• About Us
  • President/CEO's Message
  • History
  • Mission & Values
  • Board of Directors & Executive Management
  • FAQs
• Services
  • Health Care Services
  • Education Services
  • Residential Services
  • Adult Day Services
    • Respite
    • Adult Day Treatment
    • Group Day Habilitation Services
    • Service Coordination
      • Medicaid Service Coordination
      • Family Forum
    • The Vocational Rehab Division
      • Package Pros Plus
      • The Employment Connection
      • Ticket to Work
      • Tele-Touch
    • The Self-Advocacy Groups
    • Community Habilitation Services
  • The Community Programs Center of LI, Inc.
• Support Us
  • Make A Donation
  • Events
    • Trivia Challenge Finals
    • Golf Classic
    • Neighborhood Scramble
    • 5K Walk & Wheel
    • Gala Dinner Dance
  • Planned Giving
  • Ways To Contribute
    • Tributes
    • Note Cards
    • UCP Gourmet Cookbook
    • Appeals
    • Vehicle Donation
  • Volunteer
• News
  • Press Releases
  • Archived Press Releases
  • Newsletter
  • Archived Newsletters
• Careers
  • Adult Day Services
  • Education
  • Administration
  • Residential
  • Health Center
  • Other
• Resources
• Contact Us
  • Locations
  • Directions
  • Directory

 

HIPAA Notice
(printable PDF version)

Home > HIPAA Notice

HIPAA Notice

UNITED CEREBRAL PALSY ASSOCIATION OF GREATER SUFFOLK, INC.

NOTICE OF PRIVACY PRACTICES

Effective Date:  February 17, 2010

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT OUR PARTICIPANTS MAY BE USED AND DISCLOSED, AND HOW OUR PARTICIPANTS, THEIR GUARDIANS AND/OR THEIR PERSONAL RESPRESENTATIVES, CAN GET ACCESS TO THIS INFORMATION.  GUARDIANS AND PERSONAL REPRESENTATIVES SHOULD BE AWARE THAT THE WORD “YOU” IN THIS NOTICE REFERS TO THE PARTICIPANT, NOT TO THE GUARDIAN.  PLEASE REVIEW IT CAREFULLY.

We are required by law to protect the privacy of health information that may reveal your identify, and to provide you with a copy of this notice which describes the health information privacy practices of our agency, its staff, and affiliated health care providers that jointly provide treatment, and perform payment activities and business operations, with our agency.  A copy of our current notice will always be posted in our reception area.  You will also be able to obtain a copy by accessing our website at www.ucp-suffolk.org, calling our office at (631) 232-0011, extension 568, or asking for one at the time of your next visit.

If you have any questions about this notice or would like further information, please contact Chief Privacy Officer at (631) 242-0011, extension 568.

IMPORTANT SUMMARY INFORMATION

Requirement For Written Authorization.  We will generally obtain your written authorization before using your health information or sharing it with others outside the agency.  You may also initiate the transfer of your records to another person by completing an authorization form.  If you provide us with written authorization, you may revoke that authorization at any time, except to the extent that we have already relied upon it.  To revoke an authorization, please write to Chief Privacy Officer at 250 Marcus Blvd., Hauppauge, NY 11788.

Page 1. (Return to Top)

Exceptions To Written Authorization Requirement.  There are some situations when we do not need your written authorization before using your health information or sharing it with others.  They are:

• We will generally request your general consent to use and disclose your health information  to treat your condition, collect payment for that treatment, or run our agency’s normal business operations.  We will not ask your consent when your actions imply that you consent.  An example of an implied consent is a family member present when a health care provider treats you.
• Exception In Emergencies Or Public Need.  We may use or disclose your health information in an emergency or for important public needs. For example, we may share your information with public health officials at the New York State or county health departments  who are authorized to investigate and control the spread of diseases.  For more examples, see pages 6 – 9.
• Exception If Information does Not Identify You.  We may use or disclose your health         information if we have removed any information that might reveal who you are.

How To Access Your Health Information.  You generally have the right to inspect and copy your health information.  For more information, please see page 9 of this notice.

How To Correct Your Health Information.  You have the right to request that we amend your health information if you believe it is inaccurate or incomplete.  For more information, please see page 10 of this notice.

How To Keep Track Of The Ways Your Health Information Has Been Shared With Others.  You have the right to receive a list from us, called an “accounting list,” which provides information about when and how we have disclosed your health information to outside persons or organizations.  Many routine disclosures we make will not be included on this accounting list, but the accounting list will identify non-routine disclosures of your information.  For more information, please see page 10 of this notice.

How To Request Additional Privacy Protections.  You have the right to request further restrictions on the way we use your health information or share it with others.  We are not required to agree to the restriction you request, but if we do, we will be bound by our agreement.  For more information, please see page 11 of this notice.

How To Request More Confidential Communications.  You have the right to request that we contact you in a way that is more confidential for you, such as at work instead of at home.  We will try to accommodate all reasonable requests.  For more information, please see page 11 of this notice.

Page 2. (Return to Top)

When A Notice of Breach Is Issued.  We will provide written notice to you in the event that unsecured personal health information is breached and we determine that the breach poses a risk of significant harm.  Written notice will be provided in the form of a Notice of Breach, which is to be used only in the event of an actual breach.  This applies to all breaches occurring on or after September 23, 2009.  For more information, please see page 13 of this notice.

How Someone May Act On Your Behalf.  You have the right to name a personal representative who may act on your behalf to control the privacy of your health information.  Parents and guardians will generally have the right to control the privacy of health information about minors unless the minors are permitted by law to act on their own behalf.

How To Obtain A Copy Of This Notice.  You have the right to a paper copy of this notice.  You may request a paper copy at any time, even if you have previously agreed to receive this notice electronically.  To do so, please call Chief Privacy Officer at (631) 232-0011, extension 568.  You may also obtain a copy of this notice from our website at www.ucp-suffolk.org, or by requesting a copy at your next visit.

How To Obtain A Copy Of Revised Notice.  We may change our privacy practices from time to time.  If we do, we will revise this notice so you will have an accurate summary of our practices.  The revised notice will apply to all of your health information, and we will be required by law to abide by its terms.  We will post any revised notice in our agency reception area.  You will also be able to obtain your own copy of the revised notice by accessing our website at www.ucp-suffolk.org, or call our office at (631) 232-0011, extension 568, or asking for one at the time of your next visit.  The effective date of the notice will always be noted in the top right corner of the first page.

How To File A Complaint.  If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services.  To file a complaint with us, please contact Chief Privacy Officer at (631) 232-0011, extension 568.  No one will retaliate or take action against you for filing a complaint.

WHAT HEALTH INFORMATION IS PROTECTED

We are committed to protecting the privacy of information we gather about you while providing health-related services.  Some examples of protected health information are:

Page 3. (Return to Top)

• The fact that you are a participant at, or receiving treatment or health-related services from, our agency;
• Information about your health condition (such as a disease you may have);
• Information about health care products or services you have received or may receive in the future (such as a medication or treatment); or
• Information about your health care benefits under an insurance plan (such as whether a prescription is covered;

When combined with:

• Geographic information (such as where you live or work);
• Demographic information (such as your race, gender, ethnicity or marital statue);
• Unique numbers that may identify you (such as your social security number, your phone number, or your driver’s license number); and
• Other types of information that may identify who you are.

HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION
WITHOUT YOUR WRITTEN AUTHORIZATION

1.    Treatment Payment And Agency Business Operations

With your consent, our agency and staff may use your health information or share it with others in order to treat your condition, obtain payment for that treatment, and run the agency’s normal business operations.  Your health information may also be shared with   affiliated agencies so that they may jointly perform certain payment activities and business operations along with our agency.  Your health information also may be disclosed to another health care provider for its treatment and payment activities, and or certain limited business operations by it.  Below are further examples of how your information may be used and disclosed by our agency.

Page 4. (Return to Top)

Treatment.  (45 C.F.R.  §§  164.506(1) and (2)).  We may share your health information with doctors, nurses, therapists, aides, service coordinators and other health care professionals at our agency who are involved in providing services to you, and they may in turn use that information to diagnose or treat you, or to develop a plan of services for you.  A health care professional at our agency may share your health information with another health care professional inside our agency.  With your consent, we may share your health information with a health care professional at another agency to determine how to diagnose or treat you, or with another agency or provider to whom you have been referred for further health care.  Finally, with your consent we may share your health information with others outside the agency as necessary, to carry out your treatment plan; for example, we may disclose certain information about your health to a prospective employer in connection with a job placement or training program.

Payment.  With your consent, we may use your health information or share it with others so that we may obtain payment for your health care services.  For example, we may share information about you with your health insurance company in order to obtain reimbursement after we have provided services to you.  In some cases, we may share information about you with your health insurance company to determine whether it will cover your services.  We might also need to inform your health insurance company about your health condition in order to obtain pre-approval for your services, such as care provided at a residential treatment facility.  Finally, we may share your health information with other providers and payors for their payment activities.

Business Operations.  We may use your health information or share it with others in order to conduct our normal business operations.  For example, we may use your health information to evaluate the performance of our staff in caring for you, or to educate our staff on how to improve the care they provide for you.  With your consent, we may also share your health information with another company that performs business services for us, such as billing companies.  If so, we will have a written agreement to ensure that this company also protects the privacy of your health information.  Finally, we may share your health information with other providers and payors for certain of their business operations if that other party also has or had a treatment or payment relationship with you, and in that event we will only share information that pertains to that relationship.

Appointment Reminders, Treatment Alternatives, Benefits And Services.  We may use your health information when we contact you with a reminder that you have an appointment for treatment or services at our facility.  We may also use your health information in order to recommend possible treatment alternatives or health-related benefits and services that may be of interest to you.

Fundraising.  We may use demographic information about you, including information about your age and gender, and where you live or work, and the dates that you received treatment, in order to contact you to raise money to help us operate.  We may also share this information with a charitable foundation that will contact you to raise money on our behalf.  If you do not want to be contacted for these fundraising efforts, please write to the Development Department at 250 Marcus Boulevard, Hauppauge, New York 11788.

Page 5. (Return to Top)

2.    Friends and Family

We may use your health information in, and disclose it from, our Facility Directory, or share it with friends and family involved in your care, without your written authorization or other written permission.  We will always give you an opportunity to object unless there is insufficient time because of a medical emergency (in which case we will discuss your preferences with you as soon as the emergency is over).  We will follow your wishes unless we are required by law to do otherwise.

Friends and Family Involved In Your Care.  If you do not object, we may share your health information with a family member, relative or close personal friends who are involved in your care or payment for that care.  We may also notify a family member, personal representative, or another person responsible for your care about your location and general condition here at our facility, or about the unfortunate event of your death.  In some cases, we may need to share your information with a disaster relief organization that will help us notify these persons.

Incidental Disclosures.  While we will take reasonable steps to safeguard the privacy of your health information, certain disclosures of your health information may occur during or as an unavoidable result of our otherwise permissible uses or disclosures of your health information.  For example, during the course of a treatment session, other participants in the treatment area may see, or overhear discussion of, your health information.

3.    Public Need

We may use your health information, and share it with others, in order to meet important  public needs.  We will not be required to obtain your written authorization, consent or any other type of permission before using or disclosing your information for these reasons.

As Required By Law.  We may use or disclose your health information if we are required by law to do so.  We also will notify you of these uses and disclosures if notice is required by law.

Public Health Activities.  We may disclose your health information to authorized public health officials (or a foreign government agency collaborating with such officials) so they may carry out their public health activities.  For example, we may share your health information with government officials that are responsible for controlling disease, injury or disability.  We may also disclose your health information to a person who may have been exposed to a communicable disease or be at risk for contracting or spreading the disease if a law permits us to do so.  And finally, we may release some health information about you to your employer if your employer hires us to provide you with a physical exam and we discover that you have a work related injury or disease that your employer must know about in order to comply with employment laws.

Page 6. (Return to Top)

Victims Of Abuse, Neglect Or Domestic Violence.  We may release your health information to a public health authority that is authorized to receive reports of abuse, neglect or domestic violence.  For example, we may report your information to government officials if we reasonably believe that you haven a victim of abuse, neglect or domestic violence.  We will make every effort to obtain your permission before releasing this information, but in some cases we may be required or authorized to act without your permission.

Health Oversight Activities.  We may release your health information to government agencies authorized to conduct audits, investigations, and inspections of our facility.  These government agencies monitor their operation of the health care system, government benefit programs such as Medicare and Medicaid, and compliance with government regulatory programs and civil rights laws.

Product Monitoring, Repair And Recall.  We may disclose your health information to a person or company that is required by the Food and Drug Administration to:  (1) report or track product defects or problems;  (2) repair, replace, or recall defective or dangerous products; or  (3) monitor the performance of a product after it has been approved for use by the general public.

Lawsuits And Disputes.  We may disclose your health information if we are ordered to do so by a court or administrative tribunal that is handling a lawsuit or other dispute.

Law Enforcement.  We may disclose your health information to law enforcement officials for the following reasons:

• To comply with court orders or laws that we are required to follow;
• To assist law enforcement officers with identifying or locating a suspect, fugitive, witness, or missing person;
• If you have been the victim of a crime and we determine that:  (1) we have been unable to obtain your consent because of an emergency or your incapacity;  (2) law enforcement officials need this information immediately to carry out their law enforcement duties; and (3) in our professional judgment disclosure to these officers is in your best interest;
• If we suspect that your death resulted from criminal conduct;
• If necessary to report a crime that occurred on our property; or
• If necessary to report a crime discovered during an off site medical emergency (for example, by emergency medical technicians at the scene of a crime).

Page 7. (Return to Top)

To Avert A Serious Threat to Health Or Safety.  We may use your health information or share it with others when necessary to prevent a serious threat to your health or safety, or the health or safety of another person or the public.  In such cases, we will only share your information with someone able to help prevent the threat.  We may also disclose your health information to law enforcement officers if you tell us that you participated in a violent crime that may have caused serious physical harm to another person (unless you admitted that fact while in counseling), or if we determine that you escaped from lawful custody (such as a prison or mental health institution).

National Security And Intelligence Activities Or Protective Services. We may disclose your health information to authorized federal officials who are conducting national security and intelligence activities or providing protective services to the President/CEO or other important officials.

Military And Veterans. If you are in the Armed Forces, we may disclose health information about you to appropriate military command authorities for activities they deem necessary to carry out their military mission.  We may also release health information about foreign military personnel to the appropriate foreign military authority determinations.

Inmates And Correctional Institutions. If you are an inmate or you are detained by a law enforcement officer, we may disclose your health information to the prison officers or law enforcement officers, if necessary, to provide you with health care, or to maintain safety, security and good order at the place where you are confined.  This includes sharing information that is necessary to protect the health and safety of other inmates or persons involved in supervising or transporting inmates.

Workers’ Compensation. We may disclose your health information for workers’ compensation or similar programs that provide benefits for work-related injuries.

Coroners, Medical Examiners And Funeral Directors.  In the unfortunate event of your death, we may disclose your health information to a coroner or medical examiner.  This may be necessary, for example, to determine the cause of death.  We may also release this information to funeral directors as necessary to carry out their duties.

Organ And Tissue Donation.  In the unfortunate event of your death, we may disclose your health information to organizations that procure or store organs, eyes or other tissues so that these organizations may investigate whether donation or transplantation is possible under applicable laws.

Page 8. (Return to Top)

Research.  In most cases, we will ask for your written authorization before using your health information or sharing it with others in order to conduct research.  However, under some circumstances, we may use and disclose your health information without your authorization if we obtain approval through a special process to ensure that research without your authorization poses minimal risk to your privacy.  Under no circumstances, however, would we allow researchers to use your name or identity publicly.  We may also release your health information without your authorization to people who are preparing a future research project, so long as any information identifying you does not leave our facility.  In the unfortunate event of your death, we may share your health information with people who are conducting research using information of deceased persons, as long as they agree not to remove from our facility any information that identifies you.

YOUR RIGHTS TO ACCESS AND CONTROL YOUR HEALTH INFORMATION

We want you to know that you have the following rights to access and control your health information.  These rights are important because they will help you make sure that the health information we have about you is accurate.  They may also help you control the way we use your information and share it with others, or the way we communicate with you about your medical matters.

1.    Right To Inspect And Copy Records

You have the right to inspect and obtain a copy of any of your health information that may    be used to make decisions about you and your treatment for as long as we maintain this information in our records.  This includes medical and billing records.  If we maintain an electronic record, you may request access to the information in an electronic format or have the information transmitted electronically to a designated recipient.

We will respond to your request for inspection of records within 10 days.  We ordinarily will respond to requests for copies within 30 days if the information is located in our facility, and within 60 days if it is located off-site at another facility.  If we need additional time to respond to a request for copies, we will notify you in writing within the time frame above to explain the reason for the delay and when you can expect to have a final answer to your request.

Under certain very limited circumstances, we may deny your request to inspect or obtain a copy of your information.  If we do, we will provide you with a summary of the information instead.  We will also provide a written notice that explains our reasons for providing only a summary, and a complete description of your rights to have that decision reviewed and how  you can exercise those rights.  The notice will also include information on how to file a complaint about these issues with us or with the Secretary of the Department of Health and      Human Services.  If we have reason to deny only part of your request, we will provide complete access to the remaining parts after excluding the information we cannot let you inspect or copy.

Page 9. (Return to Top)

2.    Right To Request Amendment Of Records

If you believe that the health information we have about you is incorrect or incomplete, you may ask us to amend the information.  You have the right to request an amendment for as long as the information is kept in our records.  To request an amendment, please write to Chief Privacy Officer.  Our request should include the reasons why you think we should make the amendment.  Ordinarily we will respond to your request within 60 days.  If we need additional time to respond, we will notify you in writing within 60 days to explain the reason for the delay and when you can expect to have a final answer to your request.

If we deny part or your entire request, we will provide a written notice that explains our reasons for doing so.  You will have the right to have certain information related to your requested amendment included in your records.  For example, if you disagree with our decision, you will have an opportunity to submit a statement explaining your disagreement, which we will include in your records.  We will also include information on how to file a complaint with us or with the Secretary of the Department of Health and Human Services.  These procedures will be explained in more detail in any written denial notice we send you.

3.    Right To An Accounting Disclosures

After April 14, 2003, you have a right to request an “accounting of disclosures” which is a list that contains information about how we have shared your information with others.  An accounting list, however, will not include any information about:

• Disclosures we made to you;
• Disclosures we made pursuant to your authorization;
• Disclosures we made for treatment, payment or health care operations;
• Disclosure made in the facility directory;
• Disclosures made to your friends and family involved in your care or payment for your care;
• Disclosures made to federal officials for national security and intelligence activities;
• Disclosures that were incidental to permissible uses and disclosures of your health            information;
• Disclosures for purposes of research, public health or our normal business operations of   limited portions of your health information that do not directly identify you;
• Disclosures about inmates to correctional institutions or law enforcement offices; or
• Disclosures made before April 14, 2003.

Page 10. (Return to Top)

To request this accounting list, please write to Chief Privacy Officer.  Your request must state a time period within the past six years (but after April 14, 2003) for the disclosures you want us to include.  For example, you may request a list of the disclosures that we made between January 1, 2004 and January 1, 2005.  If the health information is maintained in an electronic health records system, individuals may receive an accounting of disclosures for the three-year period prior to the date of request.

Ordinarily we will respond to your request for an accounting list within 60 days.  If we need additional time to prepare the accounting list you have requested, we will notify you in writing about the reason for the delay and the date when you can expect to receive the accounting list.  In rare cases, we may have to delay providing you with the accounting list without notifying you because a law enforcement official or government agency has asked us to do so.

4.    Right to Request Additional Privacy Protections

You have the right to request that we further restrict the way we use and disclose your health information to treat your condition, collect payment for that treatment, or run our agency’s normal business operations.  You may also request that we limit how we disclose  information about you to family or friends involved in your care.  For example, you could request that we not disclose information about a surgery you had.  To request restrictions, please write to Chief Privacy Officer.  Your request should include:  (1) what information you want to limit;  (2) whether you want to limit how we use the information, how we share it with others, or both; and  (3) to whom you want to limits to apply.

We are not required to agree to your request for a restriction, and in some cases, the restriction you request may not be permitted under law.  However, if we do agree, we will be bound by our agreement unless the information is needed to provide you with emergency treatment or comply with the law.  Once we have agreed to a restriction, you have the right to evoke the restriction at any time.  Under some circumstances, we will also have the right to revoke the restriction as long as we notify you before doing so; in other cases, we will need  your permission before we can revoke the restrictions.

We must comply with a patient's request to restrict information if the information is to be sent    to a health plan for payment or health care operations purposes and the disclosure relates to    products or services that were pad for solely out of pocket (unless the disclosure is otherwise    requited by law).

5.   Right To Request Confidential Communications

You have the right to request that we communicate with you about your medical matters in a more confidential way by requesting that we communicate with you by alternative means or at alternative locations. For example, you may ask that we contact you by fax instead of by mail, or at work instead of at home.  To request more confidential communications, please write to Chief Privacy Officer.  We will not ask you the reason for your request, and we will try to accommodate all reasonable requests.  Please specify in your request how or where you wish to be contacted, and how payment for your health care will be handled if we communicate with you through this alternative method or location.

Page 11. (Return to Top)

Notice of Breach Of Health Information

If a breach occurs and we determine that the breach poses significant harm, we will provide you with written notice.  The notice will be sent without unreasonable delay and in no case later than 60 calendar days after discovery of a breach.  A breach will be treated as discovered by us as of the first day on which the breach is known to us.  The notice will be written in plan language and will contain the following information:

• A brief description of what happened, the date of the breach, if known, and the date of discovery;

• The type of PHI involved in the beach;

• Any precautionary steps the individual should take;

• A description of what we are doing to investigate and mitigate the breach and prevent future             breaches; and

• Contact Information

The notice will be sent by first-class mail or by e-mail, if the individual has specified a preference for communication by e-mail.  If contact information for the individual in question is insufficient or out-of-date, we may contact the individual by telephone or other permissible alternate method of communication.

Finally, if the notification is of an urgent nature because of possible imminent misuse of unsecured health information, we may contact the individual by telephone or other means, as appropriate, in addition to the written or other forms of notice.

Notice To The Media

In the event of a breach affecting more than 500 residents of a State or jurisdiction, we will, without unreasonable delay and in no case later than 60 calendar days after discovery of the breach, notify prominent media outlets serving the State or jurisdiction.

Notice To Department of Health and Human Services

For breaches affecting fewer than 500 individuals, we are required to maintain an annual log of such breaches and provide a copy of such log to HHS within 60 days of the end of the calendar year.  For breaches affecting 500 or more individuals, we are required to notify HHS at the same time notice is provided to the individual.

Page 12. (Return to Top)

Law Enforcement Delay

Following a breach, we may delay transmission of any of the required forms of notice if we are informed by a law enforcement official that such notice would impede a criminal investigation or cause damage to national security.

Page 13. (Return to Top)

SIGNATURE

By signing below, I acknowledge that I have been provided a copy of the Notice of Privacy Practices and have therefore been advised of how medical information about me may be used and disclosed by United Cerebral Palsy Association of Greater Suffolk, Inc. and how I may obtain access to this information.

 

_____________________________________________
Signature of Participant or Personal Representative

 

 

_______________________________________________
Print Name of Participant or Personal Representative

 

________________________
Date

 

 

 

Description of Personal Representative’s Authority

Page 14. (Return to Top)

Home | Site Map | Employees Only | Privacy Notice | Terms & Conditions | IRS 990 Form | HIPAA Notice | Contact Us