For Persons Served and/or Personal Representatives
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This notice is being provided to you in line with the federal law known as the Health Insurance Portability and Accountability Act (HIPAA) and an amendment to that law, known as the Health Information Technology for Economic and Clinical Health (HITECH) Act. If you have any questions about this notice, please contact the MOKA Privacy Officer at 715 Terrace Street, Suite 201, Muskegon, MI 49440; 800-644-2434. Other statutes and regulations, including, for example, the Michigan Mental Health Code and Part 2 of Title 42 of the Code of Federal Regulations may further restrict our use and disclosure of PHI. When that is the case, the greater restrictions or protections apply.
About Our Agency
About our Agency
MOKA, as a contract agency with the local Community Mental Health agencies, has been chosen to assist people to obtain various medical and mental health care services. In fulfilling this role we perform a variety of acts. Some of the time we provide health services. At other times, we may coordinate these services for you with another agency such as a hospital, school, Social Security offices, Department of Health and Human Services (DHHS), lawyers, or courts. We also submit information about you to get paid for your services. We will bill you, your insurance company, or any third party who may be paying. In any of these situations, we may need to access information about you or the health care services you receive.
Privacy Notice Introduction
When you contact or come to our agency, a record is usually made. These records may contain Protected Health Information (PHI). PHI is all individually identifiable health information that is created or received by MOKA that relates to your past, present or future physical or mental health condition, the provision of health care services and payment for those services. Examples of identifiable health information includes: your name, address, telephone number, social security number, health insurance information, and date of birth; your diagnosis (the condition for which you are receiving treatment), information including how you say you feel, what health problems you have, treatments you may have been given, observation by health care providers, and your treatment plan and goals. How we use this information is explained in more detail in this notice.
Our Pledge Regarding Your Protected Health Information
We know that your health information is personal. We are careful about how we use your information and work hard to protect your privacy. We do not sell your protected health information and we take steps to protect your information from people who do not have the need and/or the legal right to see it.
We are required by Law to make sure that any Personal Health Information (PHI) that identifies you is kept private, to notify you following a breach of your unsecured PHI, give you this Notice of our legal duties and privacy practices, and follow the terms of the current Notice.
We may make changes to this Notice in the future. If we make a change, it will become our current Notice. We will notify you in the event of a change to this Notice. On our website, you will find the current Notice. Copies of the Notice can be obtained from any of our office locations. We will have you sign a statement telling others we gave you this Notice.
How we May Use and Disclose PHI about You
Routine disclosures are the ones we need to make as a part of serving you. We may use and disclose PHI for a variety of reasons. We have a limited right to use and/or disclose your PHI without your authorization for the purpose of treatment, payment or our operations. Other uses and disclosures require your written authorization unless the law permits or requires us to make the use or disclosure without your authorization. If we disclose your PHI to a third party in order for that party to perform a function on our behalf, the third party must agree that it will extend the same degree of privacy protection to your PHI that we do. Subject to the limitations of the Michigan Mental Health Code, and Title 42, Part 2 of the Code of Federal Regulations, we may use or disclose your PHI without your authorization as follows:
- Treatment. We will use and disclose your PHI to provide, coordinate, or manage your supports, care and any other related services. This includes the coordination or management of your health care with another person like a doctor or therapist for treatment purposes. We may use your PHI to remind you of an appointment or to tell you about potential treatment options.
- Payment. Your PHI will be used and disclosed to obtain payment for the services provided. This may include talking with your health insurer to get approval for treatment. It may also include statistical reports to agencies making funds available to us for your benefit.
- Operations. We may use or disclose your PHI for our operations in order to maintain or improve services. This can include quality assessment, accreditation, licensing or business management and general administrative activities.
- Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
- Public Health. We may disclose parts of your PHI to the Public Health Department when the law requires us to do so. This disclosure would only be made for the purpose of controlling disease, injury, or disability.
- Fundraising & Other Communications. We may use or disclose parts of your PHI to offer you information that may be of interest to you. For example, we may use your name and address to send you newsletters or other information about activities. If we contact you to raise funds, we will inform you of our intention and your right to opt out of receiving such communications.
- Business Associates and Subcontractors. We may contract with people, companies, and entities known as Business Associates to perform various functions or provide certain services. In order to perform these functions or provide these services, Business Associates may receive, create, maintain, use, and/or disclose your PHI, but only after they sign an agreement with us requiring them to implement appropriate safeguards regarding your PHI. Similarly, a Business Associate may hire a Subcontractor to assist in performing functions or providing services in connection with your services. If a Subcontractor is hired, the Business Associate may not disclose your PHI to the Subcontractor until after the Subcontractor enters into a Subcontractor Agreement with the Business Associate that also requires the Subcontractor to safeguard your PHI.
- Research. We may disclose your PHI to researchers only with your authorization.
- Abuse, Neglect or Domestic Violence Reporting. To alert the Department of Health and Human Services (DHHS), State or local authorities if we believe someone is a victim of abuse or neglect or domestic violence.
- Health Oversight Entities. We may disclose your PHI to health oversight agencies for things like audits; civil or administrative reviews, proceedings, investigations, inspections, and licensing activities.
- Law Enforcement. We will disclose your PHI when required to do so by federal, state or local law. For example, we may disclose PHI during any court or administrative proceeding, if we are ordered to do so and/or to meet legal requirements. We may also disclose PHI for law enforcement purposes, such as investigation of a crime, but only if such disclosures comply with Michigan law.
- Coroners or Medical Examiners. We may disclose PHI to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties.
- Health and Human Services (DHHS). For assurance that we are following the law. We also will release your PHI if we suspect there may have been child or vulnerable adult abuse or neglect. Federal and State Laws require these reports. Michigan law does not require us to notify you when we make a report about abuse or neglect.
- As Required by Law. We will disclose your PHI when required to do so by federal, state, or local law.
Privacy Rights & Your Rights Regarding Your Protected Health Information (PHI)
- Right to Review and Receive a Copy of your PHI. You may request a copy of your protected health information. You may also request to review your health information. If your request is accepted, we will arrange a mutually agreeable time for you to look at your protected health information. We may deny your request to review and copy in a few limited circumstances. If your request is denied, you may ask for a review of that denial by contacting our Privacy Officer at (800) 644-2434. Copies of protected health information may be provided for a reasonable fee. We will let you know what the fee (if there is one) will be before a copy of your personal health information is made.
- Right to Request Restrictions. You may request limitations on the use of your PHI. For example, you can ask that your information not be shared with certain family members. We are not always able to comply with these requests. If we are unable to or do not agree to your request, we will let you know. If we do agree to a restriction and the restricted information is needed for your emergency care, we may still use or disclose the information as we think appropriate.
- Right to Request Alternate Methods of Communication. You may request an alternate method of receiving confidential mails and other communications of your protected health information (PHI). For instance, you may request that your PHI be sent to a post office box rather than to your home address. You may also request that calls be made to a certain telephone number. We do not require that you state a reason for your request.
- Right to Request an Amendment. You may request an amendment to your PHI if you think it is incorrect or incomplete. We may ask that the request be in writing and state the reasons for the amendment. We will notify you to let you know if we agree or disagree with your request. If we do not agree, we will provide you with information on why we disagree and what options you have. To request an amendment, your request must be made in writing and submitted to our Privacy Officer.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- is not part of the treatment information kept by MOKA;
- was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- is not part of the information which you would be permitted to inspect and copy; or
- is accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request a periodic accounting of the disclosures of your protected health information so that you will be aware of who has had access to your information. Your request may specify a time period which may not be longer than six years. We are not required to provide an accounting for disclosures prior to April 14, 2003. Not every disclosure made is included in the accounting. Disclosures you authorized in writing, routine internal disclosures such as those made to agency personnel in the course of providing you services, and/or disclosures made in connection with payment are all examples of things not included in the accounting. The accounting will state the time of the disclosure, the purpose for which it was disclosed and a description of the PHI disclosed. If there is any fee for the accounting, we will let you know what it is before the accounting is done.
- Right to Receive a Copy. Copies of this Notice will be available upon request at agency facilities and is also available on the agency website at moka.org.
- Uses Requiring Authorization. There are some uses of protected health information that require your authorization. If your PHI is sought for a use that requires your approval, you will be told the reason for the request, who is asking for the information, and what information is requested. There will also be an explanation of how you may cancel (revoke) your authorization. If we have already acted in reliance upon your authorization or consent, you may not be able to cancel it.
The following uses and disclosures of your PHI will be made only with your written authorization:
- Uses and disclosures of PHI for marketing purposes;
- Disclosures that constitute a sale of your PHI; and
- Uses and disclosures of psychotherapy notes other than to carry out the treatment, payment, and health care operations set forth at 45 CFR § 164.508(a)(2).
Other uses and disclosures of your PHI not covered by this notice or applicable laws will be made only with your written permission. If you provide us permission to use or disclose your PHI, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose your PHI for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission.
- Breach Notification Requirements. You have a right to be notified upon a breach of your unsecured PHI. We will also inform the Department of Health and Human Services (HHS) and take any other steps required by law.
- Issues, Concerns and Complaints. If you believe your privacy rights have been violated, you may file a complaint with MOKA by contacting the MOKA Privacy Officer. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services.
You may believe that your protected health information has not been handled in a way that respects your privacy. You may also seek to appeal a denial of your request to review or amend your protected health information. Please feel free to express your concerns to our Privacy Officer. Our Privacy Officer is very helpful and experienced in responding to questions about our programs and services. Making an issue or complaint known is simple to do by calling:
Privacy Officer 1-800-644-2434
Services we provide or pay for will not be affected for raising a privacy issue.