Notice of Nest Collaborative Privacy Practices
Effective Date 3/11/2017
This Notice describes how medical information about you or your child may be used and disclosed and how you can get access to this information. Please review it carefully. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires us to provide this Notice of Privacy Practices (NPP) to our patients and request acknowledgment of receipt. This Notice is published and available for review on our website; our patients acknowledge receipt of this notice when authorizing consent for treatment for themselves or their child(ren) from Nest Collaborative.
Nest Collaborative Responsibilities
Under federal law, it is our responsibility at Nest Collaborative to protect the privacy of your “Protected Health Information” (PHI). PHI includes information created in and received for your medical and payment records, and personal information such as your name, social security number, address, and phone number. All employees at Nest Collaborative with access to PHI are required to maintain its confidentiality and undergo annual training on the best practices involved.
Uses and Disclosures of Your Protected Health Information That Do Not Require Your Authorization
There are instances when Nest Collaborative uses and discloses your PHI without your authorization. Please find examples of this use and disclosure below.
- Treatment – We may use or disclose your PHI without authorization to other healthcare providers involved in your care, including physicians, nurses, pharmacies, and ancillary service providers such as laboratories and radiology providers. This includes both providers within our staff or others outside our company that are presently treating you, such as dentist, emergency department staff and specialists.
- Payment – We may use or disclose your PHI without authorization, unless prohibited by law, to administer a health insurance policy, or other health benefit contract. This includes billing you or your insurance company for payment and to pay others who provided care for you.
- Healthcare Operations – We may use or disclose your PHI without authorization, unless prohibited by law, to administer and support our business activities or those of other health care organizations. This includes activities that improve the quality of our services and training of our staff. Any PHI that is shared with other non-healthcare individuals in support of our business activities requires their explicit agreement to our privacy policies.
- Other – We may use or disclose your PHI without authorization, unless prohibited by law, in the following other ways.
- Required by law.
- Public Health Purposes such as protecting the health and safety of others by preventing or controlling disease, injury or disability, reporting vital birth/death statistics, reporting pharmaceutical or medical device problems and complying with recalls, notifying a person who may have been exposed to or at risk for contracting a spreading disease or condition or other serious threats to public health and safety.
- Reporting abuse or neglect to a public health or government authority that is authorized to receive such report.
- Agencies who lawfully oversee activities such as audits, investigations, inspections or licensure that are necessary for the government to monitor health care delivery, government-run programs and civil rights compliance.
- Organ donor organizations to facilitate donation and transplantation, if you or your child is an organ donor.
- Workers’ Compensation or similar programs when applicable.
- Correctional institutions or law enforcement officials to provide you or your child with health care, to protect the safety of others or for the safety of the institution.
- Legal proceedings in response to court orders, subpoenas, discovery requests or other lawful processes.
- Law Enforcement who may be trying to locate or identify a criminal suspect, fugitive, witness or missing person, or investigate a crime or death under suspicious circumstances; additionally to report a crime, its location, the victim’s identity and/or the location of the person who committed the crime. This also includes government law enforcement who may need information to protect elected constitutional officers, heads of state or to conduct investigations.
- Military activity or National Security and as required by military command authorities or federal agencies as authorized by law for intelligence, counterintelligence or other national security activities.
- Coroners, Medical Examiners and Funeral Home Directors if necessary for the identification of a deceased person or cause of death, or to carry out funeral director duties.
- Family and friends whom you identify is directly involved in you or your child’s care, when you are either not present or unable to make a health care decision for yourself or your child. We reserve the right to determine the most appropriate circumstances for such a disclosure that is in your or your child’s best interest (eg. emergency care).
If federal, state or local laws require us to disclose your health information, we are compelled to do so.
Uses and Disclosures of Your Protected Health Information That Require Your Authorization
Except where noted above, we will use and disclose PHI only with your explicit written authorization. Only with your permission will we use your PHI in the following circumstances:
- Sharing your information with healthcare providers outside of our facility or other persons not directly related to you or your child’s current care
- Marketing Purposes
- Sale of Information
- Sharing of Psychotherapy or Substance Abuse Notes
You have the right to revoke your authorization in most situations. Please refer to the instructions on how to revoke your authorization which can be found on the Authorization for Release of Medical Information form found on our website, or directly from us at firstname.lastname@example.org.
While we hold health records as assets, they belongs to you and your child. Please find your rights concerning your PHI below.
- You have the right to access your records or other health information by electronic or paper copy for which we may assess a reasonable fee. In rare circumstances where such a request is denied, you may request a review of the decision by another unaffiliated healthcare professional chosen by Nest Collaborative whose decision with which we will comply.
- You have the right to request that we not share your PHI for the purposes of treatment, payment or healthcare administration, and request a restriction of the release of such information to those involved in your care. While we are not required to agree to such requests, we will do our best to comply with your request outside of certain circumstances such as emergency care. Additionally, we will comply as much as lawfully possible with requests not to share information relating to service paid out-of-pocket in full for the purposes of payment or operations with your health insurer.
- You have the right to communicate regarding you and your child’s medical care in the form that your prefer (eg. postal mail, email or specific phones). We will comply as much as reasonably possible.
- You have the right to request updates to health information you believe we have is incomplete or incorrect. Such requests should be provided in writing by mail or email and will be reviewed with notification of approval or denial, with any related reasoning. We will do our best to reasonably notify people to whom the information was released of any updates or changes.
- You have the right to request a report identifying all people and entities to whom we have shared your PHI for purposes other than treatment, payment or service operations.
- You have the right to file a written complaint if you believe your privacy rights have been violated to our company, or to the US Department of Health and Human Services.
- You have a right to a copy of this notice. Please be advised that the most updated version is available directly from our website at www.nestcollaborative.com.
While we have taken precautions to secure our email communications with various forms of two-way encryptions, you acknowledge that email is not always a secure method of communication and that security risks do exist. While we limit the frequency or necessity to exchange PHI by email, we ask you to please notify us at email@example.com if you prefer an alternate means of exchanging PHI other than email.
Changes to this Notice of Privacy Practices
Nest Collaborative may change the terms of its NPP; such changes will be made available on our website. The most current revisions will apply to all PHI that we hold on record.