NOTICE OF PRIVACY PRACTICES
Effective Date: February 15, 2017
UPDATED – 12/28/2017
This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Why We Keep Information About You
Gateway keeps health information about you to help care for you and because the law requires us to. The law also says we must:
- Protect your health information,
- give you this Notice, and
- follow what the Notice says.
What the Words We Use Mean
- “Notice” means this Notice of Privacy Practices.
- “Gateway” means Gateway Learning Group, Inc. and its providers and staff.
- “We,” “our,” or “us” means one or more Gateway, its providers or its staff
- “You” means the patient that the health information is about.
- “Health information” or “information” means all the paper and electronic records related to a patient’s physical and mental health care—past, present, or future. These records tell who the
patient is and include information about billing and payment.
- “Use” means sharing or using health information within Gateway
- “Share” or “disclose” means giving health information, or access to health information, to someone outside Gateway.
How We May Use and Share Information about You
We use electronic record systems to manage your care. These systems have safeguards to protect the information in them. We also have policies and training that limit the use of information to those who need it to do their job. Providers, caregivers, and other entities who are not employed by Gateway but are involved in your family’s treatment, billing and payment of your claims, or Gateway operations may share information they have about you with us to help us care for you. We and these other persons and entities may use and share health information about you without your consent.
Treatment. We may use and share your health information to treat you. We may also share your health information with other providers to help you obtain care, such as providing your health information to your treating physician so that he or she can determine if you need additional services.
Billing and Payment. We may use and share your information so that we and others who have provided services to you can bill and collect payment for these services. For example, we may share your health information with your health plan:
- so your health plan will pay for care at Gateway
- to get approval before providing services
- so your health plan can make sure they have paid the right amount to Gateway
We may also share your information with a collection agency if a bill is overdue.
Operations and Other Business Reasons. Some of the operational and business reasons we may use or share your health information include:
- to follow laws and regulations
- to train and educate
- for credentialing, licensure, certification, and accreditation
- to improve our care and services
- to budget and plan
- to do an audit
- to maintain computer systems
- to evaluate our staff
- to decide if we should offer more services
- to find out how satisfied our patients are
- to bill and collect payment.
Anyone we share information with to help us do these tasks on behalf of or in partnership with us must also protect and restrict the use of your health information.
When we use or share information for operations or other business reasons, we may, if we can, take out information that identifies who you are.
Your Family and Caregivers. We may share information about you with family members and friends who are involved in your care or paying for your care. Whenever possible, we will allow you to tell us who you would like to be involved in your care. In emergencies, however, or other situations in which you are unable to tell us who to share information with, we will use our best judgment and share only information that others need to know. We may also share information about you with a public or private agency during a disaster so that the agency can help contact your family or friends to tell them where you are and how you are doing.
Scheduling, Insurance, and Other Matters. We may contact you by mail, phone, text, or email for many reasons, including to:
- remind you about an appointment
- ask about insurance, billing, or payment
- follow up on your care
- ask you how well we cared for you.
We may leave voice messages at the telephone number you give to us. If you choose to have us contact you by text, texting charges may apply.
Treatment Options or Health-related Products and Services. We may use or share your information to let you know about treatment options or health-related products or services that may interest you.
Prevent Serious Threat. We may share your health information to prevent a serious and urgent threat to the health and safety of you or someone else. For example, a threat to harm another person may be reported to the police.
Health Oversight and Public Health Reporting. We may share information for audits, investigations, inspections, and licensing with agencies that oversee organizations like Gateway. We may also share your health information in reports to public health agencies. Some reasons for this include:
- to prevent or control disease and injuries
- to report certain kinds of events, such as births and deaths
- to report abuse or neglect of children, elders, or dependent adults
- to report reactions to medicines or problems with health products
- to let someone know that they may have been exposed to a disease or may spread a disease
- to notify the authorities if we believe a patient has been the victim of abuse, neglect, or domestic violence.
Research. We may use and share health information about you for the research we participate in to improve public health and develop new knowledge. For example, a research project may compare the development of clients who are exposed to one ABA technique to those who are exposed to different ABA techniques. We use and share your information for research only as allowed by federal and state rules. If the research involves your care or the sharing of health information that can identify you, we will first explain to you how your information will be used and ask your consent to use the information.
Workers’ Compensation. We may share health information about you with those who need it to provide benefits for work-related injuries or illness.
Lawsuits and Disputes. We may share your health information as directed by a court order, subpoena, discovery request, warrant, summons, or other lawful instructions from a court or public body when needed for a legal or administrative proceeding.
Law Enforcement and Other Officials. We may share your health information with a law enforcement official as authorized or required by law, such as:
- in response to a court order, subpoena, warrant, summons, or similar process
- to identify or find a suspect, fugitive, material witness, or missing person
- if you are suspected to be a victim of a crime. (We generally do this with your permission, but may be required to report our suspicion even without your consent)
- because of a death we believe may have been caused by a crime
- in an emergency: to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime
Public Officials. We may also share your health information with:
- coroners, medical examiners, and funeral directors, so they can carry out their duties
- federal officials for national security and intelligence activities
- federal officials who provide protective services for the President and others, such as foreign heads of state, or to conduct special investigations
- a correctional institution if you are an inmate
- a school to confirm that you have been immunized.
Other Uses of Your Medical Information. We will not use or share your health information for reasons other than those described in this Notice unless you agree to such use or disclosure in writing. For example, you may want us to give health information to your employer. We will do this only with your written approval. Likewise, we would not use your information for marketing, sell your information, or share psychotherapy notes without your written approval. You may revoke the approval in writing at any time, but we cannot take back any health information that has already been shared with your approval.
Your Rights Regarding Your Health Information. The records we create and maintain your health information belong to Gateway, but you have the following rights:
Right to Review and Get a Copy of Your Health Information. You have the right to look at and get a copy of your health information, including billing records. You must make a request in writing by either sending an email to the Privacy and Security Officer at firstname.lastname@example.org or sending a letter addressed to the Privacy and Security Officer at the address at the end of this notice. We may charge a fee to cover copying, mailing, and other costs and supplies. In rare cases, we may deny your request for certain information. If we deny your request, we will give you the reason why in writing. In some cases, you may ask that the denial be reviewed by a licensed or certified professional chosen by Gateway.
Right to Ask for a Change in Your Medical Information. If you think our information about you is not correct or complete, you may ask us to correct your record by writing to the Privacy and Security Officers at the address listed at the end of this Notice. Your written request must say why you are asking for the correction. We will respond in writing in 60 days. If we agree, we will tell you and correct your record. We cannot take anything out of the record. We can only add new information to complete or correct the existing information. With your help, we will notify others who have the incorrect or incomplete health information. If we deny your request, we will tell you why in writing. You will then have the right to submit a written statement of 250 words or less that tells what you believe is not correct or is missing. We will add your written statement to your records and include it whenever we share the part of your health record that your written statement relates to.
Right to Ask For a List of When Your Health Information Was Shared. You have the right to ask for a list of when your health information was shared without your written consent. This list will NOT include uses or sharing:
- for treatment, payment, or business reasons
- with you or someone representing you
- with family members or friends involved in your care
- in those very few instances where the law does not require or permit it
- as part of a limited data set with direct identifiers removed
You must request this list in writing from the Privacy and Security Officer at the address listed at the end of this Notice. Your request must state the time-period for which you want the list. The time-period may not be longer than 6 years from the date of your request. The first list you ask for within a 12-month period will be free. You may be charged a fee if you ask for another list in that same 12-month period.
Right to Notice in Case of a Breach. You have a right to know if your information has been breached (not treated according to our rules). We will follow what the privacy laws require to let you know if your information has been shared in error.
Right to Ask for Limits on the Use and Sharing of Your Health Information. You have the right to ask that we limit the use or sharing of information about you for treatment, payment, or business reasons. You also have the right to ask us to limit the health information we share about you with someone involved in your care or paying for your care, such as a family member or friend. For example, you could ask that we not share information about a diagnosis you had. Except for the sharing of information with health plans described in the next section, we reserve the right to accept or reject your request. Generally, we will not accept limits for treatment, payment, or business reasons. We will let you know if we do not agree to your request. If we do agree, our agreement must be in writing, and we will follow your request unless the information is needed to treat you in an emergency. We can end a limit if we tell you. If we end a limit, only health information that was created or received after we notify you will be affected. You must make your request to limit the use and sharing of your health information in writing to the Privacy and Security Officer at the address listed at the end of this Notice. In your request, you must tell us
- what information you want to limit
- whether you want to limit our use or sharing of the information, or both
- AND to whom you want the limits to apply.
Right to Limit Sharing of Information with Health Plans. If you paid in full for your services, you have the right to limit the information that is shared with your health plan or insurer. To do this, you must ask before you receive any services. Let us know you want to limit sharing with your health plan when you schedule your appointment. Any information shared before we receive payment in full, such as information for pre-authorizing your insurance, may be shared. Also, because we have a medical record system that combines all your records, we can limit information only for an episode of care (services given during a single visit). If you wish to limit information beyond an episode of care, you will have to pay in full for each future visit as well.
Right to Ask for Confidential Communications. You have the right to ask us to communicate with you in a certain way or at a certain place. For example, you can ask that we contact you only at work or only using a post office box. You must make your request in writing to the Privacy and Security Officer at the address listed at the end of this Notice. You do not need to tell us the reason for your request. Your request must say how or where you wish to be contacted. You must also tell us what address to send your bills for payment. We will accept all reasonable requests. However, if we are unable to contact you using the ways or locations you have requested, we may contact you using any information we have.
Right to Get a Paper Copy of This Notice. You have the right to get a paper copy of this Notice, even if you have agreed to receive it electronically. You may get a copy:
- at any of our offices
- by contacting the Privacy and Security Officer at the number listed at the end of this Notice
- at gatewaylg.com
Changes to this Notice. We have the right to change this Notice at any time. Any change could apply to health information we already have about you, as well as information we receive in the future. The effective date of this Notice is on the first page of the Notice. A copy of the current Notice is posted on gatewaylg.com
How to Ask a Question or Report a Complaint
If you have questions about this Notice or want to talk about a problem without filing a formal complaint, please contact the Privacy and Security Officer at email@example.com
or at 877-264-6747. If you believe your privacy rights have been violated, you may file a complaint with us. Please send it to the Privacy and Security Officer at firstname.lastname@example.org or at the address listed at the end of this Notice. You may also file a complaint with the Office of Civil Rights, 90 7th Street Suite 4-100, San Francisco, CA 94103; 877-696-6775; http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html. We support your right to the privacy of your health information; you will not be treated differently for filing a complaint.
Gateway Learning Group, Inc.
1663 Mission Street, Suite 400
San Francisco, CA 94103