Privacy Policy

NOTICE OF PRIVACY PRACTICES

 

Revised: March 11, 2014

 

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  WORDS SUCH AS “we” AND “Diversicare” REFER TO THE AFFILIATED HEALTHCARE FACILITY WHERE YOU CURRENTLY OR PREVIOUSLY RESIDED.

 

PLEASE READ IT CAREFULLY

 

If you have any questions about this Notice, please contact the center Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN  37027, or (615) 771-7575.

 

THE PURPOSE OF THIS NOTICE

 

This Notice will tell you about the ways in which Diversicare protects uses and discloses your Protected Health Information (“PHI“). This Notice also describes your rights and certain obligations we have regarding the use and disclosure of PHI.

 

PHI means any information, transmitted or maintained in any form or medium, which Diversicare creates or receives that relates to your physical or mental health, the delivery of health care services to you or payment for health care services, and that identifies you or could be used to identify you.

 

WHO IS COVERED BY THIS NOTICE

 

This Notice of Privacy Practices (the “Notice“) describes the privacy practices of Diversicare and any of our employees and agents who are authorized to have access to PHI.

 

YOUR PHI AT DIVERSICARE

 

We maintain your PHI in a record we create of the services you receive from Diversicare. We need this record to provide you with quality care and to comply with certain legal requirements. This Notice applies to all of those records which we create, receive and/or maintain.  Your record may be in the form of written or printed documents, electronically stored records, or both.

 

Your personal physician or other health care provider may have different policies or notices regarding his or her use and disclosure of your PHI created in the physician’s or health care provider’s office or clinic.

 

OUR PLEDGE REGARDING PHI

 

We understand that information about you and your health is personal.  We are committed to protecting the confidentiality of your PHI.

 


OUR OBLIGATIONS AS TO PHI

 

We are required by law to:

 

  • Make sure that PHI is kept private.
  • Give you this Notice of our legal duties and privacy practices with respect to your PHI.  We also make it available at the Diversicare facility in which you are a resident and post it on Diversicare’s website.
  • Comply with the currently effective terms of this Notice.

 

BREACHES OF PHI

We must notify you within 60-days if we discover that there has been a breach of your unsecured PHI.  A breach occurs when there is unauthorized acquisition, use, access or disclosure of unsecured PHI.  PHI is unsecured when it is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through use of an approved technology or methodology, such as electronic encryption.  The breach must pose a low probability that the unsecured PHI has been compromised based on a risk assessment considering the nature and extent of the PHI involved, the unauthorized person who accessed the PHI, whether the PHI was actually acquired or viewed, and the extent to which the risk to the PHI, such as further disclosure, has been mitigated.  We are not required to notify you, though, of the following events: unintentional access or acquisition of unsecured PHI; inadvertent disclosure to another who is otherwise authorized to access PHI; any disclosure or access in which we have a good faith belief the PHI could not reasonably been retained.  Normally we will provide you with individual notice via mail or other individual means.  However, in certain circumstances, such as when we do not have sufficient contact information for you, we can post the notice on our website.  In cases where an unusually large number of individuals are affected by the same wrongful disclosure, we must notify local media.

HOW WE MAY USE AND DISCLOSE PHI ABOUT YOU

 

The following categories describe different ways that we use and disclose PHI.

 

Use for Treatment, Payment or Health Care Operations

 

We are permitted to use and disclose your PHI (1) to treat you by providing health care and related services, (2) to be paid for our services, and (3) to conduct health care operations. This section of this Notice discusses each of these types of uses and disclosures of PHI.

 

  • For Treatment.  We may use PHI about you to provide you with health care treatment or services. For example, we may use your PHI to diagnose or treat you for a particular condition. We may disclose PHI about you to Diversicare personnel, as well as to doctors, nurses, hospitals, clinics, or other health care providers who are involved in your care.  For example, the clinician who referred your testing to us, or other doctors treating you for a particular medical condition may need to know about the testing services we performed and any related diagnoses.  Diversicare may also share PHI about you in order to coordinate health care services and items that you may need.

 

  • For Payment.  We may use and disclose PHI about you so that our services may be billed to and payment may be collected from you, an insurance company, or a third party payor.  For example, we may need to give your health plan information about the services provided on your behalf so that your health plan will pay us or reimburse you for the services or items.

 

  • For Health Care Operations.  We may use and disclose PHI about you for health care operations.  These uses and disclosures are necessary to make sure you receive quality care.  For example, we may use PHI to review our treatment and services and to evaluate the performance of our staff in providing services to you.  We may also disclose information to doctors, nurses, hospitals, clinics, and other health care providers for review and learning purposes.  We may remove information that identifies you from this set of PHI so others may use it to study health care and health care delivery without learning the names of the specific patients.

 

You may request that we not disclose your PHI for Treatment, Payment or Health Care Operations purposes, but you must pay the cost of the service that is the subject of the PHI in full, and in advance, in order for us to be able to honor such a request.

 

Other Uses and Disclosures of PHI

 

Listed below are a number of other ways we are permitted or required to use or disclose PHI.  This list is not exhaustive.  Therefore, not every use or disclosure in a category is listed.

 

  • Appointment Reminders.  We may use and disclose protected health information to contact you as a reminder that you have an appointment with Diversicare.

 

  • Individuals Involved in Your Care or Payment for Your Care. We may release protected health information about you to a friend or family member who is involved in your medical care. We may also give information to someone who helps pay for your care. In addition, we may disclose protected health information about you to an entity assisting in an emergency so that your family can be notified about your condition, status, and location.

 

  • As Required By Law.  We will disclose protected health information about you when required to do so by federal, state, or local law.

 

  • Public Health Risks.  We may disclose protected health information about you for public health activities.  These activities generally include the following:

 

    • To prevent or control disease, injury, or disability;
    • To report births and deaths;
    • To report child abuse or neglect;
    • To report reactions to medications or problems with products;
    • To notify people of recalls of products they may be using;
    • To notify a person who may have been exposed to a disease or may be at risk for contacting or spreading a disease or condition; and
    • To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence.  We will only make this disclosure if you agree or when required or authorized by law.

 

  • Health Oversight Activities.  We may disclose protected health information to a health oversight agency for activities authorized by law.  These oversight activities include, for example, audits, investigations, inspections, and licensure.  These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

 

  • Lawsuits and Disputes.  If you are involved in a lawsuit or dispute, we may disclose protected health information about you in response to a court or administrative order.  We may also disclose protected health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.

 

  • Law Enforcement.  We may release protected health information if asked to do so by a law enforcement official:

 

    • In response to a court order, subpoena, warrant, summons or similar process;
    • To identify or locate a suspect, fugitive, material witness, or missing person;
    • About the victim of a crime if, under certain limited circumstance, we are unable to obtain the person’s agreement;
    • About a death we believe may be the result of criminal conduct;
    • About criminal conduct; and
    • In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime.

 

  • Coroners and Medical Examiners.   We may release protected health information to a coroner or medical examiner.  This may be necessary, for example, to identify a deceased person or determine the cause of death.

 

  • Organ and Tissue Donation.  If you are an organ donor, we may release protected health information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.

 

  • Research.  Under certain circumstances, we may use and disclose protected health information about you for research purposes.  All research projects, however, are subject to a special approval process.  This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with a patient’s need for privacy of their protected health information.

 

  • To Avert a Serious Threat to Health or Safety.  We may use and disclose protected health information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.  Any disclosure, however, would only be to someone able to help prevent the threat (i.e., Department of Health).

 

  • Military and Veterans. If you are a member of the armed forces, we may release protected health information about you as required by military command authorities.  We may also release protected health information about foreign military personnel to the appropriate foreign military authority.

 

  • National Security and Intelligence Activities.  We may release protected health information about you to authorized deferral officials for intelligence, counter- intelligence, and other national security activities authorized by law.

 

  • Protective Services for the President and Others.  We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state, or conduct special investigations.

 

  • Inmates.  If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official.  This release would be necessary (1) for the institution to provide you with health care, (2) to protect your health and safety of others, or (3) for the safety and security of the correctional institution.

 

  • Health-Related Benefits and Services.  We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.

 

  • Workers’ Compensation.  We may release protected health information about you for Workers’ Compensation or similar programs. These programs provide benefits for work-related injuries or illness.

 

Certain uses and disclosure generally will be made only upon your written authorization, including:

 

  • uses and disclosures of psychotherapy notes (if recorded by us);
  • uses and disclosures of PHI for marketing purposes, including subsidized treatment communications;
  • disclosures that constitute a sale of PHI; and
  • other uses and disclosures not described in this Notice.

 

You have the right to revoke such authorization, in writing, except where we have previously taken action in reliance on your prior authorization, or if the authorization was a condition to obtaining insurance coverage and other law provides the insurer with the right to contest a claim under the policy.  You have the right to opt out of our use of your PHI for fundraising purposes, and to restrict our ability to disclose PHI to your family, personal representatives and/or friends relating to your care or payment for your care or when needed to notify individuals regarding your location or general condition.

 

YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU

 

You have the following rights with respect to your protected health information:

 

  • Right to Inspect and Copy.  You have the right to inspect and copy protected health information that may be used to make decisions about your care. Generally, this information includes medical and billing records but does not include: (1) psychotherapy notes; (2) information prepared in anticipation of or for use in a civil, criminal, or administrative action; and (3) protected health information maintained that is (a) subject to the Clinical Laboratory Improvements Amendments (‘CLIA”) of 1988, 42 U.S.C. 263a, if access to the individual would be prohibited by law, or (b) exempt from CLIA pursuant to 42 CFR 493.3(a)(2).

 

To inspect and copy protected health information maintained by Diversicare you must submit your request in writing to the Privacy Officer.  That address may be found on Diversicare’s website.  If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN  37027, or (615) 771-7575.  We may charge a fee for the costs of copying, mailing, or other supplies associated with your request.

 

We may deny your request to inspect and copy your protected health information in certain limited circumstances.  If you are denied access to medical information, you will receive a written denial. You may request that the denial be reviewed.  Thereafter, another licensed health care professional chosen by Diversicare will review your request and the denial.  The person conducting the review will not be the person who originally denied your request.  We will comply with the outcome of the review.  We may charge you reasonable fees for copying your PHI.

 

  • Right to Amend.  If you believe that the protected health information we have about you is inaccurate or incomplete, you may ask us to amend the information.  You have the right to request an amendment for so long as the information is kept by or for Diversicare.

 

In order to request an amendment to your protected health information, your request must be made in writing and submitted to the Privacy Officer.  That address may be found on Diversicare’s website.  If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN  37027, or (615) 771-7575.  In addition, you must provide a reason that supports your request.  We will generally make a decision regarding your request for amendment no later than sixty (60) days after receipt of your request.  However, if we are unable to act on the request within this time, we may extend the time for thirty (30) more days, but we will provide you with a written notice of the reason for the delay and the approximate time for completion.  If we deny your requested amendment, we will provide you with a written denial.

 

We have the right to deny your request for an amendment if it is not in writing or does not include a reason to support the request.  We are not required to agree to your request if you ask us to amend protected health information that:

 

    • Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
    • Is not part of the protected health information kept by or for Diversicare;
    • Is not part of the protected health information which you would be permitted to inspect and copy; or
    • Is already accurate and complete.

 

  • Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.”  This is a list of the disclosures of protected health information we have made about you.  With respect to disclosures made for the purposes of treatment, payment, or healthcare operations, we will provide an accounting of disclosures of electronic PHI, however, we do not maintain an accounting of paper or hard copy PHI made pursuant to a prior authorization by you or for certain law enforcement purposes.

 

In order to request this list or accounting of disclosure, your request must be submitted in writing to the Privacy Officer.  That address may be found on Diversicare’s website.  If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN  37027, or (615) 771-7575.  Your request must also state a time period for which you want the accounting to cover, which may not be longer than six (6) years.  Your request should also specify the format of the list you prefer (i.e., on paper or electronically).  The first list you request within a twelve (12) month period will be free.  For additional lists, we may charge you for the costs of providing the list.  We will notify you of the costs involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

 

  • Right to Request Restriction of Uses and Disclosures.  You have the right to request that we restrict the uses and disclosures of protected health information about you to carry out treatment, payment, or health care operations and/or to individuals involved in your care.  We cannot restrict disclosures required by law or requested by the federal government to determine if we are meeting our privacy protection obligations.


We are not required to agree to your request;
however, if we do agree, we will comply with your request unless the information is needed to provide you emergency medical treatment.

 

To request restrictions, you must make your request in writing to the Privacy Officer.  That address may be found on Diversicare’s website.  If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN  37027, or (615) 771-7575.  Your request must specify (1) what protected health information you want to limit; and (2) whether you want to limit our use, disclosure, or both, and to whom you want the limits to apply (i.e., disclosures to your spouse).

 

We may terminate our agreement to the restriction if you orally agree to the termination and it is documented, you request the termination in writing, or we inform you that we are terminating our agreement with respect to any information created or received after receipt of our Notice.

 

In addition to the right to request a restriction as described above, you have the right to order that we not send your protected health information to any insurance company or person responsible for payment for your services, in order for Diversicare to be paid for our services on your behalf.  However, should you wish to exercise this right, you will be required to pay for our services, at our undiscounted rates, in full and in advance.

 

  • Right to Request Confidential Communications.  You also have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.  In order to request confidential communications, you must make your request in writing to the Privacy Officer.  That address may be found on Diversicare’s website.  If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN  37027, or (615) 771-7575.  We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

 

  • Right to Receive Notice Electronically.  You have the right to a paper copy of this Notice.  You may ask us to give you a copy of this Notice at any time.  Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice.

 

To obtain a paper copy of this Notice, please call or write the Center’s Administrator/Local Privacy Officer.  That address may be found on Diversicare’s website.  If you do not know that address, you may send your request to: Corporate Privacy Officer, Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN  37027, or (615) 771-7575.

 

CHANGES TO THIS NOTICE

 

We reserve the right to change our privacy practices that are described in this Notice.  We reserve the right to make the revised or changed privacy practices applicable to protected health information we already have about you, as well as any information we receive in the future.  A copy of our current Notice will be posted and made available in Diversicare offices(s), at our facilities and on our website.  Prior to a material change to the uses or disclosures, your rights, our legal duties, or other privacy practices stated in this Notice, we will revise this Notice and make the revised version of the Notice available upon request, and on Diversicare’s website.  This Notice will contain an effective date on the first page.

 

COMPLAINTS

 

If you believe your privacy rights have been violated, you may file a complaint with Diversicare, or with the Secretary of the Department of Health and Human Services. To file a complaint with us, please call the center’s Administrator/ Local Privacy Officer.  That address may be found on Diversicare’s website.  If you do not know that address, you may send your request to: Corporate Privacy Officer, Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN  37027, or (615) 771-7575.  All complaints must be submitted in writing.

 

You will not be penalized or retaliated against for filing a complaint.

 

OTHER USES OF MEDICAL INFORMATION

 

Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written consent. If you provide us permission to use or disclose protected health information about you, you may revoke that consent, in writing, at any time.  If you revoke your consent, we will no longer use or disclose medical information about you for the reasons covered by your written authorization.  You understand that we are unable to take back any disclosures we have already made with your consent, and that we are required to retain our records of the care that we provided to you.

 

The above Notice of Privacy Practices describes your rights and our obligations pursuant to the federal Health Insurance Portability & Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic & Clinical Health Act (HITECH), and any implementing regulations.  If the law of the sate in which our facility is located is more generous in describing your rights, or more restrictive in establishing our obligations, we will follow the law of that state.

 

Thank you.