Quick Links
 
Contact Us
Site Map
 
 

 

Notice of Privacy Practices
 
 
This Notice of Privacy Practices will tell you what rights you have regarding your personal health information, and what the NOITU Insurance Trust Fund and Louis Lasky Memorial Medical and Dental Centers’ obligations are in protecting the privacy of that information. Protected Health Information (PHI) is information, including demographic information, that may identify you and that relates to health care services provided to you, the payment of health care services provided to you, or your physical or mental health or condition, in the past, present or future. This Notice of Privacy Practices describes how we may use and disclose your PHI. It also describes your rights to access and control your PHI. As a group health plan we are required by Federal law to maintain the privacy of PHI and to provide you with this notice of our legal duties and privacy practices. It describes how medical information about you may be used and disclosed and how you can get access to this information. Please review this notice carefully.
 
 
For More Information,
Please Contact Us: 
            Susan Brenard, Privacy Officer
            National Organization of Industrial Trade Unions
            Insurance Trust Fund
            Louis Lasky Memorial Medical and Dental Centers
            148-06 Hillside Avenue
            Jamaica, New York 11435-3393
            Telephone: 718-291-3434, Extension 639
            Facsimile: 212-869-2163
            E-mail: sbrenard@noitu.org
 
 
 Who We Are: 
 
This Notice describes the privacy practices of the NOITU Insurance Trust Fund and the Louis Lasky Memorial Medical and Dental Centers,and the privacy practices of:
  • all of our doctors, assistants, technicians and other health care professionals authorized to enter information about you into your medical/dental chart.
  • all of our departments, including, e.g., our medical records, claims processing and information technology departments.
  • all of our health center sites.
  • all of our employees, staff, and other personnel who work for us or on our behalf.
 
Our Pledge:
 
We understand that health information about you and the health care you receive is personal. We are committed to protecting your personal health information. When you receive treatment, other health care services and claims services from us, we create a record of the services that you received. We need this record to provide you with quality care and to comply with legal requirements. This notice applies to all of our records about your care, whether made by our health care professionals or others working in our offices, and tells you about the ways in which we may use and disclose your personal health information. This notice also describes your rights with respect to the health information that we keep about you and the obligations that we have when we use and disclose your health information.
 
We are required by law to:
  • make sure that health information that identifies you is kept private in accordance with relevant law.
  • give you this notice of our legal duties and privacy practices with respect to your personal health information.
  • follow the terms of the notice that is currently in effect for all of your personal health information.
 
How We May Use and Disclose Your Health Information:
 
We may use and disclose your personal health information for these purposes:
 
For TreatmentWe may use health information about you to provide you with health care treatment or services. We may disclose health information about you to the doctors, nurses, technicians, medical professionals and others who are involved in your care. They may work at the Health Centers, at a hospital if you are hospitalized, or at another doctor’s office, lab, pharmacy or other health care provider to whom we may refer you for treatment, consultation, x-rays, lab tests, prescriptions or other health care service. They may also include doctors and other health care professionals who work at the Centers, or elsewhere, whom we consult about your care. For example, we may consult with a specialist who lends his/her services to the Centers about your care or disclose to an emergency room doctor who is treating you for a broken leg that you have diabetes, because diabetes may affect your body’s healing process.
 
For PaymentPayment refers to the activities of a group health plan in collecting premiums and paying claims under the plan for health care services you receive. Examples of uses and disclosures under this section include the sending of PHI to an external medical review company to determine the medical necessity or experimental status of a treatment; providing PHI for case management services; providing PHI in the billing, collection and payment of premiums and fees to plan vendors such as PPO Networks and Prescription Drug Card Companies. We may use and disclose health information about you to bill and collect payment from you, make payments on your behalf, process claims for you and with an insurance company, including Medicaid and Medicare, or other third party that may be available to reimburse you or us for some or all of your health care. We may also disclose health information about you to other health care providers or to other health plans so that they can arrange for payment relating to your care. For example, if you have health insurance through another insurance plan other than the NOITU Insurance Trust Fund, we may need to share information about your office visit with your health plan in order for your health plan to pay us or reimburse you for the visit. We may also tell another health plan about treatment that you need to obtain your health plan’s prior approval or to determine whether your plan will cover the treatment.
 
 
 For Health Care OperationsHealth Care Operations refers to the basic business functions necessary to operate a group health plan. Examples of uses and disclosures under this section include conducting quality assessment studies to evaluate the plan’s performance or the performance of a particular network or vendor; the use of PHI in determining the cost impact of benefit design changes; disclosure of PHI to plan consultants who provide legal, actuarial and auditing services to the plan; and use of PHI in general data analysis used in the long term management and planning for the plan. We may use and disclose health information about you for our day-to-day operations, and may disclose information about you to other health care providers involved in your care or to your health plan for use in their day-to-day operations. These uses and disclosures are necessary to run the Centers and to make sure that all of our patients receive quality care, and to assist other providers and health plans in doing so as well. For example, we may use health information to review the services that we provide and to evaluate the performance of our staff in caring for you. We may also combine health information about our patients with health information from other health care providers to decide what additional services the Health Center should offer, what services are not needed, whether new treatments are effective or to compare how we are doing with others and to see where we can make improvements. We may remove information that identifies you from this set of health information so others may use it to study health care delivery without learning who our patients are.
 
Appointment RemindersWe may use and disclose health information about you to contact you as a reminder that you have an appointment at the Centers.
 
Health-Related Services and Treatment AlternativesWe may use and disclose health information to tell you about health-related services or recommend treatment options or alternatives that may be of interest to you. Please let us know if you do not wish us to contact you with this information, or if you wish to have us use a different address when sending this information to you.
 
Individuals Involved in Your Care or Payment for Your CareWe may release health information about you to a friend or family member who is involved in your health care or the person who helps pay for your care. We will only disclose medical information that these people need to know. We may also use your medical information to let family members or other responsible people know where you are and what your general medical condition is. If you are able to make your own health care decisions, we will ask your permission before using your medical information for these purposes. If you are unable to make health care decisions, we will disclose relevant medical information to family members or other responsible people if we feel it is in your best interest to do so. For example, we may provide limited medical information to allow a family member to pick up a prescription or x-ray for you.
 
ResearchUnder certain circumstances, we may use and disclose health information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another for the same condition. All research projects, however, are subject to a special approval process which evaluates a proposed research project and its use of health information, trying to balance the research needs with a patient’s need for privacy. 
 
Before we use or disclose health information for research, the project will have been approved through this special approval process, although we may disclose health information about you to people preparing to conduct a research project. For example, we may help potential researchers look for patients with specific health needs, so long as the health information they review does not leave our facility. We will almost always ask for your specific permission if the researcher will have access to your name, address, or other information that reveals who you are or will be involved in your care.
 
Organ and Tissue Donation. If you are an organ donor, we may disclose health information about you to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
 
As Required By Law. We will disclose health information about you when required to do so by federal, state or local law.
 
To Avert a Serious Threat to Health or SafetyWe may use and disclose health information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
 
Military and Veterans. If you are a member of the armed forces or separated/ discharged from military services, we may release health information about you as required by military command authorities or the Department of Veterans Affairs as may be applicable. We may also release health information about foreign military personnel to the appropriate foreign military authorities.
 
Workers’ Compensation. We may release health information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
 
Public Health Activities. We are sometimes required to report health information about you for public health activities. These activities generally include the following:
  • to prevent or control disease, injury or disability.
  • to report births and deaths.
  • to report child abuse or neglect.
  • to report reactions to medications or problems with products.
  • to notify people of recalls of products.
  • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
  • to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
 
Health Oversight ActivitiesWe may disclose health information about you to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections and licensure. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws.
 
Lawsuits and DisputesWe may disclose health information about you in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request or other lawful process that is not accompanied by a court or administrative order, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
 
Law Enforcement. We may release health information about you if asked to do so by a law enforcement official: 
  • in response to a court order, subpoena, warrant, summons or similar process.
  • to identify or locate a suspect, fugitive, material witness or missing person.
  • under certain limited circumstances, about the victim of a crime.
  • about a death we believe may be the result of criminal conduct.
  • about criminal conduct at the Health Center.
  • in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.
Coroners, Health Examiners and Funeral DirectorsWe may release health information about our patients to a coroner or health examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release health information to funeral directors as may be necessary for them to carry out their duties. 
 
National Security and Intelligence Activities. We may release health information about you to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.
 
Protective Services for the President and Others. We may disclose health information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
 
InmatesIf you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release health information about you to the corrections institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care, (2) to protect your health and safety or the health and safety of others, or (3) for the safety and security of the correctional institution.
 
Your Rights:
 
You have certain rights with respect to your personal health information. This section of our notice describes your rights and how to exercise them:
 
Right to Inspect and CopyYou have the right to inspect and copy the personal health information in your medical and billing records, or in any other group of records that we maintain and use to make health care decisions about you. This right does not include the right to inspect and copy psychotherapy notes, although we may, at your request and on payment of the applicable fee, provide you with a summary of these notes.    
 
 To inspect and copy your personal health information, you must submit your request in writing to our privacy contact personidentified on the first page of this notice. If you request a copy of the information, we may charge a fee for the copying and mailing costs, and for any other costs associated with your request.
 
We may deny your request to inspect and copy in certain very limited circumstances. If your request is denied, you may request that the denial be reviewed. We will designate a licensed health care professional to review our decision to deny your request. The person conducting the review will not be the same person who denied your request. We will comply with the outcome of this review. Certain denials, such as those relating to psychotherapy notes, however, will not be reviewed.
 
Right to AmendIf you feel that the health information we maintain about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for any information that we maintain about you. To request an amendment, your request must be made in writing, submitted to our privacy contact person identified on the first page of this notice, and must be contained on one piece of paper legibly handwritten or typed. In addition, you must provide a reason that supports your request for an amendment.
 
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
  • was not created by us, unless the person or organization that created the information is no longer available to make the amendment,
  • is not part of the health information kept by or for the Health Center,
  • is not part of the information which you would be permitted to inspect and copy, or
  • is accurate and complete.
 
Any amendment we make to your health information will be disclosed to the health care professionals involved in your care and to others to carry out payment and health care operations, as previously described in this notice.
 
Right to Receive an Accounting of DisclosuresYou have the right to receive an accounting of certain disclosures of your health information that we have made. Any accounting will not include all disclosures that we make. For example, an accounting will not include disclosures:
  • to carry out treatment, payment and health care operations as previously described in this notice.
  • pursuant to your written authorization.
  • to a family member, other relative, or personal friend involved in your care or payment for your care when you have given us permission to do so.
  • to law enforcement officials.
 
To request an accounting of disclosures, you must submit your request in writing to our privacy contact person identified on the first page of this notice. Your request must state a time period which may not be more than six (6) years and may not include dates before April 14, 2003. The first list you request within a 12 month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. We will mail you a list of disclosures in paper form within 30 days of your request, or notify you if we are unable to supply the list within that time period and by what date we can supply the list; this date will not exceed 60 days from the date you made the request.
 
Right to Request Restrictions. You have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you may request that we not disclose information about you to a certain doctor or other health care professional, or that we not disclose information to your spouse about certain care that you received.
 
If it is not feasible for us to comply with your request or if we believe that it will negatively impact our ability to care for you, we are not required to agree to your request for restrictions. If we do agree, however, we will comply with your request unless the information is needed to provide emergency treatment. To request a restriction, you must make your request in writing to our privacy contact person identified on the first page of this notice. In your request, you must tell us what information you want to limit and to whom you want the limits to apply. 
 
Right to Receive Confidential Communications. You have the right to request that we communicate with you about health matters in a certain way. For example, you can ask that we only contact you at work or by mail to a specified address.
 
To request that we communicate with you in a certain way, you must make your request in writing to our privacy contact person identified on the first page of this notice. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests. 
 
Right to Copy of this Notice.   You have the right to receive a copy of this notice at any time. To receive a copy, please request it from our privacy contact person identified on the first page of this notice. 
 
Changes to this Notice:
 
We reserve the right to change this notice and to make the changed notice effective for all of the health information that we maintain about you, whether it is information that we previously received about you or information we may receive about you in the future. We will post a copy of our current notice in our facility. Our notice will indicate the effective date on the first page, in the top right-hand corner. We will also give you a copy of our current notice upon request.
 
Complaints:
 
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. You may file a complaint by mailingus a written description of your complaint or by telling us about your complaint in person or over the telephone by notifying the Privacy Officer.
 
Please describe what happened and give us the dates and names of anyone involved. Please also let us know how to contact you so that we can respond to your complaint. You will not be penalized for filing a complaint.
 
Other Uses and Disclosures of Your Protected Health Information:
 
Other uses and disclosures of personal health information not covered by this notice or applicable law will be made only with your written authorization. If you give us your written authorization to use or disclose your personal health information, you may revoke your authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose your personal health information for the reasons covered by your written authorization. You understand that we are unable to take back any uses and disclosures that we have already made with your authorization, and that we are required to retain our records of the care that we have provided to you.


SANCTION POLICY
 
 
Reference: 164.308(ii)(C) – Required
 
Rule Text
 
Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the covered entity.
 
Policy
 
To ensure that all staff members abide by and fully comply with all of HCP’s HIPAA security policies and procedures, HCP will appropriately discipline and sanction staff members for any violation of the HIPAA security policies and procedures, will investigate and mitigate HIPAA security violations and incidents in a timely manner, and will not intimidate or retaliate against any staff member or individual that reports a HIPAA security violation or incident. Sanctions against staff members that do not comply with, or violate, HIPAA policies and procedures shall be commensurate with the gravity of the violation. The sanctions shall include, but are not limited to, re-training, verbal and written warnings, and termination.
 
In the event that a staff member is responsible for a violation of the HIPAA security policies and procedures and/or violates the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the following sanction guidelines would apply.
 
Definition of Offense
 
1.    Class 1 Offenses
  • Accessing information that you do not need to know to do your job.
  • Sharing your computer access codes (user name and password).
  • Leaving your computer unattended while you are logged into an ePHI program.
  • Sharing PHI with another employee without authorization.
  • Copying PHI without authorization.
  • Changing PHI without authorization.
  • Discussing confidential information in a public area or in an area where the public could overhear the conversation.
  • Discussing confidential information with an unauthorized person.
  • Failure to cooperate with the privacy officer or security officer.
 
2.   Class II Offenses
 
  • Second offense of any class I offense (does not have to be the same offense).
  • Unauthorized use or disclosure of PHI.
  • Using another person’s computer access codes (user name and password).
  • Failure to comply with the security officer’s resolution or recommendation.
 3.   Class III Offenses
 
  • Third offense of any class I offense (does not have to be the same offense).
  • Second offense of any class II offense (does not have to be the same offense).
  • Obtaining PHI under false pretenses.
  • Using and/or disclosing PHI for commercial advantage, personal gain, or malicious harm.
 
Sanctions
 
1.   Sanctions for Class I offenses shall include, but are not limited to:
 
  • Verbal reprimand.
  • Written reprimand in employee’s personnel file.
  • Retraining on HIPAA Awareness.
  • Retraining on HCP’s Privacy and Security Policies and how they affect the employee and the employee’s department.
  • Retraining on the proper use of internal forms and HIPAA required forms.
 
2.   Sanctions for Class II offenses shall include, but are not limited to:
 
  • Written reprimand in employee’s personnel file.
  • Retraining on HIPAA Awareness.
  • Retraining on HCP’s Privacy and Security Policies and how they affect the employee and the employee’s department.
  • Retraining on the proper use of internal forms and HIPAA required forms.
  • Suspension of employee for a minimum of one day and a maximum of three days.
 
3.  Sanctions for Class III offenses shall include, but are not limited to:
 
  • Termination of employment.
  • Civil penalties as provided under HIPAA or other applicable Federal, State, and Local laws.
  • Criminal penalties as provided under HIPAA or other applicable Federal, State, and Local laws.

 



148-06 Hillside Avenue, Jamaica, NY 11435

(718) 291-3434 • webmaster

Copyright © 2008 All Rights Reserved. Privacy Policy