THIS       DOCUMENT           DESCRIBES           HOW       HEALTH         OR                MEDICAL  INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND  HOW YOU CAN GET ACCESS TO THIS INFORMATION. 

PLEASE READ IT CAREFULLY. 

WHAT IS THIS NOTICE? 

This  Notice  of  Privacy  Practices  is  required  by  the  Health  Insurance  Portability and Accountability Act (HIPAA) of 1996. 

This notice tells you: 

•     How GRADD and its contracted business partners may use and give 
out your protected health information (PHI) to carry out services, 
payment or health care operations and for other purposes permitted or 
required by law. 

•     What YOUR rights are regarding the access and control of your health 
information. 

•     How GRADD protects your health information. 

If you have any questions about your privacy rights, contact the Privacy  Officer at: 

            GRADD 

            Social Services Department 

            300 GRADD Way 

            Owensboro, KY 42303 

            Phone:  (270) 926-4433 

GRADD’S PRIVACY RESPONSIBILITIES 

GRADD is required to: 

•     Follow the terms of this Notice. 

•     Support your Privacy Rights under the law. 

•     Give you a paper copy of this Privacy Notice and post it on our 

website. 

•     Mail out a new Notice if our privacy practices change. 

•     Treat  your  data  as  confidential  by  not  using  or  giving  out  your 
information  without  your  written  permission,  except  to  support 
normal business or under the allowable circumstances given in this 
Notice. 

•     Tell you what types of information we collect on you. 

•     Release your health information without your permission in the event 

of an emergency.  The release of your data must be in your best 
interest. 

•     Follow State laws regarding the release of your data in the instances 
where State law provides stronger protection of your data than the 
HIPAA law. 

CHANGES TO THIS NOTICE OF PRIVACY PRACTICES 

We reserve the right to change this Privacy Notice at any time.  If we do  make a change, we will mail a revised notice to the address you have  supplied us.  GRADD is required by law to comply with the current version  of this Notice until a new version has been mailed out.  We also maintain a  website that provides information about our services and will post our new  notice on that web site. 

WHO WILL FOLLOW THIS NOTICE? 

These GRADD privacy practices will be followed by: 
•     Any staff of GRADD Social Services Department. 
•     Any health care professional authorized to enter information into your 

health record. 

•     Any member of a volunteer group we allow to help you while you 

receive services from GRADD. 

•     All employees, staff,             other GRADD personnel, and  consultants/contractors. 

•     All subcontracting  agencies providing health  care  and/or  services 

pursuant to contracts with GRADD. 

These entities may share health information with each other for treatment,  payment or administrative operation purposes described in this notice. 

UNDERSTANDING YOUR HEALTH RECORD/INFORMATION 

Each  time  you  apply  for  services  through  GRADD,  a  record  of  your  application is made.  This record contains information about you, including  demographic information that may identify you, or constitute a reasonable  basis to believe the information may identify you, and relates to your past,  present or future physical or mental health or condition.  For example, this  information, often referred to as your health record, serves as a: 

•     Basis for planning your care and/or treatment. 

•     Means of communication among the many health professionals who 

are involved in your care. 

•     Means by which you or a third-party payee can check that services 

billed were actually provided. 

Your health record contains Protected Health Information (PHI).  State and  Federal law protect this information.  Understanding that, we expect to use  and share your health information in a manner that helps you to: 

•     Make sure it is correct. 

•     Better  understand  who,  what,  when,  where,  and  why  others  may 

access your health information. 

•     Make more informed decisions when authorizing sharing your PHI 

with others. 

YOUR INDIVIDUAL PRIVACY RIGHTS UNDER HIPAA 

Although your health information is the physical property of the agency or  provider that compiled it, the information belongs to you.  Under the Federal  Privacy Rules, 45 CFR Part 164, you have the right to: 

•     Request a restriction on certain uses and sharing of your information 
(though we are not required to agree to any such request).  This means 
you may ask us not to use or share any part of your PHI for purposes 
of treatment, payment or healthcare operation.  You may also ask that 
this information not be disclosed to family members or friends who 
may be involved in your care. 

•     Request that we send you confidential communications by alternative 
means or at alternative locations. 

•     Obtain a paper copy of this notice of privacy practices upon request. 
•     Inspect and obtain a copy of your health record. 

•     Request that your health record containing PHI be changed. 

•     Obtain a listing of certain health information we were authorized to 
share  for  purposes  other  than  treatment,  payment  or  health  care 
operations after April 14, 2003. 

•     Take  back  your  authorization  to  use  or  share  health  information 
except to the extent that action has already been taken. 

HOW GRADD MAY USE OR GIVE OUT YOUR INFORMATION 

GRADD can use and give out your information without an Authorization  (special permission from you) for our normal business and where required  by law.  This document tells you of some of the ways this can occur.  All the  ways GRADD may use and give out your information without your express  permission will fall within one of the groups listed below. 

Data for Treatment, Payment and Billing Purposes 

GRADD will use your PHI for treatment, payment and billing purposes. 

•     Information obtained by a nurse, case management personnel, GRADD 
Social Services staff, and/or service providers will be recorded in your 
record and used to determine the services that should work best for 
you. 

•     Your  case  manager  will  document  in  your  plan  of  care  the 
expectations  of  the  service  providers.    Members  of  the  provider 
agencies may then record the actions they took and their observations. 

•     A  bill  or  payment  may  be  sent  to  you  or  a  third-party.    The 
information on or accompanying the bill or payment  may include 
information that identifies you, as well as the services provided and 
supplies used. 

Data for Regular Business Operations 

•     We may use/disclose your PHI in the course of operating GRADD and 

fulfilling  its  responsibilities.    We  may  use  your  information  to 
determine your eligibility for publicly funded services. 

•     GRADD staff may look at your record when reviewing the quality of 
services you are provided.  GRADD staff may use information in your 
health record to assess the care and outcomes in your case and others 
like it.  This information will then be used in an effort to continually 
improve the quality and effectiveness of the healthcare and services 
we provide or cause to be provided. 

Data Provided to Business Associates 

•     There  are  some  services  provided  in  our  organization  through 

contracts with Business Associates.  Examples include training and 
other educational services.  Information shall be made available on a 
need-to-know basis for these activities associated with compliance 
with regulatory agencies.  Whenever an arrangement between our 
office and a business associate involves the use or sharing of your 
PHI, we will have a written contract that contains terms that will 
protect the privacy of your PHI. 

Emergencies 

•     We may use or share your PHI in an emergency treatment situation.  

If  this  happens,  we  will  try  to  obtain  your  consent  as  soon  as 
reasonably possible.  Also, we may use or share your PHI with an 
authorized public or private entity to assist in disaster relief efforts 
and to coordinate uses and disclosures to family or other individuals 
involved in you health care. 

OTHER ALLOWABLE USES OF YOUR HEALTH INFORMATION  WITHOUT YOUR PERMISSION (AUTHORIZATION) 

We may use and share your PHI as limited by the requirements of the law  including, but not limited to, the following instances: 

Abuse, Neglect, Exploitation:  We may disclose your relevant PHI to the  Cabinet for Families and Children, which is authorized by law to receive  reports of abuse, neglect and exploitation. 

Administrative  Appeals:    GRADD  at  times  may  make  decisions  about  eligibility and/or services provided to you.  You or your provider may appeal  these decisions.  Your PHI may be used to make appeal decisions. 

Business Associate:  We may disclose your PHI to other State, Federal and  commercial partners we contract with to perform normal business.  We ask  these groups to protect your data through formal agreements. 

Coroners, Funeral Directors and Medical Examiners:  We may disclose PHI  to a coroner, funeral director, or medical examiner if needed to perform  duties authorized by law. 

Food and Drug Administration (FDA):  We may disclose to the FDA PHI  relative to adverse events with respect to food, supplement products, and  product  defects,  or  post  marketing  surveillance  information  to  enable  product recalls, repairs or replacement. 

Health Oversight and Quality Assurance:  We may disclose your PHI to  health oversight agencies such as the federal Department of Health and  Human Services, Medicare/Medicaid Peer Review Organizations, Cabinet  for Health Services Office of Inspector General, and Cabinet for Health  Services        Office        of     Aging       Services        for      activities         such       as                     audits,  investigations, inspections and compliance with civil rights laws.  We may  disclose  your  PHI  to  doctors  and  nurses  to  help  improve  your  care.   Kentucky Department of Medicaid Services staff, committees and outside  agencies that monitor Medicaid quality of care may also see your PHI. 

Individuals Involved with Payment of Your Care:  We may disclose your  PHI to a friend or family member who is helping with your care or with  payment for your care if necessary. 

Law Enforcement:  We may disclose PHI for law enforcement only where  allowed by federal or state law or required under a court order. 

Lawsuits and Disputes:  We will disclose your PHI in response to a court  order, valid subpoena, discovery request, or other lawful process.   

Public Health:  We may disclose your PHI to public health agencies charged  with preventing or controlling disease, injury or disability; reporting child  abuse or neglect; and reporting domestic violence.  We may share your PHI,  if  authorized  by  law,  to  a  person  who  may  have  been  exposed  to  a  communicable disease or may be at risk of getting or spreading the disease  or condition.  Information will be released to avert a serious threat to health  or safety.  Any disclosure, however, would only be to someone authorized to  receive that information pursuant to law. 

Public Safety:  We may disclose PHI in order to prevent a serious threat to  the health or safety of a particular person or to the general public. 

Research:  We may disclose PHI to researchers when their research has been  approved by an institutional review board that has reviewed the research  proposal and established protocols to ensure the privacy of your PHI. 

Workers Compensation:  We may disclose PHI as necessary to comply with  workers compensation or similar laws. 

WHEN GRADD MAY NOT USE OR DISCLOSE YOUR HEALTH  INFORMATION WITHOUT AUTHORIZATION 

Other than for the allowed reasons listed above, GRADD will not use or  disclose your PHI without written permission (Authorization) from you.  If  you do authorize us to use or disclose your PHI in other ways, you may  revoke your permission in writing at any time.  Once you revoke your  permission, GRADD will no longer be able to use or disclose your PHI for  the reasons stated in you original authorization.  Uses and disclosures of  your PHI beyond treatment and operations will be made only with your  written  authorization,  unless  otherwise  permitted  or  required  by  law  described below. 

•     Unless you object, we may disclose to a member of your family, a 
relative, a close friend or any other person you identify, your PHI that 
directly relates to that person’s involvement in your health care.  If 
you  are  unable  to  agree  or  object  to  such  a  disclosure,  we  may 
disclose such information as necessary if we determine that it is in 
your best interest based on our professional judgment.  We may use or 
disclose PHI to notify or assist in notifying a family member, personal 
representative or any other person that is responsible for your care, 
location or general condition. 

NOTICE OF PRIVACY PRACTICES AVAILABILITY 

This  notice  will  be  prominently  posted  on  the  GRADD  web  page  at  www.gradd.com and on the copy room bulletin board at the GRADD  office. 

Individuals will be provided a hard copy and this notice will be maintained  on the GRADD website for downloading at www.gradd.com

COMPLAINTS 

If you believe your privacy rights have been violated, and wish to make a   complaint, you may file a complaint by calling/writing: 

•     Privacy Officer 

GRADD Social Services 

300 GRADD Way 
Owensboro, KY 42303 

Phone:  (270) 926-4433 

•     Department for Aging & Independent Living 
 KY Cabinet for Health and Family Services 

275 East Main 
Frankfort, KY 40621 
Phone:  (502) 564-6930 

•     Office for Civil Rights 

U.S. Department of Health and Human Services 

200 Independence Ave. SW 
Washington, D.C. 20201 

Phone:  1-800-368-1019 or 1-800-537-7697 

POLICY OF NON-RETALIATION 

GRADD cannot take away your services or retaliate in ANY way if you  choose to file a Privacy Complaint or exercise any of your Privacy Rights. 

Download A Copy Of The Privacy Practice Policy