What is my Protected Health Information (PHI)?
“PHI” is any information that identifies you and relates to health care services, the payment of health care services, or your past, present, or future physical or mental health condition. PHI may be spoken, written, or electronically recorded.
How, why, and with whom is my PHI used or shared within and outside of Netcare?
Your PHI may be used and shared both inside and outside of Netcare for treatment, payment, and operations purposes. In some cases, your authorization is needed to do this.
Your PHI may also be used or shared externally for purposes other than treatment, payment, or operations. Unless required or permitted by law, we must obtain your authorization to use or disclose your PHI for these purposes.
Netcare will disclose the minimum information necessary to meet the stated purpose without your authorization.
Disclosures for Treatment:
We may use and disclose your PHI to coordinate or manage your care within Netcare and with individuals or organizations outside of Netcare that are involved in your care, such as other health care professionals, hospitals, and related organizations. For example, certain service providers including hospitals and ambulance companies may need information about your medical/psychiatric condition in order to deliver services properly when medical treatment or inpatient psychiatric hospitalization is required.
Except for emergency treatment purposes, information about alcohol and drug diagnoses, treatment, or referral cannot be disclosed for treatment purposes without your written authorization.
Disclosures for Payment:
Netcare staff will use your PHI for billing and payment purposes. We may also disclose information that is necessary to be paid for mental health services to persons or organizations outside of Netcare even if you do not authorize disclosure. This includes disclosure to third party payers such as the ADAMH Board who need information to determine you are eligible to have your services paid by them and to process payments.
Unless you are incapacitated to consent, Netcare cannot disclose information necessary to be paid for alcohol and drug addiction services without your authorization.
Disclosures for Health Care Operations:
Within Netcare, staff performing certain administrative functions necessary to operate the organization and support the delivery of services, such as medical records management and quality improvement activities, may use your PHI. This includes review of records to evaluate the quality of services you received and to investigate any problems or concerns identified so that these may be corrected and/or improved.
Staff of other governmental or healthcare oversight agencies may review your PHI to audit and evaluate Netcare to assure our compliance with their requirements. We may also disclose information to these organizations as mandated for planning, evaluation, and other activities in order to better serve all of our clients.
When and to whom can my PHI be used or disclosed without my authorization?
- When permitted or required by Federal, State, or local law.
- In event of a medical or psychiatric emergency.
- To prevent or lessen what we believe, in good faith, to be a serious and imminent threat to you, another person, or the public.
- When there are risks to public health, such as to prevent or control disease, injury or disability; to report disease, injury, and vital events such as death; or to notify someone who has been exposed to a communicable disease or who may be at risk of contracting or spreading a disease.
- To protect victims of abuse or neglect.
- For judicial, administrative, and law enforcement purposes as permitted or required by law.
- To report crimes against our staff or premises.
- When ordered by the court to do so.
- To funeral directors, medical examiners, and coroners to carry out their duties consistent with applicable law.
- To Disability Rights Ohio investigating suspected abuse or neglect or complaints by persons receiving mental health services.
- To the ADAMH1 board or other agency if Netcare closes and transfers its caseload.
- To OhioMHAS2 and/or the ADAMH board if you are in a state hospital or facility and receiving Netcare’s services.
- To the ADAMH Board and/or other agencies if you are involuntarily committed to the ADAMH Board.
- To organizations with the legal authority to audit Netcare, or to plan and evaluate services.
- For healthcare oversight activities including audits, inspections, licensure, civil administrative or criminal investigations where you are not the subject of the investigation, or disciplinary action.
- To business associates performing duties for or on behalf of Netcare, e.g., document imaging companies.
- If we inform you in advance and if you don’t object, we may disclose a limited amount of information directly related to your care to family, friends, or those involved in your care.
- If you are unavailable or unable to agree or object due to incapacity or emergency, we may disclose a limited amount of information directly related to your care, location, condition or death to family, friends, or those involved in your care if in our professional judgment it is in your best interest to do so.
- Other disclosures as permitted by relevant sections of 45 CFR 164 (HIPAA Privacy Rule).
- All disclosures of information regarding alcohol and drug diagnoses, treatment or referral are subject to 42 CFR Part 2 which may prohibit or limit disclosures of PHI without your authorization.
1 “ADAMH” means Alcohol, Drug Addiction, and Mental Health Services board.
2 “OhioMHAS” means the Ohio Department of Mental Health and Addiction Services.
Under what circumstances must I authorize the use and disclosure of my PHI?
Unless otherwise stated in this notice, you must authorize use and disclosure of your PHI before we can disclose it. For example, we may not sell your PHI, or disclose your PHI for certain marketing purposes, without your authorization.
Can I revoke my authorization?
Yes. In order to revoke your authorization you must do so verbally or in writing so that we can stop sharing your PHI. However we cannot take back anything that has already been shared.
You have the following rights regarding your PHI:
To authorize the use and disclosure of your PHI for purposes other than those uses and disclosures permitted or required by law.
To review and receive information from your clinical record unless there are clear treatment reasons or other reasons specified by law for you to not get this. Requests for records must be in writing. Please allow two weeks for your request to be completed. We may charge a reasonable fee for processing your request. Please contact our medical records department to arrange for this.
To request that we amend your PHI, if you believe that your PHI is incorrect or incomplete. Requests for amendments must be in writing and include a reason to support the requested amendment. We do not have to agree to your request for amendment. If approved, we will include your written statement in your record; however, we cannot change, deface or destroy any information already contained in your record.
To request restrictions on how we use and disclose your PHI. You may request a limit on our disclosure of PHI to someone who is involved in your care or the payment of your care. We do not have to agree to your restrictions, except when it involves disclosures to health plans when you have paid for the services yourself. If we do agree, we must follow your restrictions until you tell us otherwise, except for emergency treatment purposes.
To request that we communicate with you in a confidential manner, for example, with no other family members present. You also have the right to request that we send confidential communications of PHI to alternative locations or by alternative means provided it is reasonable and possible for us to do.
To identify persons to us who may serve as your authorized personal representative, such as court-appointed guardian, a properly executed and specific power of attorney granting such authority, a Durable Power of Attorney for Health Care if it allows the person to act even if you are able to communicate on your own, or other method recognized by applicable law. We may, however, reject a representative if, in our professional judgment, we determine that it is not in your best interest.
To receive a list of certain disclosures of your PHI. You can request disclosures going back as far as 6 years. We will respond to your written request within 60 days. We may charge a reasonable fee for the costs of processing your request.
To receive a paper copy of the Netcare Notice of Privacy Practices. We may change the terms of this Privacy Notice at any time. We will also post the current notice in our waiting areas.
What will you do to protect my health information?
Netcare is required by law to protect the privacy of your PHI. We are required to notify you in the event of a breach of unsecured PHI. We are also required to provide this notice to you, and to abide by the terms of the notice currently in effect. Netcare reserves the right to change the terms of this notice. If we do, it will affect all PHI maintained by us. Material changes will not be implemented before the effective date of the new notice unless required by law. We will notify you by posting the notice in our offices either on the day of or after the effective date of the changes.
What can I do if I have questions or want to complain about the use and disclosure of my PHI?
You may contact either of the following:
Netcare Client Rights Officer
Netcare Privacy Officer
199 South Central Avenue
Columbus, OH 43223
You may also contact the Secretary of the Department of Health and Human Services if you feel your privacy rights have been violated. You may complain without fear of retaliation against you for filing a complaint.
Region V Office for Civil Rights
U.S. Department of Health & Human Services
233 N. Michigan Ave. Suite 240
Chicago, IL 60601
Phone: (312) 866-2359
TDD: (312) 353-5693