Notice of Privacy Practices
Bright Path, its facilities and subsidiaries, and all associates are committed to providing you with quality behavioral healthcare services. An important part of that commitment is protecting your health information according to applicable law. This notice (“Notice of Privacy Practices”) describes your rights and our duties under Federal Law. Protected health information (“PHI”) is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition; the provision of healthcare services; or the past, present or future payment for the provision of healthcare services to you.
We are required by law to maintain the privacy of your PHI; provide you with notice of our legal duties and privacy practices with respect to your PHI; and to notify you following a breach of unsecured PHI related to you. We are required to abide by the terms of this Notice of Privacy Practices. This Notice of Privacy Practices is effective as of the date listed on the first page of this Notice of Privacy Practices. This Notice of Privacy Practices will remain in effect until it is revised. We are required to modify this Notice of Privacy Practices when there are material changes to your rights, our duties, or other practices contained herein.
In addition to the above, we have a duty to respond to your requests (e.g. those corresponding to your rights) in a timely and appropriate manner. We support and value your right to privacy and are committed to maintaining reasonable and appropriate safeguards for your PHI.
Confidentiality of Alcohol and Drug Abuse Records
The confidentiality of alcohol and drug abuse patient records maintained by us is protected by Federal law and regulations. Generally, we may not say to a person outside the treatment center that you are a patient of the treatment center, or disclose any information identifying you as an alcohol or drug abuser unless:
(1) You consent in writing (as discussed below in “Authorization to Use or Disclose PHI”):
(2) The disclosure is allowed by a court order (as discussed below in “Uses and Disclosures”); or
(3) The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation (as discussed below in “Uses and Disclosures”).
Violation of the Federal law and regulations by the treatment center is a crime. Suspected violations may be reported to appropriate authorities in accordance with Federal regulations.
Federal law and regulations do not protect any information about a crime committed by you either at the treatment center or against any person who works for the treatment center or about any threat to commit such a crime (as discussed below in “Uses and Disclosures”).
Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under State law to appropriate State or local authorities (as discussed below in “Uses and Disclosures”).
Uses and Disclosures
Uses and disclosures of your PHI may be permitted, required, or authorized. The following categories describe various ways that we use and disclose PHI.
We may use or disclose information between or among personnel having a need for the information in connection with their duties that arise out of the provision of diagnosis, treatment, or referral for treatment of alcohol or drug abuse, provided such communication is (i) within the treatment center; or (ii) between the treatment center and Bright Path. For example, our staff, including clinicians, will use your PHI to provide your treatment care. Your PHI may be used in connection with billing statements we send you and in connection with tracking charges and credits to your account. Your PHI will be used to check for eligibility for insurance coverage and prepare claims for your insurance company where appropriate. We may use and disclose your PHI in order to conduct our healthcare business and to perform functions associated with our business activities, including accreditation and licensing.
Secretary of Health and Human Services. We are required to disclose PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA Privacy Rules.
Business Associates. We may disclose your PHI to Business Associates that are contracted by us to perform services on our behalf which may involve receipt, use or disclose of your PHI. All of our Business Associates must agree to: (i) protect the privacy of your PHI; (ii) use and disclose the information only for the purposes for which the Business Associate was engaged; (iii) be bound by 42 CFR Part 2; and (iv) if necessary, resist in judicial proceedings any efforts to obtain access to patient records except as permitted by law.
Crimes on premises. We may disclose to law enforcement officers’ information that is directly related to the commission of a crime on the premises or against our personnel or to a threat to commit such a crime.
Reports of suspected child abuse and neglect. We may disclose information required to report under state law incidents of suspected child abuse and neglect to the appropriate state or local authorities. However, we may not disclose the original patient records, including for civil or criminal proceedings which may arise out of the report of suspected child abuse and neglect, without consent.
Court order. We may disclose information required by a court order, provided certain regulatory requirements are met.
Emergency situations. We may disclose information to medical personnel for the purpose of treating you in an emergency.
Research. We may use and disclose your information for research if certain requirements are met, such as approval by an Institutional Review Board.
Audit and Evaluation Activities. We may disclose your information to persons conducting certain audit and evaluation activities, provided the person agrees to certain restrictions on disclosure of information.
Reporting of Death. We may disclose your information related to cause of death to a public health authority that is authorized to receive such information.
Authorization to use or disclose PHI
Other than as stated above, we will not use or disclose your PHI other than with your written authorization. Subject to compliance with limited exceptions, we will not use or disclose psychotherapy notes, use or disclose your PHI for marketing purposes or sell your PHI unless you have signed an authorization. If you or your representative authorize us to use or disclose your PHI, you may revoke that authorization in writing at any time to stop future uses or disclosures. We will honor oral revocations upon authenticating your identity until a written revocation is obtained. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect.
The following are the rights that you have regarding PHI that we maintain about you. Information regarding how to exercise those rights is also provided. Protecting your PHI is an important part of the services we provide you. We want to ensure that you have access to your PHI when you need it and that you clearly understand your rights as described below.
Right to Notice
You have the right to adequate notice of the uses and disclosures of your PHI, and our duties and responsibilities regarding same, as provided for herein. You have the right to request both a paper and electronic copy of this Notice. You may ask us to provide a copy of this notice at any time. You may obtain this notice on our website at https://www.brightpathbh.com/ or from facility staff or our Privacy Official.
Right of Access to Inspect and Copy
You have the right to access, inspect and obtain a copy of your PHI for as long as we maintain it as required by law. This right may be restricted only in certain limited circumstances as dictated by applicable law. All requests for access to your PHI must be made in writing. Under a limited set of circumstances, we may deny your request. Any denial of a request to access will be communicated to you in writing. If you are denied access to your PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by Bright Path will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the decision made by the designated professional. If you are further denied, you have a right to have a denial reviewed by a licensed third-party healthcare professional (i.e. one not affiliated with us). We will comply with the decision made by the designated professional.
We may charge a reasonable, cost-based fee for the copying and/or mailing process of your request. As to PHI which may be maintained in electronic form and format, you may request a copy to which you are otherwise entitled in that electronic form and format if it is readily producible, but if not, then in any readable form and format as we may agree (e.g. PDF). Your request may also include transmittal directions to another individual or entity.
Right to Amend
If you believe the PHI we have about you is incorrect or incomplete, you have the right to request that we amend your PHI for as long as it is maintained by us. The request must be made in writing and you must provide a reason to support the requested amendment. Under certain circumstances we may deny your request to amend, including but not limited to, when the PHI: 1. was not created by us; 2. is excluded from access and inspection under applicable law; or 3. is accurate and complete. If we deny amendment, we will provide the rationale for denial to you in writing. You may write a statement of disagreement if your request is denied. This statement will be maintained as part of your PHI and will be included with any disclosure. If we accept the amendment, we will work with you to identify other healthcare stakeholders that require notification and provide the notification.
Right to Request an Accounting of Disclosures
We are required to create and maintain an accounting (list) of certain disclosures we make of your PHI. You have the right to request a copy of such an accounting during a time period specified by applicable law prior to the date on which the accounting is requested (up to six years). You must make any request for an accounting in writing. We are not required by law to record certain types of disclosures (such as disclosures made pursuant to an authorization signed by you), and a listing of these disclosures will not be provided. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests. We will notify you of the fee to be charged (if any) at the time of the request.
Right to Request Restrictions
You have the right to request restrictions or limitations on how we use and disclose your PHI for treatment, payment and operations. We are not required to agree to restrictions for treatment, payment and healthcare operations except in limited circumstances as described below. This request must be in writing. If we do agree to the restriction, we will comply with restriction going forward, unless you take affirmative steps to revoke it or we believe, in our professional judgment, that an emergency warrant circumventing the restriction in order to provide the appropriate care or unless the use or disclosure is otherwise permitted by law. In rare circumstances, we reserve the right to terminate a restriction that we have previously agreed to, but only after providing you notice of termination.
If you have paid out-of-pocket (or in other words, you or someone besides your health plan has paid for your care) in full for a specific item or service, you have the right to request that your PHI with respect to that item or service not be disclosed to a health plan for purposes of payment or healthcare operations, and we are required by law to honor that request unless affirmatively terminated by you in writing and when the disclosures are not required by law. This request must be made in writing.
Right to Confidential Communications
You have the right to request that we communicate with you about your PHI and health matters by alternative means or alternative locations. Your request must be made in writing and must specify the alternative means or location. We will accommodate all reasonable requests consistent with our duty to ensure that your PHI is appropriately protected.
Right to Notification of a Breach
You have the right to be notified in the event that we (or one of our Business Associates) discover a breach involving unsecured PHI.
Right to Voice Concerns
You have the right to file a complaint in writing with us or with the U.S. Department of Health and Human Services if you believe we have violated your privacy rights. Any complaints to us should be made in writing to our Privacy Official at the address listed below We will not retaliate against you for filing a complaint.