Notice of Privacy Practices – Clients

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

USES AND DISCLOSURES OF DONOR INFORMATION

We keep paper records of the yellow portion of your donor form given upon donation at our donation door and for those who agree, enter their information into our data base of donors. For large donors, we may decide jointly with the donor to disclose the donation. Any donor who wishes to remain anonymous may do so.

USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION

Protected health information (PHI) includes demographic and medical information that concerns the past, present, or future physical or mental health of an individual. Demographic information could include your name, address, telephone number, social security number, and any other means of identifying you as a specific person. PHI contains specific information that identifies a person or can be used to identify a person.

PHI is health information created or received by a health care provider, health plan, employer, or health care clearinghouse. The Poverello Center Inc. (TPC) can act as each of these business types. This medical information is used by TPC in many ways while performing normal business activities.

Your PHI may be used or disclosed by TPC for purposes of treatment, payment, and health care operations. Health care professionals use medical information in clinics or food pantries to take care of you. Your PHI may be shared, with or without your consent, with another health care provider for purposes of your treatment. TPC may use or disclose your health information for case management and services. TPC may send the medical information to insurance companies, Medicaid, or community agencies to pay for the services provided to you. You may have signed an agreement with Broward or Palm Beach Counties data systems through GTI’s Provide Enterprise to share your information with other agencies who have the potential to be involved in your care.

Your information may be used by certain department personnel to improve TPC’s health care operations. TPC also may send you appointment reminders, information about treatment options, or other health-related benefits and services.

Some PHI can be disclosed without your written authorization as allowed by law. Those circumstances include:

  • Reporting abuse of children, adults, or disabled persons.
  • Investigations related to a missing child.
  • Internal investigations and audits by the department’s divisions, bureaus, and offices.
  • Investigations and audits by the state’s Inspector General and Auditor General, and the legislature’s Office of Program Policy Analysis and Government Accountability.
  • Public health purposes, including vital statistics, disease reporting, public health surveillance, investigations, interventions, and regulation of health professionals.
  • District medical examiner investigations.
  • Research approved by the department.
  • Court orders, warrants, or subpoenas.
  • Law enforcement purposes, administrative investigations, and judicial and administrative proceedings.

We utilize advanced encryption protocols to protect the storage and transmission of PHI. This includes the use of internet-standard TLS (Transport Layer Security) to ensure data integrity and confidentiality during transmission of our data stored in AthenaNet. To ensure secure access to electronic health records (EHR), we implement multi-factor authentication. This requires users to provide two or more verification factors to gain access, significantly enhancing security. We have robust access control measures in place, allowing us to manage and restrict access based on user roles and responsibilities.

Other uses and disclosures of your PHI by TPC will require your written authorization. This authorization will have an expiration date that can be revoked by you in writing.

INDIVIDUAL RIGHTS

You have the right to request the Poverello Center to restrict the use and disclosure of your PHI to carry out treatment, payment, or health care operations. You may also limit disclosures to individuals involved with your care. Poverello is not required to agree to any restriction.

You have the right to be assured that your information will be kept confidential. The Poverello Center will contact you in the manner and at the address or phone number you select. You may be asked to put your request in writing. If you are responsible for paying for services, you may provide an address other than your residence where you can receive mail and where we may contact you.

You have the right to inspect and receive a copy of your PHI that is maintained by Poverello within 30 days of TPC’s receipt of your request. To obtain a copy of your PHI, you must complete TPC’s Authorization to Disclose Confidential Information form and submit the request to the administrative office, if there are delays in getting you the information, you will be told the reason for the delay and the anticipated date when you will receive your information. Your inspection of information will be supervised at an appointed time and place. You may be denied access as specified by law. Or simply sign up for and access your medical records online for free 24/7.

If you choose to receive a copy of your PHI, you have the right to receive the information in the form or format you request. If TPC cannot produce it in that form or format, it will give you the information in a readable hard copy form or another form or format that you and Poverello agree to.

TPC cannot give you access to psychotherapy notes or certain information being used in legal proceedings. Records are maintained for specified periods of time in accordance with the law. If your request covers information beyond that time TPC is required to keep the record, the information may no longer be available. If access is denied, you have the right to request a review by a licensed health care professional who was not involved in the decision to deny access. This licensed health care professional will be designated by TPC.

You have the right to correct your PHI. Your request to correct your PHI must be in writing and provide a reason to support your requested correction. TPC may deny your request, in whole or part, if it finds the PHI:

  • It was not created by TPC.
  • It is not PHI.
  • By law, is not available for your inspection.
  • It is accurate and complete.

If your correction is accepted, TPC will make the correction and tell you and others who need to know about the correction. If your request is denied, you may send a letter detailing the reason you disagree with the decision. TPC may respond to your letter in writing. You also may file a complaint, as described below in the section titled Complaints.

You have the right to receive a summary of certain disclosures Poverello may have made of your PHI. This summary does not include:

  • Disclosures made to you.
  • Disclosures to individuals involved with your care.
  • Disclosures authorized by you.
  • Disclosures made to carry out treatment, payment, and health care operations.
  • Disclosures for public health.
  • Disclosures to health professional regulatory purposes.
  • Disclosures to report abuse of children, adults, or disabled persons.
  • Disclosures prior to April 14, 2003.

This summary does include disclosures made for:

  • Purposes of research, other than those you authorized in writing.
  • Responses to court orders, subpoenas, or warrants.
  • You may request a summary for not more than a 6-year period from the date of your request.

If you receive this Notice of Privacy Practices electronically, you have the right to a paper copy upon request. Patients can access their electronic health records anytime free of charge by signing up for our patient portal. Any printing incurs a fee of $1 per 5 pages, collected in advance of the printing. Ongoing staff training on privacy practices and HIPAA compliance occurs. Poverello may mail or call you with health care appointment reminders.

TELEHEALTH SERVICES

Privacy in Telehealth is maintained during telehealth consultations by using a tool specifically for telehealth. Confidentiality is assured for Poverello providers, but you must make sure no confidential information is overheard at your side of the telehealth visit. You always have the right to consent to use telehealth, or conversely to refuse it.

DATA BREACHES

Affected individuals will be notified as soon as possible of any known data breaches, ideally within 72 hours of discovering the breach. You are notified through the Athena patient portal first, so ensure you have signed up for notifications. Immediate actions will be taken to secure systems and prevent further data loss. This includes isolating affected systems, changing passwords, and fixing vulnerabilities. A thorough investigation to determine the scope and cause of the breach will be conducted, which may involve hiring forensic experts.

Once the investigation reveals what happened, we will communicate with affected individuals, including notice through Athena, mail, and then telephone/email. The information provided will include the nature of the breach, data affected, and steps taken to mitigate harm. We will offer support services such as credit monitoring or identity theft protection to affected individuals. A review of our procedures and practices will be conducted to address weaknesses.

POVERELLO DUTIES

The Poverello Center Inc. (TPC) is required by law to maintain the privacy of your PHI. This Notice of Privacy Practices tells you how your PHI may be used and how the department keeps your information private and confidential. This notice explains the legal duties and practices relating to your PHI. TPC has the responsibility to notify you following a breach of your unsecured PHI.

As part of TPC’s legal duties, this Notice of Privacy Practices must be given to you. TPC is required to follow the terms of the Notice of Privacy Practices currently in effect.

The Poverello may change the terms of its notice. The change, if made, will be effective for all PHI that it maintains. New or revised notices of privacy practices will be posted on the Poverello website at https://poverello.org/notice-of-privacy-practices-clients/ and will be available by email and at all Poverello buildings.

Also available are additional documents that further explain your rights to inspect, copy, and amend your PHI.

ELECTRONIC USES OF INFORMATION

Besides AthenaNet, Poverello utilizes Smart Choice, GTI’s Provide Enterprise through the Counties of Broward and Palm Beach.

REFERENCES

“Standards for the Privacy of Individually Identifiable Health Information; Final Rule.” 45 CFR

Parts 160 through 164. Federal Register 65, no. 250 (December 28, 2000).

“Standards for the Privacy of Individually Identifiable Health Information; Final Rule” 45 CFR

Part 160 through 164. Federal Register, Volume 67 (August 14, 2002).

HHS, Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification

Rules under the Health Information Technology for Economic and Clinical Health Act and the

Genetic Information and Nondiscrimination Act; Other Modifications to the HIPAA Rules, 78

Fed. Reg. 5566 (Jan. 25, 2013).

Spanish     Haitian Creole

Events & Happenings

[fts_facebook type=page id=1019663828069038 posts=3 posts_displayed=page_only] [fts_instagram instagram_id=306310494 pics_count=9 type=user profile_wrap=no] [fts_twitter twitter_name=@HungerFighter tweets_count=3 cover_photo=no stats_bar=no show_retweets=no show_replies=no]