Notice of Privacy Practices
This notice describes how we may use and disclose Protected Health Information (PHI) about you and how you can get access to this information. Please review this notice carefully.
This notice is being provided to you pursuant to the federal law known as HIPAA and an amendment to that law, known as the HITECH Act. If you have any questions about this notice, please contact the Network180 Privacy Officer at 3310 Eagle Park Dr NE, Suite 100, Grand Rapids, MI 49525; 616-336-3765; e-mail is PrivacyOfficer (at) network180 dot org. Other statutes and regulations, including, for example, the Michigan Mental Health Code and Part 2 of Title 42 of the Code of Federal Regulations may further restrict our use and disclosure of PHI. When that is the case, the greater restrictions or protections apply.
PHI is all individually identifiable health information that is created or received by Network180 that relates to your past, present or future physical or mental health condition, the provision of health care services and payment for those services. Examples of identifiable health information includes: your name, address, telephone number and date of birth; your diagnosis (the condition for which you are receiving treatment) and your treatment plan and goals.
Our Pledge Regarding Your Protected Health Information
We understand that your health and medical information about you is personal. We are required by law to maintain the privacy of your PHI, to notify you following a breach of your unsecured PHI, and to provide you with this notice of our legal duties and privacy practices with respect to your PHI. This notice applies to the medical records and information we maintain concerning the services you receive from Network180. Each service provider may have different policies and/or notices regarding the use and disclosure of your PHI created and provided by that service provider’s organization.
This notice will tell you about the ways in which we may use and disclose (share with others) your PHI. It also describes our obligation and your rights regarding the use and disclosure of PHI.
How we May Use and Disclose PHI about You
We may use and disclose PHI for a variety of reasons. We have a limited right to use and/or disclose your PHI without your authorization for purpose of treatment, payment or our health care operations. Other uses and disclosures require your written authorization unless the law permits or requires us to make the use or disclosure without your authorization. If we disclose your PHI to a third party in order for that party to perform a function on our behalf, the third party must agree that it will extend the same degree of privacy protection to your PHI that we do. Subject to the limitations of the Michigan Mental Health Code, and Title 42, Part 2 of the Code of Federal Regulations, we may use or disclose your PHI without your authorization as follows:
1. Treatment. We will use and disclose your PHI to health care providers under contract with Network180 to provide and coordinate your health care and related services. For example, we may disclose the needed parts of your PHI to a home health agency or Adult Foster Care home who are involved in taking care of you. Also, we may disclose your PHI to another doctor or health care provider, such as a specialist or laboratory that helps us with your treatment. We may also use a sign-in sheet at the registration desk where you will be asked to sign your name, and/or we may call you by name in the waiting room. We may use or disclose your PHI, such as your name and address to contact you to remind you of your appointment.
2. Payment. We will disclose your PHI to receive payment for the services we provide you. For example, we may disclose your PHI to the Medicaid program or private insurance companies to see if they will pay for the kind of service you are requesting, to make sure services provided to you are medically necessary and to facilitate and/or receive payment for the treatment and services you receive.
3. Health Care Operations. We may use and disclose your PHI to support the business activities of this agency (operations purposes). For example, we may use your PHI relating to: making sure we meet important goals and standards; judging how well our employees do their job; training workers and volunteers; licensing or accreditation of our agency; fraud and abuse detection programs; business planning and development; and other general administrative activities.
4. Fundraising and Other Communications. We may use or disclose parts of your PHI to offer you information that may be of interest to you. For example, we may use your name and address to send you newsletters or other information about activities. If we contact you to raise funds, we will inform you of our intention and your right to opt out of receiving such communications.
5. Business Associates and Subcontractors. We may contract with individuals and entities known as Business Associates to perform various functions or provide certain services. To perform these functions or provide these services, Business Associates may receive, create, maintain, use and/or disclose your PHI, but only after they sign an agreement with us requiring them to implement appropriate safeguards regarding your PHI. Similarly, a Business Associate may hire a Subcontractor to assist in performing functions or providing your services. If a Subcontractor is hired, the Business Associate may not disclose your PHI to the Subcontractor until after the Subcontractor enters into a Subcontractor Agreement with the Business Associate that also requires the Subcontractor to safeguard your PHI.
6. Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
7. Public Health. We may disclose parts of your PHI to the Public Health Department when the law requires us to do so. This disclosure would only be made for the purpose of controlling disease, injury or disability.
8. Health Oversight Entities. We may disclose your PHI to agencies that are responsible for making sure our services meet quality standards. They may need your PHI for activities such as audits, investigations and inspections. Agencies that use this information include the Center for Medicare and Medicaid Services, the Michigan Department of Health and Human Services, Lakeshore Regional Entity, and Michigan Protection and Advocacy Services.
9. Law Enforcement. We will disclose your PHI when required to do so by federal, state or local law. For example, we may disclose PHI during any court or administrative proceeding, if we are ordered to do so and/or to meet legal requirements. We may also disclose PHI for law enforcement purposes, such as investigation of a crime, but only if such disclosures comply with Michigan law.
10. Food and Drug Administration. We may disclose your PHI if the Food and Drug Administration requires it: for example, to report adverse events or product defects or problems; help track products; and allow product recalls.
11. Coroners or Medical Examiners. We may disclose PHI to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties.
12. Research Organizations/Individuals. We may disclose your PHI to researchers only with your authorization.
13. Workers’ Compensation. We may disclose your PHI to comply with Michigan workers’ compensation laws.
14. Correctional Facilities. We may use or disclose your PHI if you are an inmate of a correctional facility and Network180 created or received your PHI while providing care to you.
15. Health and Human Services (DHHS). We must release your PHI to DHHS so they can make sure we are following the law. We also will release your PHI if we suspect there may have been child or vulnerable adult abuse or neglect. Federal and State Laws require these reports. Michigan law does not require us to notify you when we make a report about abuse or neglect.
16. Military and or Veteran’s Administration. If you are a member of the armed forces, we may release your PHI as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority. We may also release PHI for you to receive and/or coordinate benefits.
17. As Required by Law. We will disclose your PHI when required to do so by federal, state, or local law.
18. Disclosure to Health Plan Sponsor. PHI may be disclosed to health plans for purposes of facilitating claims payments under that plan and/or to meet the requirements of a prepaid service. In addition, your PHI may be disclosed to a Plan Sponsor and its personnel to administer benefits under the Plan or as otherwise permitted by law and the Plan Sponsor’s HIPAA privacy policies and procedures. We must agree to a request to restrict disclosure of PHI to a health plan if the disclosure is for payment or health care operations and pertains to a health care item or service for which you have paid out of pocket in full.
Your Rights Regarding Your Protected Health Information (PHI)
You have the following rights regarding your PHI which we maintain:
1. You have the right to inspect and receive a copy of your PHI. You have the right to request access to the portion of your PHI that is contained in a designated records set for as long as we maintain the PHI. “Designated record set” means medical and billing records and any other records that this agency uses for making decisions about you. This includes the right to inspect the information as well as the right to a copy of the information. You may request that the information be sent to a third party. You must submit a request for access in writing to the Network180 Medical Records staff and/or Privacy Officer. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing or other supplies associated with your request (such as a thumb drive in the case of a request for electronic information). We may deny your request to inspect and copy in certain circumstances. If you are denied access to medical information, you may request that the denial be reviewed by contacting our Privacy Officer. Under federal law you may not see or copy the following that may be contained in your record: psychotherapy notes; information gathered for use in court or at hearings; PHI that is covered by a law that states you may not see it and/or information assigned or developed as part of a peer review function.
If we maintain your PHI electronically in a designated record set, we will provide you with access to the information in an electronic form and format you request if readily producible or, if not, in a readable electronic form and format as agreed to by you and Network180.
When there are electronic communications, or data is with PHI is transferred, we will make reasonable efforts to provide you PHI in encrypted mediums. You may request (explicitly or through your actions) or “opt-in” that your PHI be provided to you or discussed with us via unencrypted electronic mediums. However, unencrypted electronic disclosure of any PHI is ultimately subject to the discretion of Network180. We are advising you in this notice that, if you email or text us health information, or request that we provide you with information in these or similar mediums, that these are unsecure mediums for transmitting information and that there is some risk to using these mediums. Information transmitted these ways is more likely to be intercepted by unauthorized third parties than more secure transmission channels. If you want to communicate with us in these mediums, you are accepting the risks we have notified you of, and you agree that we are not responsible for unauthorized access of such medical information while it is in transmission to you based on your request, or when the information is delivered to you.
2. Right to Amend. If you feel that PHI we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for Network180.
To request an amendment, your request must be made in writing and submitted to the Privacy Officer. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- is not part of the treatment information kept by Network180;
- was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- is not part of the information which you would be permitted to inspect and copy; or
- is accurate and complete.
3. Right to Request Restrictions. You have the right to request a restriction or limitation regarding your PHI that we use or disclose for treatment, payment or health care operations. You also have the right to request a limit on your PHI that we disclose to someone who is involved in your care or the payment for your care, like a family member or friend. To request restrictions, you must make your request in writing to the Privacy Officer. In your request, you must tell us: what information you want to limit, whether you want to limit our use, disclosure or both, and to whom you want the limits to apply. For example, you may want to limit disclosures to your spouse. We are not required to agree to your request. We will allow your PHI to be used or released if your treatment professional believes it is in your best interest. If your treatment professional does agree to your request, we may not use or release your PHI unless it is needed to provide emergency treatment. Please discuss any restriction you wish to request with your treatment professional.
4. Right to Request Confidential Communications. You have the right to request that we communicate with you about your services in a certain way or at a certain location. For example, you can ask that we only contact you at work or that we send mail to your post office box instead of your home address. To request confidential communications you must make your request in writing to the Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
5. Right to an Accounting of Disclosures. You have the right to request an accounting of certain disclosures of your PHI. The accounting will not include disclosures to carry out treatment, payment and health care operations, disclosures to you about your own PHI, disclosures pursuant to an individual authorization or other disclosures as set forth in HIPAA privacy policies and procedures. To request this list or accounting of disclosures, you must submit your request in writing to the Privacy Officer. Your request must state a time period which may not be longer than six years. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12 month period will be free. For additional lists, we may charge you for the reasonable costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. Effective at the time prescribed by federal regulations, you may also request an accounting of uses and disclosures of your PHI maintained as an electronic health record.
6. Right to a Paper Copy of this Notice. Even if you received this notice electronically, you have the right to a paper copy of this notice. You may ask us to give you a paper copy of this notice at any time. To obtain a paper copy of this notice, contact the Privacy Officer.
Genetic Information: If we use or disclose PHI for underwriting purposes with respect to your services, we will not use or disclose PHI that contains your genetic information for such purposes.
Breach Notification Requirements: You have a right to be notified upon a breach of your unsecured PHI. We will also inform HHS and take any other steps required by law.
Changes to this Notice: We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any information we receive in the future. We will notify you in the event of a change.
Complaints: If you believe your privacy rights have been violated, you may file a complaint with Network180 by contacting the Network180 Privacy Officer. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services.
Your Written Permission is Required for Other Uses and Disclosures of Your PHI
The following uses and disclosures of your PHI will be made only with your written authorization:
- Uses and disclosures of PHI for marketing purposes;
- Disclosures that constitute a sale of your PHI; and
- Uses and disclosures of psychotherapy notes other than to carry out the treatment, payment, and health care operations set forth at 45 CFR § 164.508(a)(2).
Other uses and disclosures of your PHI not covered by this notice or applicable laws will be made only with your written permission. If you provide us permission to use or disclose your PHI, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose your PHI for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission.
This notice is effective December 13, 2018.