HUMAN SERVICE AGENCY NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This notice of Privacy Practices describes how protected health information may be used or disclosed by the Human Service Agency to carry out treatment, payment, health care operations, and for other purposes that are permitted or required by law. The notice also sets out our legal obligations concerning your protected health information, and describes your rights to access and control your protected health information. Protected health information (“PHI”) is individually identifiable health information, including demographic information.

This Notice of Privacy Practices has been drafted to be consistent with what is known as the “HIPAA Privacy Rule. In addition, this Notice of Privacy Practices has been updated and amended for changes or additions brought about by the HIPAA Security Rule and provisions of the HITECH act.

If you have any questions or want additional information about the Notice or the policies and procedures described in the Notice, please contact: Human Service Agency, 123 - 19th Street NE, Box 1030, Watertown, SD 57201 or call 605-886-0123 and ask to speak to the Privacy or Security Officer.

OUR RESPONSIBILITIES

We are required by law to maintain the privacy of your protected health information. We are obligated to provide you with a copy of this Notice of our legal duties and of our privacy practices with respect to protected health information and we must abide by the terms of this Notice. We reserve the right to change the provisions of our Notice and make the new provisions effective for all protected health information that we maintain. If we make a material change to our Notice, we will mail a revised Notice to the address we have on file. You have the right to receive a paper copy of this Notice and/or electronic copy by email upon request.

Primary Uses and Disclosures of Protected Health Information

We use and disclose PHI for a variety of reasons. The law provides that we are permitted to make some uses/disclosures of your PHI without your consent or authorization for purposes of treatment, payment or our health care operations. For uses beyond that, we must have your written authorization unless the law permits or requires us to make the use or disclosure without your authorization. If we disclose your PHI to an outside entity in order for that entity to perform a function on our behalf, we must have in place a Business Associate agreement from the outside entity that it will extend the same degree of privacy protection to your information that we must apply to your PHI. The following offers more description and some examples of our potential uses/disclosures of your PHI.

Payment and Health Care Operations

We have the right to use and disclose your protected health information for all activities that are included within the definitions of “treatment”, “payment” and “health care operations” as set out in 45 C.F.R. & 164.501 (this provision is a part of the HIPAA Privacy Rule). We have not listed in this Notice all of the activities included within these definitions so please refer to 45 C.F.R. & 164.501 for a complete list.

  • *Treatment: We may disclose your PHI to doctors, nurses, and other health care personnel who are involved in providing your health care. For example, your PHI will be shared among members of your treatment team. Your PHI may also be shared with outside entities performing ancillary services relating to your treatment, for consultation purposes and/or community mental health agencies involved in provision or coordination of your care.

  • *Payment: We may use and disclose medical information about you so that the treatment and services you receive at our facility may be billed to and payment collected from you, an insurance company or other third party. We will agree to a request by you to restrict the disclosure of protected health information about you to a health plan if: (A) the disclosure is for the purposes of carrying out payment or health care operations and is not otherwise required by law; and (B) the protected health information pertains solely to a health care item or service for which you, or a person on your behalf other than the health plan, has paid in full out of pocket.

  • *Health Care Operations We may use/disclose your PHI in the course of operating the Human Service Agency. For example, we may use your PHI in evaluating the quality of services provided, or disclose your PHI to our accountant or attorney for audit purposes. Since we are an integrated system, we may disclose your PHI to designated staff in our central office or our Office of Support Services for similar purposes. Release of your PHI to state agencies might also be necessary to determine your eligibility for publicly funded services.

  • *Appointment Reminders:Unless you provide us with alternative instructions, we may contact you to remind you of appointments by phone or send reminders and other similar materials to your home. If you provide us with your email address, we may send appointment reminders by email.

Uses and Disclosures Requiring Authorization: For uses and disclosures beyond treatment, payment and operations purposes we are required to have your written authorization, unless the use or disclosure falls within one of the exceptions described below. Authorization can be revoked at any time to stop future uses/disclosures except to the extent that we have already undertaken and action in reliance upon your authorization.

Uses and Disclosures of PHI from Mental Health Records Not Requiring Consent or Authorizations The law provides that we may use/disclose your PHI from mental health records without your consent or authorization in the following circumstances.

  • *When required by law: We may disclose PHI when a law requires that we report information about suspected abuse, neglect or domestic violence, or relating to suspected criminal activity, or in response to a court order. We must also disclose PHI to authorities that monitor compliance with these privacy requirements.

  • *For Public health activities: We may disclose PHI when we are required to collect information about disease or injury, or to report vital statistics to the public health authority.

  • *For health oversight activities: We may disclose PHI to our central office, the protection and advocacy agency, or another agency responsible for monitoring the health care system for such purposes as reporting or investigation of unusual incidents.

  • *Relating to decedents: We may disclose PHI relating to an individual’s death to coroners, medical examiners or funeral directors, and to organ procurement organizations relating to organ, eye, or tissue donations or transplants.

  • *For research purposes: In certain circumstances, and under supervision of a privacy board, we may disclose PHI to our central office research staff and their designees in order to assist medical/psychiatric research.

  • *To avert threat to health or safety: In order to avoid a serious threat to health or safety, we may disclose PHI as necessary to law enforcement or other persons who can reasonably prevent or lessen the threat of harm.

  • *For specific government functions We may disclose PHI of military personnel and veterans in certain situations, to correctional facilities in certain situations, to government benefit programs relating to eligibility and enrollment, and for national security reason, such as protection of the President.

  • *Incidental Disclosures: Incidental disclosures of your health care information may occur as a by-product of permitted uses and disclosures of your health care information. For example, a visitor may overhear a discussion about your care at the receptionist desk. These incidental disclosures are permitted if we have applied reasonable safeguards to protect the confidentiality of your information.

Uses and Disclosures of PHI from Alcohol and Other Drug Records not Requiring (Consent or) Authorization: The law provides that we may use/disclose your PHI from alcohol and other drug records without consent or authorization in the following circumstances:

  • *When required by law: We may disclose PHI when a law requires that we report information about suspected child abuse and neglect, or when a crime has been committed on the program premises or against program personnel, or in response to court order.

  • *Relating to decedents: We may disclose PHI relating to an individual’s death if state or federal law requires the information for collection of vital statistics or inquiry into cause of death.

  • *For research, audit or evaluation purposes: In certain circumstances, we may disclose PHI for research, audit or evaluation purposes.

  • *To avert threat to health or safety: In order to avoid a serious threat to health or safety, we may disclose PHI to law enforcement when a threat is made to commit a crime on the program premises or against program personnel.

  • *Incidental Disclosures Incidental disclosures of your health care information may occur as a by-product of permitted uses and disclosures of your health care information. For example, a visitor may overhear a discussion about your care at the receptionist desk. These incidental disclosures are permitted if we have applied reasonable safeguards to protect the confidentiality of your information.

Uses and Disclosures Requiring You to have an Opportunity to Object: In the following situations, we may disclose a limited amount of your PHI if we inform you about the disclosure in advance and you do not object, as long as the disclosure is not otherwise prohibited by law. However, if there is an emergency situation and you cannot be given an opportunity to object, disclosure may be made if it is consistent with any prior expressed wishes and disclosure is determined to be in your best interests. You must be informed and given an opportunity to object to further disclosure as soon as you are able to do so.

To families, friends or others involved in your care: We may share with these people, information directly related to their involvement in your care, or payment for you care. We may also share PHI with these people to notify them about your location, general condition or death.

Your Rights Regarding Your Protected Health Information. You have the following rights relating to your protected health information:

  • *To request restrictions on uses/disclosures: You have the right to ask that we limit how we use or disclose your PHI. We will consider your request, but are not legally bound to agree to the restriction. To the extent that we do agree to any restrictions on our use/disclosure of your PHI, we will put the agreement in writing and abide by it except in emergency situations. We cannot agree to limit uses/disclosures that are required by law. However, if you have paid in full for the services, you do have the right to limit disclosure to health plans.

  • *To choose how we contact you: You have the right to ask that we send your information to an alternative address or by an alternative means. We must agree to your request as long as it is reasonably easy for us to do so.

  • *To inspect and copy your PHI or receive electronic copies of your PHI: Unless your access is restricted for clear and documented treatment reasons, you have a right to see your protected health information upon your written request. We will respond to your request within 15 calendar days with an extension of no more than an additional 15 calendar days upon receipt of request. If we deny your access, we will give you written reasons for the denial and explain any right to have the denial reviewed. If you want copies of your PHI, we may charge a reasonable, cost-based fee. You have a right to choose what portions of your information you want copied and to have prior information on the cost of copying.

  • *To request amendment of your PHI: If you believe that there is a mistake or missing information in our record of your PHI, you may request, in writing, that we correct or add to the record. We will respond within 60 days of receiving your request. We may deny the request if we determine that the PHI is: (i) correct and complete; (ii) not created by us and/or not part of our records, or; (iii) not permitted to be disclosed. Any denial will state the reasons for denial and explain your rights to have the request and denial, along with any statement in response that you provide, appended to your PHI. If we approve the request for amendment, we will change the PHI and so inform you, and tell others that need to know about the change in the PHI.

  • *To find out what disclosures have been made: You have a right to get a list of when, to whom, for what purpose, and what content of your PHI has been released other than instances of disclosure: for treatment, payment and operations; to you, your family, or pursuant to your written authorization. The list also will not include any disclosures made for national security purposes, to law enforcement officials or correctional facilities, or disclosures made before April 2003. We will respond to your written request for such a list within 60 days of receiving it. Your request can relate to disclosures going as far back as six years. There will be no charge for up to one such list each year. There may be a charge for more frequent requests.

Notification of Breach

If it is determined that the Human Service Agency as a covered entity, or any of our Business Associates with who we have contracted with, have used or disclosed PHI in a manner that can be considered a “breach” of PHI or that we have not “served” in a manner consistent with the Regulations, we will notify you within 60 days of such discovery, and provide you with proper notification of such breach, the content of which will describe the circumstances relating to the breach, a description of the type of unsecured PHI involved in the breach, steps that you should take to protect you interests, and a brief description of what we (and our Business Associates) are doing to investigate the breach, mitigate harm to you, and protect against future breaches.

Complaints

You may complain to us if you believe that we have violated your privacy rights. You may file a complaint with us by calling us at 605-886-0123 asking to speak with the Privacy Officer.

You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services. Complaints filed directly with the Secretary must: (1) be in writing; (2) contain the name of the entity against which the complaint is being lodged; (3) describe the relevant problems; and (4) be filed within 180 days of the time you became or should have become aware of the problem.

We will not penalize or in any other way retaliate against you for filing a complaint with the Secretary or with us.

Effective Date: This Notice was effective 7/1/21

Updated 12/10/2021