KIPDA Notice of Privacy Practices

THIS DOCUMENT DESCRIBES HOW HEALTH OR MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE READ IT CAREFULLY.

WHAT IS THIS NOTICE?

This Notice of Privacy Practices is required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

This notice tells you:

• How KIPDA and its contracted business partners may use and give out your protected health information (PHI) to carry out services, payment or health care operations and for other purposes permitted or required by law.
  

• What YOUR rights are regarding the access and control of your health information.
  

• How KIPDA protects your health information.

If you have any questions about your privacy rights, contact the Privacy Officer at:

KIPDA
Social Services Division
11520 Commonwealth Drive
Louisville, KY 40299
Phone: (502) 266-6084

KIPDA’S PRIVACY RESPONSIBILITIES

KIPDA is required to:

• Follow the terms of this Notice.
  

• Support your Privacy Rights under the law.
  

• Give you a paper copy of this Privacy Notice and post it on our website.
  

• Mail out a new Notice if our privacy practices change.
  

• Treat your data as confidential by not using or giving out your information without your written permission, except to support normal business or under the allowable circumstances given in this Notice.
  

• Tell you what types of information we collect on you.
  

• Release your health information without your permission in the event of an emergency. The release of your data must be in your best interest.
  

• Follow State laws regarding the release of your data in the instances where State law provides stronger protection of your data than the HIPAA law.

CHANGES TO THIS NOTICE OF PRIVACY PRACTICES

We reserve the right to change this Privacy Notice at any time. If we do make a change, we will mail a revised notice to the address you have supplied us. KIPDA is required by law to comply with the current version of this Notice until a new version has been mailed out. We also maintain a web site that provides information about our services and will post our new notice on that web site.

WHO WILL FOLLOW THIS NOTICE?

These KIPDA privacy practices will be followed by:

• Any staff of KIPDA Social Services Division.
  

• Any health care professional authorized to enter information into your health record.
  

• Any member of a volunteer group we allow to help you while you receive services from KIPDA.
  

• All employees, staff, other KIPDA personnel, and consultant/contractors.
  

• All subcontracting agencies providing health care and/or services pursuant to contracts with KIPDA.

These entities may share health information with each other for treatment, payment or administrative operation purposes described in this notice.

UNDERSTANDING YOUR HEALTH RECORD/INFORMATION

Each time you apply for services through KIPDA, a record of your application is made. This record contains information about you, including demographic information that may identify you, or constitute a reasonable basis to believe the information may identify you, and relates to your past, present or future physical or mental health or condition. For example, this information, often referred to as your health record, serves as a:

• Basis for planning your care and/or treatment.
  

• Means of communication among the many health professionals who are involved in your care.
  

• Means by which you or a third-party payee can check that services billed were actually provided.

Your health record contains Protected Health Information (PHI). State and Federal law protect this information. Understanding that, we expect to use and share your health information in a manner that helps you to:

• Make sure it is correct.
  

• Better understand who, what, when, where, and why others may access your health information.
  

• Make more informed decisions when authorizing sharing your PHI with others.

YOUR INDIVIDUAL PRIVACY RIGHTS UNDER HIPAA

Although your health information is the physical property of the agency or provider that compiled it, the information belongs to you. Under the Federal Privacy Rules, 45 CFR Part 164, you have the right to:

• Request a restriction on certain uses and sharing of your information (though we are not required to agree to any such request). This means you may ask us not to use or share any part of your PHI for purposes of treatment, payment or healthcare operation. You may also ask that this information not be disclosed to family members or friends who may be involved in your care.
  

• Request that we send you confidential communications by alternative means or at alternative locations.
  

• Obtain a paper copy of this notice of privacy practices upon request.
  

• Inspect and obtain a copy of your health record.
  

• Request that your health record containing PHI be changed.
  

• Obtain a listing of certain health information we were authorized to share for purposes other than treatment, payment or health care operations after April 14, 2003.
  

• Take back your authorization to use or share health information except to the extent that action has already been taken.

HOW KIPDA MAY USE OR GIVE OUT YOUR INFORMATION

KIPDA can use and give out your information without an Authorization (special permission from you) for our normal business and where required by law. This document tells you of some of the ways this can occur. All the ways KIPDA may use and give out your information without your express permission will fall within one of the groups listed below.

Data for Treatment, Payment and Billing Purposes

KIPDA will use your PHI for treatment, payment and billing purposes.

• Information obtained by a nurse, case management personnel, KIPDA Social Services staff, and/or service providers will be recorded in your record and used to determine the services that should work best for you.
  

• Your case manager will document in your plan of care the expectations of the service providers. Members of the provider agencies may then record the actions they took and their observations.
  

• A bill or payment may be sent to you or a third-party. The information on or accompanying the bill or payment may include information that identifies you, as well as the services provided and supplies used.

Data for Regular Business Operations

• We may use/disclose your PHI in the course of operating KIPDA and fulfilling its responsibilities. We may use your information to determine your eligibility for publicly funded services.
  

• KIPDA staff may look at your record when reviewing the quality of services you are provided. KIPDA staff may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the healthcare and services we provide or cause to be provided.

Data Provided to Business Associates

• There are some services provided in our organization through contracts with Business Associates. Examples include training and other educational services. Information shall be made available on a need-to-know basis for these activities associated with compliance with regulatory agencies. Whenever an arrangement between our office and a business associate involves the use or sharing of your PHI, we will have a written contract that contains terms that will protect the privacy of your PHI.

Emergencies

• We may use or share your PHI in an emergency treatment situation. If this happens, we will try to obtain your consent as soon as reasonably possible. Also, we may use or share your PHI with an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in you health care.

OTHER ALLOWABLE USES OF YOUR HEALTH INFORMATION WITHOUT YOUR PERMISSION (AUTHORIZATION)

We may use and share your PHI as limited by the requirements of the law including, but not limited to, the following instances:

Abuse, Neglect, Exploitation: We may disclose your relevant PHI to the Cabinet for Families and Children, which is authorized by law to receive reports of abuse, neglect and exploitation.

Administrative Appeals: KIPDA at times may make decisions about eligibility and/or services provided to you. You or your provider may appeal these decisions. Your PHI may be used to make appeal decisions.

Business Associate: We may disclose your PHI to other State, Federal and commercial partners we contract with to perform normal business. We ask these groups to protect your data through formal agreements.

Coroners, Funeral Directors and Medical Examiners: We may disclose PHI to a coroner, funeral director, or medical examiner if needed to perform duties authorized by law.

Food and Drug Administration (FDA): We may disclose to the FDA PHI relative to adverse events with respect to food, supplement products, and product defects, or post marketing surveillance information to enable product recalls, repairs or replacement.

Health Oversight and Quality Assurance: We may disclose your PHI to health oversight agencies such as the federal Department of Health and Human Services, Medicare/Medicaid Peer Review Organizations, Cabinet for Health Services Office of Inspector General, and Cabinet for Health Services Office of Aging Services for activities such as audits, investigations, inspections and compliance with civil rights laws. We may disclose your PHI to doctors and nurses to help improve your care. Kentucky Department of Medicaid Services staff, committees and outside agencies that monitor Medicaid quality of care may also see your PHI.

Individuals Involved with Payment of Your Care: We may disclose your PHI to a friend or family member who is helping with your care or with payment for your care if necessary.

Law Enforcement: We may disclose PHI for law enforcement only where allowed by federal or state law or required under a court order.

Lawsuits and Disputes: We will disclose your PHI in response to a court order, valid subpoena, discovery request, or other lawful process.

Public Health: We may disclose your PHI to public health agencies charged with preventing or controlling disease, injury or disability; reporting child abuse or neglect; and reporting domestic violence. We may share your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may be at risk of getting or spreading the disease or condition. Information will be released to avert a serious threat to health or safety. Any disclosure, however, would only be to someone authorized to receive that information pursuant to law.

Public Safety: We may disclose PHI in order to prevent a serious threat to the health or safety of a particular person or to the general public.

Research: We may disclose PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.

Workers Compensation: We may disclose PHI as necessary to comply with workers compensation or similar laws.

WHEN KIPDA MAY NOT USE OR DISCLOSE YOUR HEALTH INFORMATION WITHOUT AUTHORIZATION

Other than for the allowed reasons listed above, KIPDA will not use or disclose your PHI without written permission (Authorization) from you. If you do authorize us to use or disclose your PHI in other ways, you may revoke your permission in writing at any time. Once you revoke your permission, KIPDA will no longer be able to use or disclose your PHI for the reasons stated in you original authorization. Uses and disclosures of your PHI beyond treatment and operations will be made only with your written authorization, unless otherwise permitted or required by law described below.

• Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose PHI to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care, location or general condition.

NOTICE OF PRIVACY PRACTICES AVAILABILITY

This notice will be prominently posted on the KIPDA web page at www.kipda.org and on the KIPDA Homecare bulletin board at the KIPDA office.

Individuals will be provided a hard copy and this notice will be maintained on the KIPDA web site for downloading at www.kipda.org.

COMPLAINTS

If you believe your privacy rights have been violated, and wish to make a complaint, you may file a complaint by calling/writing:

• Privacy Officer
  KIPDA Social Services
  11520 Commonwealth Drive
  Louisville, KY 40299
  Phone: (502) 266-6084
  

• Office of Aging Services
  Cabinet for Health Services
  275 East Main
  Frankfort, KY 40621
  Phone: (502) 564-6930
  

• Office of Civil Rights
  U.S. Department of Health and Human Services
  200 Independence Ave. SW
  Washington, D.C. 20201
  OCR Hotline: 1-877-696-6775.

POLICY OF NON-RETALIATION

KIPDA cannot take away your services or retaliate in ANY way if you choose to file a Privacy Complaint or exercise any of your Privacy Rights.

http://www.fda.gov/cder/drug/infopage/ppa/default.htm

To download a PDF version of our Privacy Policy, click on the link below:

privacy.pdf