THIS DOCUMENT DESCRIBES HOW HEALTH OR MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE READ IT CAREFULLY.
WHAT IS THIS NOTICE?
This Notice of Privacy Practices is required by the Health Insurance Portability and Accountability Act (HIPAA) of 1996.
This notice tells you:
• How GRADD and its contracted business partners may use and give
out your protected health information (PHI) to carry out services,
payment or health care operations and for other purposes permitted or
required by law.
• What YOUR rights are regarding the access and control of your health
• How GRADD protects your health information.
If you have any questions about your privacy rights, contact the Privacy Officer at:
Social Services Department
300 GRADD Way
Owensboro, KY 42303
Phone: (270) 926-4433
GRADD’S PRIVACY RESPONSIBILITIES
GRADD is required to:
• Follow the terms of this Notice.
• Support your Privacy Rights under the law.
• Give you a paper copy of this Privacy Notice and post it on our
• Mail out a new Notice if our privacy practices change.
• Treat your data as confidential by not using or giving out your
information without your written permission, except to support
normal business or under the allowable circumstances given in this
• Tell you what types of information we collect on you.
• Release your health information without your permission in the event
of an emergency. The release of your data must be in your best
• Follow State laws regarding the release of your data in the instances
where State law provides stronger protection of your data than the
CHANGES TO THIS NOTICE OF PRIVACY PRACTICES
We reserve the right to change this Privacy Notice at any time. If we do make a change, we will mail a revised notice to the address you have supplied us. GRADD is required by law to comply with the current version of this Notice until a new version has been mailed out. We also maintain a website that provides information about our services and will post our new notice on that web site.
WHO WILL FOLLOW THIS NOTICE?
These GRADD privacy practices will be followed by:
• Any staff of GRADD Social Services Department.
• Any health care professional authorized to enter information into your
• Any member of a volunteer group we allow to help you while you
receive services from GRADD.
• All employees, staff, other GRADD personnel, and consultants/contractors.
• All subcontracting agencies providing health care and/or services
pursuant to contracts with GRADD.
These entities may share health information with each other for treatment, payment or administrative operation purposes described in this notice.
UNDERSTANDING YOUR HEALTH RECORD/INFORMATION
Each time you apply for services through GRADD, a record of your application is made. This record contains information about you, including demographic information that may identify you, or constitute a reasonable basis to believe the information may identify you, and relates to your past, present or future physical or mental health or condition. For example, this information, often referred to as your health record, serves as a:
• Basis for planning your care and/or treatment.
• Means of communication among the many health professionals who
are involved in your care.
• Means by which you or a third-party payee can check that services
billed were actually provided.
Your health record contains Protected Health Information (PHI). State and Federal law protect this information. Understanding that, we expect to use and share your health information in a manner that helps you to:
• Make sure it is correct.
• Better understand who, what, when, where, and why others may
access your health information.
• Make more informed decisions when authorizing sharing your PHI
YOUR INDIVIDUAL PRIVACY RIGHTS UNDER HIPAA
Although your health information is the physical property of the agency or provider that compiled it, the information belongs to you. Under the Federal Privacy Rules, 45 CFR Part 164, you have the right to:
• Request a restriction on certain uses and sharing of your information
(though we are not required to agree to any such request). This means
you may ask us not to use or share any part of your PHI for purposes
of treatment, payment or healthcare operation. You may also ask that
this information not be disclosed to family members or friends who
may be involved in your care.
• Request that we send you confidential communications by alternative
means or at alternative locations.
• Obtain a paper copy of this notice of privacy practices upon request.
• Inspect and obtain a copy of your health record.
• Request that your health record containing PHI be changed.
• Obtain a listing of certain health information we were authorized to
share for purposes other than treatment, payment or health care
operations after April 14, 2003.
• Take back your authorization to use or share health information
except to the extent that action has already been taken.
HOW GRADD MAY USE OR GIVE OUT YOUR INFORMATION
GRADD can use and give out your information without an Authorization (special permission from you) for our normal business and where required by law. This document tells you of some of the ways this can occur. All the ways GRADD may use and give out your information without your express permission will fall within one of the groups listed below.
Data for Treatment, Payment and Billing Purposes
GRADD will use your PHI for treatment, payment and billing purposes.
• Information obtained by a nurse, case management personnel, GRADD
Social Services staff, and/or service providers will be recorded in your
record and used to determine the services that should work best for
• Your case manager will document in your plan of care the
expectations of the service providers. Members of the provider
agencies may then record the actions they took and their observations.
• A bill or payment may be sent to you or a third-party. The
information on or accompanying the bill or payment may include
information that identifies you, as well as the services provided and
Data for Regular Business Operations
• We may use/disclose your PHI in the course of operating GRADD and
fulfilling its responsibilities. We may use your information to
determine your eligibility for publicly funded services.
• GRADD staff may look at your record when reviewing the quality of
services you are provided. GRADD staff may use information in your
health record to assess the care and outcomes in your case and others
like it. This information will then be used in an effort to continually
improve the quality and effectiveness of the healthcare and services
we provide or cause to be provided.
Data Provided to Business Associates
• There are some services provided in our organization through
contracts with Business Associates. Examples include training and
other educational services. Information shall be made available on a
need-to-know basis for these activities associated with compliance
with regulatory agencies. Whenever an arrangement between our
office and a business associate involves the use or sharing of your
PHI, we will have a written contract that contains terms that will
protect the privacy of your PHI.
• We may use or share your PHI in an emergency treatment situation.
If this happens, we will try to obtain your consent as soon as
reasonably possible. Also, we may use or share your PHI with an
authorized public or private entity to assist in disaster relief efforts
and to coordinate uses and disclosures to family or other individuals
involved in you health care.
OTHER ALLOWABLE USES OF YOUR HEALTH INFORMATION WITHOUT YOUR PERMISSION (AUTHORIZATION)
We may use and share your PHI as limited by the requirements of the law including, but not limited to, the following instances:
Abuse, Neglect, Exploitation: We may disclose your relevant PHI to the Cabinet for Families and Children, which is authorized by law to receive reports of abuse, neglect and exploitation.
Administrative Appeals: GRADD at times may make decisions about eligibility and/or services provided to you. You or your provider may appeal these decisions. Your PHI may be used to make appeal decisions.
Business Associate: We may disclose your PHI to other State, Federal and commercial partners we contract with to perform normal business. We ask these groups to protect your data through formal agreements.
Coroners, Funeral Directors and Medical Examiners: We may disclose PHI to a coroner, funeral director, or medical examiner if needed to perform duties authorized by law.
Food and Drug Administration (FDA): We may disclose to the FDA PHI relative to adverse events with respect to food, supplement products, and product defects, or post marketing surveillance information to enable product recalls, repairs or replacement.
Health Oversight and Quality Assurance: We may disclose your PHI to health oversight agencies such as the federal Department of Health and Human Services, Medicare/Medicaid Peer Review Organizations, Cabinet for Health Services Office of Inspector General, and Cabinet for Health Services Office of Aging Services for activities such as audits, investigations, inspections and compliance with civil rights laws. We may disclose your PHI to doctors and nurses to help improve your care. Kentucky Department of Medicaid Services staff, committees and outside agencies that monitor Medicaid quality of care may also see your PHI.
Individuals Involved with Payment of Your Care: We may disclose your PHI to a friend or family member who is helping with your care or with payment for your care if necessary.
Law Enforcement: We may disclose PHI for law enforcement only where allowed by federal or state law or required under a court order.
Lawsuits and Disputes: We will disclose your PHI in response to a court order, valid subpoena, discovery request, or other lawful process.
Public Health: We may disclose your PHI to public health agencies charged with preventing or controlling disease, injury or disability; reporting child abuse or neglect; and reporting domestic violence. We may share your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may be at risk of getting or spreading the disease or condition. Information will be released to avert a serious threat to health or safety. Any disclosure, however, would only be to someone authorized to receive that information pursuant to law.
Public Safety: We may disclose PHI in order to prevent a serious threat to the health or safety of a particular person or to the general public.
Research: We may disclose PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
Workers Compensation: We may disclose PHI as necessary to comply with workers compensation or similar laws.
WHEN GRADD MAY NOT USE OR DISCLOSE YOUR HEALTH INFORMATION WITHOUT AUTHORIZATION
Other than for the allowed reasons listed above, GRADD will not use or disclose your PHI without written permission (Authorization) from you. If you do authorize us to use or disclose your PHI in other ways, you may revoke your permission in writing at any time. Once you revoke your permission, GRADD will no longer be able to use or disclose your PHI for the reasons stated in you original authorization. Uses and disclosures of your PHI beyond treatment and operations will be made only with your written authorization, unless otherwise permitted or required by law described below.
• Unless you object, we may disclose to a member of your family, a
relative, a close friend or any other person you identify, your PHI that
directly relates to that person’s involvement in your health care. If
you are unable to agree or object to such a disclosure, we may
disclose such information as necessary if we determine that it is in
your best interest based on our professional judgment. We may use or
disclose PHI to notify or assist in notifying a family member, personal
representative or any other person that is responsible for your care,
location or general condition.
NOTICE OF PRIVACY PRACTICES AVAILABILITY
This notice will be prominently posted on the GRADD web page at www.gradd.com and on the copy room bulletin board at the GRADD office.
Individuals will be provided a hard copy and this notice will be maintained on the GRADD website for downloading at www.gradd.com.
If you believe your privacy rights have been violated, and wish to make a complaint, you may file a complaint by calling/writing:
• Privacy Officer
GRADD Social Services
300 GRADD Way
Owensboro, KY 42303
Phone: (270) 926-4433
• Department for Aging & Independent Living
KY Cabinet for Health and Family Services
275 East Main
Frankfort, KY 40621
Phone: (502) 564-6930
• Office for Civil Rights
U.S. Department of Health and Human Services
200 Independence Ave. SW
Washington, D.C. 20201
Phone: 1-800-368-1019 or 1-800-537-7697
POLICY OF NON-RETALIATION
GRADD cannot take away your services or retaliate in ANY way if you choose to file a Privacy Complaint or exercise any of your Privacy Rights.