Jewish Family Service of San Diego
Notice of Privacy Practices
Effective September 1, 2016
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
AND HOW YOU CAN ACCESS THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
It is the policy of Jewish Family Service of San Diego (JFS) to maintain the privacy and security of protected information our clients, volunteers and employees entrust to us. Specifically, JFS is aware of and abides by the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH) and their implementing regulations, other federal and state laws intended to protect privacy, and the contractual privacy and security requirements that apply to us.
Under HIPAA, JFS must take steps to protect the privacy of your “protected health information” (PHI). PHI includes information that we have created or received regarding your health or payment for health care services. It includes both your health/mental health records and related personal information such as your name, social security number, address, and phone number. We are also required to:
- Provide you with this Notice of Privacy Practices (which may be amended from time to time), and
- Follow the practices and procedures in the Notice.
Please note that while not all of JFS’s services involve the collection and use of protected health information as defined by HIPAA (including mental health information), we always strive to maintain strict confidentiality of your personal information whether or not the information may be considered protected health information under HIPAA rules.
I. Understanding Your Mental & Behavioral Health Record Information
Each time you visit a health provider or mental health services provider, a record of your visit is made. Depending on the type of services we provide to you, this record at JFS may contain your health and mental and/or behavioral health history, current symptoms, test results, diagnostic assessment, treatment, and plan for future care. The information in your health services record at JFS serves as the following:
- Basis for planning your care and treatment.
- Means of communication among the case managers and mental health professionals who contributeto your care.
- Legal document describing the care that you received.
- Means by which you or a third-party payer can verify that you actually received services if/when youare billed for them.
- Training and quality improvement purposes to assess and improve the quality of care we provide andachieve better participant outcomes.
- Source of information for public health officials charged with improving the health of the regions that they serve.
Understanding what is in your health services record and how this information is used helps you to—
Ensure its accuracy and completeness.
Understand who, what, where, why, and how others may access your health information.
Make informed decisions about authorizing disclosure to others.
Better understand the health information rights detailed in this Notice.
II.How We May Use and Disclose Protected Health Information (PHI) About You
We may use and disclose PHI without your written authorization for certain purposes as described below. We have not listed every example of use or disclosure within the categories below, but all permitted uses and disclosures will fall within one of the following categories. In addition, there are some other uses and disclosures that will only be made with your written authorization. For example, some health information, such as substance abuse treatment information, may not be used or disclosed without your consent.
We can use your health information and share it with other professionals who are participating in your care. Example: A therapist, case manager or another member of your health services team may put information in your record about your health conditions, diagnostic tests, and the plan for your care.
We can use and share your health information if we bill for healthcare services, and get payment from health plans or other entities. Example: We may send a bill to you or to your health insurance plan to pay for healthcare services.
C. Health care operations
We can use and share your health information to provide services, improve your care and contact you when necessary. Example: We use health information about you for training, licensing or credentialing activities for our staff, for quality assurance, and during supervision and/or consultation to manage how our staff are caring for you. In addition, if you are receiving services from more than one JFS program, staff from one program may share information with staff of the other program(s).
D. Continuity of care
We may contact you to provide appointment reminders or other information about health-related services that may be of interest to you. For example, we may share your health information in referring you to other JFS programs.
Unless restricted by law, we may use or disclose information about your location and general condition to notify or help others to notify a family member, a personal representative, or another person responsible for your care.
F. Communication with family
When permitted by law and unless you object, we, as health professionals using our best judgment, may disclose to a family member, a domestic partner, a close personal friend, or any other person that you identify, health information relevant to that person’s involvement in your care or payment related to your care.
G. Business associates
We provide some services on behalf of other agencies and sometimes we get help from others through contracts with business associates. For example, we provide some services on behalf of San Diego County as its business associate. Examples of business associates we hire include professional services consultants and program evaluators. When we provide our services to a business associate or use the services of others, we may disclose your health information to these business associates so that each of us can perform the function(s) that we have been contracted to do. To protect your health information, all business associates are required to appropriately safeguard your information and comply with the same federal security and privacy rules.
H. Comply with the law
We will share information about you if state or federal laws require or allow it, including with the Department of Health and Human Services to show that we’re complying with federal privacy law.
I. Address workers’ compensation, law enforcement, and other government requests.
We can use or share health information about you:
- For workers’ compensation claims
- For law enforcement purposes or with a law enforcement official
- With health oversight agencies for activities authorized by law
- For special government functions such as military or national security agencies, presidentialprotective services and correctional institutions
- In response to a court or administrative order, or in response to a subpoena
You may be contacted as a part of a JFS fundraising effort. You can opt out by asking us not to send any further fundraising solicitations.
K. Help with public health and safety issues
We can share health information about you for certain situations such as preventing disease, reporting suspected abuse, neglect, or domestic violence, and preventing or reducing a serious threat to your or anyone else’s health or safety.
We may disclose information to researchers when their research has been approved by an institutional review board and there are protocols in place to ensure the privacy of your health information.
M. Medical Examiner
We may disclose health information to a coroner, medical examiner, or funeral director consistent with applicable law to enable them to carry out their duties.
III. Situations Requiring Your Written Authorization
If there are reasons other than those described above why we need to use or disclose your protected information, we will get your written permission or authorization. If you give us permission to use or disclose health information about you, you may later revoke that authorization in writing at any time. If you revoke your authorization, we will no longer use or disclose your PHI for the reasons stated in your written authorization. Please understand that we are unable to reverse any disclosures we have already made with your permission, and we are required to retain our records of the care we provided. Disclosures that require your written authorization include:
A. Progress or Mental Health Notes
Notes recorded by a therapist documenting the contents of a counseling session with you (“Progress or Mental Health Notes”) generally will be used only by the therapist and by other JFS staff consulting on your care, and will not otherwise be used or disclosed without your written authorization, with a few exceptions. For example, your authorization is not required for certain operational purposes, such as staff supervision, and other uses permitted or required by law such as defense of a legal action. We may also review prior Progress or Mental Health Notes if you were seen previously at JFS and are returning for additional services.
B. Marketing or Fundraising Communications
We may use aggregated and/or de-identified information (not including names or other personally identifiable information) about individuals receiving services at JFS for our fundraising materials. We will not use your personally identifiable information or health information for marketing or fundraising materials without your written authorization. If we ask for your authorization to share your story for our fundraising materials, you can say “no” and we will not withhold services or retaliate against you. We will never sell your information.
C. Minors and Personal Representatives
In most situations, parents, guardians and/or others with legal responsibilities for minors (under 18 years old) may exercise the rights described in this Notice on behalf of the minor. However, there are situations in which minors may independently exercise the rights described in the Notice. In some situations, a minor’s written authorization is required before information can be shared with a parent or legal guardian. Ask us about the rights of minors under state and federal law.
D. Records for Couples
Records for couples who are seen together will not be released, under the examples noted in this section, without the prior written consent of both parties.
E. Addiction Recovery Records
Records of substance abuse treatment are protected under the Federal regulations governing Confidentiality of Alcohol and Drug Abuse Patient Records, 42 CFR Part 2, and cannot be disclosed without written consent or as otherwise permitted by the regulations.
F. Other Uses and Disclosures
Certain other uses and disclosures will only be made with your written authorization. For example, you will need to sign a specific authorization form when we use your PHI to refer you to another services provider, or before we can send PHI to your life insurance company, to a school, or to your attorney.
IV. Your Rights under the Federal Privacy Standard
Although your health records are the physical property of the health care provider who completed the records, you have the following rights with regard to the information contained in them. You may:
A. Ask to review or get a copy of your health services record
- You can ask to see or get copy (paper or electronic) of your health services record and other health information we have about you. Ask us how to do this.
- Under some circumstances, we can by law deny your request to inspect and copy your record. You do not have a right to access the following: information that is copyright protected or otherwise protected by law (some test information); information that was obtained from someone other than a health care provider under a promise of confidentiality and complying with your request would likely reveal the source of the information; any psychotherapy notes that are not a part of your medical record; information compiled in reasonable anticipation of or for use in civil, criminal, or administrative actions or proceedings.
- In other situations, we may deny you access to reduce the risk of substantial harm to you or others,but if we do, we will provide you a review of our decision. We may deny access when a licensed health or mental health care professional in the exercise of professional judgment, has determined that: the access is reasonably likely to endanger the life or physical safety of yourself or another person; the PHI references another person (other than a health care provider) and the access is reasonably likely to cause substantial harm to that person; the request is made by your personal representative and giving access to that representative is reasonably likely to cause substantial harm to you or another person.
- If we agree to provide the information, we will give you a copy of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
B. Ask us to correct your health services record
- You can ask us to correct health information about you that you think is incorrect or incomplete.Your request must be in writing and it must explain why the information should be amended.
- We may say “no” to your request, but if we say no, we’ll tell you why and explain your rights in writing within 60 days.
C. Tell us how to communicate with you
- You can ask us to contact you at a specific location, (for example, at your home or office phone number) or to send mail to a specific address.
- You may also ask us to communicate with you by alternate means, such as by email. Ask us how to do this.
- We will say “yes” to all reasonable requests.
D. Ask us to limit what we use or share
- You can ask us not to use or share certain health information for treatment, payment, or our healthcare operations.
- We are not required to agree to your request, and we may say “no” if it would adversely affect your care, or if use of the information is permitted or required by law.
- If you are charged for, and pay us in full for a service or health care item, you can ask us not to share that information with your health insurer for the purpose of payment or our operations.
- We will say “yes” unless a law requires us to share that information.
E. Get a list of non-routine uses & disclosures and those with whom we’ve shared the information
- You can ask for a list (accounting) of the times we’ve shared your health information for up to six years prior to the date you ask, who we shared it with, and why. We will provide you with the list within 60 days of your request.
- We will include all the disclosures we’ve made except for the routine ones about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
F. Get a copy of this Notice of Privacy Practices
- You can ask for a paper copy of this Notice at any time, even if you have agreed to receive it electronically. We will provide you with a paper copy promptly.
G. Choose someone to act for you
- If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
- We will ask the person to prove they have this authority and can act for you before we take any action.
H. File a complaint if you feel your privacy rights are violated
- You can complain if you feel we have violated your rights described in this Notice by contacting our Privacy Officer at the address below. We will not retaliate against you for filing a complaint. You also have the right to complain to the Dept. of Health and Human Services Office for Civil Rights.
V. Our Responsibilities
In addition to providing the rights listed above, the federal privacy standard requires us to:
A. Maintain the privacy of your health information, using reasonable and appropriate safeguards to protect the information.
B. Abide by the terms of this Notice and provide you with a copy of it.
C. Train our personnel concerning privacy and confidentiality and implement a policy to discipline those who breach privacy/confidentiality.
D. Take care not to use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
E. Notify you promptly as required by law if a breach occurs that may have compromised the privacy or security of your information. We will mitigate (lessen the harm of) any breach of privacy or confidentiality that occurs.
VI.Effective Date and Changes to the Terms of This Notice
The effective date of this Notice is September 1, 2016. We can change the terms of this Notice, and the changes will apply to all information we have about you. The new Notice will be available upon request, in our office, and on our website.
If you have any questions about this Notice, please contact your JFS service provider, or JFS's HIPPA Privacy Officer at Jewish Family Service, 8804 Balboa Avenue, San Diego, CA 92123; (858) 637-3000.
Here are the types of donor information that we collect and maintain:
- Contact information: name, organization/synagogue, complete address, phone number, and email address.
- Payment information: credit card number and expiration date, and billing information.
- Shipping information: name, organization/synagogue, and complete address.Information concerning how you heard about Jewish Family Service.
- Information you wish to share, such as questions, comments, and/or suggestions.
- Your request to receive periodic updates; e.g. to individuals who request it, we will send periodic mailings related to specific fund-raising appeals, etc.
How Information is Used
Jewish Family Service uses your information to understand your needs and provide you with better service. Specifically, we use your information to help you complete a transaction, communicate back to you, and update you on Jewish Family Service happenings. Credit card numbers are used only for donation or payment processing and are not retained for other purposes. We use the comments you offer to provide you with information requested, and we take seriously each recommendation as to how we might improve communication.
No Sharing of Personal Information
Jewish Family Service will not sell, rent, or lease your personal information to other organizations. We assure you that the identity of all our donors will be kept confidential. Use of donor information will be limited to the internal purposes of Jewish Family Service and only to further the organizations activities and purposes of Jewish Family Service.
Removing Your Name From Our Mailing List
It is our desire to not send unwanted mail to our donors. Please contact us if you wish to be removed from our mailing list.
2. What personally identifiable information of yours is collected through the Site;
3. Who collects such information;
4. How such information is used;
5. With whom your information may be shared;
6. What choices you have regarding collection, use and distribution of your information;
7. What kind of security procedures are in place to protect the loss, misuse or alteration of information under our control;
8. and, How you can correct any inaccuracies in your information.
What Information We Collect and How We Use That Information
Our registration forms require users to give us contact information that may include name, email address, format preference (HTML vs. Text), address, interests, and similar information. We do not request or store sensitive information from our visitors, such as credit card or social security numbers.
Internet Protocol Address
We collect an IP address from all visitors to our Site. An IP address is a number that is automatically assigned to your computer when you use the Internet. We use IP addresses to help diagnose problems with our server,
administer our Site, analyze trends, track users' movement, gather broad demographic information for aggregate use in order for us to improve the site, and deliver customized, personalized content. IP addresses are not linked to personally identifiable information.
Use of "Cookies"
All information provided to Jewish Family Service of San Diego is transmitted using SSL (Secure Socket Layer) encryption. SSL is a proven coding system that lets your browser automatically encrypt, or scramble, data before you send it to us. We also protect account information by placing it on a secure portion of our Site that is only accessible by certain qualified employees of Jewish Family Service of San Diego. Unfortunately, however, no data transmission over the Internet is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information.
If a user elects to use our referral service for informing a friend about our Site, we ask them for the friend's name and email address. Jewish Family Service of San Diego will automatically send the friend a one-time email inviting them to visit the Site. Jewish Family Service of San Diego stores this information for the sole purpose of sending this one-time email.
Our Site contains links to other Websites. Please note that when you click on one of these links, you are entering another Website for which Jewish Family Service of San Diego has no responsibility. We encourage you to read the privacy statements on all such sites as their policies may be different than ours.