IMPORTANT: THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
EMS Consulting Services (EMSCS) is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Subtitle D of the Health Information and Technology for Economic and Clinical Health Act (HITECH) to protect the privacy of certain confidential health care information, known as Protected Health Information (PHI), to provide you with a notice of our legal duties and privacy practices with respect to your PHI, and to notify you following a breach of your unsecured PHI. EMS is also required to abide by the terms of the version of this Notice currently in effect. This Notice also provides contact information for questions and for obtaining further assistance if you need more help.
EMS must also protect your medical treatment information under Missouri law. Even though HIPAA and HITECH permit the use and disclosure of your PHI without your written authorization for certain purposes, your consent to release your treatment information may be required under Missouri law.
Uses and Disclosure of PHI under HIPAA and HITECH: EMS may use PHI for purposes of treatment, payment and health care operations, in most cases without your written permission.
For treatment: This includes such things as obtaining verbal and written information about your medical condition and treatment from you as well as from others, such as doctors and nurses who give order to allow us to provide treatment to you. We may give your PHI to other health care providers involved in your treatment, such as the hospital ER staff, and may transfer your PHI via radio or telephone to the hospital or dispatch center.
For payment: This includes any activities we must undertake in order to get reimbursed for the services we provide to you, such as submitting bills to insurance companies, Medicaid, and Medicare, making medical necessity determinations and collecting outstanding accounts.
For health care operations: This includes quality assurance activities, licensing programs to ensure that our personnel meet the requisite standards of care and follow established procedures, and training programs for our personnel and others involved in emergency health care, such as providing clinical experience required by educational institutions and training programs.
Uses and Disclosures of PHI Without Your Authorization under HIPAA and HITECH:
EMS is permitted to use and disclose PHI without your written HIPAA-compliant authorization or opportunity to object in certain situations and unless prohibited by more stringent state or other federal law, including:
- For EMS's use in treating you or obtaining payment for services provided to you or in EMS's health care operations activities;
- For the treatment activities of another health care provider;
- To another health care provider or entity for the payment activities of the provider or entity that receivers the information (such as your hospital or insurance company);
- To another health care provider (such as the hospital to which you are transported) for the health care operations activities of the entity that receives the information as long as the entity receiving the information has or has had a relationship with you and the PHI pertains to that relationship;
- When the law requires EMS to disclose your PHI;
- For health care fraud and abuse detection or for legal compliance activities;
- To a family member, other relative, or close personal friend or other individual involved in your care if we obtain your verbal agreement to do so or if we give you an opportunity to object to such a disclosure and you do not raise an objection or if we infer from the circumstances that you would not object, and in certain other circumstances where we are unable to obtain your agreement and believe the disclosure is in your best interests;
- To a public health authority in certain situations as required by law, such as to report abuse, neglect, or domestic violence, or exposure to a communicable disease;
- For health oversight activities, including audits or government investigations, inspections, licensures, disciplinary proceedings, and other administrative or judicial actions undertaken by the government (or their contractors) by law to oversee the health care system;
- For judicial and administrative proceedings as required by a court or administrative order, or in some cases in response to a subpoena or other legal process;
- For law enforcement activities in limited situations, such as when responding to a warrant or when information is needed to locate a suspect;
- For military, national defense and security, or other special government functions;
- To avert a serious threat to the health and safety of a person or the public at large;
- For workers' compensation purposes in compliance with workers' compensation laws;
- To coroners, medical examiners, and funeral directors for identifying a deceased person, determining cause of death, or carrying on their duties as authorized by law;
- To an organization that handles organ procurement or organ, eye or tissue transplantation as necessary to facilitate that procurement or transplantation;
- To a correctional institution if the disclosure is necessary for the health and safety of the inmate or correctional staff;
- For research projects, but this will be subject to strict oversight and approvals.
- EMS may use or disclose health information about you in a way that does not personally identify you or reveal who you are.
Any use or disclosure of PHI other than those listed above will only be made with your written HIPAA-compliant authorization. You may revoke your authorization at any time, in writing, except to the extent that EMSCS has already used or disclosed medical information in reliance on that authorization.
Business Associates: EMSCS may hire third parties to provide services needed by EMS. When outside entities receive, create, maintain, use or disclose PHI to perform various functions on behalf of EMS or to provide certain types of services to EMSCS, those entities serve as EMSCS's Business Associate. EMS must enter into a written contract with those entities requiring them to meet certain privacy and security requirements regarding your PHI. For example, EMSCS uses an outside billing service which serves as EMSCS's Business Associate in conducting those services.Business Associates must also meet all of the administrative, physical and technical safeguards that apply to EMSCS under the HIPAA Security Rule.
Patient Rights: As a patient, you have a number of rights under HIPAA and HITECH with respect to your PHI, including:
The right to access, copy or inspect your PHI. This means you may inspect and request copies of most medical and billing information about you that we maintain. EMSCS must provide you with access to your PHI in the form and format that you request if EMS can readily do so, but otherwise in a form and format agreed by you and EMS. If EMSCS maintains your PHI electronically, then EMSCS will provide your PHI in the electronic form and format that you request if EMS can readily do so, but otherwise will provide the PHI in an electronic form and format agreed by you and EMS.
You can direct EMSCS to transmit the copy of your PHI to another person. To do so, the request must writing and signed by you, with clear identification of the person you are designating to receive your PHI and where to send the copy of your PHI.
We have available forms to request access to your PHI. We will normally provide you with access to this information within 30 days of your request. We may also charge you a reasonable fee to copy any medical information that you have a right to access. In limited circumstances, we may deny you access to your medical information, and you may appeal certain types of denials. EMS will provide a written response if we deny your access and will let you know your appeal rights. If you wish to inspect or request copies of your medical information, you should contact an EMSCS Privacy Officer as indicated at the end of this Notice.
The right to amend your PHI. You have the right to ask us to amend written medical and billing information that we may have about you. We will generally amend your information within 60 days of your request and will notify you when we have amended the information. We are permitted by law to deny your request to amend your information only in certain circumstances, like when we believe that information you have asked us to amend is correct. If you wish to request that we amend the medical or billing information that we have about you, you should contact an EMSCS Privacy Officer as indicated at the end of this Notice.
The right to request an accounting of our disclosures of your PHI. You may request an accounting from us of certain disclosures of your medical and billing information that we have made in the last six years prior to the date of your request. We are not required to give you an accounting of information we have disclosed for purposes of treatment, payment, or health care operations, or when we share your health information with our business associates, like our billing company or a medical facility from/to which we have transported you. We are also not required to give you an accounting of our disclosures of your PHI for which you have given us written authorization. If you wish to request an accounting of our disclosures of your PHI that are not exempted from the disclosure accounting requirement, you should contact an EMSCS Privacy Officer as indicated at the end of this Notice.
The right to request that EMSCS restrict the uses and disclosures of your PHI. You have the right to request that we restrict how we use and disclose your medical and billing information that we have about you. Unless the law requires otherwise, EMSCS must agree to your request to restrict disclosure of your PHI if the disclosure is to a health plan for purposes of carrying out payment or health care operations (rather than for treatment purposes) and the PHI pertains solely to a health care item or service for which EMSCS has been paid out-of-pocket. For all other restriction requests, EMSCS is not required to agree to any restrictions you request, but any restrictions agreed to by EMSCS in writing are binding on EMSCS. If, however, you request a restriction and the information you asked us to restrict is needed to provide you with emergency treatment, then we may use the PHI or disclose the PHI to a health care provider to provide you with emergency treatment.
The right to receive confidential communications of your PHI. You also have the right to request and we must accommodate reasonable requests to communicate with you about your PHI by alternative means or at alternative locations. For example, you may request that we send all correspondence to you at a post office box rather than to your home address. You must request such accommodations in writing.
The right to receive notification of breaches of your unsecured PHI. You have a right to receive notification from EMSCS of breaches of your unsecured PHI. If your unsecured PHI is used, disclosed, accessed or acquired in violation of the Privacy Rule so that the privacy or security of the unsecured PHI is compromised, EMSCS must notify you within 60 days of the breach, including a brief description of what happened, the dates of the breach and its discovery, steps that you should take to protect yourself from potential harm resulting from the breach, and a brief description of what EMSCS is doing to investigate the breach, mitigate losses, and protect against further breaches.
Internet, electronic and paper copies of this Notice.If we maintain a web site, we will prominently post a copy of this Notice on our web site and make the Notice available to you electronically through the web site.You may always request a paper copy of this Notice.
Revisions to This Notice. EMSCS reserves the right to change the terms of this Notice at any time, and then changes will be effective immediately and will apply to all PHI that we maintain. Any material changes to the Notice will be promptly posted in our facilities and posted to our web site, if we maintain one. You can get a copy of the latest version of this Notice by contacting an EMSCS Privacy Officer as indicated at the end of this Notice.
Your Legal Rights and Complaints. You also have the right to complain to us, or to the Secretary of the United States Department of Health and Human Services if you believe your privacy rights have been violated. You will not be retaliated against in any way for filing a complaint with us or with the government.You may direct all questions, comments or complaints to an EMS Co-Privacy Officer as indicated at the end of this Notice.
EMS Co-Privacy Officers and Contact Information: The EMSCS Privacy Officers can be contacted for further information as follows:
EMSCS Privacy Officer
20 E. Taunton Road, Suite 560
Berlin, New Jersey 08009
Effective date of this Notice: March 26, 2018