What is HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act of 1996, as amended. HIPAA is the Health Insurance Portability and Accountability Act of 1996, as amended. It is federal legislation that, along with its accompanying regulations, mandates protection of private health information. At Meridian, we respect the confidentiality and privacy of every resident — particularly with respect to what is known under HIPAA as Protected Health Information. Because we create, gather, and disclose Protected Health Information, we comply with all requirements of the Health Insurance Portability and Accountability Act. Please see the Meridian Notice of Privacy Practices below.
Notice of Privacy Practices of Meridian Senior Living
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Meridian Senior Living is committed to protecting the privacy of the medical and other personal information we keep regarding our residents. We call this information Protected Health Information or “PHI.” We are required by law to maintain the privacy of this Protected Health Information. We are also required to give you this notice about our privacy practices, our legal duties, and your rights concerning your PHI. We must follow the privacy practices that are described in this notice while it is in effect. This notice is effective as of December 20, 2010. This notice will remain in place until we replace it.
We reserve the right to change this notice and our privacy practices at any time. We also reserve the right to make changes to our privacy practices and to the new notice effective for all PHI that we already have about you, as well as for PHI we may receive in the future. Before we make a material change in our privacy practices, we will update this notice and send the new notice to all affected parties within 60 days of the time we make the change. You may also obtain a copy from our Web site, www.meridiansenior.com. For more information or questions about our privacy practices please contact us by writing to Meridian Privacy, PO Box 2568, Hickory, NC 28603.
How We Use and Disclose Your Protected Health Information
We may use and disclose your Protected Health Information as permitted by federal and state privacy laws and regulations. We describe below how we are most likely to use and disclose your protected health information under these laws and regulations. Generally, we will only use and disclose your PHI as authorized by you or as permitted or required by law. If you cease to be a resident, we will no longer disclose your PHI, except as permitted or required by law.
The federal health care privacy regulations known as “HIPAA” generally do not take precedence over state or other applicable privacy laws that provide individuals with greater privacy protections. As a result, when a state law requires us to impose stricter standards to protect your health information, we will follow the state law rather than the HIPAA Privacy Regulations. For example, where such laws have been enacted, we will follow more stringent state privacy laws that relate to uses and disclosures of Protected Health Information concerning HIV or AIDS, mental health, substance abuse/chemical dependency, genetic testing or reproductive rights.
We may use and disclose your PHI for the following purposes:
We may use and disclose your PHI for payment purposes or to otherwise fulfill our responsibility to provide residency, care, and services as established under your written agreement with us.
We may use and disclose your PHI to support our business functions that enable us to provide services to you. These functions may include but are not limited to conducting health plan quality assessment and improvement activities; reviewing the competence or qualifications of your health care provider; legal services and auditing; business management and general administrative activities. For example, we may use or disclose your PHI (i) to respond to an inquiry from you; (ii) in connection with our investigation into potential fraud or abuse; or (iii) to survey you about how effectively we are providing services. We may also disclose your PHI to non-affiliated third parties where allowed by law and as necessary to help us fulfill our obligations to you.
You may give us written authorization to use or disclose your PHI for any purpose. If you give us an authorization, you may revoke it at any time by giving us written notice. Your revocation will not affect any use or disclosure permitted by your authorization while it is in effect. Without your authorization, we may not use or disclose your PHI for any reason except as described in this notice.
Your Family and Friends.
We may disclose PHI to a family resident, a friend or other persons you indicate are involved in your care or in the payment for your care. We may use or disclose your name, location, general condition or death to notify or help with the notification of a family member, your representative or other persons involved in your care. If you are incapacitated or in an emergency, we may disclose your PHI to these persons if we determine that the disclosure is in your best interest. If you are present, we will give you the opportunity to object before we disclose your PHI to these persons.
Your Health Care Provider.
We may use and disclose your PHI to assist health care providers in connection with treatment or payment activities. For example, we may disclose your PHI when needed by a health care professional to render medical treatment to you.
We may receive your PHI for evaluation of activities relating to the creation, renewal or replacement of a contract of care or services. We will not use or further disclose this PHI for any other purpose, except as required by law. We will not use genetic information for evaluation purposes.
We may contract with individuals and entities (called business associates) to perform various functions on our behalf or to provide services to you. To perform these functions or services, business associates may receive, create, maintain, use or disclose your PHI, but only after they have agreed, in writing, to safeguard your PHI.
Unless you request that we not do so, we may release your name, location in the facility, general condition, and religious affiliation for directory purposes. This information may be provided to members of the clergy, and, except for religious affiliation, to other people who ask for you by name. The directory information may not be placed in a public viewing area. We may use your name on a nameplate and/or your picture next to your room and various other non public places within the facility if we feel this will enhance your treatment while you are a resident at our facility.
Required by Law and Law Enforcement.
We may use or disclose your PHI when we are required to do so by state or federal law. We are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with federal privacy laws. We may disclose your PHI in connection with legal proceedings, such as in response to an order from a court or administrative tribunal, or in response to a subpoena. We may also disclose your PHI for law enforcement purposes.
Abuse or Neglect.
We may disclose your PHI to a government authority authorized by law to receive reports of abuse, neglect or domestic violence.
We may disclose your PHI to comply with workers compensation laws and other similar laws that provide benefits for work-related injuries or illnesses.
Public Health and Safety or Health Oversight Activities.
We may use or disclose your PHI for public health activities for the purpose of preventing or controlling disease, injury or disability. We may also disclose your PHI to a health oversight agency for activities authorized by law such as audits, investigations, inspections, licensure or disciplinary actions.
We may disclose your PHI to researchers when an institutional review board or privacy board has reviewed the research proposal and established protocols to protect the privacy of your PHI. We may also make limited disclosures of your PHI for statistical studies.
We may use your PHI to contact you with information about our products and services, service enhancements or upgrades, or care alternatives that may be of interest to you.
Employer or Organization Sponsoring a Group Health Plan.
We may disclose your PHI and the PHI of others enrolled in your group health plan to the employer or other organization that sponsors your group health plan. Please see your group health plan document for a full explanation of the limited uses and disclosures that the plan sponsor may make of your PHI in providing plan administration. We may also disclose summary information about the enrollees in your group health plan to the plan sponsor, to use to obtain premium bids for the health insurance coverage offered through your group health plan or to decide whether to modify, amend or terminate your group health plan.
Death and Organ Donation.
We may disclose the PHI of a deceased person to a coroner, medical examiner, funeral director, or organ procurement organization to assist them in performing their duties.
Military Activity, National Security, Protective Services.
If you are or were in the armed forces, we may disclose your PHI to military command authorities. We may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities, and for the protection of the President of the United States, other federal officials or foreign heads of state.
Our Policies for Protecting Your Protected Health Information
We protect the PHI that we maintain about you by using physical, electronic, and administrative safeguards that meet or exceed applicable law. When our business activities require us to provide PHI to third parties, they must agree to follow appropriate standards of security and confidentiality regarding the PHI received. Access to your PHI is restricted to appropriate business purposes.
We have developed privacy policies to protect your PHI. All employees receive training on these policies and must sign a privacy acknowledgment form, binding them to abide by our policies and procedures In addition to these safeguards, we have developed a variety of other protections, including: (i) using only aggregate or non-identifiable information for research or quality measurement purposes whenever possible; (ii) using confidentiality provisions in our contracts with third parties to protect the confidentiality of your personal information and restrict use and disclosure of this information. (iii) restricting access to personal information through internal procedures and pass code access to computer systems; and (iv) restricting access to personal information by physical security measures in certain areas of our business operations, including employee identification, and restricted business areas.
The following is a list of your rights with respect to your PHI.
Right to Access, Inspect and Copy Your PHI.
You have the right to see or get a copy of the PHI that we maintain about you. Your request must be in writing. You may visit our office to look at the PHI, or you may ask us to mail it to you. We will charge a reasonable fee to cover the cost of copying the information. We will contact you to review the fee and obtain your agreement to pay the charges. If you wish to access your PHI, please call the Meridian Hotline toll-free at 866 953-2984.
Right To Correct, Amend or Delete Your PHI.
You have the right to ask us to correct, amend or delete your PHI. Your request must be in writing. We are not required to agree to make the correction, amendment or deletion. For example, we will not generally make a correction, amendment or deletion if we did not create the PHI or if we believe that the PHI is correct. If we deny your request, we will provide you a written explanation. You have the right to file a statement explaining why you disagree with our decision and setting forth what you believe is the correct, relevant and fair information. We will file the statement with your PHI and provide it to anyone who receives any future disclosures of your PHI. If we accept your request to correct, amend or delete your PHI, we will make reasonable efforts to inform others, including people you name, of the amendment and include the changes in any future disclosures of your PHI. If you wish to correct or amend your PHI, please call the Meridian Hotline toll-free at 866 953-2984.
Right to Request an Accounting of Disclosures.
You have a right to receive a list of certain instances in which we or our business associates disclosed your PHI for purposes other than treatment, residency and service, and certain other activities. You are entitled to this accounting of disclosures for the six years prior to the date you make the request. We will provide you with the date on which we made a disclosure, the name of the person or entity that received your PHI, a description of the PHI that we disclosed, the reason for the disclosure, and certain other information. If you request this list more than once in a 12-month period, we may charge you a reasonable fee for preparing the list. Your request must be in writing. You may call toll-free 866 953-2984 to request an accounting of disclosures form.
Right to Request Restrictions.
You have the right to ask us to place additional restrictions on our use or disclosure of your PHI for our treatment, payment and ongoing operations. We are not required to agree to these restrictions. In most instances, we will not agree to these restrictions unless you have requested Confidential Communications as described below.
Right to Confidential Communications.
If you believe that a disclosure of your PHI could endanger you, you may ask us to communicate with you confidentially at a different location. For example, you may ask us to contact you at your work address or other place instead of your home address. You may call the Meridian Hotline toll-free at 866 953-2984 to request a confidential communications form. Once we have received your confidential communications request, we will only communicate with you as directed on the form. We will also terminate any prior authorizations that you have filed with us.
Right to File a Privacy Complaint.
You may complain to us if you believe we have violated your privacy rights by contacting Meridian Privacy Officer, P.O. Box 2568, Hickory, NC 28603. You may also file a complaint with the Secretary of the U. S. Department of Health and Human Services in Washington, D.C. We will not take any action against you or in any way retaliate against you for filing a complaint with the Secretary or with us.
Right to Obtain a Copy of this Privacy Notice.
You have a right to request a copy of this notice at any time by calling toll-free 866 953-2984 or you may obtain a copy from our Web site. Even if you agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.