Keeping Your Data Safe & Sound.
Information regarding your health care, including payment for health care, is protected by two federal laws: the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), 42 U.S.C. & 1320d et seq., 45 C.F.R. Parts 160 & 164, and the Confidentiality Law, 42 U.S.C & 290dd-2, 42 C.F.R. Part 2. Under these laws, Relevance may not say to a person outside Relevance that you attend the program, nor may Relevance disclose any information except as permitted by federal law.
Relevance must obtain your written consent before it can disclose information about you for payment process. For example, Relevance must obtain your written consent before it can disclose information to your health insurer in order to be paid for services. Generally, you must also sign a written consent before Relevance can share information for treatment purposes or for health care operations. However, federal law permits Relevance to disclose information without your written permission:
Pursuant to an agreement with a Qualified Service Organization;
For research, audit or evaluations;
To report a crime committed on Relevance’s premises or against Relevance personnel;
To medical personnel in a medical emergency;
To appropriate authorities to report suspected child abuse or neglect;
As allowed by a court order.
For example, Relevance can disclose information without your consent to obtain legal or financial services, or to another medical facility to provide health care to you, as long as there is a Qualified Service Organization Agreement in place.
Before Relevance can use or disclose any information about your health in a manner which is not described above, it must obtain your specific written consent allowing it to make the disclosure. Any such written consent may be revoked by you in writing.
Your Rights:
Under HIPAA you have the right to request restrictions on certain uses and disclosures of your health information. Relevance is not required to agree to any restrictions you request, but if it does agree then it is bound by that agreement and may not use or disclose any information which you have restricted except as necessary in a medical emergency. You have the right to request that we communicate with you by alternative means or at an alternative location. Relevance will accommodate such requests that are reasonable and will not request an explanation from you. Under HIPAA you also have the right to inspect and copy your own health information maintained by Relevance, except to the extent that the information contains psychotherapy notes or information compiled for use in a civil, criminal or administrative proceeding or in other limited circumstances. Under HIPAA you also have the right, with some exceptions, to amend health care information maintained in Relevance’s records, and to request and receive an accounting of disclosures of your health related information made by Relevance during the six years prior to your request. You also have the right to receive a paper copy of this notice.
Relevance’s Duties:
Relevance is required by law to maintain the privacy of your health information and to provide you with notice of its legal duties and privacy practices with respect to your health information. Relevance is required by law to abide by the terms of this notice. Relevance reserves the right to change the terms of this notice and to make new notice provisions effective for all protected health information it maintains.
Complaints and Reporting Violations:
You may complain to Relevance and the Secretary of the United States Department of Health and Human Services if you believe that your privacy rights have been violated under HIPAA. You will not be retaliated against for filing such a complaint.
Violation of the Confidentiality Law by a program is a crime. Suspected violations of the Confidentiality Law may be reported to the United States Attorney in the district where the violation occurs.
Contact:
For further information contact our office at 866-245-0653.
HIPAA Privacy Policy
THIS NOTICE DESCRIBES HOW MEDICAL AND DRUG AND ALCOHOL RELATED INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions or concerns, feel free to contact us.
Keeping Your Health Information Safe & Sound.
Policy
It is the policy of Relevance to adhere to all federal and state guidelines regarding client confidentiality. Relevance is mandated to follow procedures outlined by the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and Federal Regulation, 42 C.F.R. Part 2 (Part 2), which protects client identifying information, as well as all regulatory stipulations detailed in the New Jersey Administrative Code. This information includes any information, whether oral or written, that would directly or indirectly reveal an individual’s status as a current or former client of Relevance.
Client Rights
The right to be informed of these rights, as evidenced by the client’s written acknowledgment or by documentation by staff in the clinical record that the client was offered a written copy of these rights and given a written or verbal explanation of these rights in terms the client could understand.
The right to be notified of any rules and policies the program has established governing client conduct in the facility.
The right to be informed of services available in the program, the names and professional status of the staff providing and/or responsible for the client’s care, and fees and related charges, including the payment, fee, deposit, and refund policy of the program and any charges for services not covered by sources of third-party payment or the program’s basic rate.
The right to be informed if the program has authorized other health care and educational institutions to participate in his or her treatment, the identity and function of these institutions, and to refuse to allow their participation in his or her treatment.
The right to receive from his or her physicians or clinical practitioner(s) an explanation of his or her complete medical/health condition or diagnosis, recommended treatment, treatment options, including the option of no treatment, risks(s) of treatment, and expected result(s), in terms that he or she understands.
If, in the opinion of the medical director or director of substance abuse counseling, this information would be detrimental to the client’s health, or if the client is not capable of understanding the information, the explanation shall be provided to a family member, legal guardian or significant other, as available.
Release of information to a family member, legal guardian or significant other, along with the reason for not informing the client directly, shall be documented in the client’s clinical record.
All consents to release information shall be signed by client or their parent, guardian or legally authorized representative.
The right to participate in the planning of his or her care and treatment, and to refuse medication and treatment.
A client’s refusal of medication or treatment shall be documented in the client’s clinical record.
The right to participate in experimental research only when the client gives informed, written consent to such participation, or when a guardian or legally authorized representative gives such consent for an incompetent client in accordance with law, rule and regulation.
The right to voice grievances or recommend changes in policies and services to program staff, the governing authority, and/or outside representatives of his or her choice either individually or as group, free from restraint, interference, coercion, discrimination, or reprisal.
The right to be free from mental and physical abuse, exploitation, and from use of restraints;
A client’s ordered medications shall not be withheld for failure to comply with facility rules or procedures, unless the decision is made to terminate the client in accordance with this chapter; medications may only be withheld when the facility medical staff determines that such action is medically indicated.
The right to confidential treatment of information about the client.
Information in the client’s clinical record shall not be released to anyone outside the program without the client’s written approval to release the information in accordance with Federal statutes and rules for the Confidentiality of Alcohol and Drug Abuse Client Records at 42 U.S.C. §§290dd-2, and 290ee-2, and 42 CFR Part 2 §§2.1 et seq., and the provisions of the Health Insurance Portability and Accountability Act (HIPAA) at 45 CFR Parts 160 and 164, unless the release of the information is required and permitted by law, a third-party payment contract, a peer review, or the information is needed by DMHAS for statutorily authorized purposes.
The program may release data about the client for studies containing aggregated statistics only when the client’s identity is protected and masked.
The right to be treated with courtesy, consideration, respect, and with recognition of his or her dignity, individuality, and right to privacy, including, but not limited to, auditory and visual privacy.
The client’s privacy also shall be respected when program staff are discussing the client with others.The right to exercise civil and religious liberties, including the right to independent personal decisions.
No religious beliefs or practices, or any attendance at religious services, shall be imposed upon any client.
The right to not be discriminated against because of age, race, religion, sex, nationality, sexual orientation, disability (including, but not limited to, blind, deaf, hard of hearing), or ability to pay; or to be deprived of any constitutional, civil, and/or legal rights.
Programs shall not discriminate against clients taking medications as prescribed.
The right to be transferred or discharged only for medical reasons, for the client’s welfare, that of other clients or staff upon the written order of a physician or other licensed clinician, or for failure to pay required fees as agreed at time of admission (except as prohibited by sources of third-party payment).
Transfers and discharges, and the reasons therefore, shall be documented in the client’s clinical record.
If a transfer or discharge on a non-emergency basis is planned by the outpatient substance abuse treatment program, the client and his or her family shall be given at least 10 days advance notice of such transfer or discharge, except as otherwise provided for in N.J.A.C. 10:161B-6.4(c).
The right to be notified in writing, and to have the opportunity to appeal, an involuntary discharge.
The right to have access to and obtain a copy of his or her clinical record, in accordance with the program’s policies and procedures and applicable Federal and State laws and rules.
To file a complaint if regarding personal HIPAA rights or to learn more about our policies, please contact admissions at 866-245-0653
Uses & Disclosures
Upon admission, clients will be able to complete consent forms as needed which will dictate how the client authorizes Relevance to release specific information in their clinical record. All consents will be maintained in the client’s record.
To obtain a client’s consent, the following conditions must be met:
The client is informed in a manner to assure his/her understanding, of the specific types of information that have been requested, and the benefits and disadvantages of releasing the information as it is known.
The client gives consent freely and voluntarily.
The client is informed that treatment services are not contingent upon the client’s decision concerning the release of information.
If Relevance receives a request for a disclosure of a client’s records that is not permitted by the regulation, Relevance must refuse to make the disclosure. It must be done in a way that does not reveal that the client has ever been diagnosed or treated for an alcohol or drug problem.
Client identifying information may be disclosed with written authorization. Limited disclosures are permitted in the following circumstances:
Internal communications
Any information not classified as PHI
Medical emergency
Court order
Crime at Relevance or against Relevance personnel
Research
Audit and evaluation
Child abuse and neglect
Billing, claims management, and collection activities
Qualified Service Organization/Business Associate Agreement
Relevance requires that its employees make reasonable efforts to limit the information, being shared to the minimum necessary to accomplish the intended purpose. Relevance employees have access to all protected health information within the programs. Counselors have access to protected health information of clients on their caseload. Other employees may have access to protected health information that is needed for consultation and case management.
Clinicians must document an accounting of disclosures made without client consent.
Clients have the right to receive an accounting of disclosures of their own protected health
information made prior to the date of the request. This accounting does not have to include
disclosures made with client authorization.
Specialized Disclosures
Judiciary, Insurance Companies, and Hospitals
Only those portions of the client’s record specifically requested will be released and only if those portions fall under the federal and state guidelines of information allowed to be released.
Requests from insurance companies will be honored only if their company is named on the face sheet of the record and there is consent. The information to be released is restricted by the federal and state guidelines.
Attorney Requests/Subpoenas
Attorney requests for records must be accompanied by valid client consent. Additionally, a subpoena is not sufficient for record release. Unless there is a valid client consent, a court order, signed by a Judge of Court of Common Pleas or higher, is required for Relevance to release the records.
Upon receipt of an attorney’s request or subpoena, the Administrator or their designee will retrieve the record and place it in a locked file for security. If the record is required for internal purposes, a copy of the record will be made for that use, and the original will remain secured and accessible only to the Administrator.
Search/Arrest Warrants
In the event an employee must respond to a search/arrest warrant, the following procedures are to be followed:
Kindly explain to the law enforcement officer that Relevance cannot cooperate with a search or arrest warrant without an appropriate court order, one that has been issued in accordance with the regulations. Law enforcement officers are not permitted to search inside the building. Every effort will be made for Relevance personnel to explain to the client that they should willfully surrender to law enforcement without disclosing that the client at Relevance, as to protect their confidentiality.
Immediately notify the Administrator or his/her designee so that the situation may be resolved in a manner that either the client’s rights or Administrator’s position is not compromised.
If the officer insists on entry, do not forcibly resist. Obtain the officer(s) identification, and allow the officer(s) into Relevance. Refusing to obey the orders of a law enforcement officer may constitute a crime, even though the officer’s orders may later be shown to be erroneous or illegal.
Once the officer(s) are inside Relevance, employees are to escort them to an empty conference room/office where they are to await for the Administrator or their designee. Any assistance permitted by federal and state law, as well as Relevance policies, will be provided to the officer(s). If necessary, the Administrator or their designee will contact the agency’s legal representatives for means of a resolution if the officer(s) demands would violate federal and state law.
Complete an Incident Report with the officer(s) identification information (e.g. name, police department, badge number).
The above procedures do not apply if the officer has an arrest warrant for a particular client who committed or threatened to commit a crime on the premises of the program or against an employee of Relevance. Employees are permitted to release client identifying information to assist law enforcement authorities in apprehending a client who commits or threatens to commit a crime on Relevance property.
Refusal to Honor a Written Consent
Relevance will refuse to honor a written client consent form if there is:
Reasonable doubt as to the identity of the person presenting the authorization, or evidence that the person requesting the information is not the person named in the authorization or refusal to offer reasonable proof of identity, such as a driver’s license.
Evidence that the client is not legally authorized to disclose the information or if there is a serious question regarding the client’s mental capacity to understand what they have authorized by their signature.
Evidence that the person signing for a minor or incompetent client is not legally qualified to do so.
Reason to suspect the client’s signature is not authentic.
Reason to question the current validity of an authorization because it is general in nature and does not specifically identify the type of records to be released or the specific items to be released.
Learn More About HIPAA
According to the Privacy Rule, a covered entity may not use or disclose protected health information, except either: (1) as the Privacy Rule permits or requires; or (2) as the individual who is the subject of the information (or the individual’s personal representative) authorizes in writing. HealthITSecurity.com will kick off its HIPAA Privacy Rule series with a breakdown of permitted protected health information (PHI) uses and disclosures.
Healthcare providers, health plans, healthcare clearinghouses and business associates are all covered under the HIPAA Privacy Rule. And PHI is defined as, among other items, an individual’s past, present or future physical or mental health or condition; the provision of health care to the individual, or the past, present, or future payment for the provision of health care to the individual. A covered entity is permitted, but not required, to use and disclose PHI, without an individual’s authorization, in these situations:
To the Individual – A HIPAA covered entity may disclose protected health information to the individual who is the subject of the information.
Treatment, Payment, Health Care Operations – A covered entity may use and disclose PHI for its own treatment, payment, and health care operations activities. Other disclosures include provider treatment and payment activities
Another option is obtaining consent – written permission from individuals to use and disclose their PHI for treatment, payment, and health care operations. Consent is optional under the Privacy Rule for all covered entities.
Uses and Disclosures with Opportunity to Agree or Object – By asking the individual outright, or by circumstances that clearly give the individual the opportunity to agree, acquiesce, or object, a covered entity can get informal permission for a disclosure. An example of this may be when an individual is incapacitated.
Incidental Use and Disclosure – It’s important to note that covered entities and BAs aren’t required to eliminate every risk of an incidental use or disclosure of PHI. With the provisions that the covered entity has adopted reasonable safeguards as required by the Privacy Rule and the information being shared was limited to the “minimum necessary,” a disclosure that was “incident” to an otherwise permitted use or disclosure is permitted.
Public Interest and Benefit Activities – The HIPAA Privacy Rule permits use and disclosure of PHI, without an individual’s authorization or permission, for these 12 national priority purposes.
Required by Law – These required by law disclosures include by statute, regulation, or court orders.
Public Health Activities – These activities include:
(1) public health authorities authorized by law to collect or receive such information for preventing or controlling disease, injury, or disability and to public health or other government authorities authorized to receive reports of child abuse and neglect;
(2) entities subject to FDA regulation regarding FDA regulated products or activities for purposes such as adverse event or tracking of products
(3) individuals who may have contracted or been exposed to a communicable disease when notification is authorized by law;
(4) employers, regarding employees, when requested by employers, for information concerning a work-related illness or injury or workplace related medical surveillance
Victims of Abuse, Neglect or Domestic Violence – These are situations where disclosure of PHI belonging to victims of abuse, neglect, or domestic violence may be necessary.
Health Oversight Activities – Covered entities may disclose PHI to health oversight agencies for legally authorized health oversight activities, including audits and investigations necessary for oversight of the health care system and government benefit programs.
Judicial and Administrative Proceedings – Assuming notice to the individual or a protective order are provided, an order from a court or administrative tribunal may allow covered entities to disclose PHI.
Law Enforcement Purposes – These conditions must be met for PHI to be disclosed for law enforcement reasons:
(1) as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests;
(2) to identify or locate a suspect, fugitive, material witness, or missing person;
(3) in response to a law enforcement official’s request for information about a victim or suspected victim of a crime;
(4) to alert law enforcement of a person’s death, if the covered entity suspects that criminal activity caused the death;
(5) when a covered entity believes that protected health information is evidence of a crime that occurred on its premises;
(6) by a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.
Decedents – For reasons such as identifying a deceased person or determining the cause of death,
Cadaveric Organ, Eye, or Tissue Donation – Covered entities may use or disclose PHI to facilitate the donation and transplantation of cadaveric organs, eyes, and tissue.
Research – Research is defined under the Privacy Rule as “any systematic investigation designed to develop or contribute to generalizable knowledge” and disclosures are allowed in these instances:
(1) documentation that an alteration or waiver of individuals’ authorization for the use or disclosure of protected health information about them for research purposes has been approved by an Institutional Review Board or Privacy Board;
(2) representations from the researcher that the use or disclosure of the protected health information is solely to prepare a research protocol or for similar purpose preparatory to research, that the researcher will not remove any protected health information from the covered entity, and that protected health information for which access is sought is necessary for the research;
(3) representations from the researcher that the use or disclosure sought is solely for research on the protected health information of decedents, that the protected health information sought is necessary for the research, and, at the request of the covered entity, documentation of the death of the individuals about whom information is sought.
Serious Threat to Health or Safety – Disclosures are permitted if they are believed to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone they believe can prevent or lessen the threat (including the target of the threat).
Essential Government Functions – These functions include: assuring proper execution of a military mission or conducting intelligence and national security activities that are authorized by law.
Workers’ Compensation – Covered entities may disclose PHI as allowed by workers’ compensation laws.
Limited Data Set – According to the Privacy Rule, limited data set, in which specific identifiers have been removed, may be used and disclosed for research, health care operations, and public health purposes, provided the recipient enters into a data use agreement promising specified safeguards for the protected health information within the limited data set.