Notice of Privacy Practices
This notice describes our policies and practices regarding disclosure of your and/or your dependent’s Protected Health Information (PHI) and how you can get access to this information, which we collect and maintain as described below. Please review it carefully.
We want you and your dependents to understand that we may disclose your PHI to the following organizations:
- Hamilton County Mental Health and Recovery Services Board
- Mental Health Access Point
- Hamilton County Job and Family Services
- Ohio Department of Mental Health and Addiction Services
PROTECTED HEALTH INFORMATION means individually identifiable information relating to the past, present or future physical or mental health or condition of an individual, provision of health care to an individual, or the past, present or future payment for health care provided to an individual.
The purpose of the disclosure is to enroll you and/or your dependent in the Medicaid Information Technology System (MITS) to determine your eligibility for public funds and pay your treatment provider for services
A. INFORMATION WE COLLECT
We collect PHI about you and/or your dependent in order to provide services you have requested. Examples of the sources and types of information we may collect include but are not limited to:
- Name, address, social security number, date of birth, employment information and medical information.
- Information we obtain from your transactions with us.
B. INFORMATION WE MAY DISCLOSE
PHI may be used and disclosed to carry out healthcare operations, including but not limited to treatment and payment.
- We reserve the right to disclose information that aids in assessment and/or formulating of treatment plan(s). Examples of information that may be disclosed include but are not limited to evaluations, diagnosis, participation in treatment and the treatment plan(s) and recommendations.
- As required by Section 2.32(a), Prohibition on Re-disclosure Rules: Each disclosure made with your consent will be accompanied by the following statement: “This information has been disclosed to you from records whose confidentiality is protected by Federal Law. Federal Regulations (42 CFR Part 2) prohibit you from making any further disclosure of information without the specific written consent of the person to whom the information pertains, or as otherwise permitted by such regulations. A general authorization of the release of medical or other information to criminally investigate or prosecute any alcohol or drug abuse client is not sufficient for this purpose.”
- The agency may, consistent with applicable law and standards of ethical conduct, use or disclose PHI, if the agency, in good faith, believes the use or disclosure is necessary to prevent or lessen a serious and imminent threat to health or safety of persons or the public.
- Medical Emergencies: The Agency may disclose PHI without written consent to medical personnel who have a need for information for the purpose of treating a condition which poses an immediate threat to the health of the client and which requires immediate medical intervention. The agency shall document the disclosure in the client’s medical record setting forth:
– Name of medical personnel and their affiliation with any health care facility.
– Name of staff making the disclosure
– Date and time of disclosure
– Nature of the emergency
- Public Health Authorities: PHI may be disclosed to public health authorities that are authorized by law to collect or receive information for the purpose of preventing or controlling disease, injury or disability, including but not limited to, the reporting of disease, injury, vital events such as birth or death, child abuse or neglect.
- Client Requests: Clients may request access to inspect or obtain a copy of his/her PHI. The agency requires that all requests for information be submitted in writing. The agency reserves the right to act upon the request within 30 days of receipt unless the requested information is off-site, in which case the agency reserves the right to respond within 60 days of receipt.
- Control Registry: The Agency may disclose PHI to a central registry or to any detoxification or maintenance treatment program for the purpose of preventing multiple enrollments. A central registry and any detoxification or maintenance treatment program may not re disclose PHI or use protected identifying information for any purpose other than the prevention of multiple enrollments unless authorized by a court order.
- Business Associate: The agency may disclose PHI to a business associate and may allow a business associate to create or receive PHI on its behalf only after the agency has obtained satisfactory assurance that the business associate will appropriately safeguard the information. “Business associate” is defined as a person or entity who, on behalf of the agency, provides a service, function or activity involving the use of client identifying information.
- Review of Records: PHI may be disclosed without written consent in the course of a review of records at the agency’s location(s). Client records are not copied or removed from the agency’s location(s), unless court ordered. PHI may be disclosed only back to the agency and used only to carry out an audit or evaluation.
- Legal Systems: The agency may disclose information about a client to those persons within the criminal justice system, which have made participation in the program a condition of the disposition of any criminal proceedings against the client or of the client’s parole or other release from custody. A court order may authorize disclosure of PHI and confidential information made by a client in the course of diagnosis, treatment, or referral for treatment if:
– The disclosure is necessary to protect against threat of life or serious injury, including circumstances, which constitute suspected child abuse.
– The disclosure is necessary in connection with investigation or prosecution of an extremely serious crime.
– The disclosure is in connection with litigation or an administrative proceeding in which the client offers testimony or other evidence pertaining to the content of the confidential information.
- Research: PHI may be disclosed as necessary to prepare a research protocol or similar purposes preparatory to research. For research purposes, PHI, including your name, address, social security number will not be disclosed.
- Agency Compliance: The agency may disclose PHI to the Secretary of Health and Human Services in the course of an investigation or proceeding to determine agency compliance.
C. RECORD OF DISCLOSURE
The agency will maintain a record of certain disclosures of a client’s PHI. Clients have the right to review the accounting of disclosure upon written request. Client records are maintained for a period of 7 years from the last date of service. The accounting of disclosure of an individual’s PHI includes, but is not limited to:
- Date of disclosure.
- Name and address (if known) of the entity who received the PHI.
- Brief description of PHI disclosed.
D. PROHIBITED DISCLOSURES
Disclosures are prohibited on the basis of consent which:
- The expiration date has passed or the expiration event is known by the agency to have occurred.
- The consent is known to have been revoked.
- Is known to be materially false.
E. WRITTEN AUTHORIZATIONS
Other uses and disclosures will be made only with the client’s written authorization, or by the appropriate parent or guardian. Clients, or the appropriate parent or guardian may revoke this authorization in writing. Revocations shall be signed and dated by the person, or as appropriate, the parent or guardian. Upon written notification of revocation, further release of information shall cease, except to the extent that the program or person who is to make the disclosure has already acted in reliance on it, and as otherwise allowed by law.
F. HOW WE PROTECT INFORMATION
- Except as explained below, all information will be kept confidential in accordance with state and federal law. Name identifying information will be used only to pay for services provided to you and/or your dependent. All other information will be reported, without the name attached, to the Ohio Department of Mental Health and Addiction Services (Ohio MHAS) and the Ohio Department of Job and Family Services (ODJFS).
- We restrict access to your PHI to our employees who need to know to provide our services to you. We maintain physical, electronic and procedural safeguards to protect PHI against unauthorized access and use. These safeguards that protect against unauthorized access and use apply regardless of whether you are a current or former client.
G. REPORTING VIOLATIONS
The Agency may not threaten, coerce, discriminate against, or take other retaliatory action against any client for:
- Filing a complaint.
- Testifying, assisting or participating in an investigation, compliance review or proceeding.
Privacy violation complaints may be submitted in writing to the Privacy Officer at 311 Martin Luther King Drive East, Cincinnati OH 45219 and to the Secretary of Health and Human Services. Clients will not be retaliated against for filing a complaint.
For more information regarding The Crossroads Center’s privacy practices contact the Privacy Officer at 513-475-5379, Monday – Friday, between 8:00 AM and 4:30 PM, except holidays.