses and disclosures not specifically permitted by applicable law will be made only with your written authorization, which may be revoked at any time, except to the extent that we have already made a use or disclosure based upon your authorization. The following uses and disclosures will be made only with your written authorization: (i) most uses and disclosures of psychotherapy notes which are separated from the rest of your medical record; (ii) most uses and disclosures of PHI for marketing purposes, including subsidized treatment communications; (iii) disclosures that constitute a sale of PHI; and (iv) other uses and disclosures not described in this Notice of Privacy Practices.
YOUR RIGHTS REGARDING YOUR PHI GENERAL INFORMATION
You have the following rights regarding PHI we maintain about you. To exercise any of these rights, please submit your request in writing to us The HAVEN Place:
- Right of Access to Inspect and Copy. You have the right, which may be restricted only in exceptional circumstances, to inspect and copy PHI that is maintained in a “designated record set”. A designated record set contains mental health/medical and billing records and any other records that are used to make decisions about your care. Your right to inspect and copy PHI will be restricted only in those situations where there is compelling evidence that access would cause serious harm to you or if the information is contained in separately maintained psychotherapy notes. We may charge a reasonable, cost-based fee for copies. If your records are maintained electronically, you may also request an electronic copy of your PHI. You may also request that a copy of your PHI be provided to another person.
- Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information although we are not required to agree to the amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy. Please contact the Privacy Officer if you have any questions.
- Right to an Accounting of Disclosures. You have the right to request an accounting of certain of the disclosures that we make of your PHI. We may charge you a reasonable fee if you request more than one accounting in any 12-month period.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the use or disclosure of your PHI for treatment, payment, or health care operations. We are not required to agree to your request unless the request is to restrict disclosure of PHI to a health plan for purposes of carrying out payment or health care operations, and the PHI pertains to a health care item or service that you paid for out of pocket. In that case, we are required to honor your request for a restriction.
- Right to Request Confidential Communication. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. We will accommodate reasonable requests. We may require information regarding how payment will be handled or specification of an alternative address or other method of contact as a condition for accommodating your request. We will not ask you for an explanation of why you are making the request.
- Breach Notification. If there is a breach of unsecured PHI concerning you, we may be required to notify you of this breach, including what happened and what you can do to protect yourself.
- Right to a Copy of this Notice. You have the right to a copy of this notice.
If you believe we have violated your privacy rights, you have the right to file a complaint in writing with us at The HAVEN Place LLC or with the Secretary of Health and Human Services at 200 Independence Avenue, S.W. Washington, D.C. 20201 or by calling (202) 619-0257.
Additionally, you may file a complaint with the Florida Health Department at http://www.floridahealth.gov/licensing-and-regulation/enforcement/index.html, Disability Rights of Florida at http://www.disabilityrightsflorida.org/, 1-800-342-0823, or the Florida Abuse Hotline at http://www.myflfamilies.com/service-programs/abuse-hotline, 1-800-962-2873 if you feel your rights have been violated or abuse has occurred during your treatment.
We will not retaliate against you for filing a complaint.
- What personal information is collected from you through the website, how it is used, and with whom it may be shared.
- What choices are available to you regarding the use of your data.
- The security procedures in place to protect the misuse of your information.
- How you can correct any inaccuracies in the information.
Information Collect, Use, and Sharing
We are the sole owners of the information collected on this website. We only have access to and collect information that you voluntarily give us via downloading, email, or other direct contact from you. We will not sell or rent this information to anyone. We will use your information to respond to you regarding the reason you contacted us. We will not share your information with any third party outside our organization. Unless you ask us not to, we may contact you via email in the future.
Your Access to and Control over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting The HAVEN Place, LLC:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data that we have about you.
- Express any concern about our use of your data.
Your privacy is important to us and we take precautions to protect your information. The computers / servers in which we store personally identifiable information are kept in a secure environment and have antivirus/hacker free security measures installed.
The effective date of this Notice is June 2018.