Notice of Privacy Practices
Notice of Privacy Practices of Four Oaks Family and Children’s Services
Revised July 2024
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW THIS INFORMATION CAREFULLY
Note: If you have questions about this notice, please contact Four Oaks’ Vice President of Administration at 319-364-0259 or in writing at 5400 Kirkwood Boulevard SW, Cedar Rapids Iowa 52404.
Who will follow this notice
This notice describes the privacy practices of Four Oaks. All of our staff may have access to information in your chart for treatment, payment and health care operations, which are described below, and may use and disclose information as described in this Notice. This Notice also applies to any volunteer or trainee we allow to help you while seeking services from us.
Our pledge regarding the privacy of your medical information
Your medical information includes information about your physical and mental health. We understand that information about your physical and mental health is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive from us. We need this record to provide you with quality care and services and to comply with certain legal requirements. This notice applies to any and all of the records of your care generated by us. This notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical
information.
We reserve the right to revise or amend our notice of privacy practices without additional notice to you. Any revision or amendment to this notice will be effective for all of your records our practice has created or maintained in the past, and for any of your records we may create or maintain in the future. We will post a copy of our current notice in our offices in a prominent place and will post the notice on our website.
Our obligations to you
We are required by law to:
- make sure that medical information that identifies you is kept private except as otherwise provided by state or federal law;
- give you this notice of our legal duties and privacy practices with respect to medical information about you; and
- follow the terms of the notice that is currently in effect.
- inform you of any unauthorized access, use or disclosure of your unencrypted confidential information
- in the event its security or privacy is compromised (i.e., in the event that a reportable breach occurs as provided by the HIPAA Omnibus Final Rule.) We will provide such notice to you without unreasonable delay but in no case later than sixty days after we discover the breach
How we may use and disclose medical information about you
The following categories describe different ways that we may use and disclose medical information. For each category of uses or disclosures we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. This notice covers treatment, payment, and what are called health care operations, as discussed below. It also covers other uses and disclosures for which a consent or authorization are not necessary. Where Iowa law is more protective of your medical information, we will follow state law, as explained below.
For Treatment.
We may use medical information about you to provide you with medical treatment or services without consent or authorization unless otherwise required by applicable state law. We may disclose medical information about you to doctors, pharmacists, laboratories, or other health care providers or case managers or case coordinators or other service providers who are involved in taking care of you whether or not they are affiliated with us. For example, we may disclose medical information concerning you to Mercy Hospital or St. Luke’s Hospital, or physicians or counselors who care for you as well as to any other entity that has provided or will provide care to you. We will disclose mental health information, including psychotherapy notes, AIDS or HIV-related information, or drug treatment information, that we may have about you only with written authorization as required by Iowa law, HIPAA and other federal regulations.
During the course of your treatment, we may refer you to other health care providers with which you may not have direct contact. These providers are called “indirect treatment providers.” “Indirect treatment providers” are required to comply with the privacy requirements of state and federal law and keep your medical information confidential. These providers will be bound by the HIPAA privacy rule.
For Payment.
We may use and disclose medical information about you without consent or authorization so that the treatment and services you receive from us may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about treatment received so your health plan will pay us or reimburse you for the treatment unless you agree to pay in full for the treatment received, as described under “Requests for Restriction,” below. Unless you agree to pay for the treatment in full, we may also tell your payer about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
For Health Care Operations.
We may use and disclose medical information about you without consent or authorization for “health care operations”. These uses and disclosures are necessary to operate Four Oaks and make sure that all individuals receive quality care. For example, we may use medical information or mental health treatment information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also disclose your protected health information to doctors or staff or consultants for review and learning purposes. We may also use your protected health information in preparing for litigation.
Appointment Reminders.
We may use and disclose medical information to contact you by mail, email, or phone to remind you that you have an appointment for treatment, unless you tell us otherwise in writing. Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you. However, we will not use or disclose medical information to market other products and services, either ours or those of third parties, without your authorization.
Health-Related Benefits and Services.
We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care.
We may release medical information, including mental health information, about you to a family member who is involved in your medical care.
We may also give medical information, including prescription information or information concerning your
appointments to other individuals who are involved in your care. We may also give such information to
someone who helps pay for your care. In addition, we may disclose medical information about you to an
entity assisting in a disaster relief effort so that your family can be notified about your condition, status
and location. If Iowa law requires specific authorization for such disclosures, we will obtain an
authorization from you prior to such disclosures.
As Required By Law.
We will disclose medical information about you when required to do so by federal, state or local law without your consent or authorization.
To Avert a Serious Threat to Health or Safety.
We may disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
To Business Associates.
Four Oaks. from time to time will hire consultants called “business associates,” who render services to us using clients’ medical information. We may disclose your medical information to such business associates without your consent or authorization. Business associates are required to maintain and comply with the privacy requirements of state and federal law and keep your medical information confidential. Examples of “business associates” are accounting firms that we hire to perform audits of billing and payment information, and computer software vendors who assist us in maintaining and processing medical information.
Military and Veterans.
If you are a member of the armed forces, we may release medical information about you as required by military command authorities and as otherwise permitted by state and federal law. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
Worker’s Compensation.
We may release medical information about you for workers’ compensation or similar programs without consent or authorization. These programs provide benefits for work-related injuries or illnesses. For example, if you are injured on the job, we may release information regarding that specific injury.
Public Health Risks.
We may disclose medical information about you for public health activities without your consent or authorization. These activities generally include the following:
- to prevent or control disease, injury or disability;
- to report reactions to medications or problems with products;
- to notify people of recalls of products they may be using;
- to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
- to notify the appropriate government authority if we believe a individual has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Health Oversight Activities.
We may disclose medical information to a health oversight agency, such as the Department of Health and Human Services, for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Lawsuits and Administrative Proceedings.
If you are involved in a lawsuit or dispute as a party, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute. Similarly we may disclose medical information about you in proceedings where you are not a party, but only if efforts have been made to tell you or your attorney about the request or to obtain an order protecting the information requested. In addition, we may disclose medical information, including mental health treatment information, to the opposing party in any lawsuit or administrative proceeding where you have put your physical or mental condition at issue if you have signed a valid authorization.
Law Enforcement.
We may release medical information if asked to do so by a law enforcement official:
- in response to a court order, subpoena, warrant, summons or similar process;
- to identify or locate a suspect, fugitive, material witness, or missing person;
- about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
- about a death we believe may be the result of criminal conduct;
- about criminal conduct at Four Oaks; and
- in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners and Funeral Directors.
We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.
National Security and Intelligence Activities.
We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective Services for the President and Others.
We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
Inmates.
If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
How we may use and disclose medical information about you with authorization
Some uses and disclosures of your medical information can be made only with your written authorization, unless otherwise permitted or required by law. You may revoke this authorization anytime, in writing, unless Four Oaks relies on the use or disclosure indicated in the authorization.
Examples of those uses and disclosures that may only be made with your written authorization:
- We will obtain your authorization for uses and disclosures of your health information that are not described in this Notice.
- Four Oaks will disclose AIDS or HIV-related information, or substance abuse treatment information only with written authorization as required by applicable state law and/or federal regulations unless the law expressly permits otherwise.
- Four Oaks will provide mental health information only if you have signed an authorization
- consistent with Iowa law.
- Four Oaks will disclose separately maintained psychotherapy notes only with a specific authorization signed by you or your legal representatives.
- Four Oaks will not use or disclose your protected health information for marketing purposes without your authorization. Moreover, if we will receive any financial remuneration from a third party in connection with marketing, we will tell you that in the authorization form.
- Four Oaks will not sell your protected health information to third parties without your authorization. Any such authorization will disclose that we will receive compensation in the transaction.
If you provide authorization for the disclosure of your health information, you may revoke it at any time by giving us notice in accordance with our authorization policy. Your revocation will not be effective for uses and disclosures made in reliance on your prior authorization.
Your rights regarding medical information about you
You or your personal representative have the following rights regarding medical information we maintain about you (when we say “you” this also means your personal representative, which may be your parent or legal guardian or other individual who is authorized to care for you):
Right to Inspect and Copy.
You have the right to inspect and copy medical information that may be used to make decisions about your care.
If you wish to be provided a copy of medical information that may be used to make decisions about you, you must submit your request in writing to the Privacy Officer at Four Oaks. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing and or other supplies associated with your request.
We may deny your request to inspect and/or obtain a copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Request an Amendment.
If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us.
To request an amendment, your request must be made in writing and submitted to the Privacy Officer at Four Oaks. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make that amendment;
- Is not part of the medical information kept by us
- Is not part of the information which you would be permitted to inspect and copy; or
- Is accurate and complete.
Right to an Accounting of Disclosures.
You have the right to request an “accounting of disclosures.” This is a list of some of the disclosures we made of medical information about you. To request this list or accounting of disclosures, you must submit your request in writing to the Privacy Officer at Four Oaks. Your request must state a time period which may not be longer than six years starting with April 14, 2003. Your request will be provided to you on paper. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions.
You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. However, you will need to make alternative arrangements for payment if you restrict access of individuals responsible for the payment of your care.
We are not required to agree to your request, unless the disclosure is to a health plan or other payer for purposes of carrying out payment or health care operations and you have paid for the services in full yourself. For all other requests for restrictions, if we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
To request restrictions, you must make your request in writing to the Vice President of Administration at Four Oaks. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.
Right to Request Confidential Communications.
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the Privacy Officer at Four Oaks. We will not ask the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Right to a Paper Copy of This Notice.
You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
You may obtain a copy of this notice at our web site.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, submit your complaint in writing to the Vice President of Administration at Four Oaks. You will not be penalized for filing a complaint.
Other uses of medical information
Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written permission as set out in an authorization signed by you. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.