Health Insurance Portability and Accountability Act of 1996 (HIPAA)
NOTICE OF PRIVACY RULE & PRACTICES
THIS NOTICE ADDRESSES THE USE AND DISCLOSURE OF HOW INDIVIDUAL'S CONFIDENTIAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This notice of Privacy Practices describes how Twin City Mobile Integrated Health may use and disclose your confidential health information, known as Protected Health Information (“PHI”), in the course of transport, treatment, payment, or other health care operations and for other purposes authorized or required by law. The Notice also describes your rights with respect to your PHI and explains how you may exercise those rights.
Twin City Mobile Integrated Health is required by law to maintain the privacy of PHI and to provide you with notice of its legal duties and privacy practices with respect to PHI. We are required to abide by the terms of the Notice of Privacy Practices currently in effect. We reserve the right to change the terms of this Notice at any time and to make new notice provisions effective immediately for all PHI we maintain. Any changes to the Notice will be posted immediately at our corporate facility and posted to our web site. You also may request a copy of the new Notice at any time by calling our patient accounting department at
(340) 513-7288, our Compliance Officer or request it via our online inquiry form.
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS
Twin City Mobile Integrated Health may use and disclose your PHI for the purposes of treatment, payment for our services, and health care providers (“HCP”), as described below. For those times when we are required by local and/or federal laws to ask your permission, you will be asked to sign a consent to permit us to disclose information necessary to properly serve your healthcare needs.
We may use and disclose your PHI, in writing, electronic form and verbally, to provide and coordinate the delivery of emergency health care and other transportation services for you. We may communicate with your doctor, the doctors and staff of the hospitals and other facilities to or from which you are transported, communications officers, and other emergency service providers. We may transmit or receive your PHI via radio, telephone, or computer. We may give the hospital or other facility to which you are transported a copy of our patient care report (PCR) or an electronic record (ePCR), we create when we treat and transport you.
We may use and disclose your PHI, as necessary, to obtain payment for the health care services that we provide to you. This includes preparing and submitting bills to insurers, health plans, and other payers, either directly or through a third-party billing, appeals and/or collections company. We also may use and disclose your PHI for eligibility or coverage determinations, medical necessity determinations and reviews, pre-authorizations of services and other utilization review activities, management of claims, and collection of outstanding accounts.
We may use and disclose your PHI, as necessary, to perform the business operations of our company. This includes such activities as quality management, performance reviews, licensing, accreditation, training programs, and business management and administration. We also may use and disclose your PHI for such purposes as obtaining legal and financial services, business planning, processing complaints, data collection, fundraising, research, and certain marketing activities for our company. Under no circumstances will we sell or give our patient lists or your health information to a third party without your written authorization.
We may share your PHI with “business associates” that perform certain third-party activities on our behalf such as billing, dispatch, utilization review or quality management services. We will have a written agreement with our business associates that requires them to protect the privacy of your PHI.
USES AND DISCLOSURES OF PHI AFTER YOU HAVE AN OPPORTUNITY TO AGREE OR OBJECT
We may disclose your PHI to a member of your family, a relative, a close friend or any other person that you identify, who is directly relevant to the involvement in your health care. We may use or disclose your PHI for notifying your family member, personal representative, or any other person that is responsible for your care of your location, general condition, or death. We also may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts.
You will be given an opportunity to agree or object before the company uses or discloses your PHI for these purposes. If you object to the disclosure, we will not disclose the PHI to the person. However, in emergency circumstances or if you are incapacitated, our staff, in their professional judgment, will determine whether the use or disclosure is in your best interest. Our staff will then release only PHI directly relevant to that person’s involvement in your health care.
USES AND DISCLOSURES OF PHI WITHOUT YOUR AUTHORIZATION OR OPPORTUNITY TO OBJECT
Twin City Mobile Integrated Health is permitted or required to use and disclose your PHI without your written authorization, or an opportunity to object, in certain circumstances, including:
Required by Law
We may use and disclose your PHI to the extent that disclosure is required by federal or state laws. For example, for activities related to the tracking of certain controlled substances.
Public Health Activities
We may use and disclose your PHI for public health activities authorized by law For example, for activities related to the reporting and tracking of communicable diseases.
Abuse, Neglect, or Domestic Violence
We may use and disclose your PHI to a governmental entity or agency authorized to receive reports of child abuse or neglect, or reports of adult abuse, neglect, or domestic violence.
Healthcare Oversight Activities
We may use and disclose your PHI for audits or government investigations, inspections, disciplinary proceedings, and other administrative or judicial actions undertaken by the government (or their agents) by law to oversee the health care system.
Judicial and Administrative Proceedings
We may use and disclose your PHI as required by a court of administrative order, or in certain circumstances, in response to a subpoena or other legal process.
We may release your health information: in response to a court order, subpoena, warrant, summons, or similar process if authorized under state or federal law; to identify or locate a suspect, fugitive, material witness, or similar person; if you jump out of our ambulance, we will release all necessary information to any and every authority necessary to facilitate your apprehension; about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.
Serious Threat to Health or Safety
We may use and disclose your PHI to prevent or lessen the imminent threat to the health or safety of a person or the public in accordance with federal and state laws.
Military Activity and National Security
We may use and disclose your PHI for certain limited military, national defense and security, or other special government functions.
We may use and disclose your PHI to comply with workers’ compensation laws and other similar legally established programs.
Limited Data Set
We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research, public health, and health care operations. We may not disseminate the limited data set unless we enter into a data use agreement with the recipient in which the recipient agrees to limit the use of that data set to the purposes for which it was provided, ensure the security of the data, and not identify the information or use it to contact any individual.
We may use and disclose your PHI if it does not personally identify you or reveal who you are.
USES AND DISCLOSURE OF PHI BASED UPON YOUR WRITTEN AUTHORIZATION
Except in the circumstances described above, we will use and disclose your PHI only with your written authorization. For example, we will not use or disclose your PHI for certain fundraising, research and marketing activities without your prior written authorization. The written authorization must identify the individual or entity to whom we may disclose your PHI and specifically describe the PHI to be disclosed. You may revoke the authorization at any time, in writing, except to the extent that we have already used or disclosed PHI in reliance on your authorization.
THE RIGHT TO INSPECT AND COPY YOUR PHI
You have the right to inspect and copy your PHI that is contained in a designated record set of medical and billing records for as long as we maintain the PHI. In certain circumstances, we may deny your access to PHI, and you may appeal certain types of denials. You will need to complete a form to request access to or copying of PHI. Normally, you will be provided access to your PHI within 30 days. We have the right to charge a reasonable fee for copying any PHI for you. If you wish to inspect and/or copy your PHI, contact our Compliance Officer.
THE RIGHT TO AMEND YOUR PHI
You have the right to ask us to amend your PHI. We have the right to deny your request in certain circumstances. For example, we will deny the request if we believe the PHI is correct. If we deny the request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal statement. You will need to complete a request form to amend your PHI. Normally, we will respond to your request to amend within 60 days. If you wish to amend your PHI, contact our Compliance Officer.
THE RIGHT TO REQUEST A RESTRICTION OF THE USE OR DISCLOSURE OF YOUR PHI
You have the right to request a restriction of the use and disclosure of your PHI for the purpose of treatment, payment, and health care services. You may also request that your PHI not be disclosed to family members or friends who may be involved in your care. We have the right to deny your request for a restriction. If we do agree to a restriction, we will not disclose your PHI in violation of the restriction except in emergency circumstances. You will need to complete a form to request a restriction of the use and disclosure of PHI. If you wish to request a restriction of the use and disclosure of PHI, contact our Compliance Officer.
THE RIGHT TO REQUEST TO RECEIVE CONFIDENTIAL COMMUNICATIONS FROM US BY ALTERNATIVE MEANS OR AT AN ALTERNATIVE LOCATION
You have the right to request that we send confidential communications to you by an alternative means or at an alternative location without giving us an explanation as to why you are making the request. For example, you may ask that all correspondence be sent to a work address rather than a home address. We will accommodate reasonable requests. We may condition our agreement to your request on you providing us with information as to how payment will be handled and the specification of an alternative address or method of contact. You will need to complete a form to request to receive confidential communications from us by alternative means or at an alternative location. If you wish to request to receive confidential communications from us by alternative means or at an alternative location, contact our Compliance Officer.
THE RIGHT TO RECEIVE AN ACCOUNTING OF DISCLOSURES WE HAVE MADE OF YOUR PHI
You have the right to request an accounting of disclosures of your health information made by us. In your accounting, we are not required to list certain disclosures, including disclosures made for treatment, payment, and health care operations purposes or disclosures made incidental to treatment, payment, and health care operations, however, if the disclosures were made through an electronic health record, you have the right to request an accounting for such disclosures that were made during the previous 3 years; disclosures made pursuant to your authorization; disclosures made to create a limited data set;disclosures made directly to you.
To request an accounting of disclosures, you must submit your request in writing to our compliance officer. You’re request must state a time period which may not be before our inception, June, 2023. Your request should indicate what form your would like the accounting of disclosures (for example, on paper or electronically by e-mail). We may charge you for the reasonable costs of providing the accounting of disclosures. We will notify you of the costs involved and you may choose to withdraw or modify your request at that time, before any costs are incurred. Under limited circumstances mandated by federal and state law, we may temporarily deny your request for an accounting of disclosures.
THE RIGHT TO RECEIVE NOTICE OF A BREACH
A brief description of the breach, including the date of the breach and the date of its discovery, if known; a description of the type of Unsecured Protected Health Information involved in the breach; steps you should take to protect yourself from potential harm resulting from the breach; a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches; contact information, including a toll-free telephone number, e-mail address, Website or postal address to permit you to ask questions or obtain additional information.
In the event the breach involves 10 or more patients whose contact information is out of date, we will post a notice of the breach on the home page of our website or in a major print or broadcast media. If the breach involves more than 500 patients in the jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary. We also are required to submit an annual report to the Secretary of a breach than involved less than 500 patients during the year and will maintain a written log of breaches involving less than 500 patients.
AUTHORIZATION FOR OTHER USES OF MEDICAL INFORMATION
Uses of medical information not covered by our most current Notice of Privacy Practices or the laws that apply to us will be made only with your written authorization. If you provide us with authorization to use or disclose medical information about you, you may revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization, except to the extent that we have already taken action in reliance on your authorization or, if the authorization was obtained as a condition of obtaining insurance coverage and the insurer has the right to contest a claim or the insurance coverage itself. We are unable to take back any disclosures we have already made with your authorization, and we are required to retain our records of the care we provided to you.
THE RIGHT TO OBTAIN PAPER COPY OF NOTICE OF PRIVACY PRACTICES
You have the right to obtain a paper copy of this Notice of Privacy Practices, even if you agree to accept the Notice electronically. If you wish to request a paper copy of the Notice of Privacy Practices, contact our Compliance Officer.
HOW TO MAKE A COMPLAINT
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the US Department of Health and Human Services, 200 Independence Ave., SW, Washington, DC 20201. To file a complaint with us, contact our compliance officer at the address listed below. All complaints must be submitted in writing and should be submitted within 180 days of when you knew or should have known that the alleged violation occurred. See the Office of Civil Rights website, www.hhs.gov/ocr/hipaa/ for more information. We will not retaliate against you in any way for filing a complaint with the government or with us.
Twin City Mobile Integrated Health
6049 Estate Castle Coakley
Christiansted, USVI 00820