Notice Of Information and Privacy Practice

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO  THIS INFORMATION. PLEASE REVIEW IT CAREFULLY

We are committed to protecting the confidentiality of all of our clients’ health information, and are required by  law to do so. We maintain health records that contain personal information about our clients which include your  care and diagnosis. This information may identify you and relates to past, present or future physical or mental  health, treatment or payment for our services and is referred to as “Protected Health Information” (“PHI”). This  Notice of Privacy Practices (“Notice”) describes how we may use your PHI within Golden Steps ABA and how we  may disclose it to others outside Golden Steps ABA in accordance with the Health Insurance Portability and  Accountability Act of 1996 (“HIPAA”) and the regulations promulgated thereafter, including HIPAA Priva cy,  Security, and Breach Notification Rules. This Notice also describes the rights you have concerning your PHI, and  how you may access and control your PHI.  

We are required by law to maintain the privacy of your PHI, and to provide you with this Notice, which explains  our legal duties and privacy practices with respect to PHI. We must follow the obligations described in this Notice  and give you a copy of it. We reserve the right to change the terms of this Notice at any time and will provide  you with a copy of the revised Notice by posting a copy of the revised Notice in our waiting areas, on our website,  and upon request, a revised copy will be sent to you via mail or at your next appointment. The revised Notice  shall be applicable to all information we have about you. Please review this Notice carefully and let us know if  you have questions.  

HOW WE USE AND DISCLOSE HEALTH INFORMATION  

We are allowed or required to use or disclose health information about you for certain purposes without your  authorization. Certain uses and disclosures of your health information, however, require your authorization.  The following are ways in which we may use or share your health information: 

Treatment 

We may use your PHI to provide you with health care treatment or related services. We may also disclose your  PHI to others who need your PHI for purposes of providing, coordinating or managing your health care treatment  and related services, such as doctors, physician assistants, nurses, medical and nursing students, technicians,  therapists, emergency service and medical transportation providers, medical equipment providers, and other  facilities which may be involved in your ongoing care. For example, we will allow your physician to have access  to your treatment record to assist in your treatment and for follow-up care. 

Appointment Reminders:

We also may use your PHI to contact you to remind you of an upcoming appointment, to inform you about  possible treatment options or alternatives, or to tell you about health-related services available to you.  

Payment 

We may use and disclose your PHI to insurers and health plans receive payment for treatment services or  supplies we provide to you. For example, your health plan or health insurance company may ask to see parts  of your health information before they will pay us for your treatment.  

Health Care Operations 

We may use or disclose your PHI for health care operations. For example, we may combine health information  about you and other persons we service to decide what additional treatment and services we should offer or  what services are not needed.  

Family Members and Others Involved in Your Care 

Unless you object, we may disclose your PHI to a family member or close friend who is involved in your  healthcare, or to someone who helps to pay for your care. We also may disclose your PHI to disaster relief  organizations to help locate a family member or friend in a disaster.  

Business Associates 

We may disclose your PHI to third-party persons or organizations that are our service providers (“Business  Associates”) that perform functions on our behalf or provide us with services if the information is necessary for  such functions or services. All of our Business Associates are obligated, under contract with us and by HIPAA,  to protect the privacy of your PHI and are not allowed to use or disclose any information other than as specified  in our contract. 

OTHER USES AND DISCLOSURES 

Required by Law  

We will use and disclose your information as required by federal, state, or local laws sometimes require us to  disclose your PHI. For instance, we are required to disclose client health information to the U.S. Department of  Health and Human Services so that it can investigate complaints or determine our compliance with HIPAA.  

Public Health Activities

We may report certain health information for public health purposes. For instance, we are required to report  births, deaths, and communicable diseases to the state government. We also may need to report adverse  reactions to medications or medical products to the U.S. Food and Drug Administration (the “FDA”), or may  notify clients of recalls of medications or products they are using.  

Public Safety 

We may disclose health information for public safety purposes in limited circumstances. We may disclose health  information to law enforcement Officers in response to a search warrant or a grand jury subpoena. We also  may disclose health information to assist law enforcement Officers in identifying or locating a person, to  prosecute a crime of violence, to report deaths that may have resulted from criminal conduct, and to report  criminal conduct within Golden Steps ABA. We also may disclose your PHI to law enforcement Officers and  others to prevent a serious threat of health or safety to you or another person.  

Health Oversight Activities 

We may disclose health information to a government agency that oversees Golden Steps ABA or its personnel  for activities necessary for the government to provide appropriate oversight of the health care system, certain  government benefit programs, and compliance with certain civil rights laws. 

Judicial Proceedings 

Golden Steps ABA may disclose your PHI if ordered to do so by a court or if a subpoena, discovery request or  search warrant is served. Golden Steps ABA will make a reasonable effort to notify you should we receive such  an order so that you will have a chance to object to sharing your PHI.  

Marketing/Sale of Information 

We will never sell your information or share your information for marketing purposes unless you give us written authorization. If we contact you for any fundraising efforts, you can ask that we not contact you again.  

Information with Additional Protection 

Certain types of health information have additional protection under state and federal law. For instance, health  information about communicable disease , evaluation and treatment for a serious mental illness, etc., is treated  differently than other types of PHI. For those types of information, Golden Steps ABA is required to get your  written authorization before disclosing that information to others in many circumstances. 

Your Written Authorization for Any Other Use or Disclosure of Your Health Information 

If Golden Steps ABA wishes to use or disclose your health information for any purpose that is not discussed in  this Notice, Golden Steps ABA will seek your authorization. If you give your written authorization to Golden 

GOLDEN STEPS ABA, LLC | P 646.873.6600 | F 646.859.4440 | E INFO@GOLDENSTEPSABA.COM | W GOLDENSTEPSABA.COM  [15] 

Steps ABA, you may revoke that authorization any time, unless we have already relied on your authorization to  use or disclose information. If you would ever like to revoke your authorization, please notify the Privacy Officer  in writing.  

WHAT ARE YOUR RIGHTS?  

You have the following rights regarding your PHI: 

Right to Request Health Information  

You have the right to request to review and copy your PHI, subject to certain limitations. Please note that  exceptions may apply as provided by law. This includes your PHI, your billing record, and other records we use  to make decisions about your care. To request your PHI records, call or email to the Privacy Officer at the contact  information below and include the form or format which you would like to receive your PHI records, and Golden  Steps ABA will provide you with the PHI records in that form or format, if it is readily producible. If you request  a copy of your information, we will charge you reasonable costs to copy the information. We will tell you in  advance what this copying will cost. You can review your record at no cost. You may request a review of the  decision to restrict your access to the client’s record. 

Right to Restrict Disclosure of PHI to Health Plan 

Golden Steps ABA must abide by a request to restrict disclosure of PHI to a health plan if the disclosure is for  payment or health care operations and pertains to a health care item or service for which the individual has  paid out-of-pocket in full. 

Right to Request Amendment of Health Information You Believe is Erroneous or Incomplete 

If you believe that some of the information in your record we maintain is wrong or incomplete, you may ask us  to amend it. To ask us to amend your PHI, submit a written request to the email address below. If there is a  mistake, a note will be entered into the record to correct the error. We may deny your request and will respond  to your request with an explanation within 60 days.  

Right to Get a List of Certain Disclosures of Health Information 

You have the right to request a list of the disclosures we make of your PHI. If you would like to receive such a  list, submit a written request to the Privacy Officer email address below and include a time period for such  accounting. Your request may not be for a period greater than six (6) years. We will provide the first accounting  at no charge, but we may charge you for any additional requests during the same year. We will tell you in  advance what this list will cost and you may choose to modify or withdraw your request at that time. 

Right to Request Restrictions on How Golden Steps ABA Will Use or Disclose Your Health Information for  Treatment, Payment, or Health Care Operations 

You have the right to request a restriction or limitation on the PHI we use or disclosure about you for treatment,  payment for care, or health care operations or to persons involved in your care. We are not required to agree  to your request only when the request relates to disclosures to a health insurance carrier or health plan and you  paid for the product or service solely out-of-pocket, in full. Otherwise, if we do agree, we will comply with that  agreement. Your request to limit or restrict the use or disclosure of PHI must be in writing to Golden Steps ABA.  If you want to request a restriction, write to the Privacy Officer at the email address below and describe your  request in detail, including whether you want to limit use or disclosure or both, and to whom you want the  limitation to apply.  

Right to Request Confidential Communications 

You have the right to ask us to communicate with you about your PHI matters in a confidential manner. For  example, you can ask us not to call your home, but to communicate only by email mail. To do this, please submit  a written request to the Privacy Officer at the email address below and include how or where you wish to be  contacted. Our clinical supervisors are easily accessible for any concerns. 

Right to be Notified Following a Breach of Unsecured PHI 

We are required to notify you if we experience a breach of your unsecured PHI. You will be notified not more  than sixty (60) days following our discovery of the breach.  

Right to Choose a Representative 

If you have given someone medical power of attorney or if someone is your legal guardian, that person can  exercise your rights and make choices about your PHI. We will make sure this person has the authority and can  act for you before we take any action.  

How to Exercise your Rights: 

In order to exercise the rights described above, please feel free to contact our Privacy Officer at  Confidential@goldenstepsaba.com