CONFIDENTIALITY PRACTICES AND USES
Protected Health Information (PHI) — PHI is information we obtain and create in providing our services to you. Such information may include documentation of your symptoms, examination and test results, diagnosis and treatment. It also includes billing documents for those services.
If we disclose your PHI to a business associate in order for that entity to perform a function on our behalf, we must have in place an agreement from the business associate that it and its subcontractors will extend the same degree of privacy protection to your information that we do.
If a use or disclosure is not described in this Notice, we will not make that use or disclosure without your written authorization.
USES AND DISCLOSURES PER LAW NOT REQUIRING YOUR PERMISSION
Direct2Care may access, use and/or share this medical information for the purposes of the following:
- Treatment — To appropriately determine approvals or denials of your medical treatment. For example, your PHI will be shared among members of your treatment team.
- Payment — We may use or disclose your PHI in order to bill and collect payment for your health care services. For example, your health care provider may send claims for payment to Medicare for medical services provided to you, if applicable.
- Health Care Operations — We may use or disclose your PHI, as needed, in order to improve the quality of your care. For example, members of the treatment team may share PHI to assess the care and outcomes in your case.
- When Required by Law — We may disclose PHI when a law requires that we report information about suspected abuse, neglect or domestic violence; for a crime committed on the premises; or in response to a court order. We must also disclose PHI to authorities that monitor compliance with these privacy requirements.
- For Public Health Activities — We may disclose PHI when we are required to collect information about disease or injury; to report vital statistics; or to report the results of public health surveillance, investigations, or interventions.
- For Health Oversight Activities — We may disclose PHI to a health oversight agency for activities authorized by law. These oversight activities may include audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the behavioral health care system, government programs and compliance with civil rights laws.
- Relating to Decedents — We may disclose PHI relating to a death to coroners, medical examiners or funeral directors, and to organ procurement organizations with regard to anatomical gifts. Unless an individual indicated otherwise before death, we also may disclose PHI related to the individual’s death to family members, friends, or others who were involved in the individual’s care or payment for care before death.
- For Research Purposes — We may use or disclose your medical information for research projects, such as studying the effectiveness of a treatment you received. These research projects must go through a special process that protects the confidentiality of your medical information. We will obtain your written authorization if the researcher will further use or disclose your medical information.
- To Avert Threat to Health or Safety — In order to avoid a serious threat to health or safety, we may disclose PHI as necessary to law enforcement or other persons who can reasonably prevent or lessen the threat of harm
- For Specific Government Functions — We may disclose PHI of military personnel and veterans in certain situations, to correctional facilities in certain situations, to government benefit programs relating to eligibility and enrollment, and for national security reasons, such as protection of the President.
USES AND DISCLOSURES REQUIRING AUTHORIZATION
We are required to have your written authorization for the following. Authorizations can be revoked at any time to stop future uses/disclosures except to the extent that we have already undertaken an action in based upon your authorization.
- Substance Abuse Health Information — All PHI regarding substance abuse is to be kept strictly confidential and released only in conformance with the requirements of federal law (42 United States Code 290dd-2 and 42 Code of Federal Regulations, Part 2). Disclosure of any medical information referencing alcohol or substance abuse may be made only with your written authorization. A general authorization for the release of medical or other information is not sufficient for this purpose.
- HIV Information — All PHI regarding HIV is kept strictly confidential and released only in conformance with the requirements of state law. Disclosure of any medical information referencing HIV status may only be made with your written authorization. A general authorization for the release of medical or other information is not sufficient for this purpose.
- Other Uses or Disclosures Requiring Authorization – We may not use or disclose your PHI without your written authorization if the use or disclosure would constitute a sale of PHI.
- We may not use or disclose your PHI for marketing purposes without your written authorization. Most uses and disclosures of your psychotherapy notes will require your written authorization.
There may be other uses and disclosures of your PHI for which we will seek your written authorization.
USES AND DISCLOSURES REQUIRING YOU TO HAVE AN OPPORTUNITY TO OBJECT
In the following situations, we may disclose a limited amount of your PHI if we inform you about the disclosure in advance and you do not object, as long as the disclosure is not otherwise prohibited by law:
- To Families, Friends or Others Involved in Your Care — We may share with these people information directly related to their involvement in your care, or payment for your care. We may also share PHI with these people or notify them about your location and general condition, or death.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
- Right to Request Restrictions — You have the right to request that we restrict uses or disclosures of your health information to carry out treatment, payment, health care operations, or communications with family, friends, or other individuals. In most situations, we are not required to agree to a restriction. If disclosure is required by law, we cannot agree to your request to restrict. If you request that we restrict specified disclosures of PHI to a health plan regarding a health care item or service for which you paid out of pocket in full, we must agree to the restriction.
- Right to Request Confidential Communications — You have the right to ask us to communicate with you in a way that you feel is more confidential. For example, you can ask us not to call your home, but to communicate only by mail. This request must be in writing. We must accommodate your request if it is reasonable and you clearly state that the disclosure of all or part of the information could endanger you.
- Right to Inspect and Copy — You have the right to review your record and to get a copy of your record (the law requires us to keep the original record). This could include your medical record, your billing record, and other records we use to make decisions about your care. You may agree to a summary or explanation of such information. To request your health information, submit a written request to your unit manager or program manager. We may charge a reasonable, cost based fee for the costs of copying, including labor, postage, and the cost of preparing a summary or explanation if applicable. If you request a copy or a summary or explanation of your information, we will tell you in advance what this will cost. We may deny your request to inspect and copy in certain circumstances as defined by applicable Direct2Care policy and as specified by law.
- Right to Amend — If you examine your medical information and believe that some of the information is incorrect, you may ask us to amend your record. The request must be in writing. Your request must include the reason or reasons that support your request. We may deny your request for an amendment if we determine that the record that is the subject of the request was not created by us, is not available for inspection as specified by law, or is accurate and complete.
- Right to Receive an Accounting of Disclosures — You have the right to receive an accounting of disclosures of your health information. This generally does not include disclosures made to carry out treatment, payment and health care operations; disclosures made to you; communications with family and friends; for national security or intelligence purposes; or to correctional institutions or law enforcement officials. We will respond to your written request for such a list within the time frame specified by law. Your first request for accounting in any 12-month period shall be provided without charge. A reasonable, cost-based fee shall be imposed for each subsequent request.
- You have the right to receive this Notice — You have the right to receive a paper copy of this Notice.
- You have the right to be notified of a breach of your PHI – In the event of a breach of your PHI that is created, received, or maintained by us or by a business associate or the business associate’s subcontractor, you will receive written notification as specified by law.
HOW TO FILE A COMPLAINT IF YOU BELIEVE YOUR RIGHTS HAVE BEEN VIOLATED
If you have questions about this Notice or any complaints about our privacy practices, please contact the Direct2Care Privacy Official by calling 602-601-7429 or emailing us at firstname.lastname@example.org.
You also may file a complaint with the Secretary of the U.S. Department of Health and Human Services at:
U.S. Department of Health and Human Services
Office for Civil Rights
Regional Manager – Region IX
90 7th Street, Suite 4-100
San Francisco, California 94103
Phone: (415) 437-8310
Toll Free: 1-(800) 368-1019
Online Complaint: www.hhs.gov/ocr/privacy/hipaa/complaints
If you make such complaints, retaliatory action is not permitted.
TERMS AND CONDITIONS
NOTICE OF COMPLIANCE WITH THE FEDERAL ANTI-KICKBACK STATUTE AND STARK LAW
- This Policy applies to Direct2Care and all of its wholly-owned subsidiaries (collectively, “Direct2Care”).
- Direct2Care is committed to compliance with applicable laws, rules and regulations, including the Anti-Kickback Statute and the Stark Law. These laws, while complex, relate primarily to relationships between Direct2Care and Referral Sources, including physicians. Direct2Care may, from time to time, develop other policies regarding these relationships.
- This Policy outlines the requirements of the Compliance Officer in maintaining and reviewing the Focus Arrangements database.
This Policy further provides general information about the federal Anti-Kickback Statute, the Stark Law, and the regulations and other related guidance and explains how these laws relate to relationships between Direct2Care and referral sources.
Designated Health Services means any of the following services: clinical laboratory services; physical therapy, occupational therapy, and outpatient speech-language pathology services; radiology and certain other imaging services; radiation therapy services and supplies; durable medical equipment and supplies; parenteral and enteral nutrients, equipment, and supplies; prosthetics, orthotics, and prosthetic devices and supplies; home health services; outpatient prescription drugs; and inpatient and outpatient hospital services.
Focus Arrangement means every arrangement or transaction that:
- Involves, directly or indirectly, the offer or payment of anything of value; and is between Direct2Care and any actual source of health care business or referrals to Direct2Care; or
- Is between Direct2Care and a physician (or a physician’s Immediate Family Member) who makes a referral (as defined at 42 U.S.C. § 1395nn(h)(5)) to Direct2Care for Designated Health Services.
Immediate Family Member means husband or wife; birth or adoptive parent, child, or sibling; stepparent, stepchild, stepbrother, or stepsister; father-in-law, mother-in-law, son-in-law, daughter-in-law, brother-in-law, or sister-in-law; grandparent or grandchild; and spouse of a grandparent or grandchild.
Overpayment means the amount of money Direct2Care has received in excess of the amount due and payable under any Federal health care program requirements.
Physician means a doctor of medicine or osteopathy, a doctor of dental surgery or dental medicine, a doctor of podiatric medicine, a doctor of optometry, or a chiropractor.
Referral Source means (a) a physician; (b) a physician’s Immediate Family Member; (c) any entity that is controlled by a physician or a physician’s Immediate Family Member; or (d) any non-physician who may be capable of making referrals to Direct2Care.
Reportable Event means any isolated event or a series of occurrences that involves:
- A substantial Overpayment (as defined by all applicable Direct2Care Patient Financial Services Department policies);
- A matter that a reasonable person would consider a probable violation of criminal, civil, or administrative laws applicable to any Federal health care program for which penalties or exclusion may be authorized;
- The employment of or contracting with a Covered Person who is an Ineligible Person; or
- The filing of a bankruptcy petition by Direct2Care.
Direct2Care does not offer, pay, provide, or accept any remuneration, including any payment of any type, for referrals of patients. Direct2Care is committed to ensuring that its relationships with physicians and other Referral Sources do not violate the Anti-Kickback Statute, the Stark Law, or any other applicable Federal or state laws.
- Direct2Care has established a Code of Conduct and policies and procedures demonstrating Direct2Care’s commitment to full compliance with all federal health care program requirements, including the Anti-Kickback Statute and Stark Law. Direct2Care’s Compliance & Organizational Ethics policies and procedures and other policies that govern transactions with Referral Sources are on the Direct2Care intranet. The Agreements with Physicians and Other Potential Referral Sources: General Policy outlines specific requirements for entering into a Focus Arrangement that ensures that all transactions with Referral Sources comply with the applicable Federal and state laws.
- Direct2Care maintains a database of all contractual relationships with Referral Sources that are considered Focus Arrangements.
- Any known or suspected violations of the Anti-Kickback Statue and Stark Law must be reported, investigated, and remediated in accordance with Direct2Care’s Compliance Policies.
- The Attachment to this Policy provides an overview of the Anti-Kickback Statute and
Stark Law which may be amended or modified from time to time.
- Direct2Care will review the Focus Arrangements database, Direct2Care’s internal review and approval process, and certain other procedures to monitor Direct2Care’s compliance with the requirements of the Corporate Integrity Agreement between the Office of the Inspector General (“OIG”) of the Department of Health and Human Services and Direct2Care.
- Direct2Care shall regularly track remuneration to and from all parties to Focus Arrangements, including tracking service and activity logs to ensure that parties to the Focus Arrangement are performing the services required under the applicable Focus Arrangement.
- Direct2Care shall monitor the use of leased space, medical supplies, medical devices, equipment, or other patient care items to ensure that such use is consistent with the terms of the applicable Focus Arrangement.
- All Direct2Care employees, medical staff members and, where appropriate, others who provide services to or on behalf of Direct2Care shall become familiar with the requirements of the Anti-Kickback Statute and the Stark Law through training and through the attached overview of the laws. Any individual who becomes aware of any activity that may be a violation of the Anti-Kickback Statute or the Stark Law should report the potential violation in accordance with Direct2Care’s Compliance Policies.
- If Direct2Care becomes aware of any activity that may violate the Anti- Kickback Statute or the Stark Law, company leadership in coordination with the appropriate departments, shall conduct an appropriate review or investigation of the activity in accordance with Direct2Care’s Compliance Policies.
- If after a reasonable opportunity to conduct an appropriate review or investigation of an activity that may violate the Anti-Kickback Statute or the Stark Law Direct2Care determines that there is a Reportable Event, the Compliance Officer shall be responsible for notifying the OIG of the Reportable Event, in writing, within thirty days after making the determination that the Reportable Event exists.
References: 42 U.S.C. § 1320a-7b(b), 42 CFR § 1001.952 42 U.S.C. § 1320a-7a(a)(7) 42 U.S.C. § 1395nn; 42 CFR § 411.350 et seq.
THE ANTI-KICKBACK STATUTE
The federal Anti-Kickback Statute prohibits knowingly and willfully offering, paying, soliciting or receiving anything of value as an inducement or reward to refer items or services for which payment is available under the federal or state healthcare programs, such as Medicare and Medicaid. Violations of the Anti-Kickback Statute are classified as felonies and are punishable by fines of up to $25,000 and up to 5 years in prison. Violations of the Anti-Kickback Statute may also cause participants to be excluded from participating in federal health care programs or from working for entities that participate in federal healthcare programs.
The Department of Health and Human Services Office of Inspector General (“OIG”) is the federal governmental agency responsible for interpreting and enforcing the Anti-Kickback Statute. The OIG has issued regulations that contain “safe harbor” provisions describing various payment and business practices that the OIG has deemed acceptable. Unless all elements of a safe harbor are met, these practices might otherwise be viewed to implicate, and potentially violate, the Anti-Kickback Statute. Compliance with a safe harbor is not mandatory; rather, arrangements that could violate the Anti-Kickback Statute which do not fit into a safe harbor are evaluated by the OIG on a case-by-case basis.
Guidance Related to the Anti-Kickback Statute
To assist health care providers in complying with the Anti-Kickback Statute, the OIG has, and continues from time to time, to publish guidance.
- Advisory Opinions. The OIG issues advisory opinions to outside parties regarding the interpretation and applicability of certain statutes relating to the federal and state healthcare programs, including (a) what constitutes prohibited remuneration under the Anti-Kickback Statute and (b) whether an arrangement or proposed arrangement falls within a safe harbor. Advisory opinions provide guidance, but they only apply to the parties requesting them. However, they offer meaningful advice on the application of the Anti-Kickback Statute. Additional information about the OIG’s advisory opinion process and a link to all published advisory opinions is located at http://oig.hhs.gov/fraud/advisoryopinions.asp.
- Other Guidance. The OIG periodically develops and issues guidance, including Special Advisory Bulletins, Fraud Alerts, and other industry guidance to alert and inform the health care industry about potential problems or areas of special interest. The OIG posts its guidance to its website at http://oig.hhs.gov/fraud/fraudalerts.asp.
THE LIMITATION ON CERTAIN PHYSICIAN REFERRALS (THE STARK LAW)
The Stark Law prohibits physicians from referring Medicare patients for certain designated health services (“DHS”) to an entity with which the physician or a member of the physician’s immediate family has a financial relationship–unless an exception applies. It also prohibits an entity from presenting or causing to be presented a bill or claim to anyone for a DHS furnished as a result of a prohibited referral. Notably, DHS includes all inpatient and outpatient hospital services. Sanctions for violating the Stark Law include disallowing all Medicare payments for any DHS provided pursuant to a referral from the physician and possible penalties of up to $15,000 per DHS item or service plus three times the amount claimed for payment from Medicare; circumvention schemes can result in a penalty of up to $100,000 and exclusion from participation in federal health care programs.
The Centers for Medicare and Medicaid Services (“CMS”), the federal agency responsible for interpreting and enforcing the Stark Law, has issued regulations that contain exceptions for relationships with physicians that will be deemed not to violate the statute. Unlike the Anti- Kickback Statute, a physician’s financial relationship with the entity providing DHS must fit within an exception to the Stark Law and meet all of the criteria of the exception. If it does not, the entity may not bill for any DHS provided pursuant to a referral from the physician.
Guidance Related to the Stark Law
CMS issues advisory opinions to outside parties regarding whether a physician’s referrals relating to certain DHS are prohibited under the Medicare program. While the advisory opinions are only binding on the person or entity who requested the opinion, the advisory opinions offer meaningful advice on the application of the Stark Law. Additional information about CMS’s advisory opinion process, a link to CMS’s published advisory opinions, and other Stark Law guidance is located at http://www.cms.gov/PhysicianSelfReferral.