THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
ResCare and its subsidiaries and affiliates are is required by law to provide you with this Notice explaining the Company’s privacy practices with regard to your medical information and how we may use and disclose your protected health information (“PHI”) for treatment, payment and for health care operations, as well as for other purposes that are permitted or required by law. You have certain rights regarding the privacy of your PHI and we also describe those rights in this Notice.
ResCare reserves the right to change the provision of our Notice and make new provisions effective for all PHI we maintain. If ResCare makes a material change to our Notice, we will post the changes promptly on our website at rescare.staging.wpengine.com.
Effective Date of This Notice: April 14, 2003, as amended September 23, 2013
What is PHI?
Protected health information (“PHI”) consists of individually identifiable health information, which may include demographic information ResCare collects from you or creates or receives from another health care provider, a health plan, or a health care clearing house and that relates to (1) your past, present or future physical or mental health or condition; (2) the provision of health care to you; or (3) the past, present or future payment for the provision of health care to you.
HITECH Notification Requirements
Under HITECH, ResCare is required to notify its clients whose PHI has been breached. Notification must occur by first class mail within 60 days of the breach incident. A breach occurs when an unauthorized use or disclosure that compromises the privacy or security of PHI poses a significant risk for financial, reputational or other harm to the individual. This notice must (1) contain a brief description of what happened, including the date of the breach and date of discovery; (2) the steps that the individual should take to protect themselves from potential harm resulting from the breach; and (3) a brief description of what ResCare is doing to investigate the breach, mitigate losses, and to protect against further breaches.
Effective February 2010, ResCare’s Business Associate Agreements have been amended to provide that all HIPAA security administrative safeguards, physical safeguards, technical safeguards and security policies, procedures, and documentation requirements apply directly to the Business Associate.
HITECH states that if a client pays in full for their services out of pocket they can demand that the information regarding the service not be disclosed to the client’s third party payor since no claim is being made against the third party payor.
Access to E-Health Records
HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct ResCare to send the e-health record directly to a third party. ResCare may only charge for labor costs under the HITECH rules.
Accounting for E-Health Records for Treatment, Payment and Health
ResCare does not currently have to provide an accounting of disclosures of PHI to carry out treatment, payment and health care operations. Starting January 1, 2014, HITECH will require ResCare to provide an accounting of disclosures through an e-health record to carry out treatment, payment and health care operations. This new accounting requirement is limited to disclosures within the three (3) year period prior to the individual’s request.
ResCare must either (1) provide an individual with an accounting of such disclosures it made and its business associate disclosures; or (2) provide an individual with an accounting of the disclosures made by ResCare and a list of business associates, including their contact information, who will be responsible for providing an accounting of such disclosures upon the individual’s request.
How ResCare May Use or Disclose Your Health Information
ResCare collects health information about you and stores it in a chart which is your medical record. We need this information to provide you with quality care and to create a record of the care and services you receive at ResCare. ResCare is committed to protecting the privacy of your PHI. The law permits ResCare to use or disclose your PHI for the following purposes:
Treatment. We may use PHI about you to provide you with medical treatment or services. We may disclose PHI about you to doctors, psychologists, pharmacists, nurses, social workers, therapists, technicians, or other personnel involved in providing services to you. Different departments of ResCare may also share PHI about you in order to coordinate the different services you need.
Payment. We may use and disclose PHI about you so that the treatment and services you receive at ResCare or other providers from whom you receive treatment or services, may be billed to, and payment may be collected from, you, an insurance company, a third party, Medicaid or other payor. To the extent possible, our staff and outside contractors or consultants will make reasonable efforts to assure that the use and disclosure of your PHI is conducted in a secure and confidential manner.
Health Care Operations. ResCare may use and disclose PHI about you for agency operations. These uses and disclosures are necessary to manage the operation and to monitor your quality of care. For example, we may use PHI to evaluate our agency’s services, including the performance of our staff. We may also use PHI for training purposes or to develop new policies, procedures, or programs that may benefit you or other individuals we support. Your PHI may be shared with survey reviewers and other accreditation bodies in accordance with current and on-going operating procedures.
Information provided directly to you.
Notification and communication with family. We may disclose your PHI to notify or assist in notifying a family member, your personal representative, a friend or another person responsible for your care about your location, your general condition or in the untimely event of your death. If you are able and available to agree or object, we will give you the opportunity to do so prior to making this notification. If you are unable or unavailable to agree or object, our health professionals will use their best judgment in communication with your family and others, but will tell you about it after the emergency and give you the opportunity to object to future disclosures to those persons.
Required by law. As required by law, we may use and disclose your PHI as described below:
Public health. We may disclose your PHI to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure.
Health oversight activities. We may disclose your PHI to health agencies during the course of audits, investigations, inspections, licensure and other proceedings.
Judicial and administrative proceedings. We may disclose your PHI in the course of any administrative or judicial proceeding as required by a court order or subpoena.
Law enforcement. We may disclose your PHI to a law enforcement official for purposes such as identifying or locating a suspect, fugitive, material witness or missing person, complying with other law enforcement purposes.
Deceased person information. We may disclose your PHI to coroners, medical examiners and funeral directors.
Public safety. We may disclose your PHI to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
Specialized government functions. We may disclose your PHI for military, national security, and prisoner purposes.
Worker’s compensation. We may disclose your PHI as necessary to comply with worker’s compensation laws.
Facility Directories. If you do not object, we may include your name, photo or other PHI in a facility directory.
Marketing. We will use and disclose PHI for marketing purposes only with the individual’s authorization. We will use and disclose PHI that constitutes the sale of PHI only with the individual’s authorization.
Only the minimum necessary PHI will be disclosed to accomplish the above purposes.
When ResCare May Not Use or Disclose Your Health Information
Except as described in this Notice, ResCare will not use or disclose your PHI without your written authorization. If you do authorize ResCare to use or disclose your health information for another purpose, you may revoke your authorization in writing at any time. Disclosures made in reliance on an authorization prior to a revocation are not affected by the revocation.
Your Rights Related to Protected Health Information
1. You have the right to request restrictions on certain uses and disclosures of your health information. ResCare is not required to agree to the restriction that you requested. We ask that such requests be made in writing. We are not required to agree to your request if ResCare believes it is in your best interest to use or disclose that information.
2. You have the right to inspect and copy your health information. Any psychotherapy notes that may be included in records we have or received about you are not available for your full inspection or copying, by law. We may charge you a fee for the costs of copying, mailing or other supplies used to fulfill your request. If you wish to inspect or copy your PHI, you must submit a request in writing to ResCare’s Privacy Officer. ResCare has thirty (30) days to respond to your request. If the information is stored off-site, we are allowed up to 60 days to respond, but must inform you of the delay.
3. You have a right to request that ResCare amend your health information that is incorrect or incomplete. ResCare is not required to change your health information and will provide you with information about ResCare’s denial and how you request a review. We ask that such requests be made in writing and clearly state what information is incomplete or inaccurate and the reasons for your request.
4. You have a right to receive an accounting of disclosures of your health information made by ResCare, except that ResCare does not have to account for the disclosures related to treatment, payment of health care operations. Your request must be in writing and must state the time period for the requested information. You may not request information for any dates prior to April 14, 2003 or for a period greater than six (6) years, which is the legal obligation to retain that information.
5. You have the right to request how ResCare communicates with you to preserve your privacy. For example, you may request that we call you only at work or by mail at a special address or PO Box. Your request must be in writing and must specify how or where we should contact you. ResCare will accommodate all reasonable requests.
6. You have a right to a paper copy of this Notice of Privacy Practices.
If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, please contact:
9901 Linn Station Road
Louisville, KY 40223
Complaints about this Notice of Privacy Practices or how ResCare’s handles your PHI must be in writing within 180 days of the suspected violation and directed to:
9901 Linn Station Road
Louisville, KY 40223
Complaints must provide as much detail as possible about the suspected violation. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
If you are not satisfied with the manner in which this office handles a complaint, you may submit a formal complaint to:
Department of Health and Human Services
Office of Civil Rights
Hubert H. Humphrey Bldg.
200 Independence Avenue, S.W.
Room 509F HHH Building
Washington, DC 20201
You may also address your compliant to one of the regional Offices for Civil Rights. A list of these offices can be found online at http://www.hhs.gov/ocr/regmail.html.
If you have any questions about this policy please contact us at:
9901 Linn Station Road
Louisville, KY 40223
Information Automatically Collected
When you visit our site, our servers automatically store the following information about your computer in log files:
- Your IP address
- Your browser and version
- Your operating system
- The date and time of your visit
- The site from which you came (If you came from a search engine, the search words you used to find our site are also stored.)
This information cannot be used to identify specific individuals, and is only used for:
- Anonymous user analysis
- Research and development
Information You Submit
When you send us electronic mail, thereby disclosing your e-mail address, we do not sell or disclose any of this information to third parties.
When you request information through our site, we use your personal and business information only for the purpose it was submitted for. We do not sell or disclose any of this information to third parties.