Foothill Family Foothill Family Foothill Family
Privacy Policy
Privacy Policy

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

I.          Who We Are

This Notice describes the privacy practices of Foothill Family Service.  It applies to all services furnished to you by Foothill Family Service staff and contracted service providers.

II.        Our Privacy Obligations

We are required by law to maintain the privacy of your health information (“Protected Health Information” or “PHI”) and to provide you a copy of this Notice of our legal duties and privacy practices with respect to your Protected Health Information.  When we use or disclose your Protected Health Information, we are required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure) and to let you know promptly if a breach occurs that may have compromised the privacy or security of your information. 

III.       Permissible Uses and Disclosures Without Your Written Authorization

In certain situations, which we will describe in Section IV below, we must obtain your written authorization in order to use and/or disclose your PHI.  However, we do not need any type of authorization from you for the following uses and disclosures:

A.        Uses and Disclosures For Treatment, Payment and Health Care Operations.  We may use and disclose PHI, but not your “Highly Confidential Information” (defined in Section IV.C below), in order to treat and serve you, obtain payment for services provided to you and conduct our “health care operations” as detailed below:

  • Treatment.  We use and disclose your PHI to provide treatment and other services to you.  In addition, we may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.  We may also disclose PHI to other providers involved in your treatment or services.

 

  • Payment.  We may use and disclose your PHI to obtain payment for services that we provide to you--for example, disclosures to claim and obtain payment from your health insurer, HMO, or other funding source that pays the cost of some or all of the services we provide (“Your Payor”).

 

  • Health Care Operations.  We may use and disclose your PHI for our health care operations, which include internal administration and planning and various activities that improve the quality and cost effectiveness of the care that we deliver to you.  For example, we may use PHI to evaluate the quality and competence of our staff and contracted service providers.  We may disclose PHI to management in order to resolve any complaints you may have and ensure that you receive quality service.

 

B.        Public Health Activities.  We may disclose your PHI for the following public health activities:  (1) to report health information for the purpose of preventing or controlling disease, injury or disability; (2) to report child abuse and neglect to other government authorities authorized by law to receive such reports; (3) to report information about products or services under the jurisdiction of the Food & Drug Administration; (4) to alert a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition; and (5) to report information to your employer as required under laws addressing work-related illnesses and injuries or workplace medical surveillance.

C.        Victims of Abuse, Neglect or Domestic Violence.  If we reasonably believe you are a victim of abuse or neglect, we may disclose your PHI to a governmental authority, including a social service or protective services agency, authorized by law to receive reports of such abuse or neglect. 

D.        Health Oversight Activities.  We may disclose your PHI to a health oversight agency that oversees the health care system and is charged with responsibility for ensuring compliance with the rules of government health programs such as Medicare or Medicaid.

E.         Judicial and Administrative Proceedings.  We may disclose your PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.
           
F.         Law Enforcement Officials.  We may disclose your PHI to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena. 

G.        Decedents.  We may disclose your PHI to a coroner, medical examiner, or a funeral director as authorized by law.

H.        Health or Safety.  We may use or disclose your PHI to prevent or lessen a serious and imminent threat to a person’s or the public’s health or safety. These situations may include preventing disease, helping with product recalls, reporting adverse reactions to medications.

I.          Specialized Government Functions.  We may use and disclose your PHI to units of the government with special functions, such as the U.S. military, U.S. Department of State under certain circumstances including national security activities and presidential protective services. If you are a member of the armed forces, we may release PHI as required by military command authorities. We may also  PHI to the appropriate foreign military authority if you are a member of a foreign military.  

J.          Workers’ Compensation.  We may disclose your PHI as authorized by and to the extent necessary to comply with California law relating to workers' compensation or other similar programs.

K.        Inmates or Individuals in Custody.  If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release PHI  to the correctional institution or law enforcement official. This release would be necessary: 1) for the institution to provide you with health care; 2)to protect your health and safety of others; or 3) the safety and security of the correctional institution.    

L.  Research. Under certain circumstances, we may use and disclose PHI for research.

M. Respond to organ and tissue donation requests. We can share information about you to organ procurement organizations.  

N.  Business Associates. We may disclose PHI to our Business Associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. All of our business associates are required to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract.

O. Data Breach Notification. We may use or disclose your PHI to provide legally required notices of unauthorized access to or disclosure of your health information.      

P.         As required by law.  We may use and disclose your PHI when required to do so by any other law not already referred to in the preceding categories.

 

IV.       Uses and Disclosures that Require Us to Give You the Opportunity to Object and opt out

A.        Disclosure to Relatives, Close Friends and Other Caregivers.  We may use or disclose your PHI to a family member, other relative, a close personal friend or any other person identified by you when you are present for, or otherwise available prior to, the disclosure, if we (1) obtain your agreement; (2) provide you with the opportunity to object to the disclosure and you do not object; or (3) reasonably infer that you do not object to the disclosure. 

                        If you are not present, or the opportunity to agree or object to a use or disclosure cannot practicably be provided because of your incapacity or an emergency circumstance, we may exercise our professional judgment to determine whether a disclosure is in your best interests.  If we disclose information to a family member, other relative or a close personal friend, we would disclose only information that we believe is directly relevant to the person’s involvement with your care.  We may also disclose your PHI in order to notify (or assist in notifying) such persons of your location, general condition or death. 

            B. Disaster Relief. We may disclose your PHI to disaster relief organizations that seek your PHI to coordinate your care, or notify family and friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to such a disclosure whenever we practically can do so. 

 

V.        Uses and Disclosures Requiring Your Written Authorization

A.        Use or Disclosure with Your Authorization.  For any purpose other than the ones described above in Section III, we only may use or disclose your PHI when you grant us your written authorization on our authorization form (“Your Authorization”).  For instance, you will need to sign an authorization form before we can send your PHI to other service providers as part of your care or to the attorney representing the other party in litigation in which you are involved.  You may revoke your authorization at any time by writing to our Privacy Officer.

B.        Marketing.  We must also obtain your written authorization prior to using your PHI to send you any marketing materials.  (We can, however, provide you with marketing materials in a face-to-face encounter without obtaining Your Marketing Authorization.  We are also permitted to give you a promotional item of nominal value, if we so choose, without obtaining Your Marketing Authorization).  In addition, we may communicate with you about services relating to your treatment, case management or care coordination, or alternative treatments, therapies, providers or care settings without Your Marketing Authorization.

C. Sale of PHI. We must obtain your written authorization for disclosures that constitute a sale of your PHI.

D.        Uses and Disclosures of Your Highly Confidential Information.  In addition, federal and California law requires special privacy protections for certain highly confidential information about you (“Highly Confidential Information”), including the subset of your PHI that:  (1) is maintained in psychotherapy notes; (2) is about mental health and developmental disabilities services; (3) is about alcohol and drug abuse prevention and treatment; (4) is about HIV/AIDS testing, diagnosis or treatment; (5) is about communicable disease(s); (6) is about genetic testing, including any information related to genetic testing, the genetic testing of family members, the manifestation of a disease or disorder in family members of an individual, and any request for, or receipt of, genetic services or participation in clinical research which includes genetic services, by an individual or family member of an individual. (7) is about child abuse and neglect; (8) is about domestic and elder abuse or (9) is about sexual assault. In order for us to disclose your Highly Confidential Information for a purpose other than those permitted by law, we must obtain your written authorization.  In accordance with federal and California law, there are specific situations in which Highly Confidential Information may be released without the client's authorization:

            1.         Substance abuse information may be released in the following situations:
           
                        a.         Program Personnel: Communication of information between or among personnel who need such information to diagnose, treat, or refer for treatment of alcohol or drug abuse, if the communications are within a program or between a program and an entity that has direct administrative control over the program.

                        b.         Qualified Service Organizations:  Communications between a program and a qualified service organization of information needed by the organization to provide services to the program.

                        c.         Crimes on Program Premises or Against Program Personnel: Communications from program personnel to law enforcement officers that are directly related to a client's commission of a crime on program premises or against program personnel or to a threat to commit such crime and are limited to the circumstances of the incidents. 

                        d.         Child Abuse Reports: Reports of suspected child abuse and neglect under California law to the appropriate authorities.

                        e.         Veterans' Administration and Armed Forces: Certain exceptions apply to records and information maintained by the Veterans' Administration and Armed Forces. 
                       
                        f.          Medical Emergencies: Information may be disclosed to medical personnel who need the information to treat a condition which poses an immediate threat to the health of any individual and which requires immediate medical intervention (See 42 C.F.R. § 2.51 (b) for other situations involving medical emergencies). 

                        g.         Audit and Evaluation Activities: Information may be disclosed for audit by an appropriate federal, state or local governmental agency that provides financial assistance to the program or is authorized by law to regulate its activities; a third party payer covering clients in the program; a private person or entity that provides financial assistance to the program; a peer review organization performing utilization or quality control review; or an entity authorized to conduct a Medicare or Medicaid audit or evaluation (See 42 C.F.R. § 2.53 for certain restrictions involving audit and evaluation activities). 

            2.         Reports of suspected child abuse or neglect and information contained therein may be disclosed only to:

                        a.         Law enforcement

                        b.         Child welfare agency 

                        c.         Licensing agency (the state agency responsible for licensing the facility (i.e. youth center, school, child care facility, etc.) in question).

  • Audit and Evaluation Activities: Information may be disclosed for

audit by an appropriate federal, state or local governmental agency that provides financial assistance to the program or is authorized by law to regulate its activities; a third party payer covering clients in the program; a private person or entity that provides financial assistance to the program; a peer review organization performing utilization or quality control review; or an entity authorized to conduct a Medicare or Medicaid audit or evaluation (See 42 C.F.R. § 2.53 for certain restrictions involving audit and evaluation activities).

            3.         Reports of elder and dependent adult abuse may be disclosed only in these following situations:

                        a.         Information relevant to the incident of elder or dependent adult abuse may be given to an investigator from an adult protective services agency, a local law enforcement agency, the Bureau of Medi-Cal fraud, or investigators from the Department of Consumer Affairs, Division of Investigation who are investigating the known or suspected case of elder or dependent adult abuse.

                        b.         Persons who are trained and qualified to serve on multidisciplinary personnel teams may disclose to one another information and records that are relevant to the prevention, identification, or treatment of abuse of elderly or dependent adults.   

                        c.         The health care provider may disclose medical information covered by the Confidentiality of Medical Information Act, Civil Code § 56, et seq.

                        d.         The health care provider may disclose mental health information covered by Welfare and Institutions Code § 5328.

                        e.         Information from elder abuse reports and investigations, except for the identity of persons who have made reports.

                        f.          Information pertaining to reports by health practitioners of persons suffering from physical injuries inflicted by means of a firearm or of person suffering physical injury where the injury is a result of assaultive or abusive conduct.

g.         Information protected by the physician-client or psychotherapist-
client privileges.

h.         Audit and Evaluation Activities: Information may be disclosed for
audit by an appropriate federal, state or local governmental agency that provides financial assistance to the program or is authorized by law to regulate its activities; a third party payer covering clients in the program; a private person or entity that provides financial assistance to the program; a peer review organization performing utilization or quality control review; or an entity authorized to conduct a Medicare or Medicaid audit or evaluation (See 42 C.F.R. § 2.53 for certain restrictions involving audit and evaluation activities).

            4.         Communicable diseases (See Title 17, California Code of Regulations § 2504 for a list of diseases that must be reported).

                        a.         Health care facilities and clinics must establish administrative procedures to assure that reports are made to the local health officer.

                        b.         Where no health care provider is in attendance, any individual having knowledge of a person who is suspected to have one of the diseases listed in Title 17, California Code of Regulations § 2504 may make a report to the local health officer for the jurisdiction in which the client resides.

                        c.         Disease notifications must include, if known, the following information: the name of the disease or condition; the date of onset; the date of diagnosis; the name, address, telephone number, occupation, race/ethnic group, social security number, sex, age, and the date of birth of the client; the date of death when applicable; and the name, address and telephone number of the person making the report. 

            5.         Release of mental health and developmental disability information
requires the written authorization of the client only to the persons listed below:

                        a.         The client's attorney, upon presentation of release of information authorization signed by the client (See Evidence Code § 1158 for authorization requirements).  If the client is unable to sign, the facility may release records to the attorney, if the staff has determined that the attorney does not represent the interests of the client.

                        b.         A person designated by the client, provided the professional in charge of the client gives approval; client consent is not required (See Welfare and Institutions Code § § 5328.6 and 5328.7 for additional requirements).

                        c.         A person designated in writing by a client's parent, guardian, conservator, or guardian ad litem if the client is a minor, ward or conservatee; client's consent is not required (See Welfare and Institutions Code § § 5328.6 and 5328.7 for additional requirements).

                        d.         A professional person who does not have the medical or psychological responsibility for the client's care and who is not employed by the facility that maintains the record (See Welfare and Institutions Code § § 5328.6 and 5328.7 for additional requirements).
                       
                        e.         A life or disability insurer provided the client designates the insurer in writing.

                        f.          A qualified physician or psychiatrist who represents an employer to which the client has applied for employment unless the physician or administrative officer responsible for the care of the client deems the release contrary to the best interests of the client (See Welfare and Institutions Code § 5328.9 for additional requirements).

                        g.         A probation officer charged with the evaluation of a person after his or her conviction of a crime if the person has been previously confined in, or otherwise treated by, a facility (See Welfare and Institutions Code § 5328 (k) for additional requirements).

                        h.         An applicant for, or recipient of, services from the state Department of Developmental Services (or the person's authorized representative) for the purpose of appealing an adverse eligibility or benefits decision (See Welfare and Institutions Code § 4726 - 4730 for additional requirements).

                        i.          A county clients' rights advocate upon presentation of written authorization, signed by the client who is the advocate's "client" or by the "client's" guardian ad litem (See Welfare and Institutions Code § § 5328 (m) and 5546 for additional requirements and definitions).

V.        Your Rights Regarding Your Protected Health Information

A.        For Further Information; Complaints.  If you desire further information about your privacy rights, are concerned that we have violated your privacy rights or disagree with a decision that we made about access to your PHI, you may contact our Privacy Office.  You may also file written complaints with the Office for Civil Rights of the U.S. Department of Health and Human Services by sending a letter to 200 Independence Ave., S.W., Washington, D.C. 20201, calling 1-877-696-6775 or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.  We will not retaliate against you if you file a complaint with us or the Director. 

B.        Right to Request Additional Restrictions.  You may request restrictions on our use and disclosure of your PHI (1) for treatment, payment and health care operations, (2) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care, or (3) to notify or assist in the notification of such individuals regarding your location and general condition.  While we will consider all requests for additional restrictions carefully, we are not required to agree to a requested restriction.  If you wish to request additional restrictions, please obtain a request form from our Privacy Office and submit the completed form to the Privacy Office.  We will send you a written response.

C.        Right to Receive Confidential Communications.  You may request, and we will accommodate, any reasonable written request for you to receive your PHI by alternative means of communication or at alternative locations. 

D.        Right to Revoke Your Authorization.  You may revoke Your Authorization, Your Marketing Authorization or any written authorization obtained in connection with your Highly Confidential Information, except to the extent that we have taken action in reliance upon it, by delivering a written revocation statement to the Privacy Office identified below.  A form of Written Revocation is available upon request from the Privacy Office.

E.         Right to Inspect and Copy Your Health Information.  You may request access to your record file and billing records maintained by us in order to inspect and request copies of the records.  Under limited circumstances, we may deny you access to a portion of your records.  If you desire access to your records, please obtain a record request form from the Privacy Office and submit the completed form to the Privacy Office.

You should take note that, if you are a parent or legal guardian of a minor, certain portions of the minor’s record will not be accessible to you, for example, records pertaining to health care services for which the minor can lawfully give consent and therefore for which the minor has the right to inspect or obtain copies of the record; or the health care provider determines, in good faith, that access to the client records requested by the representative would have a detrimental effect on the provider's professional relationship with the minor client or on the minor's physical safety or psychological well-being.

F.         Right to an Electronic Copy of Electronic Medical Records . If your PHI is maintained in an electronic format, you have the right to request that an electronic copy of your record be given to you or transmitted to another individual entity. We will make every effort to provide access to your PHI in the form or format your request, if it is readily producible in such form or format. 

G.        Right to Amend Your Records.  You have the right to request that we amend Protected Health Information maintained in your record file or billing records.  If you desire to amend your records, please obtain an amendment request form from the Privacy Office and submit the completed form to the Privacy Office.  We will comply with your request unless we believe that the information that would be amended is accurate and complete or other special circumstances apply.

H.        Right to Receive An Accounting of Disclosures.  Upon written request, you may obtain an accounting of certain disclosures of your PHI made by us during any period of time prior to the date of your request provided such period does not exceed six years and does not apply to disclosures that occurred prior to April 14, 2003. 

I.         Right to Get a Notice of a Breach. You have the right to be notified of any breach of your unsecured PHI.

J.         Out of Pocket Payments. If you have paid out of pocket in full for a specific item or service, you have the right to ask that your PHI with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request. 

K.         Choose someone to act for you. If you have given someone power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health plan.

L.          Right to Receive Paper Copy of this Notice.  Upon request, you may obtain an additional paper copy of this Notice. 

VI.       Effective Date and Duration of This Notice

     A.        Effective Date.  This Notice is effective on September, 23rd, 2013

           B.        Right to Change Terms of this Notice.  We may change the terms of this Notice at any time.  If we change this Notice, we may make the new notice terms effective for all Protected Health Information that we maintain, including any information created or received prior to issuing the new notice.  If we change this Notice, we will post the new notice in waiting areas around Foothill Family Service and on our Internet site at www.foothillfamily.org.  You also may obtain any new notice by contacting the Privacy Office.

VII.     Privacy Office

You may contact the Privacy Office at:

Privacy Officer
Foothill Family Service
2500 E. Foothill Blvd Suite #300
Pasadena, CA 91107
Telephone Number: (626) 993-3000  

 
 
 
 
Home | About Us | Get Involved | Donate Now | Programs & Services | Careers | Events | News & Publications | Privacy Policy | Contact Us
| FFS Employee Helpdesk |
© 2010 Foothill Family Service. All Rights Reserved.
 
Find us on:     
www.foothillfamily.org is a Positive SSL Secured website