Notice of Privacy Practices

Your Rights Under the Federal HIPAA Privacy Standard

Although your health records are the physical property of the Greater New Bedford Community Health Center, you have certain rights with regard to the information contained therein.

You have the right to:

  • Request restriction on uses and disclosures of your health information for other than treatment, payment, and health care operations. "Health care operations" is defined as activities that are necessary to carry out the operations of the health center, an example of these would be quality assurance audits and provider peer chart reviews. The right to request restriction does not extend to uses or disclosures permitted or required under subsection §§!64.502(a)(2)(i) (disclosures of your information to you); subsection §§164.510(a) (for facility directories, such as your provider's schedule; but note, you have the right to object to such uses); or subsection §§164.512 (uses and disclosures required by law, such as mandatory communicable disease reporting), in these cases, you do not have the right to request restriction. The Consent you have signed allowing us to use and disclose your individually identifiable health information provides you the ability to request a restriction. We do not, however, have to agree to the restriction. If we do grant the restriction, however, we will adhere to it unless you request otherwise or we give you advance notice. You may also ask us to communicate with you by alternate means and, if the method of communication is reasonable, we must grant the alternate communication request (we currently do not advocate the use of unsecured email communication). Again see the Consent form.
  • Obtain a copy of this notice of information practices and provide us with a signed receipt of receiving this notice. Although we have posted a copy in prominent locations throughout our facilities, you have the right to a paper copy upon request
  • Inspect and copy your health information upon request. Again, your right is not absolute. In certain situations, such as if access would cause harm, we can deny access. You do not have a right of access to the following:
  1. Mental Health or Psychotherapy notes. Such notes comprise those that are recorded in any medium by a health care professional who is a mental health professional documenting or analyzing a conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of your medical record.
  2. Information compiled in reasonable anticipation of or for use in civil, criminal, or administrative actions or proceedings.
  3. PHI (protected health information) that is subject to the Clinical Laboratory Improvement Amendments of 1988 ("CLIA"), 42 U.S.C § 263a, to the extent that the provision of access to the individual would be prohibited by law.
  4. Information was obtained from someone other than a health care professional under the promise of confidentiality and the access requested would be reasonably likely to reveal the source of the information.

In other situations, the provider may deny you access but, if the provider does, the provider must provide you with a review of the decision denying access. These "reviewable"grounds for denial include:

  • Licensed health care professional has determined, in the exercise of professional judgment, that the access is reasonably likely to endanger the life or physical safety of the individual or another person.
  • PHI makes reference to another person (other than a health care provider) and a licensed health care provider has determined, in the exercise of professional judgment, that the access is reasonably likely to cause harm to such other person.
  • The request is made by the individual's authorized representative and a licensed health care professional has determined, in the exercise of professional judgment, that providing access to such personal representative is reasonably likely to cause substantial harm to the individual or another person.

For these reviewable grounds, another licensed professional must review the decision of the provider denying access within 60 days. If we deny you access, we will explain why and what your rights are, including how to seek review. If we grant access, we will tell you what, if anything, you have to do to get access.

We reserve the right to charge a reasonable, cost-based fee for making copies.

Request to amend or correct your health information. We do not have to grant the request if:

  • We did not create the record. If, as in the case of a consultation report from another provider, we did not create the record, we cannot know whether it is accurate or not. Thus, in such cases you must seek amendment or correction from the provider that created the record. If they amend or correct the record, we will put the corrected record in our records.
  • The records are not available to you as discussed above.
  • The record is accurate and complete.

If we deny your request for amending or correcting your record, we will notify you as to why. We will explain how you can attach a statement of disagreement to your record (which we may rebut), and how you can complain.

If we grant your request to amend or correct your record, the amendment or correction will become part of your permanent record and we will identify within our system those who will need the amendment or correct and distribute it accordingly. If there are others you feel need a copy of the amendment or correction, that are outside our system, with your authorization we will provide it to them.

Obtain an accounting of "non-routine" uses and disclosures (those other than for Treatment, Payment, and Health care Operations [HPO]) to individuals of protected health information. We do not need to provide an accounting for:

  • The facility directory or to persons involved in the individual's care or other notification purposes as provided in § 164.510 (uses and disclosures requiring an opportunity for the individual to agree or to object, including notification to family members, personal representatives, or other persons responsible for the care of the individual, of the individual's location, general condition, or death).
  • For national security or intelligence purposes under § 164.512(k}(2) (disclosures not requiring consent, authorization, or opportunity to object, see chapter 16)
  • To correctional institutions or law enforcement officials under § 164.512(k)(5) (disclosures not requiring consent, authorization, or an opportunity to object).
  • Disclosures that happened prior to April 14, 2003

We must provide the accounting within 60 days. The accounting will include:

  • Date of the disclosure.
  • Name and address of the organization or person who received the protected health information (PHI).
  • Brief description of the information disclosed.
  • Brief statement of the purpose of the disclosure that reasonably informs you of the basis for the disclosure or, in lieu of such statement, a copy of your written authorization, or a copy of the written request for disclosure.

The first accounting in any 12 month period is free. Thereafter, we reserve the right to charge a reasonable, cost based fee.

Revoke your consent or authorization to use or disclose protected health information (PHI) except to the extent that we have already taken action in reliance on the consent or authorization.

Our Responsibilities Under the Federal HIPAA Privacy Standard

In addition to providing you your rights, as detailed above, the federal HIPAA privacy standard requires us to:

  • Maintain the privacy of your health information, including implementing reasonable and appropriate physical, administrative, and technical safeguards to protect the information.
  • Provide you with this notice as to our legal duties and privacy practices with respect to individually identifiable health information we collect and maintain about you.
  • Abide by the terms of this notice.
  • Train our personnel concerning privacy and confidentiality.
  • Implement a sanction policy to discipline those who breach privacy I confidentiality or our policies with regard there to.
  • Mitigate (lessen the harm of) any breach of privacy I confidentiality.

We will not use or disclose your health information without your consent or authorization, except as described in this notice or otherwise required by law.

Examples of Disclosures for Treatment, Payment, and Health care Operations

We will share your health information for treatment.

Example: A physician, nurse, or other member of your health care team will record information in your record to diagnose }'our condition and determine the best course of treatment for you. The primary care giver will give treatment orders and document what he or she expects other members of the health care team to do to treat you. Those other members will then document the actions they took and their observations. In that way, the primary caregiver will know how you are responding to treatment.

With a properly signed authorization, we will also provide a subsequent health care provider with copies of your records to assist them in treating you.

We will use your health information for seeking payment for services rendered.

Example: We may send a bill to you, or to a third -party payer, such as your health ins;urance company. The information on or accompanying the bill may include information that identifies you, your diagnosis, treatment received, and supplies used.

We will use your health information for health care operations.

Example: Members of the medical staff, the risk or quality improvement manager, or members of the quality assurance team may use information in your health record to assess the care and outcomes in your cases and the competence of the caregivers. We will use this information in an effort to continually improve the quality and effectiveness of the health care and services we provide. When reporting results, personal identifiers are used whenever possible.

Business Associates: We provide some services through contracts with business associates. Examples include but are not limited to diagnostic tests, paper shredding copy service to make copies of medical records, and the like. When we use these services, we may disclose your health information to the business associate so that they can perform the function(s) we have contracted with them to do and bill you, or your third-party insurer, or GNBCHC for services rendered. To protect your health information however, we require our business associates to appropriately safeguard your information.

Directory: Unless you notify us that you object, we will use your name, location in the facility, and general condition for directory purposes. This information may be provided to our staff or others to help expedite your treatment or help in health care operations.

Notification: We may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, your location, and general condition.

Communication with family: Unless you object, health professionals, using their best judgment, may disclose to a family member, other relative, close personal friend or any other person you identify, health information relevant to that person's involvement in your care or payment related to your care.

Research: We may disclose information to researchers when their research project has been approved by the GNBCHC Research Review Committee and that the Committee has reviewed the research proposal and established protocols to ensure the privacy of your health information.

Funeral Directors: We may disclose health information to funeral directors consistent with applicable laws to enable them to carry out their duties.
Marketing continuity of care: We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.

Fund-raising: We may contact you as part of a fund-raising effort You have the right to request not to receive subsequent fund-raising materials.

Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse effects I events with respect to food, drugs, supplements, product or product defects, or post marketing signorinas information to enable product recalls, repairs or replacement.

Worker's Compensation: We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to worker's compensation or other similar programs established by law.

Public Health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, disability, or death.

Correctional Institutions: Should you be an inmate of a correctional institution, we may disclose to the institution or agents there of health information necessary for your health and the health and safety of other individuals, as required by law.

Law Enforcement: We may disclose health information for purposes as required by law or in response to a valid subpoena.

Health Oversight Agencies and Public Health Authorities: If a member of our workforce or a business associate believes in good faith that we have engaged in unlawful conduct or otherwise violate professional or clinical standards and are potentially endangering one or more patients, workers, or the public, they may disclose your health information to health oversight agencies and/or public health authorities, such as the department of public health. As part of our federal and state funding requirements we may disclose your health information to authorized members of their staff or organizations that may be acting as their agent as part of oversight audits.

Department of Health and Human Services (DHHS): Under the HIPAA privacy standards, we must disclose your health information to DHHS as necessary for them to determine our compliance with those standards


How to get more information or to Report a Problem.

If you have questions, would like additional information, or you believe your privacy rights have been violated, please contact the Privacy Officer at GNBCHC, 874 Purchase Street, New Bedford, MA 02740 or (508) 984-8405- ext 106. If you feel that we have not adequately addressed your concerns, you may contact the Privacy Officer at the above address or contact the Secretary of the Department of Health and Human Services.

You will not be penalized for filing a complaint.