Notice of Privacy Practices
IMPORTANT: THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Cornerstone Adminisystems, Inc is committed to protecting your personal health information. We are required by law to maintain the privacy of health information that could reasonably be used to identify you, known as “protected health information” or “PHI.” We are also required by law to provide you with the attached detailed Notice of Privacy Practices (“Notice”) explaining our legal duties and privacy practices with respect to your PHI.
We respect your privacy, and treat all healthcare information about our patients with care under strict policies of confidentiality that our staff is committed to following at all times.
Please read the detailed notice below. If you have any questions about it, please contact our HIPAA Compliance Offer at 877-214-6018 or firstname.lastname@example.org.
Effective Date of the Notice: 9/23/2013
Detailed Notice of Privacy Practices
Purpose of This Notice
This Notice describes your legal rights, advises you of our privacy practices, and lets you know how Cornerstone Adminisystems, Inc is permitted to use and disclose PHI about you.
Uses and Disclosures of Your PHI We Can Make Without Your Authorization
Cornerstone Adminisystems, Inc may use or disclose your PHI without your authorization, or without providing you with an opportunity to object, for the following purposes:
Treatment. This includes such things as verbal and written information that we obtain about you and use pertaining to your medical condition and treatment provided to you by us and other medical personnel (including doctors and nurses who give orders to allow us to provide treatment to you). It also includes information we give to other healthcare personnel to whom we transfer your care and treatment, and includes transfer of PHI via radio or telephone to the hospital or dispatch center as well as providing the hospital with a copy of the written record we create in the course of providing you with treatment and transport.
Payment. This includes any activities we must undertake in order to get reimbursed for the services that we provide to you, including such things as organizing your PHI, submitting bills to insurance companies (either directly or through a third party billing company), managing billed claims for services rendered, performing medical necessity determinations and reviews, performing utilization reviews, and collecting outstanding accounts.
Healthcare Operations. This includes quality assurance activities, licensing, and training programs to ensure that our personnel meet our standards of care and follow established policies and procedures, obtaining legal and financial services, conducting business planning, processing grievances and complaints, creating reports that do not individually identify you for data collection purposes, fundraising, and certain marketing activities.
Fundraising. We may contact you when we are in the process of raising funds for Cornerstone Adminisystems, Inc, or to provide you with information about our annual subscription program.
In addition, we may use your PHI for certain fundraising activities. For example, we may use PHI that we collect about you, such as your name, home address, phone number or other information, in order to contact you to raise funds for our agency. We may also share this information with another organization that may contact you to raise money on our behalf. If Cornerstone Adminisystems, Inc does use your PHI to conduct fundraising activities, you have the right to opt out of receiving such fundraising communications from Cornerstone Adminisystems, Inc. If you do not want to be contacted for our fundraising efforts, you should contact our HIPAA Compliance Officer in writing, by phone, or by email. Contact information for our HIPAA Compliance Officer is listed at the end of this Notice. We will also remind you of this right to opt out of receiving future fundraising communications every time that we use your PHI to conduct fundraising and contact you to raise funds. Cornerstone Adminisystems, Inc will not condition the provision of medical care on your willingness, or non-willingness, to receive fundraising communications.
Reminders for Scheduled Transports and Information on Other Services. We may also contact you to provide you with a reminder of any scheduled appointments for non-emergency ambulance and medical transportation, or for other information about alternative services we provide or other health-related benefits and services that may be of interest to you.
Other Uses and Disclosure of Your PHI We Can Make Without Authorization
Cornerstone Adminisystems, Inc is also permitted to use or disclose your PHI without your written authorization in situations including:
- For the treatment activities of another healthcare provider;
- To another healthcare provider or entity for the payment activities of the provider or entity that receives the information (such as your hospital or insurance company);
- To another healthcare provider (such as the hospital to which you are transported) for the healthcare operations activities of the entity that receives the information as long as the entity receiving the information has or has had a relationship with you and the PHI pertains to that relationship;
- For healthcare fraud and abuse detection or for activities related to compliance with the law;
- To a family member, other relative, or close personal friend or other individual involved in your care if we obtain your verbal agreement to do so or if we give you an opportunity to object to such a disclosure and you do not raise an objection. We may also disclose health information to your family, relatives, or friends if we infer from the circumstances that you would not object. For example, we may assume that you agree to our disclosure of your personal health information to your spouse when your spouse has called the ambulance for you. In situations where you are incapable of objecting (because you are not present or due to your incapacity or medical emergency), we may, in our professional judgment, determine that a disclosure to your family member, relative, or friend is in your best interest. In that situation, we will disclose only health information relevant to that person’s involvement in your care. For example, we may inform the person who accompanied you in the ambulance that you have certain symptoms and we may give that person an update on your vital signs and treatment that is being administered by our ambulance crew;
- To a public health authority in certain situations (such as reporting a birth, death or disease, as required by law), as part of a public health investigation, to report child or adult abuse, neglect or domestic violence, to report adverse events such as product defects, or to notify a person about exposure to a possible communicable disease, as required by law;
- For health oversight activities including audits or government investigations, inspections, disciplinary proceedings, and other administrative or judicial actions undertaken by the government (or their contractors) by law to oversee the healthcare system;
- For judicial and administrative proceedings, as required by a court or administrative order, or in some cases in response to a subpoena or other legal process;
- For law enforcement activities in limited situations, such as when there is a warrant for the request, or when the information is needed to locate a suspect or stop a crime;
- For military, national defense and security and other special government functions;
- To avert a serious threat to the health and safety of a person or the public at large;
- For workers’ compensation purposes, and in compliance with workers’ compensation laws;
- To coroners, medical examiners, and funeral directors for identifying a deceased person, determining cause of death, or carrying on their duties as authorized by law;
- If you are an organ donor, we may release health information to organizations that handle organ procurement or organ, eye or tissue transplantation, or to an organ donation bank, as necessary to facilitate organ donation and transplantation; and
- For research projects, but this will be subject to strict oversight and approvals and health information will be released only when there is a minimal risk to your privacy and adequate safeguards are in place in accordance with the law.
Uses and Disclosures of Your PHI That Require Your Written Consent
Any other use or disclosure of PHI, other than those listed above, will only be made with your written authorization (the authorization must specifically identify the information we seek to use or disclose, as well as when and how we seek to use or disclose it). Specifically, we must obtain your written authorization before using or disclosing your: (a) psychotherapy notes, other than for the purpose of carrying out our own treatment, payment or health care operations purposes, (b) PHI for marketing when we receive payment to make a marketing communication; or (c) PHI when engaging in a sale of your PHI. You may revoke your authorization at any time, in writing, except to the extent that we have already used or disclosed medical information in reliance on that authorization.
Your Rights Regarding Your PHI
As a patient, you have a number of rights with respect to your PHI, including:
Right to access, copy or inspect your PHI. You have the right to inspect and copy most of the medical information that we collect and maintain about you. Requests for access to your PHI should be made in writing to our HIPAA Compliance Officer. In limited circumstances, we may deny you access to your medical information, and you may appeal certain types of denials. We have available forms to request access to your PHI, and we will provide a written response if we deny you access and let you know your appeal rights. If you wish to inspect and copy your medical information, you should contact our HIPAA Compliance Officer.
We will normally provide you with access to this information within 30 days of your written request. If we maintain your medical information in electronic format, then you have a right to obtain a copy of that information in an electronic format. In addition, if you request that we transmit a copy of your PHI directly to another person, we will do so provided your request is in writing, signed by you (or your representative), and you clearly identify the designated person and where to send the copy of your PHI.
We may also charge you a reasonable cost-based fee for providing you access to your PHI, subject to the limits of applicable state law.
Right to request an amendment of your PHI. You have the right to ask us to amend protected health information that we maintain about you. Requests for amendments to your PHI should be made in writing and you should contact our HIPAA Compliance Officer if you wish to make a request for amendment and fill out an amendment request form.
When required by law to do so, we will amend your information within 60 days of your request and will notify you when we have amended the information. We are permitted by law to deny your request to amend your medical information in certain circumstances, such as when we believe that the information you have asked us to amend is correct.
Right to request an accounting of uses and disclosures of your PHI. You may request an accounting from us of disclosures of your medical information. If you wish to request an accounting of disclosures of your PHI that are subject to the accounting requirement, you should contact our HIPAA Compliance Officer and make a request in writing.
You have the right to receive an accounting of certain disclosures of your PHI made within six (6) years immediately preceding your request. But, we are not required to provide you with an accounting of disclosures of your PHI: (a) for purposes of treatment, payment, or healthcare operations; (b) for disclosures that you expressly authorized; (c) disclosures made to you, your family or friends, or (d) for disclosures made for law enforcement or certain other governmental purposes.
Right to request restrictions on uses and disclosures of your PHI. You have the right to request that we restrict how we use and disclose your medical information for treatment, payment or healthcare operations purposes, or to restrict the information that is provided to family, friends and other individuals involved in your healthcare. However, we are only required to abide by a requested restriction under limited circumstances, and it is generally our policy that we will not agree to any restrictions unless required by law to do so. If you wish to request a restriction on the use or disclosure of your PHI, you should contact our HIPAA Compliance Officer and make a request in writing.
Cornerstone Adminisystems, Inc is required to abide by a requested restriction when you ask that we not release PHI to your health plan (insurer) about a service for which you (or someone on your behalf) have paid Cornerstone Adminisystems, Inc in full. We are also required to abide by any restrictions that we agree to. Notwithstanding, if you request a restriction that we agree to, and the information you asked us to restrict is needed to provide you with emergency treatment, then we may disclose the PHI to a healthcare provider to provide you with emergency treatment.
A restriction may be terminated if you agree to or request the termination. Most current restrictions may also be terminated by Cornerstone Adminisystems, Inc as long we notify you. If so, PHI that is created or received after the restriction is terminated is no longer subject to the restriction. But, PHI that was restricted prior to the notice to you voiding the restriction must continue to be treated as restricted PHI.
Right to notice of a breach of unsecured protected health information. If we discover that there has been a breach of your unsecured PHI, we will notify you about that breach by first-class mail dispatched to the most recent address that we have on file. If you prefer to be notified about breaches by electronic mail, please contact our HIPAA Compliance Officer, to make Cornerstone Adminisystems, Inc aware of this preference and to provide a valid email address to send the electronic notice. You may withdraw your agreement to receive notice by email at any time by contacting our HIPAA Compliance Officer.
Right to request confidential communications. You have the right to request that we send your PHI to an alternate location (e.g., somewhere other than your home address) or in a specific manner (e.g., by email rather than regular mail). However, we will only comply with reasonable requests when required by law to do so. If you wish to request that we communicate PHI to a specific location or in a specific format, you should contact our HIPAA Compliance Officer and make a request in writing.
Internet, Email and the Right to Obtain Copy of Paper Notice
If we maintain a web site, we will prominently post a copy of this Notice on our web site and make the Notice available electronically through the web site. If you allow us, we will forward you this Notice by electronic mail instead of on paper and you may always request a paper copy of the Notice.
Revisions to the Notice
Cornerstone Adminisystems, Inc is required to abide by the terms of the version of this Notice currently in effect. However, Cornerstone Adminisystems, Inc reserves the right to change the terms of this Notice at any time, and the changes will be effective immediately and will apply to all PHI that we maintain. Any material changes to the Notice will be promptly posted in our facilities and on our web site, if we maintain one. You can get a copy of the latest version of this Notice by contacting our HIPAA Compliance Officer.
Your Legal Rights and Complaints
You also have the right to complain to us, or to the Secretary of the United States Department of Health and Human Services, if you believe that your privacy rights have been violated. You will not be retaliated against in any way for filing a complaint with us or to the government.
Should you have any questions, comments or complaints, you may direct all inquiries to our HIPAA Compliance Officer. Individuals will not be retaliated against for filing a complaint.
If you have any questions or if you wish to file a complaint or exercise any rights listed in this Notice, please contact:
Cornerstone Adminisystems, Inc
HIPAA Compliance Officer
23 Old Depot Road
New Cumberland, PA 17070