Western New York BloodCare, Inc is committed to protecting your health information and encourages you to contact our Compliance Officer should any issue or question arise.
Effective Date: August 1, 2013
This notice was revised on January 1, 2021
The HIPAA Privacy Rule gives individuals a fundamental right to be informed of the privacy practices of their health plans and of their health care providers, as well as to be informed of their privacy rights with respect to their personal health information. Health plans and covered health care providers are required to develop and distribute a notice that provides a clear explanation of these rights and practices. The notice is intended to focus individuals on privacy issues and concerns, and to prompt them to have discussions with their health plans and health care providers and exercise their rights.
QUESTIONS OR ADDITIONAL INFORMATION SHOULD BE DIRECTED TO COMPLIANCE OFFICER:
Kimberly Catalino, Compliance Officer
1010 Main Street
Buffalo, NY 14202
716-218-4002 (direct line)
716-218-4005 (confidential compliance hotline)
What is Protected Health Information?
“Protected Health Information” is information that individually identifies you and that we create or get from you or from other health care providers, health plan, your employer, or a health care clearinghouse that relates to (1) your past, present, or future physical or mental health or conditions, (2) the provision of health care to you, or (3) the past, present, or future payment for your health care.
How We May Use and Disclose Your Protected Health Information
We may use and disclose your Protected Health Information in the following circumstances
- For Treatment. We may use or disclose your Protected Health Information to give you medical treatment or services and to manage and coordinate your medical care. For example, your Protected Health Information may be provided to a physician or other health care provider (e.g., a specialist or laboratory) to whom you have been referred to ensure that the physician or other health care provider has the necessary information to diagnose or treat you or provide you with a service.
- For Payment. We may use and disclose your Protected Health Information so that we can bill for the treatment and services you receive from us and can collect payment from you, a health plan, or third party. This use and disclosure may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services, we recommend for you, such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities. For example, we may need to give your health plan information about your treatment for your health plan to agree to pay for that treatment.
- For Health Care Operations. We may use and disclose Protected Health Information for our health care operations. For example, we may use your Protected health Information to internally review the quality of the treatment and services you receive and to evaluate the performance of our team members in caring for you. We also may disclose information to physicians, nurses, medical technicians, medical students, and other authorized personnel for educational and learning purposes.
- Appointment Reminders/Treatment Alternatives/Health Related Benefits and Services. We may use and disclose Protected Health Information to contact you to remind you that you have an appointment for medical care, or to contact you to tell you about possible treatment options or alternatives or health related benefits and services that may be of interest to you.
- Minors. We may disclose the Protected health Information of minor children to their parents or guardians unless such disclosure is otherwise prohibited by law.
- Research. We may use and disclose your Protected Health Information for research purposes, but we will only do that if the research has been specially approved by an authorized institutional review board or a privacy board that has reviewed the research proposal and has set up protocols to ensure the privacy of your Protected Health Information. Even without that special approval, we may permit researchers to look at Protected Health Information to help them prepare for research, for example, to allow them to identify patients who may be included in their research project, if they do not remove, or take a copy of, any Protected Health Information. We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research. However, we will only disclose the limited data set if we enter into a data use agreement with the recipient who must agree to (1) use the data set only for the purposes for which it was provided, (2) ensure the confidentiality and security of the data, and (3) not identify the information or use it to contact any individual.
- As Required by Law. We will disclose Protected Health Information about you when required to do so by international, federal, state, or local law.
- To Avert a Serious Threat to Health or Safety. We may use and disclose Protected Health Information when necessary to prevent a serious threat to your health or safety or to the health or safety of others. But we will only disclose the information to someone who may be able to prevent the threat.
- Business Associates. We may disclose Protected Health Information to our Business Associates who perform functions on our behalf or provide us with services if the Protected Health Information is necessary for those functions of our services. All our Business Associates are obligated, under contract with us, to protect the privacy and ensure the security of your Protected Health Information.
- Organ and Tissue Donation. If you are an organ or tissue donor, we may use or disclose your Protected Health Information to organizations that handle organ procurement or transplantation, such as organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
- Military and Veterans. If you are a member of the armed forces, we may disclose Protected Health Information to the appropriate foreign military authority if you are a member of a foreign military.
- Worker’s Compensation. We may use or disclose Protected Health Information for worker’s compensation or similar programs that provide benefits for work-related injuries or illness.
- Public Health Risks. We may disclose Protected Health Information for public health activities. This includes disclosures to: (1) a person subject to jurisdiction of the Food and Drug Administration (“FDA”) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity; (2) prevent or control disease, injury or disability; (3) report births and deaths; (4) report child abuse or neglect; (5) report reactions to medications or problems with products; (6) notify people of recalls of products they may be using; and (7) a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
- Abuse, Neglect, or Domestic Violence. We may disclose Protected Health Information to the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence and the patient agrees or we are required or authorized by law to make that disclosure.
- Health Oversight Activities. We may disclose Protected Health Information to a health oversight agency for activities authorized by law. These oversight activities include, for example, autism, investigations, inspections, licensure, and similar activities that are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Data Breach Notification Purposes. We may use or disclose your Protected Health Information to provide legally required notices of unauthorized access to or disclosure of your health information.
- Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose Protected Health Information in response to a court or administrative order. WE also may disclose Protected Health Information in response to a subpoena, discovery request, or other legal process from someone else involved in the dispute, but only if efforts have been made to tell you about the request or to get an order protecting the information requested. We may also use or disclose your Protected Health Information to defend ourselves in the event of a lawsuit.
- Law Enforcement. We may disclose Protected Health Information, so long as applicable legal requirements are met, for law enforcement purposes.
- Military Activity and National Security. If you are involved with military, national security or intelligence activities or if you are in law enforcement custody, we may disclose your Protected Health Information to authorized officials so they may carry out their legal duties under the law.
- Coroners, Medical Examiners, and Funeral Directors. We may disclose Protected Health Information to a coroner, medical examiner, or funeral director so that they can carry out their duties.
- Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose Protected Health Information to the correctional institution or law enforcement official if the disclosure is necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) the safety and security of the correctional institution.
Uses and Disclosures that Require Us to Give You an Opportunity to Object and Opt Out
- Individuals Involved in Your Care or Payment for Your Care. Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your Protected Health Information that directly relates to that person’s involvement in your healthcare. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment.
- Disaster Relief. We may disclose your Protected Health Information to disaster relief organizations that seek your Protected Health Information to coordinate your care or notify family and friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to such a disclosure whenever we practicably can.
Your Written Authorization is Required for Other Uses and Disclosures
The following uses and disclosures of your Protected Health Information will be made only with your written authorization:
- Most uses and disclosures of psychotherapy notes
- Uses and disclosures of Protected Health Information for marketing purposes; and
- Disclosures that constitute a sale of your Protected Health Information
Other uses and disclosures of Protected Health Information not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Corporate Compliance Officer and we will no longer disclose Protected Health Information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.
Your Rights Regarding Your Protected Health Information
You have the following rights, subject to certain limitations, regarding your Protected Health Information:
- Right to Inspect and Copy. You have the right to inspect and copy Protected Health Information that may be used to make decisions about your care or payment for your care. A written request must be submitted to WNYBC along with a valid government issued form of identification. The Privacy Rule requires a covered entity to take reasonable steps to verify the identity of an individual making the request for access. We have up to 30 calendar days to make your Protected Health Information available to you. If we are unable to provide access within 30 calendar days, for example, where the information is archived offsite and not readily accessible, the covered entity may extend the time by no more than an additional 30 days. To extend the time, the covered entity must, within the initial 30 days, inform the individual in writing of the reasons for the delay and the date by which the covered entity will provide access. Only one extension is permitted per access request. We may also charge you a reasonable fee for the costs of copying, mailing or other supplies associated with your request. We may not charge you a fee if you need the information for a claim for benefits under the Social Security Act or any other state or circumstances. If we do deny your request, you have the right to have the denial reviewed by a licensed healthcare professional who was not directly involved in the denial of your request and will comply with the outcome of the review.
- Right to a Summary or Explanation. We can also provide you with a summary of your Protected Health Information, rather than the entire record, or we can provide you with an explanation of the Protected Health Information which has been provided to you, so long as you agree to this alternative form and pay the associated fees.
- Right to an Electronic Copy of Electronic Medical Records. If your Protected Health Information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. We will make every effort to provide access to your Protected Health Information in the form or format you request if it is readily producible in such form or format. If the Protected Health Information is not readily producible in the form or format you request your record will be provided in either our standard electronic format or if you do not want form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record.
- Right to Get Notice of a Breach. You have the right to be notified upon a breach of any of your unsecured Protected Health Information.
- Right to Request Amendments. If you feel that the Protected Health Information we have is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us. A request for amendment must be made in writing to the Privacy Officer at the address provided at the beginning of this Notice and it must tell us the reason for your request. In certain cases, we may deny your request for an amendment. If we deny your request for an amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
- Right to an “Accounting of Disclosures”. You have the right to ask for an “accounting of disclosures”, which is a list of the disclosures we made of your Protected health Information. This right applies to disclosures for purposes other than treatment, payment or healthcare operations as describe in this Notice. It excludes disclosures we may have made to you, for a resident directory, to family members or friends involved in your care, or for notification purposes. The right to receive this information is subject to certain exceptions, restrictions, and limitations. Additionally, limitations are different for electronic health records. The first accounting of disclosures you request within any 12- month period will be free. For additional requests within the same period, we may charge you for the reasonable costs of providing the accounting. We will tell what the costs are, and you may choose to withdraw or modify your request before the costs are incurred.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the Protected Health Information we use or disclose for treatment, payment, or health care operations. You also have the right to request a limit on the Protected Health Information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. To request a restriction on who may have access to your Protected Health Information, you must submit a written request to the Corporate Compliance Officer. Your request must state the specific restriction requested and to whom you want the restriction to apply. We are not required to agree to your request unless you are asking us to restrict the use and disclosure of your Protected Health Information to a health plan for payment or health care operation purposes and such information you wish to restrict pertains solely to a health care item or service for which you have paid us “out of pocket” in full. If we do agree to the requested restriction, we may not use or disclose your Protected Health Information in violation of that restriction unless it is needed to provide emergency treatment.
- Out-of-Pocket-Payments. If you paid out-of-pocket (or, in other words, you have requested that we not bill your health plan) in full for a specific item or service, you have the right to ask that your Protected Health Information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request.
- Right to Request Confidential Communications. You have the right to request that we communicate with you only in certain ways to preserve your privacy. For example, you may request that we contact you by email at a specific address or call you only at your work number. You must make any such request in writing and you must specify how or where we are to contact you. We will accommodate all reasonable requests. We will not ask you the reason for your request.
How to Exercise Your Rights
To exercise your rights described in this Notice, send your request, in writing to our Corporate Compliance Officer at the address listed at the beginning of this Notice. To exercise your right to inspect and copy your Protected Health Information, you may also contact your physician directly. To get a paper copy of this Notice, contact our Corporate Compliance Officer by phone or mail.
Changes to This Notice
We reserve the right to change this Notice. We reserve the right to make the changed Notice effective for Protected Health Information we already have as well as for any Protected Health Information we create or receive in the future. A copy of our current Notice is posted in our office and on our website.
To file a complaint with us, contact our Corporate Compliance Officer at the address listed at the beginning of this Notice. All complaints must be made in writing and should be submitted within 180 days of when you knew or should have known of the suspected violation. There will be no retaliation against you for filing a complaint.
To file a complaint with the Department of Health and Human Services, Office of Civil Rights (OCR), you may email, fax or mail the Health Information Privacy & Security Complaint Form (found on https://hhs.gov/hipaa/filing-a-complaint/complaint-process/index) or use the OCR Complaint Portal.
Email (encrypted): OCRComplaint@hhs.gov
Fax: (202) 619-3818
Mail: Centralized Case Management Operations U.S. Department of Health and Human Services, 200 Independence Ave., S.W. Room 509F HHH Bldg., Washington, D.C. 20201.
OCR Complaint Portal: ocrportal.hhs.gov
Call: Toll free (877) 696-6775
There will be no retaliation against you for filing a complaint