Notice of Privacy Practices – Personal Touch Home Care

NOTICE OF PRIVACY PRACTICES

This Notice describes how your health information that is protected by the Health Insurance Portability and Accountability Act (“HIPAA”) and similar laws may be used and disclosed, and how you can obtain a copy of this information. Please review this Notice carefully.

The Notice of Privacy Practices explains how we (Personal Touch Holding Corp. and its subsidiaries or “PTHC”) fulfill our commitment to respect the privacy and confidentiality of your protected health information. This Notice also explains how we may use and share your protected health information, the legal obligations we have with respect to your protected health information, and your rights under federal and state laws.

Protected Health Information (“PHI”) refers to health-related or medical information about you that can be used to individually identify you. PHI may include information about your health condition such as diagnoses, test results, prior or upcoming surgical procedures, or your insurance information. PHI may also include information such as your address, phone number, and social security number in combination with notes about your health or medical history. This information can be maintained in either paper, electronic, or other media.

We create and maintain a record of health information about the care and services you receive from us. This record includes information we receive from your other healthcare providers such as your doctors or hospitals as it pertains to the reasons for which you were referred to us for home health care. We need this record to provide you with quality care and to comply with certain requirements.

We understand that health and medical information about you is personal. We are committed to protecting your private information. In cases where we may share your health or medical information with others, we will provide only the minimum necessary amount of information required to satisfy the need or request.

We may share and use your health information as described in this Notice for treatment, payment, and health care operations without your consent as described below:

We will use and disclose your PHI to provide you with treatment services. We may disclose your PHI to our personnel or to external personnel who may be involved in your care, such as physicians, nurses, physical or occupational therapists, clinical consultants, or home health aides. For example, if a change in your condition warrants a modification of your care plan, we need to share your information with the health care personnel currently involved in your care and, if necessary, additional health care personnel to service your needs.
Payment for services provided to you. We may use and disclose your PHI to bill and receive payment for the services and treatment we provide to you. We may disclose your PHI to an insurance or managed care company, Medicare, Medicaid, a third party-payor, or your representative for billing and payment purposes, to confirm your coverage for our services, or to request prior approval.
Health care operations. We may use and disclose your PHI to manage and coordinate your treatment and services, as well as to evaluate the performance of our staff.

We may also share your PHI for other specific purposes such as:

Your care by non-clinical or non-medical individuals (e.g., a family member, friend, or clergy who is involved in your medical care or payment for your care) unless you object or unless prohibited by law,
Oversight. We may be required to disclose your PHI to a health or regulatory oversight agency for legally authorized oversight activities, such as accreditation, licensing, credentialing, and auditing, as well as for inspections, investigations, compliance, and medical reviews. These oversight activities are necessary for the government’s review of the healthcare system including its payment for regulatory programs (e.g., Medicare and Medicaid), and regulatory compliance, and to ensure that we are conforming to applicable laws and regulations including the Health Insurance Portability and Accountability Act (HIPAA) and other similar laws and regulations.
Disaster relief (we may disclose your PHI to an organization assisting in a disaster relief effort)
Reporting victims of abuse, neglect, or domestic violence. If you or we reasonably believe you are a possible victim of abuse, neglect, or domestic violence or other crime, we may share your PHI with a government authority if legally required or authorized to do so, or if you consent to the report.
Workers’ Compensation. We may use or disclose your PHI to comply with laws relating to workers’ compensation or other similar programs.
Military and Veterans. If you are a member of the armed forces, we may use and disclose your PHI as required by military command authorities.
Business associates. We may also share your health information only as needed with business associates. Business associates are companies that we hire or contract to perform services such as billing, maintaining electronic medical records, providing HIPAA-compliant offsite document storage, or communicating with your other healthcare providers. Business associates are required to assure us in writing that they will safeguard your PHI as required by law and preserve the privacy and confidentiality of your protected information.
Law enforcement. When a law enforcement official or attorney presents a warrant, court-ordered subpoena, or legal request, we may be required to share your PHI.
Public health authorities as permitted or required by law. We may use and disclose your PHI when necessary to prevent a serious threat to your or another individual’s personal safety, or safety of the public.
Permitted or required by law. We may disclose your PHI when authorized or required by federal, state, or local law to do so.

Except for limited situations such as the ones listed above, your written permission is required before we can use or share your protected health information with anyone outside Personal Touch. If you give permission to use or share your health information, you have the right to cancel that permission in writing, and any time. This cancellation, however, does not apply to PHI that we have already shared with your permission.

Your records concerning reproductive health now have additional protection. The HIPAA Privacy Rule to Support Reproductive Health Care Privacy prohibits the use or disclosure of your PHI for the purpose of conducting a criminal, civil, or administrative investigation into or imposing criminal, civil, or administrative liability on you for the mere act of seeking, obtaining, providing, or facilitating reproductive healthcare that is lawful under the circumstances in which it was provided, or to identify any person for such purposes.

Under this new protection, we (and all regulated entities) are required to obtain a signed and dated written attestation from the person requesting your PHI potentially related to reproductive healthcare attesting that the use or disclosure of PHI would not be used to investigate or impose liability on individuals, healthcare providers, or others who seek, obtain, provide, or facilitate reproductive healthcare that is lawful under the circumstances in which such healthcare is provided, or to identify persons for such activities.

Records related to substance use disorders are also entitled to additional protection. This rule is sometimes referred to as Part 2. Under Part 2 of the HIPAA regulations, we cannot use or share your substance use disorder (SUD) records in civil, criminal, administrative, or legislative investigations or proceedings against you without (1) your consent or (2) a court order and a subpoena that meet applicable requirements.

Additional authorization may be required to release your PHI outside Personal Touch if PTHC is aware that you are a patient also at a facility for psychiatric, mental, or behavioral health treatment, or in a facility for substance abuse or dependence.

Health Information Exchange.

We are required to participate in secure and HIPAA-compliant health information exchanges (HIEs), such as HealthcConnection. HIEs allow service or care providers involved in your health care to share information with each other in a secure and timely manner. If you provide consent, we may use, disclose, and access your PHI via the HIEs in which we participate, for the purposes of treatment, payment, and operations. You have the right to opt out of the disclosure of your PHI to an HIE. Any information that is sent to or by means of an HIE prior to your opting out may continue to be maintained by and accessible through the HIE.

Your Rights Concerning Your Health Information

You have the following rights about your health information:

The Right to Review or Request a Copy. You have the right to request or inspect a copy of the health information maintained in what HIPAA defines as your designated records set. The designated records set includes your medical and billing records as well as other records we use to make decisions about your care. You may request that the information be provided to a designated third party by signing a HIPAA authorization for that party to send with its request for a specified set of records.

As permitted by law, we may charge a fee for the requested records. If we are concerned that your request for records could cause you harm, we reserve the right to restrict access in part or in full, or request that you have your doctor contact us directly to advise. In such cases, a licensed health care professional who was not involved in initially restricting access will review the records proposed for release to or review by you or your designated agent.

Request that we limit or restrict the protected health information we use and share about you for treatment, payment, or healthcare operations. In most cases, we must consider your request, but we are not always required to grant or agree to it. If, prior to receiving our services, you pay for them in full, we must agree to limit disclosures made to your health insurance provider or other third-party payer about the services we provided to you unless the disclosure of that information is required by law.

Obtain an accounting of disclosures (a list of individuals or entities that have received your PHI from Personal Touch), subject to limitations permitted by law. This accounting is limited to responses to external requests for records unrelated to your healthcare, such as requests from an attorney representing you or another party involved in an accident or injury that resulted in your need for home health services.

Excluded from the list of disclosures are those made:

to you or your personal representative
to provide or arrange for your care
to render treatment, payment, or healthcare operations
incidental to a permitted use or disclosure
to the parties you authorize to receive your PHI
to your family members, relatives, or friends involved in your care,
for national security or intelligence services
to correctional institutions or law enforcement officials
more than 6 years prior to the date of your request

Right to Request a Correction. If you feel that the protected health information we have in our paper or electronic records is incorrect or incomplete, you request that we amend it, so long as the information is that which was created or maintained by Personal Touch. In most but not all situations we will honor your request and update your record. We cannot, for example, correct or complete another health care provider’s records.

We also may deny your request if:

the information is not part of the PHI maintained by us,
the originator of the information is no longer available to respond to your request,
the information is not part of the information to which you have a right of access, or
if, upon review, we determine that the information is already accurate and complete.

If we deny your request to amend your record, we will provide a written denial stating the reasons for the denial as well as your right to submit a written statement disagreeing with the denial.

Obtain a printed copy of this Notice. If you would like a copy of the most recent Notice of Privacy Practices, please contact our office and we will provide it to you. At any time, you may request a copy of the Notice of Privacy Practices currently in effect.

Be notified if your protected health information has been improperly disclosed or accessed. In the event of an improper disclosure or breach, you will be notified as soon as reasonably possible, but no later than 60 days following our discovery of the breach. The notice will provide the date of discovery, a brief description of the type of information that was involved, and the steps we are taking to investigate and mitigate the situation, and the contact information you can use to request additional information or ask questions.

Submit a complaint. If you believe that your privacy rights have not been followed as directed by applicable federal, state, or local regulations, you may contact us by telephone, submit a written complaint through our web-based reporting, or you may submit a written complaint to us. Personal Touch will not deny health care services or retaliate against you if you file a complaint.

Security

The security of your personal information is important to us. While we take precautions to protect your information by employing various safeguards, please be aware that no website or internet transmission is ever completely safe from problems including unauthorized interception. For this reason, the security of your information depends also on you: by using an unsecured or public Wi-Fi connection; shared or public computer; or going online in a public area such as a café, hotel, or airport; your online activities and your privacy are vulnerable to unauthorized access and disclosure.

Also remember that most free email services are not secure. Before sending any personal or sensitive information to us by email, please understand the risks and proceed with caution. PTHC is not responsible for the privacy and security of email messages received from external sources.

Changes to this Notice

We reserve the right to change this Notice and our privacy practices without first notifying you. We will promptly revise this Notice whenever there is a material change to the uses or disclosures, your individual rights, our legal duties, or other privacy practices discussed or referenced in this Notice. Any revisions to this Notice are subject to affect the PHI already received and maintained by PTHC and its subsidiaries as well as for all PHI we receive in the future. We will make the revised Notice available to you upon request on or after the effective date of the revision.

If you have any questions about this Notice or would like further information concerning your privacy rights, please contact Carolyn Costello, Privacy Officer, at (718) 468-4747 extension 1435.

You may also direct your questions, complaints, or related communications to us through any of the following methods:

Compliance hotline: 1 (718) 468-4747 extension 1803 or 1 (800) 937-4747 extension 1803.

Web-based reporting: www.pthomecare.com | https://www.pthomecare.ethicspoint.com

OR by scanning the following QRL code on a mobile device:

Mailing address for written complaints:

Privacy Officer
Legal and Compliance Department
Personal Touch Holding Corp.
1985 Marcus Avenue, Suite 202
Lake Success, NY 11042

You may file a complaint with the Secretary of Health and Human Services by writing to: the Secretary of Health and Human Services, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201.

The staff at Personal Touch Holding Corp. and its subsidiaries will not retaliate against you for filing a complaint in good faith.