Information for Patient

• Receive considerate and respectful care in the home at all times, and have property treated with respect.
• Participate in the development of the plan of care, and receive an explanation of any services proposed, changes in service, and alternative services that may be available.
• Receive complete written information on the plan of care, including the name of the home health aide and the supervisor responsible for the services and the agency phone number.
• Refuse medication and treatment, counseling, or other services without fear of reprisal or discrimination.
• Be fully informed of the consequences of all aspects of care, unless medically contraindicated, including the possible results of refusal of medical treatment, counseling or other services.
• Privacy and confidentiality about one’s health, social and financial circumstances and about what takes place in the home.
• Know that all communications and records will be treated confidentially and that no information will be given out without a written release from the client or family.
• Expect that all home care personnel, within the limits set by the plan of care, will respond in good faith to the client’s requests for assistance in the home.
• Receive information on the agency’s policies and procedures including information on charges, qualifications and supervision of personnel, hours of operation, and discontinuation of service; request a change of caregiver.
• Participate in the plan for discontinuation of service with the right to appeal.
• Have access to all bills for service regardless of whether they are paid for out-of-pocket or through other sources of payment.
• Receive regular nursing supervision of the homemaker-home health aide if medically-related personal care is needed.
• Receive a clear explanation of which services and equipment provided by the agency are covered by third-party reimbursement and which services and equipment will be paid for by the client and of the charges which will be incurred.
• Receive a clear explanation of the process to voice grievances about care, treatment, or discontinuation of service without fear of discrimination or reprisal for doing so.
• Appeal agency decisions regarding care, following grievance procedures.
• Know the agency maintains liability insurance coverage; and be given in writing the name and telephone number of a contact person for 24 hour access to the agency.
• Be given written information concerning the agency’s policy on advance directives.
• Access to an interpreter if needed.
• Choose their provider of services and be informed of that right.

• Notify the agency of changes in their condition or care situation (hospitalization, symptoms, etc.).
• Follow the plan of care.
• Notify the agency if the visit schedule needs to be changed.
• Keep appointments and notify the agency if unable to do so.
• Inform the agency of the existence of, and any changes to, advance directives.
• Advise the agency of any problems or dissatisfaction with the service.
• Provide a safe environment for care to be provided.
• Carry out mutually agreed responsibilities.
• Does the agency require criminal record background checks and communicable disease screens for its employees?
• What is the procedure for resolving issues that may arise between the patient/family and home healthcare staff?
• Who can you call with questions or complaints regarding patient care, caretaker issues or general questions?
• What happens if a staff member fails to make a scheduled visit?
• What should the patient do in this situation?
• Who does the agency call if the agency caretaker cannot come when scheduled? (i.e. patient or family member)
• What is the agency caretaker required to do? (i.e. inform patient, reschedule)
• How does the agency handle billing? (i.e., will I be billed for services?)
• Will the agency provide a list of references?

HIPAA Privacy Standards: An Overview

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996. In 1999, Congress directed the federal Department of Health and Human Services (HHS) to establish comprehensive national standards for the privacy and protection of 'individually identifiable health information'. These standards are referred to as the 'HIPAA Privacy Rule'.

HHS published the final privacy rule in August 2002. Under this rule, any use or disclosure of individually identifying health information is prohibited except as otherwise permitted or required by the rule. HIPAA privacy standards cover medical records, health care claims and payments, benefit enrollments and disenrollments, and any other individually identifiable health information held or disclosed by health plans, health care clearing houses and certain health care providers in any form, whether communicated, on paper or verbally.

It has been long recognized that inappropriate disclosure of a person's mental health information could result in that person being subjected to prejudice and stigma. Effective and lasting mental health therapy can take place only in an environment of privacy and trust in which the patient knows that his/her statements will be safeguarded and held in strictest confidence. New York State currently has some of the most restrictive patient confidentiality laws in the country.

What health information is covered by this rule?

The privacy standards protect health information developed or maintained by a 'covered entity' that identifies an individual. If the information has any components that could be used to identify a person, it is protected under the privacy regulation. The protection stays with the information as long as it is in the hands of the covered entity or its business associate.

Preemption of State Laws

HIPAA privacy standards preempt (supersede) all but the 'more stringent' provisions of State law. In this context, 'more stringent' means that the State law is more restrictive regarding the availability of individually identifying patient information to third parties, and more permissive regarding its availability to the patient.

In New York State, HIPAA privacy standards are thought by the Office of Mental Health to preempt some State Mental Hygiene provisions, although the New York standards will continue to prevail in many instances. It may be necessary for some mental health providers and county mental health departments to modify the way they treat patient information, in order to be in compliance with HIPAA. (For more information on NYS provisions thought by OMH to be preempted by HIPAA, please refer to the OMH HIPAA Privacy Rule Preemption Analysis.)

Key privacy provisions in a nutshell

1. Patient Rights
   The standards provide basic rights for individuals with respect to their protected health information (PHI):
   • The right to receive a written Notice of Privacy Practices from health plans and covered providers. The notice must provide a clearly written explanation of how patient medical information will be used and disclosed, and must also inform patients of their rights with regard to their health information under the federal privacy regulations.
   • The right to access or request an amendment to one's own health records.
   • The right to receive an accounting of the instances where the individual's PHI was disclosed for purposes other than treatment, payment or health care operations, if a patient authorization was not required to be signed in order to make the disclosure.
2. Uses and Disclosures of Protected Health Information (PHI)
   The standards prescribe when PHI can be used or disclosed:
   • Covered entities can use and disclose PHI without patient authorization for treatment, payment and health care operations purposes.
   • Unless another exception applies (e.g. for health oversight purposes, for law enforcement purposes, or the use/disclosure is required by law), patient authorization is required for any other use or disclosure of PHI (other than treatment, payment and health care operations).
3. Administrative Requirements
   Under this rule, covered providers and payers are required to implement basic administrative procedures to protect PHI:
   • Written policies and procedures must be established to document compliance with the privacy standards.
   • Reasonable efforts must be made to disclose no more than the minimum amount of PHI necessary to accomplish the intended purpose of the use or disclosure.
   • Appropriate administrative, technical and physical safeguards must be in place to protect the security of the PHI.
   • Written agreements must be developed and used that will ensure that business associates also protect the privacy of PHI.
   • A privacy official must be designated by each covered entity. The privacy official is responsible for the development and implementation of the covered entity's privacy policies and procedures, including mandatory employee awareness training and instruction on the new privacy protection procedures.
   • A system of sanctions for employees and business associates who violate the entity's privacy policies must be developed and used.

Clients should know their rights. Visit https://www.hhs.gov/hipaa/for-individuals/index.html for more information on those rights.

To ensure patient's privacy and confidentiality. To prevent alteration, unauthorized use of, or damage to the patient clinical record/information.

Information about a patient is discussed only with those who have a need for that information. Discussions are to be conducted in a private area to ensure that the conversation will not be overheard. Written communication is also safeguarded. Charts are read only by those involved in the patient's care; those who have the patient's permission and those involved in health care, education and any office personnel who file patient information in charts. This includes access to computer information about the patient.

If patient information is used for education purposes/CQI activities, the patient is not identified by name.

Deliberate violation of the agency's policy regarding the confidentiality of privileged information is considered cause for immediate disciplinary action, which may include employment probation and/or termination of employment.

1. Staff is oriented to the policy/procedure for confidentiality of patient information. The importance of confidentiality is stressed upon interview and a copy of the policy is given to the employee with all other interview information.
2. Agency personnel will sign a confidentiality statement at orientation/in-service.
3. Only personnel involved in the care and service or supervision of care/service on specific patients will have access to patient information.
4. Patients are not to be discussed by clinical or non-clinical agency personnel outside of the clinical setting.
5. With the written consent of the patient (if a minor, the parent's written consent), limited information which is essential for reimbursement is given to the third payers.
6. Applicable regulatory accrediting organizations such as the New York State Department of Health may have access to patient records as required by law, survey, or accreditation.
7. All requests for patient information from outside of the agency are reviewed by the Director to determine if the individual/organization requesting the information is directly involved in the patient care process and permitted access the information.

Your privacy and safety are of the utmost importance to us and we make measures to keep your information secure.

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get an electronic or paper copy of your medical record

• You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
• We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct your medical record

• You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
• We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications

• You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
• We will say “yes” to all reasonable requests.

Ask us to limit what we use or share

• You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
• If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

Get a list of those with whom we’ve shared information

• You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
• We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

• If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
• We will make sure the person has this authority and can act for you before we take any action.

File a complaint if you feel your rights are violated

• You can complain if you feel we have violated your rights by contacting us using the information on page 1.
• You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting https://www.hhs.gov/ocr/privacy/hipaa/complaints/.
• We will not retaliate against you for filing a complaint.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:

• Share information with your family, close friends, or others involved in your care
• Share information in a disaster relief situation
• Include your information in a hospital directory

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In these cases we never share your information unless you give us written permission:

• Marketing purposes
• Sale of your information
• Most sharing of psychotherapy notes

In the case of fundraising:

• We may contact you for fundraising efforts, but you can tell us not to contact you again.

Our Uses and Disclosures How do we typically use or share your health information?

We typically use or share your health information in the following ways.

Treat you

We can use your health information and share it with other professionals who are treating you.

Example: A doctor treating you for an injury asks another doctor about your overall health condition.

Run our organization

We can use and share your health information to run our practice, improve your care, and contact you when necessary.

Example: We use health information about you to manage your treatment and services.

Bill for your services

We can use and share your health information to bill and get payment from health plans or other entities.

Example: We give information about you to your health insurance plan so it will pay for your services.

How else can we use or share your health information?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: https://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

Help with public health and safety issues

We can share health information about you for certain situations such as:

• Preventing disease
• Helping with product recalls
• Reporting adverse reactions to medications
• Reporting suspected abuse, neglect, or domestic violence
• Preventing or reducing a serious threat to anyone’s health or safety

Do research

We can use or share your information for health research.

Comply with the law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Respond to organ and tissue donation requests

We can share health information about you with organ procurement organizations.

Work with a medical examiner or funeral director

We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Address workers’ compensation, law enforcement, and other government requests

We can use or share health information about you:

• For workers’ compensation claims
• For law enforcement purposes or with a law enforcement official
• With health oversight agencies for activities authorized by law
• For special government functions such as military, national security, and presidential protective services

Respond to lawsuits and legal actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Our Responsibilities

• We are required by law to maintain the privacy and security of your protected health information.
• We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
• We must follow the duties and privacy practices described in this notice and give you a copy of it.
• We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information see: https://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.

Changes to the Terms of this Notice

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.