KIPDA Notice of Privacy Practices
THIS DOCUMENT DESCRIBES HOW HEALTH OR MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE READ IT CAREFULLY.
WHAT IS THIS NOTICE?
This Notice of Privacy Practices is required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
This notice tells you:
If you have any questions about your privacy rights, contact the Privacy Officer at:
KIPDA is required to:
We reserve the right to change this Privacy Notice at any time. If we do make a change, we will mail a revised notice to the address you have supplied us. KIPDA is required by law to comply with the current version of this Notice until a new version has been mailed out. We also maintain a web site that provides information about our services and will post our new notice on that web site.
WHO WILL FOLLOW THIS NOTICE?
These KIPDA privacy practices will be followed by:
These entities may share health information with each other for treatment, payment or administrative operation purposes described in this notice.
Each time you apply for services through KIPDA, a record of your application is made. This record contains information about you, including demographic information that may identify you, or constitute a reasonable basis to believe the information may identify you, and relates to your past, present or future physical or mental health or condition. For example, this information, often referred to as your health record, serves as a:
Your health record contains Protected Health Information (PHI). State and Federal law protect this information. Understanding that, we expect to use and share your health information in a manner that helps you to:
YOUR INDIVIDUAL PRIVACY RIGHTS UNDER HIPAA
Although your health information is the physical property of the agency or provider that compiled it, the information belongs to you. Under the Federal Privacy Rules, 45 CFR Part 164, you have the right to:
HOW KIPDA MAY USE OR GIVE OUT YOUR INFORMATION
KIPDA can use and give out your information without an Authorization (special permission from you) for our normal business and where required by law. This document tells you of some of the ways this can occur. All the ways KIPDA may use and give out your information without your express permission will fall within one of the groups listed below.
Data for Treatment, Payment and Billing Purposes
KIPDA will use your PHI for treatment, payment and billing purposes.
Data for Regular Business Operations
Data Provided to Business Associates
OTHER ALLOWABLE USES OF YOUR HEALTH INFORMATION WITHOUT YOUR PERMISSION (AUTHORIZATION)
We may use and share your PHI as limited by the requirements of the law including, but not limited to, the following instances:
Abuse, Neglect, Exploitation: We may disclose your relevant PHI to the Cabinet for Families and Children, which is authorized by law to receive reports of abuse, neglect and exploitation.
Administrative Appeals: KIPDA at times may make decisions about eligibility and/or services provided to you. You or your provider may appeal these decisions. Your PHI may be used to make appeal decisions.
Business Associate: We may disclose your PHI to other State, Federal and commercial partners we contract with to perform normal business. We ask these groups to protect your data through formal agreements.
Coroners, Funeral Directors and Medical Examiners: We may disclose PHI to a coroner, funeral director, or medical examiner if needed to perform duties authorized by law.
Food and Drug Administration (FDA): We may disclose to the FDA PHI relative to adverse events with respect to food, supplement products, and product defects, or post marketing surveillance information to enable product recalls, repairs or replacement.
Health Oversight and Quality Assurance: We may disclose your PHI to health oversight agencies such as the federal Department of Health and Human Services, Medicare/Medicaid Peer Review Organizations, Cabinet for Health Services Office of Inspector General, and Cabinet for Health Services Office of Aging Services for activities such as audits, investigations, inspections and compliance with civil rights laws. We may disclose your PHI to doctors and nurses to help improve your care. Kentucky Department of Medicaid Services staff, committees and outside agencies that monitor Medicaid quality of care may also see your PHI.
Individuals Involved with Payment of Your Care: We may disclose your PHI to a friend or family member who is helping with your care or with payment for your care if necessary.
Law Enforcement: We may disclose PHI for law enforcement only where allowed by federal or state law or required under a court order.
Lawsuits and Disputes: We will disclose your PHI in response to a court order, valid subpoena, discovery request, or other lawful process.
Public Health: We may disclose your PHI to public health agencies charged with preventing or controlling disease, injury or disability; reporting child abuse or neglect; and reporting domestic violence. We may share your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may be at risk of getting or spreading the disease or condition. Information will be released to avert a serious threat to health or safety. Any disclosure, however, would only be to someone authorized to receive that information pursuant to law.
Public Safety: We may disclose PHI in order to prevent a serious threat to the health or safety of a particular person or to the general public.
Research: We may disclose PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
Workers Compensation: We may disclose PHI as necessary to comply with workers compensation or similar laws.
WHEN KIPDA MAY NOT USE OR DISCLOSE YOUR HEALTH INFORMATION WITHOUT AUTHORIZATION
Other than for the allowed reasons listed above, KIPDA will not use or disclose your PHI without written permission (Authorization) from you. If you do authorize us to use or disclose your PHI in other ways, you may revoke your permission in writing at any time. Once you revoke your permission, KIPDA will no longer be able to use or disclose your PHI for the reasons stated in you original authorization. Uses and disclosures of your PHI beyond treatment and operations will be made only with your written authorization, unless otherwise permitted or required by law described below.
NOTICE OF PRIVACY PRACTICES AVAILABILITY
This notice will be prominently posted on the KIPDA web page at www.kipda.org and on the KIPDA Homecare bulletin board at the KIPDA office.
Individuals will be provided a hard copy and this notice will be maintained on the KIPDA web site for downloading at www.kipda.org.
If you believe your privacy rights have been violated, and wish to make a complaint, you may file a complaint by calling/writing:
POLICY OF NON-RETALIATION
KIPDA cannot take away your services or retaliate in ANY way if you choose to file a Privacy Complaint or exercise any of your Privacy Rights.