This Notice describes how Family Service Association of Greater Fall River, Inc. may use and disclose your Protected Health Information (PHI) to coordinate treatment, carry out payment activities and healthcare operations, and perform other activities that are permitted or required by law. If you have any questions about this Notice, please contact your Family Service Association (FSA) provider or Family Service Association's Privacy Officer at 508.730.1138 X3111.
Family Service Association reserves the right to change the Privacy Notice to accommodate changes in state and federal law or organizational practice. All updated notices will be available to FSA clientele on the FSA Web Site (www.frfsa.org), within all program sites, and by outreach personnel to those individuals who receive home-based services. You may request a copy of our notice at any time by contacting FSA using the information listed at the end of this Notice.
Disclosure of Protected Health Information Authorization Required
1. At FSA, your written consent is required before the agency uses or discloses your PHI to carry out purposes related to your treatment. Family Service Association's Authorization Form is used for this purpose.
Due to the sensitive nature of behavioral health information, FSA's requirement for your written Authorization is more protective of your privacy rights than that of federal regulation the Health Insurance Portability and Accountability Act.
Some examples of instances where your Authorization is required are:
- Instances where you would like us to copy and/or send you all or a portion of your record. You have the right to access your PHI and under most instances, FSA must responsively provide this access. We ask that you submit your request in writing. You may contact your FSA provider or FSA's Privacy Officer to obtain the Authorization Form. FSA provides one disclosure per year free of charge, unless your request involves photocopying the entire Designated Record Set. In those cases, copying charges apply.
- Communications with your primary care provider or other treatment providers
- Communications with persons involved in your care, such as spouse, partner, siblings, friends, etc. FSA will disclose PHI to your personal representative; however, in order to do so, the personal representative must provide FSA with the supporting documentation of his/her authority.
- In response to a subpoena
- Use of identifiable information in marketing communications
- Disclosure of any information that contains substance abuse diagnosis/treatment/prognosis or HIV status
- Responding to an attorney request
2. Every client has the right to refuse Authorization. In cases where a client refuses to provide Authorization and FSA believes it cannot provide safe and effective care without this Authorization, FSA will explain the safety issue to the client and try to obtain Authorization. If this is unsuccessful and the safety concern is a significant barrier to quality care, the client will be referred to another provider. FSA will make every attempt to accommodate a client's request to restrict the use and disclosure of PHI.
3. The Authorization Form covers information in all forms, including electronic, written, oral and any other.
4. The Authorization Form is valid for a specific episode, such as a request by FSA to obtain discharge instructions from a recent hospitalization, for a particular duration of time specified on the form, or one year in all other circumstances.
5. All clients have the right to revoke an Authorization. Clients must submit the request in writing to FSA's Privacy Officer, located at 101 Rock Street, 2nd Floor, Fall River, MA 02720. If you would like to revoke an Authorization, please call FSA's Privacy Officer at 508.730.1138, extension 3111 for help.
6. All treatment personnel within the FSA program that provides your treatment have access to your Designated Record Set. FSA program personnel act as a team, and at times, your primary provider/caregiver may not be available to respond to an inquiry about your care. In such instances, other personnel within the program may access your Designated record Set, reviewing only the minimum amount of information necessary to answer a question that you may have or a question that arises from internal FSA health care operations, such as quality review and billing processes. Administrative personnel within FSA programs are permitted to access administrative information only, such as mailing information, billing information etc. You have the right to request a restriction on the use and disclosure of PHI for treatment, payment, and healthcare operations and should inform your provider if you would like to request such a restriction. FSA is not required to agree to any restriction that you may request. If FSA agrees to the restriction, we will comply with the restriction unless the information is needed to provide emergency treatment to you. You can request a restriction by calling your FSA provider or the Privacy Officer using the contact information at the end of this Notice.
7. For clients who receive services from more than one Family Service Association program, FSA maintains a separate Designated Record Set for each program. Therefore, your written Authorization is required for FSA personnel from one program to access your Client Record from another program. All FSA personnel involved in your care may share information (verbally) about your treatment, without written Authorization, making sure to disclose only the minimum amount of information necessary to answer a particular question or concern about your care.
8. At times, FSA may contact you to provide appointment reminders and/or inform you of possible treatment options or alternatives that may be of interest to you. You have the right to confidential communications. FSA will obtain your verbal permission to provide these services upon your admission and document/respect your preferences.
Examples Where Client Authorization is not Required by FSA
There are many instances where client Authorization is not required by state or federal law for certain uses and disclosures of your PHI. It is important that we communicate these circumstances to the clients we serve.
1. Payment for Services: FSA may use or disclose your PHI without your Authorization so that the treatment and services you receive are billed to, and payment is collected from, your health plan or other third party payer. By way of example, we may disclose your health information to permit your health plan to take certain actions before your health plan approves or pays for services. These actions may include: making a determination of eligibility or coverage for health insurance; reviewing your services to determine if they were medically necessary; reviewing your services to determine if they were properly authorized or certified in advance of your care; etc.
You have the right to request a restriction on the use and disclosure of PHI and should inform your provider if you would like to request such a restriction. FSA is not required to agree to any restriction that you may request. If FSA agrees to the restriction, we will comply with the restriction unless the information is needed to provide emergency treatment to you. You can request a restriction by calling your FSA provider or the Privacy Officer using the contact information at the end of this Notice.
2. Health Care Operations: FSA may use or disclose health information about you without your Authorization for our health care operations. These uses and disclosures are necessary to run our organization and make sure that our clients receive quality care. These activities may include, by way of example, quality assessment and improvement, reviewing the performance or qualifications of our clinicians, licensing, accreditation, business planning and development, and general administrative activities.
You have the right to request a restriction on the use and disclosure of PHI and should inform your provider if you would like to request such a restriction. FSA is not required to agree to any restriction that you may request. If FSA agrees to the restriction, we will comply with the restriction unless the information is needed to provide emergency treatment to you. You can request a restriction by calling your FSA provider or the Privacy Officer using the contact information at the end of this Notice.
3. Other Situations: There are other situations that do not require client Authorization:
- Medical Emergency: Disclosures, including substance use/abuse information, may be made to public or private medical personnel to the extent necessary to meet a bona fide medical emergency of the client
- Danger to Self/Others: In the event FSA personnel have reliable information that the client is at imminent risk to harm self or another
- Reporting of Abuse/Neglect: In the event FSA personnel have "reasonable cause to believe" that a child, elder, or disabled individual is the victim of abuse and/or neglect, such personnel will report this to appropriate authorities.
- Oversight Activities: FSA may disclose PHI to agencies for oversight activities such as audits, investigations, inspections, licensure or disciplinary activities conducted by the government or government-sponsored bodies.
- Lawsuits and Other Legal Proceedings: FSA may use or disclose PHI when required to do so by a court or administrative order.
- Law Enforcement: Under certain conditions, FSA may disclose PHI to law enforcement officials. These law enforcement purposes include legal processes required by law; limited requests for identification and location purposes; suspicion that death has occurred as a result of criminal conduct; in the event that a crime occurs on the premises of a FSA program or office; pertaining to victims of a crime; or in response to a medical emergency not occurring on the premises of a FSA program or office, where it is likely a crime has occurred.
- Coroners, Medical Examiners, and Funeral Directors: FSA may disclose PHI to a coroner or medical examiner to identify a deceased person and to determine the cause of death, or to funeral directors so that they may carry out their jobs.
- Specialized Government Functions: FSA may use and disclose PHI under the following circumstances:
1. Per certain military and veteran activities, including determination of eligibility for veteran benefits and where deemed necessary by military command authorities
2. For national security and intelligence activities
3. To help provide protective services for the President or others
- Disclosures Required by Law: FSA must disclose PHI to the Secretary of the United States Department of Health and Human Services, upon request, to review our compliance with the privacy regulations of the Health Insurance Portability and Accountability Act (HIPAA).
- Workers' Compensation: FSA may disclose PHI as authorized by Workers' Compensation laws or other similar programs that provide benefits for work-related injuries or illness.
Safeguarding Your Protected Health Information
1. FSA ensures that all Client Records are secured in a locked area.
2. Retention of records varies, depending on program-specific requirements:
§ Mental Health Clinic/Substance Abuse Clinic: Thirty Years
§ Guardianship Program: Lifetime Retention or With Final Accounting: 2 Years
§ Representative Payee: 2 Years and 3 Months
§ St. Vincent's Program: Thirty Years
§ All Other FSA Programs: Seven Years
3. All confidential discussions regarding client care are held in secure settings to avoid prohibited disclosures.
4. Only individuals authorized to have access to your Client Record for treatment, payment, or healthcare operations are granted access.
Your Rights: Access, Amendment, and Accounting
Access
As a FSA client, you have the right to access your Designated Record Set, which includes all information stored within your Client Record and an associated billing documentation.
FSA requires all requests for record access to be made in writing using FSA's "Access to DRS Request Form" which can be obtained by contacting Family Service Association's Privacy Officer at 508.730.1138, extension 3111.
The following access procedures should be followed:
1. FSA must act upon your request within 30 days unless access is denied for any of the following reasons:
1a: If the access request is made during the course of research and you have already agreed to the denial of access during such research (Non-reviewable denial)
1b: If the protected health information requested was obtained by someone other than a health care provider under a promise of confidentiality and access would be reasonably likely to reveal the source of the information (Non-reviewable denial)
1c: If a licensed health care professional has determined that the access requested is reasonably likely to endanger your life or physical safety [or the life and/or physical safety of another] (Reviewable denial)
1d: If the protected health information contains the name of another person (unless such other person is a health care provider) and a licensed professional has determined that the access requested is reasonably likely to cause substantial harm to the other person (Reviewable Denial)
1e: If the request for access is made by your personal representative (e.g. legal guardian) and a licensed health care professional has determined that access to this person is reasonably likely to cause you harm or harm to another person (Reviewable Denial)
2. If access is denied for any reason, you will be notified of this in writing within 30 days, with the reason for denial, your right to decision review (if indicated), and the agency's complaint process and contact information.
3. FSA may extend its response time to 60 days if your records are not stored on site, and by an additional 30 days if all procedures have been properly followed yet the agency needs additional time to process the request.
4. If access is approved, you have the right to look at your Designated Record Set, a copy of your Designated Record Set, or both. If you choose to access your record at FSA, an employee will monitor such access.
5. If you request a copy of your Designated Record Set, FSA will furnish you with an estimate of the cost which shall include (a) the cost of copying and associated labor (b) the cost of postage and (c) the cost of preparing a summary of the designated record set, if you agree that you would like a summary provided. Payment is required before your Designated Record Set is mailed. For more information on copying costs, please contact FSA's Privacy Officer at 508.730.1138, extension 3111.
Accounting for Disclosures
As a client of FSA, you have the right to request an accounting of all disclosures made from your Designated Record Set including (1) a description of the information disclosed (2) to whom the information was disclosed (3) for what purpose the information was disclosed (4) and the date the information was disclosed. The accounting must be in writing and cover the preceding six-year period.
The following disclosures are not accounted for:
· Disclosures for treatment, payment, and health care operations
· Listing in any FSA directories or listings
· Disclosures made for national security, to correctional institutions, or law enforcement officials
Your request may be made for disclosures made up to six years before the date of your request, but not for disclosures made before April 14, 2003. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved, and you may choose to withdraw or modify your request before any costs are incurred.
Amending Your Client Record
As a FSA client you have the right to amend any record in your Designated Record Set if your request is submitted in writing. You may obtain a "Request for DRS Amendment Form" from Family Service Association's Privacy Officer at 508.730.1138 X3111.
The following amendment procedures should be followed:
1. Submit "Request for DRS Amendment Form" to FSA's Privacy Officer
2. Your right to amend your Designated Record Set will be upheld unless any of the conditions apply:
2a: Family Service Association did not create the record you want to amend
2b: The record you want to amend is not a part of your Designated Record Set
2c: Family Service Association deems the record you want to amend accurate and complete
3. If your request is denied for any of the above reasons, you will receive notification in writing, which includes the reason for denial, your right to submit a written statement disagreeing with the denial, the procedures for filing such a statement, and all information pertaining to the complaint process.
4. If you do not submit a statement of disagreement, you have the right to choose whether your request for amendment and its denial becomes an enduring part of your record and subject to future disclosure.
5. If you do submit a statement of disagreement, such statement and all corresponding FSA documentation becomes an enduring part of your Designated Record Set and is subject to future disclosure.
6. FSA shall act upon all amendment requests no later than 60 days after receipt of such request. The agency may extend response time an additional 30 days and must provide you with a written statement with the reason for delay and the date by which FSA will complete your request.
Questions and Complaints
If you want more information about our privacy practices or have questions or concerns, please contact us using the information at the end of this Notice. You may complain to us if you believe that we have violated your privacy rights. You may file a complaint with us by writing to the address listed at the end of this Notice.
You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. Complaints filed directly with the Secretary must (1) be in writing; (2) contain the name of the entity against which the complaint is lodged; (3) describe the relevant problems; and (4) be filed within 180 days of the time you became or should have become aware of the problem.
We will not penalize or in any other way retaliate against you for filing a complaint.
FSA reserves the right the change our privacy practices and the terms of this Notice at any time in accordance with state and federal law. We reserve the right to make the changes in our privacy practices and the new terms of our Notice effective for all PHI maintained by FSA, including PHI we created or received before we made the changes. If we make a material change to FSA's Privacy Notice, the notice will be posted at all FSA Programs, on the FSA Web Site (www.frfsa.org), and will be made available to clientele by personnel at program locations and/or through community outreach visits.
Contact Office:
FSA Privacy Officer
101 Rock Street
Fall River, MA 02720
508.730.1138, extension 3111
