HIPAA Notice of Privacy Practices
Name or Title of Privacy Officer: HIPAA Privacy Officer
Telephone Number: 844-392-8342
Effective Date: December 5, 2018
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. CONFIDENTIALITY OF HEALTH INFORMATION. Health information that Wavelengths Recovery, LLC (“Company”) receives and/or creates about you, personally, relating to your past, present, or future health, treatment, or payment for health care services, is “protected health information” under the federal law known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 45 C.F.R. Parts 160 and 164. The confidentiality of alcohol and drug abuse records maintained by Company is protected by another federal law as well, commonly referred to as the Alcohol and Other Drug (AOD) Confidentiality Law, 42 C.F.R. Part 2. Generally, Company may not say to a person outside Company that you are a client of Company, or disclose any information identifying you as an alcohol or drug abuser, or use or disclose any other protected health information except in limited circumstances as permitted by federal law. Your health information is further protected by any pertinent state law that is more protective or stringent than either of these two federal laws.
2. PLEDGE REGARDING HEALTH INFORMATION. Company understands that health information about you and your health is personal. Company is committed to protecting health information about you. In order to provide you with quality service and to comply with certain state and federal legal requirements, Company creates a record of the services you receive at Company. This Notice of Privacy Practices (the “Notice”) applies to all of the records of your service generated by Company. This Notice will tell you about the ways in which Company may use and disclose protected health information about you. It also describes your rights and certain obligations Company has regarding the use and disclosure of protected health information. Company is required by law to:
(1) Make sure that health information that identifies you is kept private;
(2) Give you this Notice of its legal duties and privacy practices concerning health information about you;
(3) Follow the terms of the Notice that are currently in effect; and
(4) Notify you in case there is an unauthorized use or disclosure of your unsecured health information.
3. WHO IS BOUND BY THIS NOTICE. This Notice describes Company’s practices and those of Company staff, volunteers, and other personnel who are involved in your services. Company and these individuals will follow the terms of this Notice, and may use or disclose protected health information about you as permitted or required by law. This Notice describes your rights to access and control protected health information about you, including information that may identify you and that relates to your past, present, or future physical health or mental condition, and healthcare and related healthcare services. Your personal physician may have other policies that he or she follows and may use his or her own Notice of Privacy Practices.
4. HOW COMPANY MAY USE AND DISCLOSE PROTECTED HEALTH INFORMATION ABOUT YOU. Company collects health information about you and stores it in a chart, on a computer, and/or in a personal health record. This is your medical record. The medical record is the property of Company, but the information in the medical record belongs to you. The following categories describe different ways that Company may use or disclose protected health information. For each category of uses and disclosures, Company will explain what is meant and may give some examples. Not every use or disclosure in a category will be listed. However, all of the ways Company is permitted to use and disclose information will fall within one of the categories. Some information such as certain drug and alcohol information, HIV, or mental health information is entitled to special restrictions.
4.1 For Internal Communications. Your protected health information will be used within Company between and among Company staff who have a need for the information, in connection with Company’s duty to diagnose, treat, or refer you for treatment. This means that your protected health information may be shared between or among personnel for treatment, payment or health care operation purposes. For example, two or more providers within Company may consult with each other regarding your best course of treatment. Company may share your protected health information in a billing effort to receive payment for healthcare services rendered to you. And/or, your protected health information may be discussed within Company about your treatment in connection with others receiving treatment, in an effort to improve the overall quality of care provided by Company. Your protected health information will not be re-disclosed by Company personnel except as is otherwise permitted herein.
4.2. To Qualified Service Organizations and/or Business Associates. Some or all of your protected health information may be subject to disclosure through contracts for services with qualified service organizations and/or business associates, outside of Company, that assist Company in providing healthcare. Examples of qualified service organizations and/or business associates include billing companies, data processing companies, or companies that provide administrative or specialty services. To protect your health information, Company requires these qualified service organizations and/or business associates to follow the same standards held by Company through terms detailed in a written agreement.
4.3. In Medical Emergencies. Your health information may be disclosed to medical personnel in a medical emergency, when there is immediate threat to the health of an individual, and when immediate medical intervention is required.
4.4. To Researchers. Under certain circumstances, Company may use and disclose your protected health information for research purposes. For example, a research project may involve comparing the health and recovery of all clients who received one test or treatment to those who received another, for the same condition. All research projects, however, must be approved by an Institutional Review Board, or other privacy review board as permitted within the regulations, that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information.
4.5. To Auditors and Evaluators. Company may disclose protected health information to regulatory agencies, funders, third-party payers, and peer review organizations that monitor alcohol and drug programs to ensure that Company is complying with regulatory mandates and is properly accounting for and disbursing funds received.
4.6. Pursuant to Authorizing Court Order. Company may disclose your protected health information pursuant to an authorizing court order. This is a unique kind of court order in which certain application procedures have been taken to protect your identity, and in which the court makes certain specific determinations as outlined in the federal regulations and limits the scope of the disclosure.
4.7. Crime on Company Premises or Against Company Personnel. Company may disclose a limited amount of protected health information to law enforcement when a client commits or threatens to commit a crime on Company premises or against Company personnel. Federal law and regulations do not protect any information about a crime committed by a client either at Company or against any person who works for Company or about any threat to commit such a crime.
4.8. Reporting Suspected Child Abuse and Neglect. Company may report suspected child abuse or neglect as mandated by state law. Federal law and regulations do not protect any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.
4.9. As Required By Law. Company will disclose protected health information as required by state law in a manner otherwise permitted by federal privacy and confidentiality regulations.
4.10. Appointment Reminders. Company reserves the right to contact you, in a manner permitted by law, with appointment reminders or information about treatment alternatives and other health related benefits that may be appropriate to you.
4.11. Other Uses and Disclosure of Protected Health Information. Other uses and disclosures of protected health information not covered by this Notice will be made only with your written authorization or that of your legal representative. If you or your legal representative authorize Company to use or disclose protected health information about you, you or your legal representative may revoke that authorization, at any time, except to the extent that Company has already taken action relying on the authorization.
5. YOUR RIGHTS REGARDING HEALTH INFORMATION COMPANY MAINTAINS ABOUT YOU. You have the following rights regarding your health information. In order to exercise these rights, you must contact the HIPAA Privacy Officer at Company. You may be asked to submit a written request. The HIPAA Privacy Officer may be contacted using the following information:
Wavelengths Recovery, LLC
Attn: HIPAA Privacy Officer
301 Main Street, #201
Huntington Beach, CA 92648
5.1. Right to Inspect and Copy. With certain exceptions, you have the right to inspect and receive copies of your health information that Company maintains about you. In some very limited circumstances Company may, as authorized by law, deny your request to inspect and obtain a copy of your protected health information. You will be notified of a denial to any part or parts of your request. Some denials, by law, are reviewable, and you will be notified regarding the procedures for invoking a right to have a denial reviewed. Other denials, however, as set forth in the law, are not reviewable. Each request will be reviewed individually, and a response will be provided to you in accordance with the law.
5.2. Right to Amend Your Health Information. If you believe that protected health information about you is incorrect or incomplete, you may ask Company to amend the information. Company may deny your request if it is not in writing or does not include a reason that supports the request. In addition, Company may deny your request if you ask Company to amend protected health information that Company believes: (i) is accurate and complete; (ii) was not created by Company, unless the person or entity that created the protected health information is no longer available to make the amendment; (iii) is not part of the protected health information kept by or for Company; or (iv) is not part of the protected health information which you would be permitted to inspect and copy. If your right to amend is denied, Company will notify you of the denial and provide you with instructions on how you may exercise your right to submit a written statement disagreeing with the denial and/or how you may request that your request to amend and a copy of the denial be kept together with the protected health information at issue, and disclosed together with any further disclosures of the protected health information at issue.
5.3. Right to an Accounting of Disclosures. You have the right to receive a list of certain disclosures that Company may have made of your protected health information. This list will not include certain disclosures as set forth in the HIPAA regulations, including those made for treatment, payment, or health care operations within Company or made pursuant to your authorization or made directly to you.
5.4. Right to Request Restrictions. You have the right to request a restriction or limitation on the protected health information that Company uses or discloses about your treatment, payment or health care operations within Company. While Company will consider your request, Company is not required to agree to it. If Company does agree to it, Company will comply with your request, except in emergency situations where your protected health information is needed to provide you with emergency treatment. Company will not agree to restrictions on uses or disclosures that are legally required, or those which are legally permitted and which Company reasonably believes to be in the best interest of your health.
5.5. Right to Request Confidential Communications. You have the right to request that Company communicate with you about your protected health information in a specific way or at a specific location. For example, you can ask that Company only contact you at work or by mail. Company will accommodate all reasonable requests.
5.6. Right to File a Complaint. Violation of the federal law and regulations by Company is a crime and suspected violations may be reported to appropriate authorities in accordance with federal regulations. If you have any questions or believe that your privacy rights have been violated, you may contact Company’s HIPAA Privacy Officer in person or mail a written summary of your concern to the address listed above. You may also file a written complaint with the Department of Health and Human Services. You will not be penalized or retaliated against for filing a complaint.
5.7. Right to Receive a Copy. You have the right to obtain a copy of this Notice.
6. CHANGES TO THIS NOTICE. Company reserves the right to change the terms of this Notice at any time. Company reserves the right to make the revised or changed notice effective for protected health information Company already has about you as well as any protected health information Company receives in the future. Company will post a copy of the current Notice. The Notice will contain an effective date.