At Places for People, we understand that your medical information about you and your health is personal. Our agency is committed to protecting your medical information. We are required by federal and state laws to maintain the privacy of your protected health information (PHI) and to give you this notice explaining our privacy practices with regard to that information. This notice explains your rights and our legal obligations regarding the privacy of your PHI.
Protected health information is information that individually identifies you. It may be used and disclosed by your physicians, our staff, another health care provider, Medicaid or health plan, your employer, or a healthcare clearing house that relates to your past, present, or future medical conditions, the provision of care to you for those conditions, or the past, present, or future payment for your health care.
HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION:
- For your treatment—Your PHI may be provided to a physician, pharmacist, or other healthcare provider (specialist or laboratory) to whom you have been referred, to ensure they have the necessary information to diagnose, treat, or provide you a service.
- For payment—Your PHI may be used and disclosed to enable us to bill and collect payment from Medicaid, Medicare, a private health plan, or you or a third party.
For health care operations—We may use and disclose your PHI in order to support the business activities of PfP or the independent providers who serve you. These activities include, but are not limited to, the evaluation of our team members in caring for you, quality assessment, and the disclosure of information to providers, medical students, and other authorized personnel for educational and learning purposes. Should the programs in which you are enrolled be authorized or paid for by the Missouri Department of Mental Health, Medicaid, the St Louis City Housing Authority, or other state and grant authorities, we may also need to release your PHI to determine your eligibility, as well as for quality evaluation, auditing, and licensure purposes.
- As required by law—We will disclose your PHI when required to do so by federal, state or local law. Appointment reminders, treatment alternatives, health related services, and client directory—We may use and disclose your PHI to contact you to remind you have a scheduled appointment, or to advise you of treatment options or alternatives which may be of interest to you. You may provide us with alternative instructions for our use of PHI for these purposes.
- Other uses and disclosures—may include research when the protocols have been approved by a review board to ensure the privacy of your health information; correctional agencies if you are incarcerated or subject to conditions for probation or parole; communication with family or other individuals you identify, if you have not prohibited such information exchange and in the professional opinion of qualified staff the information is relevant to that person’s involvement in your care or payment related to your care.
Any other uses or disclosures require your written authorization. You may revoke the authorization at any time by submitting a request in writing and we will no longer disclose your PHI except to the extent that we have taken an action in reliance on the prior written authorization. By policy, PfP does not use protected health information for marketing or fundraising purposes without your consent. By law, PfP cannot release psychotherapy notes or substance abuse treatment notes without your consent.
PLACES FOR PEOPLE MUST NOTIFY AFFECTED INDIVIDUALS IF THERE IS A BREACH OF THEIR UNSECURED PHI.
A breach might include lost or stolen paper records, misdirected records sent to a third party, a hacked database including PHI, or unencrypted information sent electronically or stored on an unauthorized, unencrypted device, for example, an unencrypted texted message on a mobile phone.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION:
The right to inspect and copy—Under federal law you have the right to inspect and copy the PHI created by PfP, upon written request. We have up to 30 days to make your PHI available to you; fees may apply). You have a right to a summary of your PHI instead of the entire record, or an explanation of the PHI which has been provided.
The right to an electronic copy of electronic medical records—You have the right to request to be given to you or another individual or entity, an electronic copy of your medical records, if they are maintained in an electronic format, in the format you request. If the material is not readily producible by us we will provide it in either our standard electronic format or in hard copy form. Fees may apply.
The right to request restrictions—You may request a restriction or limitation of PHI we use or disclose for treatment, payment, or health care operations. You may request a restriction of disclosures to your health plan, if you have paid yourself “out-of-pocket” in full for the services that would be disclosed. You may also request a limit on the PHI we disclose about you to someone involved in your care or payment of your care. Your request must be made in writing to our Privacy Officer with specific instructions. If we agree to the restriction, we may override it only when legally compelled, or for emergency treatment purposes. By law, you may not request that we restrict the disclosure of your PHI for treatment purposes.
The right to request amendments—If you feel that the PHI we have is incorrect or incomplete, you may ask us to amend the information. A request and the reason for the requested amendment must be made in writing to our Privacy Officer. In certain cases we may deny your request. If we deny your request you ave the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy.
The right to an accounting of disclosures—You have the right to receive an accounting of disclosures except for those used for purposes of treatment, payment, or healthcare operations, disclosures for which you have given authorization, disclosures required by law, or those that occurred six years prior to the date of request. Your request must be made in writing and you must indicate in what form you want the list, for example on paper or by email. The first accounting of disclosures in any 12 month period will be free. Any additional requests within the same time period may incur a fee.
The right to request confidential communication—You may request that we communicate with you only in certain ways to preserve your privacy. For example, you may request that we contact you by mail at a specific address or call you at a specific telephone number. Your request must be made in writing with specific instructions on how and where we contact you. We will accommodate all reasonable requests and will not ask the reason for your request.
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the United States Department of Health and Human Services. To file a complaint with us you must make it in writing to the Places for People Privacy Officer, 4130 Lindell, St Louis, MO 63108, or by email to email@example.com. Complaints must be submitted within 180 days of when you knew of or suspected the violation. There will be no retaliation against you for filing a complaint.
To file a complaint with the Secretary, mail it to: Secretary of the U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Washington, DC 20201. For more information, call 877-696-6775 or go the website of the Office for Civil Rights, www.hhs.gov/ocr/hipaa/. There will be no retaliation against you for filing a complaint.
If you have any questions in reference to this form, please talk to a PfP staff member, supervisor, or the PfP Privacy Officer. The Privacy Officer’s phone number is 314-615-2121, or email firstname.lastname@example.org. You have the right to request a paper copy of this notice at any time. A copy of this notice may also be found on the Places for People website, www.placesforpeople.org.
Places for People is concerned about the privacy of our donors and guards your data closely. We value our relationship with you and recognize the importance of protecting the privacy of your personal information. The information we have about you is protected and secure, and we work diligently to ensure that your personal preferences regarding the use of your information are honored. The information you share with the Places for People is for organizational use only and is never shared, sold, or bartered with any other entity. The types of information collected may include your name, address, postal code, phone number and/or email address. This information is used solely for solicitation purposes that aid in the administration of our programs.
If you have any questions regarding this policy, use of your personal information or opting out of mailings we can be contacted via mail, email, or phone at the following:
Mrs. Ellen Kratz
Places for People
4130 Lindell Blvd
St. Louis, MO 63108
The Homeless Missourians Information System (HMIS) was developed to meet a data collection requirement made by the United States Congress and the Department of Housing and Urban Development (HUD). Congress passed this requirement in order to get a more accurate count of individuals who are homeless and to identify the need for and use of different services by those individuals and families. We are collecting statistical information on those who use our services and report this information to a central data collection system.
In addition, many agencies in this area use HMIS to keep computerized case records. This information may be provided to other HMIS participating agencies. The information you may agree to allow us to collect and share includes: basic identifying demographic data, such as name, address, phone number and birth date; the nature of your situation and the services and referrals you receive from this agency. This information is known as your Protected Personal Information or PPI. All agencies using the HMIS share their data with other participating agencies, with the exception of Blind Service Providers. These blind agencies serve specific protected client populations, such as domestic abuse, sexual abuse, HIV/AIDS, alcohol and/or substance abuse, and mental health, and do not share client information.
GENERALLY, all personal information we maintain is covered by this policy. Generally, your personal information will only be used by this agency and other agencies to which you are referred for services.
Information shared with other HMIS agencies helps us to better serve our clients, to coordinate client services, and to better understand the number of individuals who need services from more than one agency. This may help us to meet your needs and the needs of others in our community by allowing us to develop new and more efficient programs. Sharing information can also help us to make referrals more easily and may reduce the amount of paperwork.
Maintaining the privacy and safety of those using our services is very important to us. Information gathered about you is personal and private. We collect information only when appropriate to provide services, manage our organization, or as required by law.
II. CONFIDENTIALITY RIGHTS:
This agency has a confidential policy that has been approved by its Board of Directors. This policy follows all HUD confidentiality regulations that are applicable to this agency, including those covering programs that receive HUD funding for homeless services. Separate rules apply for HIPPA privacy and security regulations regarding medical records.
This agency will use and disclose personal information from HMIS only in the following circumstances:
1. To provide or coordinate services to an individual.
2. For functions related to payment or reimbursement for services.
3. To carry out administrative functions including, but not limited to legal, audit, personnel, planning, oversight or management functions.
4. Databases used for research, where all identifying information has been removed.
5. Contractual research where privacy conditions are met.
6. Where a disclosure is required by law and disclosure complies with and is limited to the requirements of the law. Instances where this might occur are during a medical emergency, to report a crime against staff of the agency or a crime on agency premises, or to avert a serious threat to health or safety, including a person’s attempt to harm himself or herself.
7. To comply with government reporting obligations.
8. In connection with a court order, warrant, subpoena or other court proceeding where disclosure is required.
III. YOUR INFORMATION RIGHTS:
As a client receiving services at this agency, you have the following rights:
1. Access to your record. You have the right to review your HMIS record. At your request, we will assist in viewing the record within five working days.
2. Correction of your record. You have the right to request to have your record corrected so that information is up-to-date and accurate to ensure fairness in its use.
3. Refusal. Our ability to assist you depends on having certain personal identifying information. If you choose not to share the information we request, we reserve the right to decline to provide you with services as doing so could jeopardize our status as a service provider.
4. Agency’s Right to Refuse Inspection of an Individual Record. Our agency may deny you the right to inspect or copy your personal information for the following reasons:
a. information is compiled in reasonable anticipation of litigation or comparable proceedings;
b. information about another individual other than the agency staff would be disclosed;
c. information was obtained under a promise of confidentiality other than a promise from this provider and disclosure would reveal the source of the information; or
d. information, the disclosure of which would be reasonably likely to endanger the life or physical safety of any individual.
5. Harassment. The agency reserves the right to reject repeated or harassing requests for access or correction. However, if the agency denies your request for access or correction, you will be provided written documentation regarding your request and the reason for denial. A copy of that documentation will also be included in your client record.
6. Grievance. You have the right to be heard if you feel that your confidentiality rights have been violated, if you have been denied access to your personal records, or if you have been put at personal risk, or harmed. Our agency has established a formal grievance process for you to use in such a circumstance. To file a complaint or grievance you should contact our Compliance Director, Tony Hilkin, at: 314-535-5600, Ext. 201.
IV. HOW YOUR INFORMATION WILL BE KEPT SECURE:
Protecting the safety and privacy of individuals receiving services and the confidentiality of their records is of paramount importance to us. Through training, policies, procedures and software, we have taken the following steps to make sure your information is kept safe and secure:
1. The computer program we use has the highest degree of security protection available.
2. Only trained and authorized individuals will enter or view your personal information.
3. Your name and other identifying information will not be contained in HMIS reports that are issued to local, state or national agencies.
4. Employees receive training in privacy protection and agree to follow strict confidentiality standards before using the system.
5. The server/database/software only allows individuals access to the information. Only those who should see certain information will be allowed to see that information.
6. The server/database will communicate using 128-bit encryption-an Internet technology intended to keep information private while it is transported back and forth across the Internet. Furthermore, identifying data stored on the server is also encrypted or coded so that it cannot be recognized.
7. The server/database exists behind a firewall-a device meant to keep hackers/crackers/viruses/etc. away from the server.
8. The main database will be kept physically secure, meaning only authorized personnel will have access to the server/database.
9. System Administrators employed by the HMIS and the agency support the operation of the database. Administration of the database is governed by agreements that limit the use of personal information to providing administrative support and generating reports using aggregated information. These agreements further insure the confidentiality of your personal information.
V. BENEFITS OF HMIS AND AGENCY INFORMATION SHARING:
Information you provide us can play an important role in our ability and the ability of other agencies to continue to provide the services that you and others in the community are requesting.
Allowing us to share your name results in a more accurate count of individuals and the services they use. Obtaining an accurate count is important because it can help us and other agencies:
1. Better demonstrate the need for services and the specific types of assistance needed in our area.
2. Obtain more money and other resources to provide services.
3. Plan and deliver quality services to you and your family.
4. Assist the agency to improve its work with families and individuals who are homeless.
5. Keep required statistics for state and federal funders, such as HUD.
VI. COMPLIANCE WITH OTHER LAWS
This agency complies with all other federal, state and local laws regarding privacy rights. Consult with an attorney if you have questions regarding these rights.
VII. PRIVACY NOTICE AMENDMENTS:
The policies covered under this Privacy Notice may be amended over time and those amendments may affect information obtained by the agency before the date of the change. All amendments to the Privacy Notice must be consistent with the requirements of the Federal Standards that protect the privacy of consumers and guide HMIS implementation and operation.
VIII. Web Site
We maintain a copy of the Privacy Notice on our web site at: www.placesforpeople.org.