NOTICE OF PRIVACY PRACTICES
EFFECTIVE DATE JUNE 1, 2017
This notice describes how medical information about current former patients of THIRA Health may be used and disclosed, and how patients can access their information. A comprehensive Notice of Privacy Practices is provided to all patients of THIRA Health for their review and signature.
THIRA health protects the confidentiality of patient health information in accordance with HIPAA (Health Information Portability and Accountability Act) and Washington State law RCW 70.02.
Questions related to the confidentiality of protected health information are attended to by the THIRA Health Privacy Officer.
Use – refers to how protected health information is used within an organization.
Disclosure – refers to when protected health information is shared by an organization to an external entity relevant to a patient’s care and course of treatment.
As a patient of THIRA Health, you have the right to:
- Receive a copy of your paper or electronic medical record.
- Correct your paper or electronic medical record.
- Request confidential communication.
- Ask us to limit the information we share.
- Get a list of those with whom we’ve shared your information.
- Get a copy of this privacy notice.
- Choose someone to act for you.
- File a complaint if you feel your rights are violated.
- Exercise choices regarding how your information is used or shared.
THIRA HEALTH USES AND DISCLOSURE
THIRA Health may choose to use or disclose the minimum necessary information in the following situations as permitted under HIPAA:
- As it is relevant and necessary for your treatment.
- As it is relevant and necessary to the operations of THIRA health for billing, coordination with health plans, improve our organization and treatment processes, and contact patients as needed.
- In compliance with public health and safety.
- THIRA Health is required by RCW 26.44 and RCW 74.34 to report suspected abuse and neglect of vulnerable adults and children.
- THIRA Health has a duty to warn (RCW 71.05.120) an identifiable victim(s) if you make a serious threat of harm.
- In order to conduct research.• To comply with state or federal law, including the Department of Health and Human Services.
- To respond to organ and tissue donation requests.
- To work with a medical examiner or funeral director.
- To address workers’ compensation, law enforcement, and other government requests.
- To respond to lawsuits and legal actions.
THIRA HEALTH RESPONSIBILITIES
THIRA Health is required by law to maintain the privacy and security of your protected health information. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We will not use or share your information other than as described here unless you give us permission in writing. If you give permission, you may change your mind at any time. Let us know in writing if you change your mind.
Washington State has enacted additional privacy protection laws regarding health information related to sexually transmitted diseases and mental health records. The following additional protections exist in Washington State:
- Sexually Transmitted Disease. THIRA Health will not share information regarding sexually transmitted diseases unless authorized by RCW 70.02.220, RCW 70.02.210
- Mental Health Treatment Record. Your mental health records and the fact that you have received mental health treatment are confidential and may only be disclosed under certain circumstances or with your consent.
- 42 CFR PART 2 (Confidentiality of Alcohol and Drug Abuse Patient Records). If you have received treatment from a Substance Use Disorder provider who is required to comply with the 42 CFR Part 2 and we receive information from that provider regarding your history, diagnosis, and treatment of a substance use disorder, or information that would identify you as an individual who has or does abuse substances, we are prohibited form redistributing this information without your explicit written consent. Information about alcohol and drug use received from a covered provider has more stringent privacy protections than HIPAA. THIRA Health will comply with the prohibition from redisclosure of such records when applicable.
HIPAA EMAIL CONSENT
Email is a convenient way for us to communicate with patients and their families. Most popular email services do not utilize encrypted email. This means a third party may be able to access information sent via email and read it because it is transmitted over the internet. Additionally, once you receive an email, someone may be able to access your account and read it.
The federal government recently modified HIPAA and provided guidance on the use of email to send protected health information. The guidelines state that if a patient has been made aware of the risks of unencrypted email and consents to receive health information via email, then a provider may send that patient personal medical information via unencrypted email. Additionally, if you send a provider email it is implied that you consent to receive email communications unless you explicitly state you do not wish to receive an email response in the email