Notice of Privacy Practices

Updated December 2019

The Health Insurance Portability and Accountability Act (HIPAA) is a Federal law. It requires that your health information be kept private and protected.  The law also requires that we provide you with this notice.  This notice explains our legal duties and privacy practices regarding protected health information.  This notice becomes effective on October 1, 2007.

THIS NOTICE DESCRIBES HOW MEDICAL AND PERSONAL IDENTIFYING INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.  THE PRIVACY OF YOUR PERSONAL AND HEALTH INFORMATION IS IMPORTANT TO US.  [You do not need to respond to this notice]

If you have any questions about HIPAA, please feel free to contact John Furr, HIPAA Privacy & Security Official at the Children’s Board of Hillsborough County at 813-204-1739 or via email at furrj@childrensboard.org. 

Your individual information about your past, or future health, the health care you receive, or the payment for the health care is called "Protected Health Information" ("PHI").  We are required to protect PHI that we have received or created, and to give you this Notice about our privacy practices.  We may receive PHI from sources other than you through a paper or electronic inquiry to your group health plan or its business associates, your other health insurance companies, your providers, or other available databases.  This Notice explains how, when, and why we may use or share your PHI. In most cases, we must use or share only the minimum necessary PHI to accomplish a task.  The law has special protections for some kinds of information, including substance abuse information.

We are required to follow the privacy practices described in this Notice, but we may change our privacy practices and this Notice at any time.  If we make changes, we will put a new Notice on our Website at https://aso.childrensboard.org/ASO.  You may request a copy of the new Notice by calling the HIPAA Privacy & Security Official at 813-204-1739.

Use and Disclosure of Your Protected Health Care Information

We use PHI and share it with others for a variety of reasons.  Examples of the types of persons who have access to your PHI are our area marketers, referral coordinators, program case managers, medical professionals, claims administrative staff, program directors, your group health plans if it complies with the law, and public authorities that are permitted access under the law.  Sometimes we must have your written agreement to share PHI.  Sometimes we are allowed by law to use or share your PHI without your written agreement.  Here are examples of how we use and share PHI.

·         For treatment: We may disclose your PHI to caregivers who are involved in providing your health care or Employee Assistance Program (EAP) services.  For example, your PHI may be shared with the health professional that is treating you.

·         For payment: We may use and share your PHI to pay claims from the health professionals who have provided services to you.  We may also use and share your PHI to obtain payment for our services.  For example, we may release portions of your PHI to a state Medicaid agency or to another insurance company that provides your coverage.  We may also use your PHI, along with the PHI of many others, to set our daily rates.

·         For health care operations: We may use and share your PHI to operate our health care plans and other programs.  For example, we may use your PHI in deciding whether you are eligible for specific services, or share your PHI with other professionals involved in your care.  We may combine and analyze data from different sources so that your treatment plan and treating professionals can receive information about the services you’re receiving in order to better coordinate your care.  We may also send you information about treatment alternatives and health-related benefits.  We may also use your PHI in studying the quality of services provided, or share your PHI with our accountants or attorneys for audits or litigation.

·         Individuals involved in your care or payment for your care: We may release PHI about you to a friend or family member who is involved in your medical care.  We may also give information to someone who helps pay for your care.

·         When required by law: We will share PHI about you when required by federal, state, or local law.  We may share PHI when a law requires us to report information about suspected abuse, neglect, or domestic violence, or relating to suspected criminal activity.  We must also share PHI with authorities that monitor our compliance with privacy requirements.

·         For public health activities: We may share PHI when we are required to collect information about disease or injury, or to report information to a public health authority.

·         For health oversight activities: We may share PHI with an agency responsible for monitoring the health care system for activities authorized by law.  These oversight activities include, for example, audits, investigations, inspections, and licensing.

·         Relating to decedents: We may share PHI relating to an individual's death with coroners, medical examiners, or funeral directors, and to organ procurement organizations relating to organ, eye, or tissue donations or transplants.

·         For research purposes: In certain circumstances, we may share PHI in order to assist medical, psychiatric, or behavioral research.

·         To prevent threats to health or safety: In order to avoid a serious threat to health or safety, we may share PHI with law enforcement or other persons who might prevent or reduce the threat of harm.

·         For specific government functions: We may share PHI of military personnel and veterans in certain situations, with correctional facilities in certain situations, with other government programs for eligibility and enrollment, and for national security reasons.

·         Lawsuits and disputes: If you are involved in a lawsuit or dispute, we may disclose PHI about you in response to a court or administrative order.  We may disclose PHI about you in response to a subpoena, discovery request or other lawful request by someone else involved in the dispute, but only if efforts have been made to tell you about the request (which may include written notice to you) or to obtain an order protecting the information requested.

·         Law enforcement: We may release PHI if asked to do so by a law enforcement official:

·         In response to a court order, subpoena, warrant, summons, or similar process;

·         To identify or locate a suspect, fugitive, material witness, or missing person;

·         About the victim of a crime if, under certain circumstances, we are unable to obtain the person's agreement;

·         About a death we believe may be the result of criminal conduct;

·         About criminal conduct at the facility;

·         In emergency circumstances to report a crime, the location of the crime or victims; or the identity, description or location of the person who committed the crime.

By law we must have your written permission (authorization) to use or give out your PHI for any purpose that is not set out in this Notice.  You may take back (revoke) your written permission at any time, except if our subcontractors or we have already acted based on your permission.

Individual Rights

You have the following rights relating to your PHI.  You may exercise these rights by obtaining the forms via your Case Manager or the Children’s Board’s HIPAA Privacy & Security Official at 813-204-1739. 

·         To request restrictions on uses or sharing with others: You have the right to ask us to limit how we use or share your PHI.  We will consider your request, but we don't have to agree to it.  If we do agree to the restrictions, we will put the agreement in writing and follow it, except in emergency situations.  We cannot agree to limit the uses or sharing of information that are required by law.

·         To choose how we contact you: You have the right to ask that we communicate with you about medical matters in a certain way or at a certain location.  For example, you can ask that we only contact you at work or by mail.  To make a request regarding how we communicate with you, you must make the request in writing.  We will agree to your request as long as it is reasonable for us to do so.

·         To inspect and copy your PHI: You have the right to see and copy your PHI if you put your request in writing.  We will respond to your request within the time required by law.  If we deny your request, we will give you written reasons for the denial and explain your appeals rights.  In certain situations, we may deny access to some parts of your PHI and you cannot appeal that decision.  We will not provide access to psychotherapy notes, information we collect for legal actions, or any lab test information protected by law and you can't appeal those decisions.  If you want copies of your PHI, a charge for copying may be required, depending on your circumstances.  You have a right to choose to get a summary instead of a copy of the whole record.

·         To request changes or corrections to your PHI: If you believe that there is a mistake or missing information in your PHI, you may request that we correct or add to the record.  You must submit your request in writing, along with a reason that supports your request.  We will respond within the time required by law.  We may deny the request if you determine that the PHI: (a) is correct and complete; (b) was not created by us and/or is not part of our records; or (c) is a type of information that we cannot disclose.  If we deny your request for changes, we will tell you in writing the reasons for the denial and explain your rights to have your request and our denial, together with any statement of disagreement made part of your PHI.  If we approve the request for changes, we will change the PHI, and tell you and others that need to know about the change.

·         To find out what disclosures have been made: You have the right to get a list of the disclosures we made of your PHI, including the date, the person receiving the PHI and the purpose of the disclosure.  This list will not include disclosures for treatment, payment or health care operations, any release of information we made to you or those you authorized, your family, or any; release to national security or intelligence authorities.  The list will not include any disclosures made before October 1, 2007 and may not include disclosures that law enforcement or health authorities asked us not to list.  To request this list, you must send your request in writing to HIPAA Privacy & Security Official, 1002 E. Palm Ave., Tampa, FL  33605.  We will respond to your written request within a period required by law.  You can request a list of disclosures going back up to six years but no earlier than October 1, 2007.  There will be no charge for one list each year.  There may be a charge for more than one list per year.

·         To receive this notice: You have a right to receive a paper copy of this Notice upon request.

Questions and Complaints

If you think we may have violated your privacy rights, or you disagree with a decision we made about access to or changes to your PHI, you may file a complaint in writing to the HIPAA Privacy & Security Official, 1002 E. Palm Ave., Tampa, FL  33605, or you may file a written complaint with the Secretary of the U.S. Department of Health and Human Services.  We will not discriminate against you in any way because you file a complaint.