LIFECARE AMBULANCE SERVICE
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW CONFIDENTIAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This notice of Privacy Practices describes how LifeCare Ambulance Service (“LifeCare”) may use and disclose your confidential health information, known as Protected Health Information (“PHI”), in the course of treatment, payment, or other health care operations and for other purposes authorized or required by law. The Notice also describes your rights with respect to your PHI and explains how you may exercise those rights.
LifeCare is required by law to maintain the privacy of PHI and to provide you with notice of its legal duties and privacy practices with respect to PHI. We are required to abide by the terms of the Notice of Privacy Practices currently in effect. We reserve the right to change the terms of this Notice at any time and to make new notice provisions effective immediately for all PHI that we maintain. Any changes to the Notice will be posted immediately in our offices and posted to our web site if we maintain one at the time of the change. You also may request a copy of the new Notice the next time that you visit our office or we will give you a copy of the new Notice the next time we provide health care services to you. You also may contact our Privacy Officer for the latest version of the Notice.
HOW WE USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS
LifeCare may use and disclose your PHI for the purposes of treatment, payment for our services, and health care operations (“TPO”), as described below. For those times when we are required by state or federal laws to ask your permission, you will be asked to sign a consent to permit us to disclose your PHI for TPO. We will ask you to sign the consent at the beginning of your care so as to avoid delaying the delivery of health care services to you. Examples of our uses and disclosures of your PHI for TPO include:
Treatment: We may use and disclose your PHI, in writing, electronic form and verbally, to provide and coordinate the delivery of emergency health care and other transportation services for you. We may communicate with your doctor, the doctors and staff of the hospitals and other facilities to or from which you are transported, dispatch centers, and other emergency service providers. We may transmit or receive your PHI via radio, telephone, or computer. We may give the hospital or other facility to which you are transported a copy of the written record (run sheet) or an electronic record, we create when we treat and transport you.
Payment: We may use and disclose your PHI, as necessary, to obtain payment for the health care services that we provide to you. This includes preparing and submitting bills to insurers, health plans, and other payers, either directly or through a third party billing company. We also may use and disclose your PHI for eligibility or coverage determinations, medical necessity determinations and reviews, pre-authorizations of services and other utilization review activities, management of claims, and collection of outstanding accounts.
Health Care Operations: We may use and disclose your PHI, as necessary, to perform the business operations of our company. This includes such activities as quality management, performance reviews, licensing, accreditation, training programs, and business management and administration. We also may use and disclose your PHI for such purposes as obtaining legal and financial services, business planning, processing complaints, data collection, fundraising, research, and certain marketing activities for our company. Under no circumstances will we sell or give our patient lists or your health information to a third party without your written authorization.
Business Associates: We may share your PHI with “business associates” that perform certain TPO activities on our behalf such as billing, dispatch, utilization review or quality management services. We will have a written agreement with our business associates that requires them to protect the privacy of your PHI.
USES AND DISCLOSURES OF PHI AFTER YOU HAVE AN OPPORTUNITY TO AGREE OR OBJECT
We may disclose your PHI to a member of your family, a relative, a close friend or any other person that you identify, who is directly relevant to the involvement in your health care. We may use or disclose your PHI for notifying your family member, personal representative, or any other person that is responsible for your care of your location, general condition, or death. We also may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts.
You will be given an opportunity to agree or object before the company uses or discloses your PHI for these purposes. If you object to the disclosure, we will not disclose the PHI to the person. However, in emergency circumstances or if you are incapacitated, our staff, in their professional judgment, will determine whether the use or disclosure is in your best interest. Our staff will then release only PHI directly relevant to that person’s involvement in your health care.
USES AND DISCLOSURES OF PHI WITHOUT YOUR AUTHORIZATION OR OPPORTUNITY TO OBJECT
LifeCare is permitted or required to use and disclose your PHI without your written authorization, or an opportunity to object, in certain circumstances, including:
Required by Law: We may use and disclose your PHI to the extent that disclosure is required by federal or state laws. For example, for activities related to the tracking of certain controlled substances.
Public Health Activities: We may use and disclose your PHI for public health activities authorized by law For example, for activities related to the reporting and tracking of communicable diseases.
Abuse, Neglect, or Domestic Violence: We may use and disclose your PHI to a governmental entity or agency authorized to receive reports of child abuse or neglect, or reports of adult abuse, neglect, or domestic violence.
Health Oversight Activities: We may use and disclose your PHI for audits or government investigations, inspections, disciplinary proceedings, and other administrative or judicial actions undertaken by the government (or their agents) by law to oversee the health care system.
Judicial and Administrative Proceedings: We may use and disclose your PHI as required by a court of administrative order, or in certain circumstances, in response to a subpoena or other legal process.
Law Enforcement: We may release your health information:
• in response to a court order, subpoena, warrant, summons, or similar process if authorized under state or federal law;
• to identify or locate a suspect, fugitive, material witness, or similar person;
• about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
• about a death we believe may be the result of criminal conduct;
• in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.
Coroners, Medical Examiners, and Funeral Directors: We may use and disclose your PHI for identifying a deceased person, determining cause of death, or carrying out funeral director duties.
Organ Donation: If you are an organ donor, we may use and disclose your PHI to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ donation and transplantation.
Research: We may use and disclose your PHI in limited circumstances to researchers when an institutional review board has reviewed the research proposal and protocols to ensure the privacy of your PHI and has approved the research.
Serious Threat to Health or Safety: We may use and disclose your PHI to prevent or lessen the imminent threat to the health or safety of a person or the public in accordance with federal and state laws.
Military Activity and National Security: We may use and disclose your PHI for certain limited military, national defense and security, or other special government functions.
Workers Compensation: We may use and disclose your PHI to comply with workers’ compensation laws and other similar legally established programs.
Limited Data Set: We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research, public health, and health care operations. We may not disseminate the limited data set unless we enter into a data use agreement with the recipient in which the recipient agrees to limit the use of that data set to the purposes for which it was provided, ensure the security of the data, and not identify the information or use it to contact any individual.
De-Identified Information: We may use and disclose your PHI if it does not personally identify you or reveal who you are.
USES AND DISCLOSURE OF PHI BASED UPON YOUR WRITTEN AUTHORIZATION
Except in the circumstances described above, we will use and disclose your PHI only with your written authorization. For example, we will not use or disclose your PHI for certain fundraising, research and marketing activities without your prior written authorization. The written authorization must identify the individual or entity to whom we may disclose your PHI and specifically describe the PHI to be disclosed. You may revoke the authorization at any time, in writing, except to the extent that we have already used or disclosed PHI in reliance on your authorization.
THE RIGHT TO INSPECT AND COPY YOUR PHI
You have the right to inspect and copy your PHI that is contained in a designated record set of medical and billing records for as long as we maintain the PHI. In certain circumstances, we may deny your access to PHI, and you may appeal certain types of denials. You will need to complete a form to request access to or copying of PHI. Normally, you will be provided access to your PHI within 30 days. We have the right to charge a reasonable fee for copying any PHI for you. If you wish to inspect and/or copy your PHI, contact our Privacy Officer.
THE RIGHT TO AMEND YOUR PHI
You have the right to ask us to amend your PHI. We have the right to deny your request in certain circumstances. For example, we will deny the request if we believe the PHI is correct. If we deny the request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal statement. You will need to complete a request form to amend your PHI. Normally, we will respond to your request to amend within 60 days. If you wish to amend your PHI, contact our Privacy Officer.
THE RIGHT TO REQUEST A RESTRICTION OF THE USE OR DISCLOSURE OF YOUR PHI
You have the right to request a restriction of the use and disclosure of your PHI for the purpose of treatment, payment, and health care operations. You may also request that your PHI not be disclosed to family members or friends who may be involved in your care. We have the right to
deny your request for a restriction. If we do agree to a restriction, we will not disclose your PHI in violation of the restriction except in emergency circumstances. You will need to complete a form to request a restriction of the use and disclosure of PHI. If you wish to request a restriction of the use and disclosure of PHI, contact our Privacy Officer.
THE RIGHT TO REQUEST TO RECEIVE CONFIDENTIAL COMMUNICATIONS FROM US BY ALTERNATIVE MEANS OR AT AN ALTERNATIVE LOCATION
You have the right to request that we send confidential communications to you by an alternative means or at an alternative location without giving us an explanation as to why you are making the request. For example, you may ask that all correspondence be sent to a work address rather than a home address. We will accommodate reasonable requests. We may condition our agreement to your request on you providing us with information as to how payment will be handled and the specification of an alternative address or method of contact. You will need to complete a form to request to receive confidential communications from us by alternative means or at an alternative location. If you wish to request to receive confidential communications from us by alternative means or at an alternative location, contact our Privacy Officer.
THE RIGHT TO RECEIVE AN ACCOUNTING OF DISCLOSURES WE HAVE MADE OF YOUR PHI
You have the right to request an accounting of disclosures of your health information made by us. In your accounting, we are not required to list certain disclosures, including:
• disclosures made for treatment, payment, and health care operations purposes or disclosures made incidental to treatment, payment, and health care operations, however, if the disclosures were made through an electronic health record, you have the right to request an accounting for such disclosures that were made during the previous 3 years;
• disclosures made pursuant to your authorization;
• disclosures made to create a limited data set;
• disclosures made directly to you.
To request an accounting of disclosures, you must submit your request in writing to our privacy officer. You’re request must state a time period which may not be longer than 6 years and may not include dates before April 14, 2003. Your request should indicate what form your would like the accounting of disclosures (for example, on paper or electronically by e-mail). The first accounting of disclosures you request within any 12 month period will be free. For additional requests within the same period, we may charge you for the reasonable costs of providing the accounting of disclosures. We will notify you of the costs involved and you may choose to withdraw or modify your request at that time, before any costs are incurred. Under limited circumstances mandated by federal and state law, we may temporarily deny your request for an accounting of disclosures.
THE RIGHT TO RECEIVE NOTICE OF A BREACH
We are required to notify you by first class mail or by e-mail (if you have indicated a preference to receive information by e-mail), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of the breach. “Unsecured Protected Health Information” is information that is not secured through the use of technology or methodology identified by the Secretary of the US Department of Health and Human Services to render the Protected Health Information unusable, unreadable, and undecipherable to unauthorized users. The notice is required to include the following information:
• a brief description of the breach, including the date of the breach and the date of its discovery, if known;
• a description of the type of Unsecured Protected Health Information involved in the breach;
• steps you should take to protect yourself from potential harm resulting from the breach;
• a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches;
• contact information, including a toll-free telephone number, e-mail address, Website or postal address to permit you to ask questions or obtain additional information.
In the event the breach involves 10 or more patients whose contact information is out of date, we will post a notice of the breach on the home page of our Website or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary. We also are required to submit an annual report to the Secretary of a breach than involved less than 500 patients during the year and will maintain a written log of breaches involving less than 500 patients.
AUTHORIZATION FOR OTHER USES OF MEDICAL INFORMATION
Uses of medical information not covered by our most current Notice of Privacy Practices or the laws that apply to us will be made only with your written authorization. If you provide us with authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization, except to the extent that we have already taken action in reliance on your authorization or, if the authorization was obtained as a condition of obtaining insurance coverage and the insurer has the right to contest a claim or the insurance coverage itself. We are unable to take back any disclosures we have already made with your authorization, and we are required to retain our records of the care we provided to you.
THE RIGHT TO OBTAIN PAPER COPY OF NOTICE OF PRIVACY PRACTICES
You have the right to obtain a paper copy of this Notice of Privacy Practices, even if you agree to accept the Notice electronically. If you wish to request a paper copy of the Notice of Privacy Practices, contact our Privacy Officer.
HOW TO MAKE A COMPLAINT
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the US Department of Health and Human Services, 200 Independence Ave., SW, Washington, DC 20201. To file a complaint with us, contact our privacy officer at the address listed below. All complaints must be submitted in writing and should be submitted within 180 days of when you knew or should have known that the alleged violation occurred. See the Office of Civil Rights website, www.hhs.gov/ocr/hipaa/ for more information. We will not retaliate against you in any way for filing a complaint with the government or with us.
LIFECARE AMBULANCE SERVICE.
330 HAMBLIN AVENUE
BATTLE CREEK, MI 49037
THIS NOTICE OF PRIVACY PRACTICES FIRST BECOMES EFFECTIVE ON APRIL 14, 2003