NOTICE OF PRIVACY PRACTICES
HELEN ROSS MCNABB CENTER, Inc.
200 Tech Center Drive
Knoxville, Tennessee 37912
Effective September 1, 2022
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions about this Privacy Notice, please contact our Privacy Officer at Helen Ross McNabb Center, 200 Tech Center Dr., Knoxville, TN 37912 – (865) 637-9711 or Toll Free 1-800-255-9711
The HELEN ROSS MCNABB CENTER (“Provider”) is required to (i) maintain the privacy of all health information within its organization;(ii) provide this Notice of Privacy Practices (“Notice”) to you; (iii) inform you of our legal obligations; and (iv) advise you of additional rights concerning their Protected Health Information (defined below). Affected individuals have the right to and will receive notification following any breach of unsecured Protected Health Information. Provider shall follow the privacy practices contained in this Notice from its effective date and continue to do so until this Notice is changed or replaced.
Provider reserves the right to change privacy practices and the terms of this Notice at any time. Any changes made in these privacy practices will be effective for all Protected Health Information that is maintained by Provider or its Business Associates, including Protected Health Information created or received before the changes were made. You will be notified of any changes by receiving a new Notice via mail to your mailing address on file, electronic mail to your e-mail address on file (if you have agreed to receive electronic communications from Provider), or hand-delivery. You may request a paper copy of this Notice at any time, even if you have agreed to receive this Notice electronically.
ORGANIZATIONS COVERED BY THIS NOTICE
This Notice applies to the privacy practices of Provider and all health care providers involved in your care and treatment on behalf of Provider.
OUR USES AND DISCLOSURES OF YOUR PHI
Protected Health Information (“PHI”) is information collected from an individual that relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or payment for provision of health care to the individual which identifies the individual or for which there is a reasonable basis to believe that the information can be used to identify the individual.
This Notice describes how we may use and disclose your PHI to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. This Notice also describes your rights regarding PHI that we maintain about you and a brief description of how you may exercise these rights. We will use and disclose your PHI as described in each category listed below. Other uses and disclosures not described in this Notice will be made only with your authorization. Once given, such authorization may be revoked by you in writing, except to the extent Provider has already taken action in reliance thereon, or if the authorization was obtained as a condition to obtaining insurance coverage and other law provides the insurer with the right to contest the claim.
4065043.2 I/Compliance/HIPAA/NPP 9-1-22
TREATMENT: Your PHI may be disclosed to a doctor or other health care provider that asks for it in connection with the provision of treatment to you. Provided, however, that the disclosure of any psychotherapy notes (if applicable) will require your prior authorization.
PAYMENT: Your PHI may be used or disclosed to file a claim for payment of services provided to you by Provider, doctors, or other health care providers.
HEALTH CARE OPERATIONS: Your PHI may be used and disclosed to conduct our business, such as quality assessment and improvement activities; to engage in care coordination or case management; to pursue any right of recovery, reimbursement, and/or subrogation; for purposes of accreditation; and in connection with conducting and arranging legal and related services. It may also be used in connection with disease management, case management, conducting or arranging for medical review, legal services, auditing functions, fraud and abuse detection and compliance programs, business planning and development, business management, ensuring the safety of our patients, doctors, and other health care providers, and general administrative activities.
AUTHORIZATIONS: You may provide written authorization that will permit Provider to disclose your PHI to anyone for any purpose. You may revoke this authorization in writing at any time but this revocation will not affect any use or disclosure permitted by your authorization while it was in effect. Unless you give written authorization, we cannot use or disclose your PHI for any reason except those described in this Notice.
PERSONAL REPRESENTATIVE: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make reasonable efforts to verify that such a person has this authority and can act for you before we take actions initiated by them. Your PHI may be disclosed to family member, friend, or other person to the extent necessary to help with your health care or with payment for your health care, but only if you agree we may do so, as described in the Individual Rights section of this Notice below.
PLAN SPONSORS: Your PHI may be disclosed to your group plan sponsor or insurance provider in order to perform plan administration functions. Please see your plan documents for a full description of the limited uses and disclosures the plan sponsor may make of your PHI in order to administer your group health plan.
UNDERWRITING: Your PHI may be disclosed for underwriting, premium ratings, or other activities relating to the creation, renewal or replacement of a contract of health insurance or benefits; provided, however, that we will not use or disclose your genetic information for such purposes. Your PHI will not be used or further disclosed for any other purpose, except as required by law.
MARKETING; SALE; FUNDRAISING: Your PHI will not be disclosed in a manner constituting a sale without your authorization. Your PHI may be used to contact you with information about health-related benefits and services or about treatment alternatives that may be of interest to you. Your PHI may be disclosed to a Business Associate or other associate to assist us in these activities. Unless the information is provided to you by a general newsletter or in person or is for products or services of nominal value). Provider may elect to contact you regarding fundraising efforts; however, you have the right to opt out of receiving such communications. To opt-out of any marketing or fundraising communications, contact the privacy officer listed at the end of this Notice.
RESEARCH: Your PHI may be used or disclosed for research purposes in limited circumstances. PHI of a deceased person may be disclosed to a coroner, medical examiner, funeral director or organ procurement organization for certain purposes.
AS REQUIRED BY LAW: Your PHI may be used or disclosed as required by state or federal law. For example, PHI must be disclosed to the U.S. Department of Health and Human Services upon request for purposes of determining compliance with federal privacy laws. PHI may also be disclosed as follows: when required by worker’s compensation or similar laws; to a government agency authorized to oversee the health care system or government programs or its contractors; respond to organ and tissue donation requests; work with medical examiner or funeral director; respond to legal actions and lawsuits by order or subpoena; and to public health authorities for public health purposes.
4065043.2 I/Compliance/HIPAA/NPP 9-1-22
COURT OR ADMINISTRATIVE ORDER: PHI may be disclosed in response to a court or administrative order, subpoena, discovery request or other lawful process, under certain circumstances. We may also disclosure your PHI in response to a third-party’s discovery request, subpoena, or other lawful process, but only if we have made an effort to inform you of the request or to obtain an order protecting the information requested.
LAW ENFORCEMENT: Under limited circumstances (i.e. court order, warrant, or grand jury subpoena), PHI may be disclosed to law enforcement officials. In addition, PHI may be disclosed to law enforcement officials concerning a suspect, fugitive, material witness, and crime victim or missing person. PHI may be disclosed to law enforcement officials or a correctional institution regarding an inmate or other person in lawful custody, in certain circumstances. As part of a new program and as required by agreement with State of Tennessee and local city and/or county law enforcement, patients receiving treatment while under police custody may be monitored by an on-site police officer for the purpose of maintaining custody, via closed circuit video cameras placed in limited, separate areas.
VICTIM OF ABUSE: PHI may be released to appropriate authorities based on our reasonable assumption that you are a possible victim of abuse, neglect or domestic violence or the possible victim of other crimes. PHI may be released to the extent necessary to avert a serious threat to your health or safety or to the health or safety of others. PHI may be disclosed when necessary to assist law enforcement officials to capture an individual who has admitted to participation in a crime or has escaped from lawful custody.
MILITARY AUTHORITIES; NATIONAL SECURITY: PHI of Armed Forces personnel may be disclosed to Military authorities under certain circumstances. PHI may be disclosed to authorize federal officials as required for lawful intelligence, counterintelligence, and other national security activities.
ACCESS: You have the right to review or obtain copies of your PHI, with limited exceptions. You may request a format other than photocopies, which request will be accommodated unless Provider cannot practicably do so. You must make the request in writing to obtain access to your PHI. You may obtain a form to request access by contacting the Privacy Officer at the end of this Notice, or you may send us a letter requesting access to the address located at the end of this Notice. If you request copies, there may be a reasonable cost-based charge for each page and for postage if you want the copies mailed to you. If you request an alternative format, the charge will be cost-based for providing your PHI in that format. If you prefer, we will prepare a summary or explanation of your PHI. For an explanation of the fees charged for preparing an explanation or summary, please contact our Privacy Officer at the location stated below. If we deny your request to access your health information, we will notify you in writing why the request was denied within sixty (60) days.
ACCOUNTING: You have the right to receive an accounting of the disclosures of your PHI by Provider or by a Business Associate of Provider. This accounting will list each disclosure that was made of your PHI for any reason other than treatment, payment, health care operations and certain other activities for the prior six (6) years. This accounting will include the date the disclosure was made, the name of the person or entity to whom the disclosure was made, a description of the PHI disclosed, the reason for the disclosure, and certain other information. If you request an accounting more than once in a 12-month period, there may be a reasonable cost-based charge for responding to these additional requests. For a more detailed explanation of the fee structure, please contact our Privacy Officer listed at the end of this Notice.
RESTRICTIONS ON USE OR DISCLOSURE: You have the right to request restrictions on Provider’s use or disclosure of your Protected Health Information, including to your health plan, provided that you pay out-of-pocket in full for any such items or services Except for in certain limited circumstances, Provider is not required to agree to these additional requests. If Provider is in agreement with the restrictions, Provider will honor the request except in an emergency or as otherwise specifically described herein. Any agreement to restrictions on the use and disclosure of your PHI must be in writing and signed by an authorized individual on behalf of Provider. Provider will not be bound unless the agreement is so memorialized in writing.
COMMUNICATIONS: You have the right to request confidential communications about your PHI by alternative means or to alternative locations. You must inform Provider that confidential communication by alternative means or to alternative
4065043.2 I/Compliance/HIPAA/NPP 9-1-22
locations is required to avoid endangering you. You must make your request in writing. Provider will accommodate the request if it is reasonable and specifies the alternative means or location.
AMENDMENT OF PROTECTED HEALTH INFORMATION: You have the right to request that Provider amend your PHI. Your request must be in writing and it must explain why the information should be amended. Provider may deny your request if the PHI you seek to amend was not created by Provider or for certain other reasons. If your request is denied, Provider shall provide a written explanation of the denial. You may respond with a statement of disagreement to be appended to the information you wanted amended. If Provider accepts your request to amend the information, Provider will make reasonable efforts to inform others, including the people you name, of the amendment and to include the changes in any future disclosures of that information.
NOTICE OF BREACH: In the event that there is a breach involving your unsecured PHI, will notify you within 60 days of discovery of the breach, and will take steps to mitigate any harm that might reasonably be anticipated by the breach.
CONFIDENTIALITY OF SUBSTANCE ABUSE RECORDS
Substance use disorder patient records are subject to more stringent protections by law, than other types of health information. These records include information that may be used to identify a patient as someone who abuses alcohol or drugs. Certain federal laws and regulations protect the confidentiality of substance use disorder patient records (“Substance Use Disorder Laws and Regulations”), which are summarized for you in this paragraph. As a general rule, we may not tell persons outside the programs that you attend any of these programs, or disclose any information identifying you as having a substance use disorder, unless: you authorize the disclosure in writing; or disclosure is permitted by a court order; or the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit or program evaluation purposes according to law and regulation; or you threaten to commit a crime either at the substance use disorder program or against any person who works for our substance use disorder programs; or the disclosure is made pursuant to an agreement with a third party service provider, as allowed by law and regulation. Violation of the Substance Use Disorder Laws and Regulations is a crime. You may report suspected violations to the United States Attorney for the judicial district in which the violation occurs, and in the case of an opioid treatment program you may also report suspected violations to the Substance Abuse and Mental Health Services Administration office responsible for oversight of opioid treatment programs. You should include your contact information along with any report of a violation. The following types of information are not protected by Substance Use Disorder Laws and Regulations: (i) information about a crime committed either at the Provider’s location or against any person who works for the Provider or any threat to commit either type of crime, and (ii) information about suspected child abuse or neglect. Substance Abuse Laws and Regulations include the laws at 42 United States Code § 290dd-2 and the regulations of 42 Code of Federal Regulations Chapter I, Subchapter A, Part 2.
QUESTIONS AND COMPLAINTS
If you wish to opt out of certain communications as described above, or to request that we communicate with you by alternative means or at alternative locations, you may contact Provider’s Privacy Officer at the address or number set forth below. If you are concerned that Provider has violated your privacy rights, or you disagree with a decision made about access to your PHI or in response to a request, you made to amend or restrict the use or disclosure of your PHI, you may contact us or submit a complaint using the contact information below. You may also submit a written complaint to the U.S. Department of Health and Human Services. The address to file a complaint with the U.S. Department of Health and Human Services will be provided upon request. We support your right to protect the privacy of your PHI. There will be no retaliation in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services. Provider’s Privacy Officer’s contact information is as follows:
Helen Ross McNabb Center
200 Tech Center Drive
Knoxville, TN 37912
Toll Free 1-800-255-9711