CONSUMER HEALTH ADVOCACY, INC. HIPAA AGREEMENT
Advocates who agree to serve Clients through Consumer Health Advocacy, Inc. (CHA( and who agree to the CHA Terms and Conditions and Service Level Agreement , also agree to adhere to the Client HIPAA Agreement (“HIPAA NOTICE OF PRIVACY PRACTICES”) as detailed below as an agent of CHA or Umbra Health Advocacy.
HIPAA NOTICE OF PRIVACY PRACTICES
This Notice outlines your protected health information, how it may be used, and what your rights are. This document is long and detailed, but please review it carefully. Ask any questions before you sign it. You can direct any questions to us at admin@umbrahealthadvocacy.com.
What is HIPAA?
HIPAA stands for the Health Insurance Portability and Accountability act of 1996. HIPAA is the federal law that sets standards to protect sensitive, personal health information (known as protected health information or PHI) and prevent that information from being disclosed without a patient’s consent or knowledge. The HIPAA Privacy Rule sets standards for the use and disclosure of PHI for entities that are subject to HIPAA rules, including healthcare providers, health insurers, and others that may interact with PHI. You can read more about HIPAA here: https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
While Umbra Health Advocacy is not a healthcare provider, we may interact with healthcare providers on your behalf (with your permission) about your PHI. This policy outlines our policies and commitments to you regarding your PHI.
OUR PLEDGE REGARDING YOUR PROTECTED HEALTH INFORMATION:
We, Umbra Health Advocacy, understand that protected health information (PHI) about you is personal. We are committed to protecting your PHI. This Notice applies to all of the records our engagement with you generates, whether they are provided to us by you or created by us, our personnel or subcontractors, your healthcare provider/s, your insurance plan, or others. This Notice will tell you about the ways in which we may use and disclose protected health information about you, or your PHI. We also describe your rights and certain obligations we have regarding the use and disclosure of PHI.
The law requires us to:
- make sure that PHI that identifies you is kept private notify you about how we protect your PHI
- explain how, when, and why we use and disclose PHI follow the terms of the notice that is currently in effect
We are required to follow the procedures in this Notice. We reserve the right to change the terms of this Notice and to make new notice provisions effective for all PHI that we maintain by:
- posting the revised Notice on our website and/or in our online platform
- making copies of the revised Notice available upon request
HOW WE MAY USE AND DISCLOSE PROTECTED HEALTH INFORMATION ABOUT YOU
The following categories describe different ways that we use and disclose PHI without your written authorization:
To facilitate or support your treatment: While we do not directly provide you with treatment, we may use your PHI to coordinate, manage, or facilitate your medical or other health-related treatment or services. We may disclose your PHI to doctors, nurses, technicians, medical students, pharmacists, or other personnel who are involved in taking care of you or providing services to you. Our staff may also share your PHI in order to coordinate different services you need, such as prescriptions, lab work, x-rays, information, or other resources. We may also disclose your PHI to people who are not our personnel who may be involved in your care. We may use and disclose PHI to contact you as a reminder that you have an appointment for treatment or medical care. We may use and disclose PHI to tell you about or recommend possible treatment options or alternatives or health-related benefits or services.
For payment for services: We may use and disclose your PHI so that the treatment and services you receive, including your medical care and/or the advocacy services we provide, may be billed to and payment may be collected from you, an insurance company, or third party. For example, we may need to give your health plan information about services you received in order to help coordinate payment for those services. We may also tell your health plan about services you are going to receive in order to get prior approval or to determine whether your plan will cover the treatment or service.
For healthcare operations: We may use and disclose your PHI to enable or perform healthcare operations, such as quality assessment and improvement activities, case management, coordination of care, business planning, customer service, and other activities. These uses and disclosures are necessary to run our service and to make sure all our clients get quality service. We may also combine PHI about many of our clients to determine what, if any, additional services we should offer, what services are not needed, and whether we can identify treatment or care patterns that may enable us to advocate better or differently on behalf of our clients. We may also disclose information to doctors, nurses, technicians, medical students, our personnel and contractors or subcontractors for review and learning purposes. We may also combine the protected health information we have with protected health information from other healthcare facilities or entities to compare how our clients are treated or how our services are doing and to identify how we could improve on our services or recommend improvements in the services others provide. We may remove information that identifies you from this set of PHI so others may use it to study healthcare and care delivery without learning who specific patients or clients are. We may also contact you as part of a fundraising effort. Subject to applicable state law, in some limited situations the law allows or requires us to use or disclose your health information for purposes beyond treatment, payment, and operations. However, some of the disclosures set forth below may never occur relative to our services.
As required by law: We will disclose your PHI when required to do so by federal, state, or local law.
Research: We may disclose your PHI to researchers when their research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
Health risks: We may disclose your PHI to a government authority if we reasonably believe you are a victim of abuse, neglect, or domestic violence. We will only disclose this information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent or lessen a serious or imminent threat to you or another person.
Judicial and administrative proceedings: If you are involved in a lawsuit or dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made, either by us or the requesting party, to tell you about the request or to obtain an order protecting the information requested.
Business associates: We may disclose PHI to business associates who perform services on our behalf (such as billing companies); however, we require them to appropriately safeguard your information.
Public health: As required by law, we may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
To avert a serious threat to health or safety: We may use and disclose your PHI when
necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Health oversight activities: We may disclose health information to a health oversight agency for activities authorized by law. These activities include audits, investigations, and inspections, which may be necessary for licensure and for the government to monitor the healthcare system, government programs, and compliance with civil rights law.
Law enforcement: We may release PHI as required by law, or in response to an order or warrant of a court, a subpoena, or an administrative request. We may also disclose PHI in response to a request related to identification or location of an individual, victims of crime, or decedents.
Organ and tissue donation: If you are an organ donor, we may release PHI to organizations that handle organ procurement or organ, eye or tissue transplantation, or to an organ donation bank to facilitate organ or tissue donation and transplantation.
Special government functions: If you are a member of the armed forces, we may release your PHI if it relates to military and veterans’ activities. We may also release your PHI for national security and intelligence purposes, protective services for the President, and medical suitability or determinations of the Department of State.
Coroners, medical examiners, and funeral directors: We may release PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Correctional institutions and other law enforcement custodial situations: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release your PHI to the correctional institution or law enforcement official as necessary for your or another person’s health and safety.
Worker’s Compensation: We may disclose information as necessary to comply with laws related to worker’s compensation or other similar programs established by law.
Food and Drug Administration (FDA): We may disclose to the FDA, or persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post- marketing surveillance information to enable product recalls, repairs, or replacements.
YOU CAN OBJECT TO CERTAIN USES AND DISCLOSURES.
Unless you object or request that only a limited amount or type of information be shared, we may use or disclose your PHI in the following circumstances:
- We may share with a family member, relative, friend, or other person identified by you PHI that is directly relevant to that person’s involvement in your care or payment for your care. We may also share information to notify these individuals of your location, general condition, or death.
- We may share information with a public or private agency (such as the American Red Cross) for disaster relief purposes. Even if you object, we may still share this information if necessary under emergency circumstances.
If you would like to object to use and disclosure of your PHI in these circumstances, please contact us at admin@umbrahealthadvocacy.com.
YOUR RIGHTS REGARDING PROTECTED HEALTH INFORMATION ABOUT YOU, OR YOUR PHI.
You have the following rights regarding the PHI we maintain about you:
Right to inspect and copy: You have the right to inspect and copy your PHI. To inspect and copy your PHI, you must submit your request in writing to us. We may charge a fee to cover the costs of copying, mailing, or other supplies associated with your request. We will respond to your request no later than 30 days after receiving it. There are certain situations in which we are not required to comply with your request. In these circumstances, we will respond to you in writing, stating why we will not grant your request, and describe any rights you may have to request a review of your denial.
Right to amend: If you feel that PHI we have about you is incorrect or incomplete, you may ask us to amend or supplement the information. To request an amendment, your request must be submitted to us in writing and it must include a reason that supports your request. We will act on the request for an amendment no later than 60 days after receiving the request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request, and will provide a written denial to you. We may also deny your request if you ask us to amend information that we did not create, is not part of the PHI we keep, is not part of the information you would be permitted to inspect and copy, or is information we believe to be accurate and complete.
Right to an accounting of disclosures: You have the right to request an “accounting of disclosures,” which is a list of the disclosures we have made of your PHI. To request this list or accounting of disclosures, you must submit your request to us in writing. You may ask for disclosures made up to six years before your request. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing you the list. We are required to provide a listing of all disclosures except the following:
- For your treatment
- For billing and collection of payment for your treatment For healthcare operations
- For disclosures made to or requested or authorized by you
- For disclosures occurring as a byproduct of permitted use and disclosures
- For national security or intelligence purposes or to correctional institutions or law enforcement regarding inmates
- For disclosures that are part of a limited data set of information that does not contain information identifying you
Right to request restrictions: You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment, or healthcare operations, or to persons involved in your care. We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you with emergency treatment, the disclosure is to the Secretary of the Department of Health and Human Services, or the disclosure is for one of the purposes described above. To request restrictions, you must submit your request to us in writing.
Right to request confidential communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may request that we contact you only by phone or email. To request confidential communications, you must submit your request to us in writing. We will accommodate all reasonable requests.
Right to a paper copy of this Notice: You have the right to a paper copy of this Notice at any time by contacting us.
OTHER USES AND DISCLOSURES
We will obtain your written authorization before using or disclosing your PHI for purposes other than those provided for above (or as otherwise permitted or required by law). You may revoke this authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your information, except to the extent that we have already taken action in reliance on the authorization.
YOU MAY FILE A COMPLAINT ABOUT OUR PRIVACY PRACTICES
If you believe your privacy rights have been violated, you may file a complaint with us, or file a written complaint with the Secretary of the Department of Health and Human Services. A complaint to the Secretary should be filed within 180 days of the occurrence of the complaint or violation. If you file a complaint, we will not take any action against you or change our treatment of you in any way.