Heritage Health Solutions Notice of Privacy
This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
Please read it carefully.
This Notice of Privacy Practices (the "Notice") describes the privacy practices of Heritage Health Solutions Inc. ("Heritage") and the members of its partner Covered Entity, Ascella ("ASCELLA"). The members of the ASCELLA will share Protected Health Information ("PHI") with each other for the treatment, payment and health care operations of the ASCELLA and as permitted by HIPAA and this Notice. For a complete list of the members of the ASCELLA, please contact the Heritage Privacy Office.
PHI is information about you that we obtain to provide our services to you and that can be used to identify you. It includes your name and contact information, as well as information about your health, medical conditions and prescriptions. It may relate to your past, present or future physical or mental health or condition, the provision or health care products and services to you or payment for such products or services.
We are required by law to protect the privacy of your PHI and to provide you with this Notice explaining our legal duties and privacy practices regarding your PHI. This Notice describes how we may use and disclose your PHI. We have provided you with examples; however, not every permissible use or disclosure will be listed in this Notice. This Notice also describes your rights and the obligations we have regarding the use and disclosure of your PHI. We and our employees and workforce members are required to follow the terms of this Notice or any change to it that is in effect. We are required to follow state privacy laws when they are stricter (or more protective of your PHI) than the federal law. Note that some types of sensitive PHI, such as HIV information, genetic information, alcohol and/or substance abuse records and mental health records may be subject to additional confidentiality protections under state or federal law. If you would like additional information about state law protections in your state, or additional use or disclosure restrictions that may apply to sensitive PHI, please contact the Heritage Privacy Office.
Uses and Disclosures of Your PHI for Treatment, Payment and Health Care Operations
We may use and disclose your PHI for treatment, payment and health care operations without your written authorization. The following categories describe and provide some examples of the different ways that may use and disclose your PHI for these purposes:
Treatment: We may use and disclose your PHI to provide and coordinate the treatment, medication and services you receive. For example, we may:
- Use and disclose your PHI to provide and coordinate the treatment, medication and services you receive from Heritage.
- Disclose your PHI to other third parties, such as pharmacies, doctors, hospitals or other health care providers to assist them in providing care to you or for care coordination. In some instances, uses and disclosures of your PHI for these purposes may be made through a Health Information Exchange or similar shared system.
- Contact you to provide treatment-related services, such as refill reminders, adherence communications or treatment alternatives (e.g., available generic products).
Payment: We may use and disclose your PHI to obtain payment for the services we provide to you and for other payment activities related to the services we provide. For example, we may:
- We may disclose your PHI to other health care providers, health plans or other HIPAA Covered Entities who may need it for their payment activities.
Health Care Operations: We may use and disclose your PHI for health care operations — those activities necessary to operate our health care business. For example, we may:
- Use and disclose your PHI to monitor the quality of our health care services, to provide customer services to you, to resolve complaints and to coordinate your care.
- Use and disclose your PHI to contact you about health-related products, services or opportunities that may interest you, such as programs for Heritage patients.
- Disclose your PHI to other HIPAA Covered Entities that have provided services to you so that they can improve the quality and efficacy of the health care services they provide or for their health care operations.
- Use your PHI to create de-identified data, which no longer identifies you, and which may be used or disclosed for analytics, business planning or other purposes.
Other Uses and Disclosures of Your PHI that Do Not Require Authorization
We are also allowed or required to share your PHI, without your authorization, in certain situations or when certain conditions have been met.
Business Associates: When we contract with third parties to perform certain services for us, such as billing or consulting, these third party service providers, known as Business Associates, may need access to your PHI to perform these services. They are required by law and their agreements with us to protect your PHI in the same way we do.
Individuals Involved in Your Care or Payment for Your Care: We may disclose your PHI to a friend, personal representative, family member or any other person you identify as a caregiver, who is involved in your care or the payment related to that care. For example, we may provide prescriptions and related information to your caregiver on your behalf. We may also make these disclosures after your death unless doing so is consistent with any prior expressed preference documented by Heritage. Upon your death, we may disclose your PHI to an administrator, executor or other individual authorized under law to act on behalf of your estate. If you are a minor, we may release your PHI to your parents or legal guardians when permitted or required by law.
Workers' Compensation: We may disclose your PHI as necessary to comply with laws related to workers' compensation or similar programs.
Law Enforcement: We may disclose your PHI to law enforcement officials as permitted or required by law. For example, we may use or disclose your PHI to report certain injuries or to report criminal conduct that occurred on our premises. We may also disclose your PHI in response to a court order, subpoena, warrant or other similar written request from law enforcement officials.
Required by Law: We will disclose your PHI when required to do so to comply with federal, state or local law.
Judicial and Administrative Proceedings: We may disclose your PHI in response to a court or administrative order, subpoena, discovery request or other lawful process.
Public Health and Safety Purposes: We may disclose your PHI in certain situations to help with public health and safety issues when we are required or permitted to do so, for example to: prevent disease; report adverse reactions to medications; report suspected abuse, neglect or domestic violence; or to prevent or reduce a threat to anyone's health or safety.
Health Oversight Activities: We may disclose your PHI to an oversight agency for certain activities including audits, investigations, inspections, licensure or disciplinary actions, or civil, administrative and criminal proceedings, and as necessary for oversight of the health care system, government programs or compliance with civil rights laws.
Research: Under certain circumstances, we may use or disclose your PHI for research purposes. For example, we may use or disclose your PHI as part of a research study when the research has been approved by an institutional review board and there is an established protocol to ensure the privacy of your information.
Coroners, Medical Examiners and Funeral Directors: We may disclose PHI to coroners, medical directors or funeral directors so that they can carry out their duties.
Organ or Tissue Donation: We may disclose your PHI to organ procurement organizations.
Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative or any other person responsible for your care regarding your location, general condition or death. We may also disclose your PHI to disaster relief organizations so that your family or other persons responsible for your care can be notified of your location, general condition or death.
Correctional Institution: If you are or become an inmate of a correctional institution, we may disclose your PHI to the institution or its agents to assist them in providing your health care, protecting your health and safety or the health and safety of others.
Specialized Government Functions: We may disclose your PHI to authorized federal officials for the conduct of military, national security activities and other specialized government functions.
Uses or Disclosures for Purposes that Require Your Authorization
Use and disclosure of your PHI for other purposes may be made only with your written authorization and unless we have your authorization we will not:
- Use or disclose your PHI for marketing purposes.
- Sell your PHI to third parties (except for in connection with the transfer of a business to another health care provider required to comply with HIPAA).
- Share psychotherapy notes (to the extent we have any).
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice or otherwise permitted by law. You may revoke your authorization at any time by submitting a written notice to the Heritage Privacy Office. Your revocation will be effective upon receipt; however, it will not undo any use or disclosure of your PHI that occurred before you notified us, or any actions taken based upon your authorization.
Your Health Information Rights
Written Requests and Additional Information: You may request additional information about Heritage's privacy practices or obtain forms for submitting written requests by contacting the Heritage Privacy Officer: Heritage Privacy Office, 750 Canyon Dr., Suite 120, Coppell, TX, 75019.
Obtain a Copy of the Notice: You have the right to obtain a paper copy of our current Notice at any time. You may do so by going to the site where you obtain health care services from us or by contacting the Heritage Privacy Office.
Inspect and Obtain a Copy of Your PHI: With a few exceptions, you have the right to see and get a copy of the PHI we maintain about you. You may request access to your PHI electronically. To inspect or obtain a copy of your PHI, submit a written request to the Heritage Privacy Office. You may also ask us to provide a copy of your PHI to another person or entity. A reasonable fee may be charged for the expense of fulfilling your request as permitted under HIPAA and/or state law. We may deny your request to inspect and copy your record in certain limited circumstances. If we deny your request, we will notify you in writing and let you know if you may request a review of the denial.
Request an Amendment: If you feel that the PHI we maintain about you is incomplete or incorrect, you may request that we amend it. For example, if your date of birth is incorrect, you may request that the information be corrected. To request an amendment, submit a written request to the Heritage Privacy Office. You must include a reason that supports your request. If we deny your request for an amendment, we will provide with you a written explanation of why we denied it.
Receive an Accounting of Disclosures: You have the right to request an accounting of disclosures we make of your PHI for purposes other than treatment, payment or health care operations. Please note that certain other disclosures need not be included in the accounting we provide to you. To obtain an accounting, submit a written request to the Heritage Privacy Office. We will provide one accounting per 12-month period free of charge, but you may be charged for the cost of any subsequent accountings. We will notify you in advance of the cost involved, and you may choose to withdraw or modify your request at that time.
Request Confidential Communications: You have the right to request that we communicate with you in a certain way or at a certain location. For example, you may request that we contact you only in writing at a specific address. To request confidential communication of your PHI, submit a written request to the Heritage Privacy Office. Your request must state how, where or when you would like to be contacted. We will accommodate all reasonable requests.
Request a Restriction on Certain Uses and Disclosures: You have the right to request additional restrictions on our use and disclosure of your PHI by sending a written request to the Heritage Privacy Office. We are not required to agree to your request except where the disclosure is to a health plan or insurer for purposes of carrying out payment or health care operations, is not otherwise required by law and the PHI is related to a health care item or service for which you, or a person on your behalf, has paid in full out-of-pocket. If you do not want a claim for payment submitted to your health plan on record, please discuss with the pharmacist or health care provider when you check in for care or before your prescription is sent to the pharmacy.
Notification of Breach: You have a right to be notified in the event there is a breach of your unsecured PHI as defined by HIPAA.
To Report a Problem
Complaints: If you believe your privacy rights have been violated, you can file a complaint with the Heritage Privacy Officer or with the Secretary of the United States Department of Health and Human Services. All complaints must be submitted in writing. You will not be penalized or otherwise retaliated against in any way for filing a complaint.
Changes to this Notice
We reserve the right to make changes to this Notice as permitted by law and to make the revised Notice effective for PHI we already have about you as well as any information we receive in the future, as of the effective date of the revised Notice. If we make material or important changes to our privacy practices, we will promptly revise our Notice. Upon request to the Privacy Office, Heritage will provide a revised Notice to you.