AVISO DE PRÁCTICAS DE PRIVACIDAD HIPAA

GENERAL RULE

NOTICE OF PRIVACY PRACTICES

HIPAA

For the establishment of health care:

Name: Citrus Counseling Services

Address: 51 West Olive Redlands, CA 92373

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION General Rule under HIPAA 2013.

PLEASE REVIEW CAREFULLY

For the purposes of this communication, “we” and “our” refer to the name of the establishment of Healthcare: CCS and “you” or “your” refer to our patients (or their legal representatives have been determined by we agree with the informed consent law by the state). When you receive health care services from us, we will get access to their medical information (ie, medical history). We are committed to maintaining the privacy of your health information and have implemented numerous procedures to ensure that we do this.

Federal law Portability and Accountability Health Insurance 2013 General Rule HIPAA (HIPAA formally HI TECH 1996 and 2004), require us to maintain the confidentiality of all health care records and other identifying information about the patient’s health ( ISP) used or disclosed by us in any form, whether electronically, on paper or by word. HIPAA is a federal law that provides significant new rights to understand and control how your health information is used. General Rule The HIPAA Federal and state law provides penalties for covered entities, business partners and subcontractors and owners of records respectively who misuse or improperly disclose PHI.

As of April 14, 2003, HIPAA requires that we give the notice of our legal duties and privacy practices that are required to follow when you enter for the first time in our office for medical services. If you have any questions about this Notice, please, ask to speak with our HIPAA Privacy Officer.

Our physicians, clinicians, employees, business partners (outside contractors hired), its subcontractors and other stakeholders, respect the policies and procedures outlined in this Notice. If your primary caregiver / doctor is not available to assist (eg, illness, holidays, etc.) to be in this facility, we can provide the name of another health care provider outside our clinic you can consult with him . If we do this, that provider will respect the policies and procedures outlined in this Notice or those established for clinical, while substantially conform to our clinic.

HOW OUR RULES MAY USE AND DISCLOSE YOUR HEALTH INFORMATION THAT HAS BEEN PROTECTED

Under the law, we must have your signature on a written and dated Form Consent and / p Authorization Form Recognition of this Notice, before you can use or disclose your PHI for certain purposes as outlined in the following rules.

Documentation – You must sign an Authorization Form / Recognition when you receive this Notice of Privacy Practices. If you have not signed the form or need a copy of which has already signed, please contact our Privacy Officer. You may withdraw or revoke your consent or authorization at any time (unless you already have acted on that) Revocation presenting our form and sending it to our address above. Your revocation will take effect when you actually receive it. We can not give retroactive effect, so it will not affect any use or disclosure that has taken place during our reliance on the consent or prior to the revocation (eg authorization if after that we provide services, you revoke your authorization / recognition to avoid charge a fee for these services, your revocation will have no effect since received authorization / recognition to provide services before you the revoke).

General rule – If you do not sign an authorization form / recognition or revoke it, as a general rule (subject to exceptions noted below as “Rule Health Treatment, Payment and Operations” and “Special Rules”) can not, in any Thus, use or disclose to anyone (excluding you, but including payers and Trade Partners) their ISP or any other information in your medical record. By law, we are not able to submit claims to payers under assignment of benefits without your signature on an authorization form or recognition. You, however, may restrict disclosures of your insurance company for services for which you want to pay “out of pocket” under the new General Rule. We will not condition treatment if you do not sign an authorization or recognition, but we could be forced to reject new patient or discontinue it as an active patient if you choose not to sign or revoke the authorization / recognition.

Rule of Medical Treatment, Payment and Operations

With your signed consent, we may use or disclose PHI to:

• · Provide or coordinate medical services and treatments. For example, we may review your medical history form to create a diagnosis and treatment plan, consult with other doctors about their care, delegate tasks to auxiliary staff, call your pharmacy for your prescriptions, disclose required information for your family or others so that they can assist with home care, arrange meetings with other health care providers, laboratory analysis program for you, etc.
• · Charge or collect his payments, an insurance company, managed care organization, health plan benefits or others. For example, we may need to check your insurance coverage, submit your ISP in claim forms for reimbursement for our services, pre-treatment to obtain prior authorization from your health plan or provide estimates or x-rays because their health plan It requires that they be paid. Remember, you may restrict disclosures of your insurance company for services for which you want to pay “out of pocket” under the new General Rule.
• · To run our office, evaluate the quality of care for our patients and reduce costs associated with failure to attend appointments, we may contact you by phone, email or otherwise to remind you of your scheduled appointments. We could leave messages with anyone who takes your phone or email to contact us (but we will not give detailed ISP), we could call him by his name from the waiting room, we may ask you to put your name on a sheet of signatures (c’mon to cover his name right after registering), we could tell you about or recommend health related and complementary or alternative treatments that may interest products, we may review your PHI to evaluate the performance of our staff, or our Privacy Officer may review your ISP to evaluate their records to assist with their complaints. If you prefer not to contact you with appointment reminders or information about treatment alternatives or health-related services, so please notify us written in our address above and not use or disclose your PHI for these reasons products.
• · The new General Rule HIPAA does not require us to provide notice above related to appointment reminders, information about treatment Health Benefits, but we are including this as a courtesy for you to understand our business practices with respect to your ISP (Protected Health Information)

Additionally, you should be raised awareness of these laws to protect on their behalf, under the new General Rule HIPAA:

• · The Health Insurance plans to ensure they can not use or disclose genetic information for insurance purposes (this excludes certain plans long-term care). Insurance plans that publish their notices of Privacy Practices (ADPPs) on their websites should publish these changes in General Rule on their websites on the effective date of the rule, as well as notice by US Mail the effective date of the General Rules. Plans that do not publish their ADPPs on their Web sites must provide information about changes to the general rule within 60 days of these federal reviews.
• · The Psychotherapy Notes held by a health professional should specify in their ADPPs they can allow the “use and disclosure” of these notes only with your written authorization.

Special Rules

Notwithstanding any accessory thing in this Notice, only in accordance with the General Rule HIPAA applicable, under strictly limited circumstances, we may use or disclose your PHI without your permission, consent or authorization for the following purposes:

• · When required under federal, state or local law
• · When necessary in emergencies to prevent a serious threat to your health and safety or the health and safety of others.
• · When necessary for public health reasons), for example, preventing or controlling disease, injury or disability, report information such as adverse reactions to anesthesia, drugs or ineffective or dangerous products, suspected abuse, neglect or exploitation of children, adults or disabled elderly or domestic violence).
• · For health oversight activities of the federal or state government (eg, civil rights laws, fraud and abuse investigations, audits, investigations, inspections, licenses or permits, government programs, etc.)
• · For judicial and administrative proceedings and purposes of law enforcement (eg, in response to a warrant, subpoena or court order, providing ISP to coroners, medical examiners, funeral directors locate missing persons, identify dead people or determine the cause of death).
• · For workers’ compensation purposes (for example, we may disclose your ISP if you have sued for health benefits by disease or work-related injury.
• · For purposes of intelligence, counterintelligence or other national security purposes (eg, Veterans Affairs, US Military Command, other government authorities or foreign military authority that may require us to release PHI about you).
• · To donate organs or tissue (eg, if you are an organ donor, we may release your PHI to organizations that handle procurement and transplantation of organs, eyes or tissue)
• · For research projects approved by an Institutional Review Board to ensure confidentiality (for example, if a researcher will have access to your ISP because it is involved in your medical care, you will be asked to sign a consent form).
• · To create a collection of information that is not identifiable (for example, does not personally identify by name, and other distinctive marks, and can not be connected to you anymore).
• · For family members, friends and others, but only if you are present and give permission verbally. We will give you an opportunity to object and if it does, we will assume reasonably, based on our professional judgment and circumstances that surround us, that you do not object (for example, you take someone inside the operating room or during examination treatment or within the conference area when we are discussing your ISP); we reasonably infer that is of interest (for example, to allow someone else to remove their records because they know that you were our patient and you have been asked so written and personally signed to do that); or an emergency situation involving it to you or someone else (your child or ward) and, respectively, you can not allow the other person to take care of him because, after a reasonable attempt, have not been able to locate him. In these emergency situations could, based on our professional judgment and circumstances around us, determine that disclosure is in your best interest or the other person, in which case disclose ISP, but only as belonging to the care being provided, and notify about disclosure as soon as after care is completed as possible. Under HIPAA 164.512 law (j) (i) … (A) It is necessary to prevent or lessen a serious and imminent threat to the health and safety of the person or the public and (b) is for the person or persons they may be able to prevent or lessen the threat.

Rule minimum necessary

Our staff will not use or access its ISP unless required to do their job (for example, doctors who are not involved in your care will not agree to your ISP, the clinical support staff who care not access your information invoicing, billing person will not enter your ISP unless needed to complete the claim form for his last visit, the maintenance staff will not access your ISP). All members of our team have the necessary training on HIPAA Privacy Rules and signed strict confidentiality agreements with respect to protecting and maintaining his private ISP. Similarly it happens with our Associates and their Subcontractors Shops. You should know that your ISP is protected by several layers with respect to our business relationships. Also, we disclose it to others outside the staff, only as much as necessary to complete the legal purposes of the receiver. Despite this, in some cases we may use and disclose the entire contents of your medical record:

• · You (and their legal representatives as established above) and any other person you sign up for an authorization or consent to receive a copy of your records.
• · A health care provider for treatment purposes (for example, make diagnoses and treatment decisions or agree with previous recommendations in the medical record).
• · A Department of Health and Human Services (for example, in connection with a complaint HIPAA).
• · Others as has been required under federal or state law.
• · A Privacy Officer and others as needed to resolve your complaint or fulfill your request under HIPAA (eg officials who copy records need access to their full medical record)

According to HIPAA, we assume that requests for disclosure of PHI from another covered entity (as is defined in HIPAA) are for the minimum necessary amount of PHI to accomplish the purpose of the applicant. Our Privacy Officer will individually review unusual or nonrecurring ISP requests to determine the minimum necessary amount of ISP and disclose only that. For applications or non-routine disclosures, our Privacy Officer will make a minimum and necessary determination based on, but not limited to, the following factors:

• · The amount of information being disclosed
• · The number of individuals or entities to which the information is being revealed
• · The importance of the use or disclosure
• · The likelihood of future disclosures
• · If the same result would have been achieved with non-identifiable information
• · The technology available to protect the confidentiality of the information
• · The cost of implementing administrative, technical and safety procedures to protect the confidentiality

If we believe that a request for others to disclose your complete medical record is not necessary, we will ask the applicant to document why this is necessary, retain such documentation and we will offer you at your request.

Incidental Disclosure Rule

We will take administrative, technical and security guarantees to ensure that the privacy of your ISP when the use or disclose (for example, we grind all paper containing ISP, we require that employees speak cautiously of privacy to discuss the ISP with you, we use passwords on computers and change periodically (for example, when an employee leaves us), we use firewall and router protection to meet the federal standards, make a back up of our data offsite ISP and encrypt in based on federal standards, we do not allow unauthorized access to areas where ISPestá stored or stored and / or have no unsupervised trading partner signing confidentiality agreements Trade Associates) access.

However, in case there is a gap in the protection of their ISP, seguiremosla Federal Guideline under the standards of the General Rule HIPAA to first assess the situation, the situation retain copies of files, and will report all breaches ( different from the low probability as has been prescribed in the General Regulation) to the Department of Health and Human Services at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html

Also properly we notify you or any other significant part as required by HIPAA.

Rule Business Partners

Business Partners are defined as an entity (not employees) who in the course of their work will use, transmit, view, transport, interpret, process or directly or indirectly provide the ISP for this property.

Commercial and third Partners (if any), which receive their ISP on our part will be banned from re-release it unless prompted to do so by law or you provide written consent for the re-disclosure. Nothing in our Trading Partner Agreement will allow our business partners violate this ban on re-disclosure. Under the General Law, Business Partners will sign a strict confidentiality agreement committing to maintain their protected ISP and report any commitment of that information with us, you and the Department of Health and Human Services of the United States, as well as other required entities. Our partners also follow the General Rule and will make any of its subcontractors who are directly or indirectly contact your ISP, sign confidentiality agreements based on the general federal standards.

Rule Super-confidential information

If we PHI about you regarding communicable diseases, disease testing, diagnosis or treatment of alcohol abuse or substance, or records of psychotherapy and mental health (information super-confidential under the law), we will not disclose under General Treatment or Health Care, Operations and Payment Rules (see above) without your first signing and proper completion of our Consent form (for example, you must specifically write their initials on the type of super-sensitive information we are permitted to disclose). If you do not specifically authorize release to put their initials on the super-sensitive information, we will not disclose it unless authorized by us under the Special Rules (see above) (for example, if we are required by law to disclose). If we disclose super information (either because you’ve put your initials on the consent form or Special Rules authorizing us to do this), we will comply with state and federal law that requires us note to the recipient in writing that the re- disclosure is prohibited.

Rule changes in Privacy Policy

We reserve the right to change our privacy practices (changing the terms of this Notice) at any time as it has been authorized by law. The changes will be effective immediately after the do. They will apply to all PHI we created or received in the future, as well as all PHI created or received by us in the past (eg the ISP about you that we had before the changes took effect). If we make changes, we will post the Notice changed, along with its effective date in our office and our website. Also, by request, you will receive a copy of our current Notice.

Authorization Rule

We will not use or disclose your PHI for any reason or any other different from the provisions of the above rules without your signature on authorization form / written specifically Recognition (not one of consent or Recognition) person. If we need your authorization, we obtain through a specific Authorization Form, which may be separate from any authorization / recognition that we have collected from you. Not condition your treatment here based on whether to sign the authorization (or not).

Rules of Marketing and Fundraising

Limitations on the disclosure of ISP with respect to remuneration

Disclosure or sale of your ISP without permission is prohibited. Under the new Act HIPAA, this would exclude disclosures for public health purposes, for health treatment or payment for the sale, transfer, merger or consolidation of all or part of this property and to due diligence, to any of our partners Trade in connection with the performance of the activities of trading partners for this facility to a patient or recipient upon request, and as required by law. In addition, disclosure of your PHI for research purposes or any other purpose permitted by HIPAA will not be considered a disclosure if the only refund received is “a reasonable price, based on costs” to cover the cost of preparing and transmitting their ISP, which should be expressly permitted by law. Notably, under the general rule, a release of the ISP must establish that disclosure will result in compensation for the Covered Entity. Despite the changes in the rule, the disclosure of a limited set of data (a form of ISP with a number of identifiers removed in accordance with the specific requirements of HIPAA) for compensation according to the existing agreements will be acceptable to the September 22, 2014, while the agreement is not changed a year before that date.

Limitation on Use of PHI for Marketing

We, in accordance with State and Federal laws, we will obtain your written authorization to use or disclose your PHI for marketing purposes (for example, use your photograph in advertising) but not for activities that are processing operations or healthcare authorization. To clarify, Marketing is defined by the rule, as “a communication about a product or service that encourages recipients of … to buy or use the product or service.” Under the rule, we will get a written confirmation of their previous part to recommend to you a therapist, or Health Care Covered Entity not associated authorization.

Under the rule, we will get your written permission to use their ISP or make any recommendations for treatment or health care, if a financial remuneration for the communication was involved in a third party whose product or service we we promoted ( for example, businesses providing incentives for this establishment to promote their products or services to you). This also applies to our trading partners that may receive such remuneration for making a treatment recommendation or health care. All these recommendations will be limited without their express written permission.

We must clarify to the financial compensation does not include “payments in kind” and payments with a purpose to implement a disease management program. Any promotional gift of nominal value are not subject to authorization requirements, and we will respect the set of terms of the law to accept or reject them.

The only exclusion to this include: “reminders filler” while compensation when such communication is “reasonably related to our cost” for making communication shower. According to the law, this property and our business partners will never ask for reimbursement from you for allowable costs include: labor, supplies and postage. Please note that the “generic equivalents”, “compliance with taking medication and has been stipulated” and are all considered “filler reminders”.

Marketing communications face to face, such as sharing with you a pamphlet or brochure, are permissible under current HIPAA.

Flexibility in the use of PSI for Fundraising

Under the General Rule HIPAA, the use of the ISP is more flexible and does not require authorization if we include in any fundraising effort to try at this. Anyway, we will offer you the opportunity to opt out of future fundraising communications. Just let us know you want to opt out of receiving anything in such situations. There will be a statement on its  HIPAA Patient Acknowledgment Form where you can choose to opt out of receiving nothing. Our commitment to care and treat it will not in any way affect their decision to participate or not in our fundraising efforts.

Improvements Requirements Related Research Authorizations

Under the General Rule HIPAA, we may seek authorization from you to use your ISP for further research. Anyway, we may have to make clear that these uses are in detail.

Also, if we require an authorization made on your part with respect to the investigation, this property would clarify that when an authorization compound is used, and treatment-related research is conditioned by its authorization, the composite authorization will differentiate between components conditioned and not conditioned.

YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION

If you received this Notice via email or web site, you have the right to request at any time a paper copy, upon request to our Privacy Officer. Also, you have the following additional rights with respect to the ISPque maintain about you:

Inspect and Copy

You have the right to see and have a copy of your ISP including, but not limited to, by submitting a written request to our Privacy Officer payment request medical records. Original records will not leave the premises, will be available for inspection only during our regular business hours, and only if our Privacy Officer is present at all times. You may ask us to give copies to a different format copy (and we do this unless we determine that it is impractical) or ask us to prepare a summary rather than copies. We may charge a fee not to exceed the state law to recover our costs (including shipping, supplies and staff time as applicable, but excluding staff time for search and retrieval) to duplicate or summarize your ISP. We will not condition the release of copies of a summary payment of your outstanding balance for professional services if you have one). We will meet the Federal Act to provide your ISP in an electronic format within 30 days, with Federal Specification, when you provide us a written request properly. A copy will also be made available. We will respond to requests in a timely manner without delay to legal review or within 30 days if it has been requested in written form and within 10 working days or less if it is involved litigation malpractice or mediation. We may deny your request in certain limited circumstances (for example, do not have the ISP, comes from a confidential source, etc.). If we deny your request, you may request a review of this decision. If required by law, we will select a professional licensed health care (other than the person who denied your request initially) to review the denial and the decision will allow him or her. If we select a licensed health care provider who is not affiliated with us, we will make sure that a Business Partner Agreement is executed to prevent the re-release of your PHI without your consent.

To Request an Amendment / Correction

If another doctor involved in your health written asking us to change their ISP, let’s do this as fast as possible when we become aware of the changes and we will send you a written statement that the changes we have made ​​confirmation. If you think the ISP we have about you is wrong or missing something important in your records, you can ask us to modify or amend (to the extent we have it), by submitting the “Application for Modification / Correction “ our Privacy Officer. We will act on your request within 30 days after we receive it but we could extend our response time (within 30 days) no more than once for no more than 30 days, or in accordance with the Awards Federal law, in which case we will notify you in writing when and why to be able to respond. If we agree to your request, we will tell you within 5 business days, we will notice changes (not delete) what is wrong or completing and adding the language changed, andWe send the changes within 5 business days to people you ask us and we know it can affect your ISP incorrect or incomplete (or has already affected). We may deny your request under certain circumstances (for example, was not presented in written form, does not give a reason why you want to make the change, we have not created the ISP that you want to change (and the entity that made him can be reached ), it was compiled for use in litigation, or we determine that it is accurate and complete). If we deny your request, we will tell you (in writing, within 5 working days) why and how to file a complaint with us if you disagree, you can file a dissent written by our denial (and we could submit a written rebuttal and give you a copy of it), you can ask us to disclose your initial request and our denial when we make future disclosures of PHI concerning your application, and you can complain to us and to the Department Health and Human Services.

A List of Disclosures

You we could request a list of those who got their ISP from us by submitting the “Application of Certain Disclosures”. The list will not cover certain disclosures (eg the ISP given to you, your legal representative, given to other operations purposes of treatment, payment or health care). Your request must state in what form you want the list (on paper or electronically) and the period of time you want us to cover, which can be up to but not exceeding the last six years (excluding dates before April 14, 2003) . If you request this list more than once over a period of 12 months, we may charge a reasonable arena to respond, in which case we will say the cost before you incur it and let decide whether to withdraw or modify your request to avoid the cost.

Request Restrictions

You may ask us to limit how your ISP is used and disclosed (for example, in addition to our rules as are established in this Notice), presenting a written form ” Request Restrictions on Use and Disclosure “ (for example, you could not wanting to disclose their surgery family members or friends involved in paying for our services or provide care at home). If we agree to these additional restrictions, we will follow them except the case of an emergency, in which we will not have time to check the constraints. Also, in certain circumstances, could grant your request (for example, we are required by law to use or disclose your PHI in the way you want to limit, you signed an authorization form, you may revoke, allowing us to use or disclose your PHI in the way you want to restrict it, in an emergency).

Communications require Alternatives

You may ask us to communicate with you in a different form or on a different place by submitting a Form “Request for Alternative Communication” .We are not going to ask why and we will accommodate all reasonable requests (which could include sending reminders Dating sealed envelopes rather than postcards, send your PHI to a PO Box instead of your home address, contact you to a phone number before to your home). You must tell us what the alternative means or location you want to use and explain are, to our satisfaction, how payment will be made ​​if we communicate with you as you requested.

To complain or get more information

We will continue our rules as they have been established in this Notice. If you want more information or believe your privacy rights have been violated (for example, if you disagree with a decision we made about the inspection / copy under / correction of disclosures, restrictions or alternative communications), we fix the situation. We will never penalized for filing a complaint. To do so, please submit a formal written complaint within 180 days:

The US Department of Health & Human Services

Office of Civil Rights

200 Independence Ave., SW

Washington, DC 20201

877.696.6775

Or submit a written complaint form at the following address:

Our Privacy Officer:

Office Name: Sue Konkel-White

Office Address: 51 West Olive Redlands, CA 92373

Office Phone: 909 793-1078

Email Address: 51 West Olive Redlands, CA 92373

You can get a form of “HIPAA Complaint” contacting our privacy officer.

These privacy practices are consistent with the effective implementation HIPAA April 14, 2003, without the effective date generally at March 26, 2013 and will be effective until we replace as has been specified in the Federal Act and / or State.

OPTIONAL RULES FOR THE NOTICE OF PRIVACY PRACTICES

Rule Fax and Email

When you ask us to send a fax or email your ISP as an alternative communication, we could agree to do this, but only after our Privacy Officer confirm that the fax number or email address is correct before sending the message and ensure that the intended receiver has only access to the fax machine or a computer before sending the message; confirm receipt, locate our fax machine or computer in a secure location, so that unauthorized access is prevented and the view; use a fax cover for the ISP is not on the first page to print (because unauthorized persons could see the first page); and attach an appropriate notice to the message. Our emails are encrypted under federal standards for protection.

Transitional rule Clinics

If we sell our clinic, our patients records (including but not limited to your ISP) may be disclosed and physical custody can be transferred to the health care provider to buy it, but only according to the law. The health care provider who is the new owner of the records will be solely responsible for ensuring the privacy of your ISP after the transferor and you agree that we will have no liability for (or obligation associated with) transferred records . If all owners of our clinical die, records of our patients (including but not limited to your ISP) must be transferred to another health care provider within 90 days to comply with Federal and State Laws. Before we transfer our records in any of these situations, our Privacy Officer will gain a Trade Agreement partners from the buyer and review your ISP for super-sensitive information (eg records of communicable diseases) that will not be transferred without their express written authorization (indicated by its initials in our Consent Form).

Registration Inactive Patients

We will retain your records for seven years after her last treatment or examination, in which case you will have become a dead patient in our clinic, and we could destroy their records at the time (but juvenile records will not be inactive patients destroyed before the child’s eighteenth birthday). We will also do so only in accordance with the law (for example, in confidence, a trading partner agreement prohibiting the re-disclosure if necessary).

Collections

If we use or disclose your PHI for purposes of collection, we will only do according to the law. [/ Vc_column_text] [/ vc_column] [/ vc_row]