Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices (“Notice”) is being provided to you in compliance with federal regulations, and to evidence our commitment to ensuring the confidentiality of your health records. Each time you visit us, we keep a record of your care and treatment. At Katahdin Valley Health Center (“the Center”), we take the protection of your personal information seriously. We are required by law to provide you with this Notice of Privacy Practices to tell you about our legal duties, ways we may use and share your information, and to inform you about your rights regarding your health information.

This updated Notice is effective as of: January 30, 2019. We will ask you to sign a written acknowledgment of receipt of our Notice. We reserve the right to change the terms of this Notice and will post the current and any updated Notice in the Center, in each waiting area and on the Center website. You may obtain a copy of an updated Notice from the Center at any time.

If you have any questions about this Notice of Privacy Practices, please contact our Privacy Officer:
Michelle LeFay Compliance and Privacy Officer 529 South Patten Road, Patten ME 04765 or (207) 538-3700, Ext 306

How We May Use and Disclose Your Protected Health Information (“PHI”):

For Treatment: We will use and disclose your PHI to provide, coordinate, or manage your healthcare and related services in our office or with a third party who is also involved with your health care. For example, we may share your PHI with a pharmacy for filling prescriptions, a laboratory or imaging center if you need diagnostic services, with a specialist to whom we refer you, or with other healthcare providers who may be involved in your care and treatment. We may share information with family members who are involved in or supporting your care.

For Payment: We will use your PHI to get paid for your healthcare services. We may share information with your insurance company to obtain payment for services or to seek pre-approval for healthcare services that are recommended by us or another health care provider, such as for a hospital stay or procedure.

For Our Healthcare or Business Operations: We may disclose your PHI to facilitate the business activities of this office, and the delivery of our health care services, such as but not necessarily limited to reviewing the quality of the health care delivered, the professional services and standards of our employees, for education and training, maintaining and updating our electronic health record system, or for legal, billing, or accounting matters. We may contact you via telephone, email, or the patient portal to provide results from exams or tests, or to provide information that describes or recommends treatment alternatives regarding your care. We may contact you via telephone, email, patient portal or via text to remind you of, or to schedule you for an appointment. We may use or disclose PHI while engaging in teaching activities with students from an educational facility with which we may have an affiliation agreement. If we involve third parties, such as billing services, in our business activities, we will take steps required by law to obligate them to safeguard your PHI according to the same legal standards we follow.

HealthInfoNet: We participate in a state-wide health information exchange called HealthInfoNet. This means that we collaborate with other health care providers to share electronic health information regarding your health care. Your medical information may be disclosed by other HealthInfoNet participating health care providers to us, unless you have executed an opt-out form with HealthInfoNet. Specially protected information including substance abuse treatment program records, mental health treatment facility records, HIV/AIDS information and genetic test results are not automatically included in HealthInfoNet unless you elect in a separate authorization, to have that information shared. For example, your behavioral health information cannot be made available by us to the HealthInfoNet system, without your specific execution of an Opt-In form. If you submit an Opt-In form, the information in your electronic health record will be made available to health care providers outside of our organization who have access to HealthInfoNet. If you would like further information about this, and how you can Opt-In to the HealthInfoNet system for the sharing of your behavioral health information with your other health care providers, let us know and we will provide you with the appropriate form, or you can access the HealthInfoNet website at http://www.hinfonet.org . If you do not wish to be included in HealthInfoNet, you may “opt-out” by filling out a form found online at https://secure.hinfonet.org/PatientOptions/optout, by calling 1-866-592-4352, or by completing a paper form we can provide. If you change your mind, you may choose to join again later, but your previous health information will not be added to the database.

Accountable Care Organization: Katahdin Valley Health Center is a member of the Community Care Partnership of Maine (CCPM), an Accountable Care Organization. Under this organized health care arrangement, PHI may be shared with CCPM members for the purpose of payment and other health care operations including quality improvement. Any PHI shared with a CCPM member will be limited in accordance with the HIPAA Privacy and Security Rule, the HITECH Act, and Maine state and federal laws governing privacy and security of PHI.

When Allowed by Law: We may use or disclose your PHI without your written authorization, when required or allowed by law, in certain limited situations, including:
• When required by state or federal law;
• To report abuse or neglect;
• To persons authorized by law to act on your behalf, such as a guardian, health care power of attorney or surrogate;
• For disaster relief purposes, such as to notify family about your whereabouts and condition;
• For public health activities and purposes such as reporting on or preventing certain diseases;
• To comply with Food and Drug Administration requirements;
• For health oversight purposes such as reporting to Medicare, Medicaid or licensing audits, investigations or inspections;
• Where required by U.S. Department of Health and Human Services to evaluate the Center’s compliance with confidentiality and other laws;
• In connection with Workers’ Compensation claims for benefits; and
• To assist coroners or funeral directors in carrying out their duties.
• For organ donation
• To report certain criminal activity, such as the commission of a crime in an emergency situation, subject to certain limited criteria; to notify appropriate government authorities if we believe you have been the victim of abuse, neglect, or domestic violence; or to report a crime occurring on our premises
• To comply with a valid court order, subpoena or other appropriate administrative or legal request;
• If deemed necessary by us to prevent or lessen a serious or imminent threat to you or another person;
• For research purposes but only if an express government waiver is granted and other limited exceptions to obtaining authorization apply;
• If you are an inmate, and release of the information is necessary for your health or safety in the correctional facility;
• To appropriate military entities if you are a member or veteran of the armed forces; or
• If required by law for national security or intelligence purposes.

With your Authorization: Other than the uses and disclosures for treatment, payment or health care operations, or required or allowed by law as listed above, we will only disclose your PHI with your written authorization. For example, we will ask for your written permission before promoting a product or service to you for which we will be paid by a company, and generally before sharing your health information in a way that is considered a sale under the law.

Your Rights: Following is a statement of your rights with respect to your protected health information.

You have the right to receive and we are required to provide you with, a copy of this Notice of Privacy Practices, upon your request.

If you sign an authorization, you may revoke it at any time, except where we have already shared your information based upon your permission.

You have the right to access, inspect and copy your protected health information.
• This usually includes medical and/or billing records. You must submit a written request to us and you agree to pay the reasonable costs associated with complying with your request before we provide you with your record
• You may ask us to provide your electronic record in electronic format. If we are unable to provide your record in the format you request, we will provide the record in a form that works for you and our office. You may ask us to transmit your record to a specific person or entity by making a written, signed request.
• Under certain circumstances, your provider may not allow you to see or access certain parts of your record. You may ask that this decision be reviewed by another licensed professional.

You have the right to request to receive confidential communications and request contact from us by alternative means or at an alternative location. This request must be made in writing. KVHC will follow all reasonable requests.

You have the right to request restrictions on the use or disclosure of your PHI.

• This means you may ask us not to use or disclose all or part of your PHI for certain purposes. Such requests must be made in writing. We will consider your request carefully, and may honor reasonable requests where possible. The law does not require us to agree to every request.
• However, you may request to restrict certain sensitive or other health information from your insurer if you have or your personal representative has paid out of pocket in full for your service. We are not permitted to deny this specific type of restriction request, as long as you acknowledge that preventing disclosure to the insurer will mean that the insurance company will not pay for the services, and you agree to personally pay for the services. Such restriction requests will have to be made at each office visit, and will not be considered ongoing. If your insurance plan “bundles” your services together so that we cannot withhold only one item or service from your claim, we will discuss your options with you.
• You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply.

You have the right to receive an accounting of certain disclosures we have made of your PHI. Please speak with us if you have this request.

You have the right to request amendment of your PHI, to correct or clarify the record. Any such request must be made in a written statement, explaining the reason for the request and the proposed change. KVHC will then provide you with information regarding the process, and either accept or deny the requested amendment. We may deny a requested amendment if the PHI that is the subject of the request (1) was not created by us; (2) is not part of your record; (3) is PHI to which you do not have access, by law; or (4) is accurate and complete. If we accept your request, we cannot erase your record, but we may add your written statement to your health record and shall include the statement in any future authorized disclosures. If your amendment request is denied, you may submit a statement of disagreement and we may submit a rebuttal statement, which will remain with your health record.

Fundraising. We do not currently conduct fundraising campaigns. If we do so in the future, you have the right to opt-out of any fundraising solicitation or communication.

Breach notification. We are required to have safeguards in place that protect your health information. In the event that there is a breach of those protections, we will notify you, the U.S. Department of Health and Human Services and others, as the law requires.

We are required to abide by the terms of the Notice currently in effect.

You may file a complaint with us if you believe that we have violated the terms of the Notice or have otherwise violated your privacy rights with respect to your PHI by notifying our Privacy Officer and providing a written complaint. The Privacy Officer’s name and address is listed near the top of this Notice.

You also may submit a complaint to the Office of Civil Rights, with the federal Department of Health and Human Services (“OCR”) The on-line contact information for the OCR is: http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html

Katahdin Valley Health Center will not retaliate against you for filing a complaint with us or with the Office of Civil Rights.