fbpx
Client Portal
Donate
Contact Us

Notice of Privacy Practices

YOUR INFORMATION. YOUR RIGHTS. OUR RESPONSIBILITY.

When it comes to your health information, you have certain rights. This Notice explains (i) your rights with respect to your health information, (ii) how health information about you may be used and disclosed and (iii) how to file a complaint concerning  a violation of the privacy or security of your health information or of your rights concerning your information. 

FOR PURPOSES OF HIPAA:

THIS NOTICE ALSO DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

Your Rights: You Have The Right To:

  1. Review or request a copy of your electronic or paper medical record; this may take up to 30 days and BaMidbar may charge a fee. Please note that there might be limited situations in which we may deny your request.  Under these situations, we will respond to you in writing, stating why we cannot grant your request and describing your rights to request a review of our denial.
  2. Ask us to correct your medical record; All requests must be made in writing and will receive a written response within 60 days. Please note under limited circumstances, we may deny your request.  If we deny your request, we will respond to you in writing stating the reasons for the denial.  You may file a statement of disagreement with us.  You may also ask that any future disclosures of the health information under dispute include your requested amendment and our denial to your request.
  3. Request specific and confidential communications.
  4. Ask us to limit what we use or share; you can ask us not to use or share certain health information for treatment, payment, or our operations. Please note that we are not required to agree to your request unless the disclosure is to your health plan for the purpose of carrying out payment or health care operations, the information pertains solely to a health care item or service for which you have paid us in full, and disclosure is not otherwise required by law.  We will notify you of our decision with respect to your request.  If we agree to your request, we will comply with our agreement unless there is an emergency or we are otherwise required by law to use or disclose the information.
  5. Out of pocket payment for services: you may ask us not to share that information for the purpose of payment or our operations with your health insurer.
  6. Get a list of those with whom we’ve shared information: you can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
  7. Get a copy of this privacy notice: you may ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
  8. Choose someone to act for you: if you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
  9. File a complaint if you feel your rights are violated: You can complain if you feel we have violated your rights by contacting us. You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

You will be notified following a breach of your unsecured health information or records, to the extent required by applicable law.  We will provide such notice to you by mail and/or email, as authorized by you.

BaMidbar Uses and Disclosures:

There are a number of purposes for which it may be necessary for us to use or disclose your health information.  For some of these purposes, we are required to obtain your authorization under HIPAA, and/or your consent, depending on the circumstances.  The following is a description of these uses and disclosures.  For each category of uses or disclosures, we will explain what we mean and try to give some examples.  Not every use or disclosure in a category will be listed.  However, all of the ways we are permitted to use and disclose information will fall within one of the categories. For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

Uses and Disclosures of Health Information That Require HIPAA Authorization:

  1. Share information with your family, close friends, or others involved in your care. You may give us written authorization to use your health information or to disclose it to anyone for any purpose.  If you give us an authorization, you may revoke it in writing at any time.  If you revoke your authorization, we will stop using or disclosing your health information in accordance with that authorization, except to the extent we have already relied on it.  Without your written authorization, we may not use or disclose your health information I for any reason except those described in this Notice.
  2. Share information in a disaster relief situation.
  3. Include your information in a hospital directory. If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
  4. Marketing purposes. We must obtain an authorization for any use or disclosure of health information for marketing (as defined under HIPAA), except if the communication is in the form of a face-to-face communication made by us to an individual, or a promotional gift of nominal value provided by us.  If the marketing involves financial remuneration, as defined in paragraph (3) of the definition of marketing at 45 C.F.R. §164.501, to us from a third-party, the authorization must state that such remuneration is involved.
  5. Sale of your information. Except in limited circumstances covered by the transition provisions in 45 C.F.R. §164.532, we must obtain an authorization for any disclosure of health information which is a sale of health information, as defined in 45 C.F.R. § 164.501.
  6. Most sharing of psychotherapy notes. We must obtain an authorization for any use or disclosure of psychotherapy notes, except in limited circumstances as provided in 45 C.F.R. §164.508(a)(2).
  7. In the case of fundraising: We may contact you for fundraising efforts, but you can tell us not to contact you again.

Uses and Disclosures of Health Information That Do Not Require HIPAA Authorization:

  1. Treatment: We can use your health information and share it with other professionals who are treating you. Example: A doctor treating you for an injury asks another doctor about your overall health condition.
  2. Payment:  We may use or disclose your health information to bill and collect payment for the treatment and services provided to you.  For example, a bill may be sent to you or a third-party payer.  The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures and supplies used.
  3. Health Care Operations:  We may use or disclose health information about you to allow us to perform business functions.  For example, we may use your health information to help us train new staff and conduct quality improvement activities.  We may also disclose your information to consultants and other business associates who help us with these functions (for example, billing, computer support and transcription services).  We may disclose your health information to an agent or agency which provides services under a qualified service organization agreement and/or business associate agreement, in which they agree to abide by applicable federal law and related regulations 42 C.F.R. Part 2 and HIPAA.  We may contact you to send you reminder notices of future appointments for your treatment.
  4. Minors: We may disclose to a parent or guardian or other person authorized under state law to act on behalf of a minor, those facts about a minor which are relevant to reducing a threat to the life or physical well-being of the minor or any other individual. 
  5. Research:  We may use or disclose health information if our privacy board, or an Institutional Review Board, as described at 45 CFR 164.512(i)(1)(i)(A)-(B), approves a waiver of authorization for disclosure.
  6. Organizational Operations: We can use and share your health information internally to run our practice, improve your care, and contact you when necessary. Example: We use health information about you to manage your treatment and services.
  7. Public Need: We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. 
  8. Help with public health and safety issues: we can share health information about you for certain situations such as: preventing disease, helping with product recalls, reporting adverse reactions to medications, reporting suspected abuse, neglect, or domestic violence, or preventing or reducing a serious threat to anyone’s health or safety.
  9. Comply with the law: we will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
  10. Respond to organ and tissue donation requests: we can share health information about you with organ procurement organizations.
  11. Work with a medical examiner or funeral director: we can share health information with a coroner, medical examiner, or funeral director when an individual dies.
  12. Address workers’ compensation, law enforcement, and other government requests: We can use or share health information about you for workers’ compensation claims, law enforcement purposes or with a law enforcement official, health oversight agencies for activities authorized by law or special government functions such as military, national security, and presidential protective services.
  13. Respond to lawsuits and legal actions: we can share health information about you in response to a court or administrative order.


Our Responsibilities:

We are required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers.

BaMidbar is a registered 501(c)(3) public charity. EIN: 87-2444477. All content © 2023 BaMidbar