Notice Of Information and Privacy Practice
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are committed to protecting the confidentiality of all of our clients’ health information, and are required by law to do so. We maintain health records that contain personal information about our clients which include your care and diagnosis. This information may identify you and relates to past, present or future physical or mental health, treatment or payment for our services and is referred to as “Protected Health Information” (“PHI”). This Notice of Privacy Practices (“Notice”) describes how we may use your PHI within Golden Steps ABA and how we may disclose it to others outside Golden Steps ABA in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the regulations promulgated thereafter, including HIPAA Priva cy, Security, and Breach Notification Rules. This Notice also describes the rights you have concerning your PHI, and how you may access and control your PHI.
We are required by law to maintain the privacy of your PHI, and to provide you with this Notice, which explains our legal duties and privacy practices with respect to PHI. We must follow the obligations described in this Notice and give you a copy of it. We reserve the right to change the terms of this Notice at any time and will provide you with a copy of the revised Notice by posting a copy of the revised Notice in our waiting areas, on our website, and upon request, a revised copy will be sent to you via mail or at your next appointment. The revised Notice shall be applicable to all information we have about you. Please review this Notice carefully and let us know if you have questions.
HOW WE USE AND DISCLOSE HEALTH INFORMATION
We are allowed or required to use or disclose health information about you for certain purposes without your authorization. Certain uses and disclosures of your health information, however, require your authorization. The following are ways in which we may use or share your health information:
We may use your PHI to provide you with health care treatment or related services. We may also disclose your PHI to others who need your PHI for purposes of providing, coordinating or managing your health care treatment and related services, such as doctors, physician assistants, nurses, medical and nursing students, technicians, therapists, emergency service and medical transportation providers, medical equipment providers, and other facilities which may be involved in your ongoing care. For example, we will allow your physician to have access to your treatment record to assist in your treatment and for follow-up care.
We also may use your PHI to contact you to remind you of an upcoming appointment, to inform you about possible treatment options or alternatives, or to tell you about health-related services available to you.
We may use and disclose your PHI to insurers and health plans receive payment for treatment services or supplies we provide to you. For example, your health plan or health insurance company may ask to see parts of your health information before they will pay us for your treatment.
Health Care Operations
We may use or disclose your PHI for health care operations. For example, we may combine health information about you and other persons we service to decide what additional treatment and services we should offer or what services are not needed.
Family Members and Others Involved in Your Care
Unless you object, we may disclose your PHI to a family member or close friend who is involved in your healthcare, or to someone who helps to pay for your care. We also may disclose your PHI to disaster relief organizations to help locate a family member or friend in a disaster.
We may disclose your PHI to third-party persons or organizations that are our service providers (“Business Associates”) that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. All of our Business Associates are obligated, under contract with us and by HIPAA, to protect the privacy of your PHI and are not allowed to use or disclose any information other than as specified in our contract.
OTHER USES AND DISCLOSURES
Required by Law
We will use and disclose your information as required by federal, state, or local laws sometimes require us to disclose your PHI. For instance, we are required to disclose client health information to the U.S. Department of Health and Human Services so that it can investigate complaints or determine our compliance with HIPAA.
Public Health Activities
We may report certain health information for public health purposes. For instance, we are required to report births, deaths, and communicable diseases to the state government. We also may need to report adverse reactions to medications or medical products to the U.S. Food and Drug Administration (the “FDA”), or may notify clients of recalls of medications or products they are using.
We may disclose health information for public safety purposes in limited circumstances. We may disclose health information to law enforcement Officers in response to a search warrant or a grand jury subpoena. We also may disclose health information to assist law enforcement Officers in identifying or locating a person, to prosecute a crime of violence, to report deaths that may have resulted from criminal conduct, and to report criminal conduct within Golden Steps ABA. We also may disclose your PHI to law enforcement Officers and others to prevent a serious threat of health or safety to you or another person.
Health Oversight Activities
We may disclose health information to a government agency that oversees Golden Steps ABA or its personnel for activities necessary for the government to provide appropriate oversight of the health care system, certain government benefit programs, and compliance with certain civil rights laws.
Golden Steps ABA may disclose your PHI if ordered to do so by a court or if a subpoena, discovery request or search warrant is served. Golden Steps ABA will make a reasonable effort to notify you should we receive such an order so that you will have a chance to object to sharing your PHI.
Marketing/Sale of Information
We will never sell your information or share your information for marketing purposes unless you give us written authorization. If we contact you for any fundraising efforts, you can ask that we not contact you again.
Information with Additional Protection
Certain types of health information have additional protection under state and federal law. For instance, health information about communicable disease , evaluation and treatment for a serious mental illness, etc., is treated differently than other types of PHI. For those types of information, Golden Steps ABA is required to get your written authorization before disclosing that information to others in many circumstances.
Your Written Authorization for Any Other Use or Disclosure of Your Health Information
If Golden Steps ABA wishes to use or disclose your health information for any purpose that is not discussed in this Notice, Golden Steps ABA will seek your authorization. If you give your written authorization to Golden
GOLDEN STEPS ABA, LLC | P 646.873.6600 | F 646.859.4440 | E INFO@GOLDENSTEPSABA.COM | W GOLDENSTEPSABA.COM 
Steps ABA, you may revoke that authorization any time, unless we have already relied on your authorization to use or disclose information. If you would ever like to revoke your authorization, please notify the Privacy Officer in writing.
WHAT ARE YOUR RIGHTS?
You have the following rights regarding your PHI:
Right to Request Health Information
You have the right to request to review and copy your PHI, subject to certain limitations. Please note that exceptions may apply as provided by law. This includes your PHI, your billing record, and other records we use to make decisions about your care. To request your PHI records, call or email to the Privacy Officer at the contact information below and include the form or format which you would like to receive your PHI records, and Golden Steps ABA will provide you with the PHI records in that form or format, if it is readily producible. If you request a copy of your information, we will charge you reasonable costs to copy the information. We will tell you in advance what this copying will cost. You can review your record at no cost. You may request a review of the decision to restrict your access to the client’s record.
Right to Restrict Disclosure of PHI to Health Plan
Golden Steps ABA must abide by a request to restrict disclosure of PHI to a health plan if the disclosure is for payment or health care operations and pertains to a health care item or service for which the individual has paid out-of-pocket in full.
Right to Request Amendment of Health Information You Believe is Erroneous or Incomplete
If you believe that some of the information in your record we maintain is wrong or incomplete, you may ask us to amend it. To ask us to amend your PHI, submit a written request to the email address below. If there is a mistake, a note will be entered into the record to correct the error. We may deny your request and will respond to your request with an explanation within 60 days.
Right to Get a List of Certain Disclosures of Health Information
You have the right to request a list of the disclosures we make of your PHI. If you would like to receive such a list, submit a written request to the Privacy Officer email address below and include a time period for such accounting. Your request may not be for a period greater than six (6) years. We will provide the first accounting at no charge, but we may charge you for any additional requests during the same year. We will tell you in advance what this list will cost and you may choose to modify or withdraw your request at that time.
Right to Request Restrictions on How Golden Steps ABA Will Use or Disclose Your Health Information for Treatment, Payment, or Health Care Operations
You have the right to request a restriction or limitation on the PHI we use or disclosure about you for treatment, payment for care, or health care operations or to persons involved in your care. We are not required to agree to your request only when the request relates to disclosures to a health insurance carrier or health plan and you paid for the product or service solely out-of-pocket, in full. Otherwise, if we do agree, we will comply with that agreement. Your request to limit or restrict the use or disclosure of PHI must be in writing to Golden Steps ABA. If you want to request a restriction, write to the Privacy Officer at the email address below and describe your request in detail, including whether you want to limit use or disclosure or both, and to whom you want the limitation to apply.
Right to Request Confidential Communications
You have the right to ask us to communicate with you about your PHI matters in a confidential manner. For example, you can ask us not to call your home, but to communicate only by email mail. To do this, please submit a written request to the Privacy Officer at the email address below and include how or where you wish to be contacted. Our clinical supervisors are easily accessible for any concerns.
Right to be Notified Following a Breach of Unsecured PHI
We are required to notify you if we experience a breach of your unsecured PHI. You will be notified not more than sixty (60) days following our discovery of the breach.
Right to Choose a Representative
If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. We will make sure this person has the authority and can act for you before we take any action.
How to Exercise your Rights:
In order to exercise the rights described above, please feel free to contact our Privacy Officer at Confidential@goldenstepsaba.com