Notice of Privacy Practices
This Notice is issued by WestBridge. It describes how medical (including mental health and substance use) information about you may be used and disclosed and how you can get access to this information. Please review this notice carefully. If you have any questions about this notice, please contact our Privacy Officer.
Effective Date of Notice: This Notice was originally published and became effective on April 2, 2001.
Your health record contains personal information about you and your health. State and federal law protects the confidentiality of this information. “Protected health information” (PHI) is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or mental health condition and related health care services.
As a provider of health care, we are required by federal and state law (including HIPAA and 42 CFR Part 2) to maintain the privacy of PHI and to provide you with this Notice of our legal duties and privacy practices. We are required to abide by the terms of this Notice of Privacy Practices, but reserve the right to change the Notice at any time. Any change in the terms of this Notice will be effective for all PHI that we are maintaining at that time. We will provide you with any revised Notice of Privacy Practices upon request; you may either call the office and request that a revised copy be sent to you in the mail or ask for one at the time of your next appointment. We will also promptly post the revised Notice of Privacy in our reception area.
The confidentiality of substance use disorder patient records is specifically protected by Federal law and regulations (42 CFR Part 2). WestBridge is required to comply with these additional restrictions. This includes a prohibition, with very few exceptions, on informing anyone outside the program that you attend the program or disclosing any information that identifies you as having a substance use disorder. The violation of Federal laws or regulations by this program is a crime. If you suspect a violation you may file a report to the appropriate authorities in accordance with Federal regulations.
Listed below are examples of the uses and disclosures that WestBridge may make of your protected health information. These examples are not meant to be exhaustive. Rather, they describe types of uses and disclosures that may be made.
Uses and Disclosures of PHI for Treatment, Payment and Health Care Operations
Treatment – Your PHI may be used and disclosed by your physician, counselor, program staff and others outside of our program that are involved in your care for the purpose of providing, coordinating, or managing your health care treatment and any related services. This includes coordination or management of your health care with a third party, consultation with other health care providers or referral to another provider for health care treatment. For example, your protected health information may be provided to the state agency that referred you to our program to ensure that you are participating in treatment. In addition, we may disclose your PHI from time-to-time to another physician or health care provider (e.g. a specialist or laboratory) who, at the request of the program, becomes involved in your care.
Payment – We will not use your PHI to obtain payment for your health care services without your written authorization. Examples of payment-related activities are: making a determination of eligibility or coverage for insurance benefits, processing claims with your insurance company, reviewing services provided to you to determine medical necessity, or undertaking utilization review activities.
Healthcare Operations – We may use or disclose your PHI, as needed, in order to support the business activities of our program including, but not limited to, quality assessment activities, employee review activities, training of students, licensing, and conducting or arranging for other business activities. For example, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician or counselor. We may also call you by name in the waiting room when it is time to be seen. We may share your PHI with third parties that perform various business activities (e.g. billing or typing services) for WestBridge, provided we have a written contract with the business that prohibits it from re-disclosing your PHI and requires it to safeguard the privacy of your PHI.
We may contact you to remind you of your appointments or to provide information to you about treatment alternatives or other health-related benefits and services that may be of interest to you.
Other Uses and Disclosures That Do Not Require Your Authorization
Required by Law – We may use or disclose your PHI to the extent that the use or disclosure is required by law, made in compliance with the law, and limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures. Under the law, we must make disclosures of your PHI to you upon your request. In addition, we must make disclosures to the Secretary of the Department of Health and Human Services for the purpose of investigating or determining our compliance with the requirements of the Privacy Rule.
Health Oversight – We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies and organizations that provide financial assistance to the program (such as third-party payers) and peer review organizations performing utilization and quality control. If we disclose PHI to a health oversight agency, we will have an agreement in place that requires the agency to safeguard the privacy of your information.
Qualified Service Organization Agreement (QSOA)/Business Associates – We will share your PHI with third party “business associates” or QSOA’s that perform various activities (for example, billing or transcription services) for WestBridge. Whenever an arrangement between WestBridge and a business associate involves the use or disclosure of your PHI, we have a written contract that contains terms that will protect the privacy of your PHI.
Medical Emergencies – We may use or disclose your protected health information in a medical emergency situation to medical personnel only. Our staff will try to provide you a copy of this notice as soon as reasonably practical after the resolution of the emergency.
Child Abuse or Neglect – We may disclose your PHI to a state or local agency that is authorized by law to receive reports of child abuse or neglect. However, the information we disclose is limited to only that information which is necessary to make the initial mandated report.
Deceased Patients – We may disclose PHI regarding deceased patients for the purpose of determining the cause of death, in connection with laws requiring the collection of death or other vital statistics, or permitting inquiry into the cause of death.
Research – We may disclose PHI to researchers if (a) an Institutional Review Board reviews and approves the research and waiver to the authorization requirement; (b) the researchers establish protocols to ensure the privacy of your PHI; (c) the researchers agree to maintain the security of your PHI in accordance with applicable laws and regulations; and (d) the researchers agree not to re-disclose your PHI except back to WestBridge.
Criminal Activity on Program Premises/Against Program Personnel – We may disclose your PHI to law enforcement officials if you have committed a crime on program premises or against program personnel.
Court Order – We may disclose your PHI if the court issues an appropriate order and follows required procedures.
Uses and Disclosures of PHI with Your Written Authorization
Other uses and disclosures of your PHI will be made only with your written authorization. You may revoke this authorization at any time unless the program, or its staff, has taken action in reliance on the authorization of the use or disclosure you permitted.
Rights Regarding Your Protected Health Information
Your rights with respect to your protected health information are explained below. Any request with respect these rights must be in writing. A brief description of how you may exercise these rights is included.
You have the right to inspect and copy your Protected Health Information
You may inspect and obtain a copy of your PHI that is contained in a designated record set for as long as we maintain the record. A “designated record set” contains medical and billing records and any other records that the program uses for making decisions about you. Your request must be in writing. We may charge you a reasonable cost-based fee for the copies. We can deny you access to your PHI in certain circumstances. In some of those cases, you will have a right to appeal the denial of access. Please contact our Privacy Officer if you have questions about access to your medical record.
You may have the right to amend your Protected Health Information
You may request, in writing, that we amend your PHI that has been included in a designated record. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us. We may prepare a rebuttal to your statement and will provide you with a copy of it. Please contact our Privacy Officer if you have questions about amending your medical records.
You have the right to receive an accounting of some types of Protected Health Information disclosures
You may request an accounting of disclosures for a period of up to six years, excluding disclosures made to you, made for treatment purposes or made as a result of your authorization. We may charge you a reasonable fee if you request more than one accounting in any 12-month period. Please contact our Privacy Officer if you have questions about accounting of disclosures.
You have the right to receive a paper copy of this notice
You have the right to obtain a copy of this notice from us. Any questions should be directed to our Privacy Officer.
You have the right to request added restrictions on disclosures and uses of your Protected Health Information
You have the right to ask us not to use or disclose any part of your PHI for treatment, payment or healthcare operations or to family members involved in your care. Your request for restrictions must be in writing and we are not required to agree to such restrictions. Please contact our Privacy Officer if you would like to request restrictions on the disclosure of your PHI.
You have a right to request confidential communications
You have the right to request confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable, written requests. We may also condition this accommodation by asking you for information regarding how payment will be handled or specification of an alternative address or other method of contact. We will not ask you why you are making the request. Please contact the Privacy Officer if you would like to make this request.
We may use your PHI to communicate with you about our own fundraising initiatives or allow our business associates to communicate with you for that purpose. You have the right to instruct us not to communicate with you for fundraising purposes. If you would like to opt out of receiving fundraising communications from us, you may contact our privacy officer.
If you believe we have violated your privacy rights, you may file a complaint in writing to us by notifying our Privacy Officer, Kevin Keefe at 660 Chestnut Street, Manchester, NH, 030104, (603) 634-4446 or by e-mail at email@example.com. Complaints can also be called in: (603) 634-4446, ext 157. We will not retaliate against you for filing a complaint. You may also file a complaint anonymously by contacting Lighthouse at 833-401-0002 or www.lighthouse-services.com/westbridge, or you may file with the U.S. Secretary of Health and Human Services as follows:
200 Independence Avenue, S.W.
Washington, D.C. 20201
If you have any questions about this Notice of Privacy Practices, please contact our Privacy Officer:
Kevin Keefe, Chief of Service Excellence and Compliance
660 Chestnut St, Manchester, NH 03104 (603) 634-4446 firstname.lastname@example.org