I. PRIVACY AND CONFIDENTIALITY
Addiction Wellness Services, Inc. d/b/a AWS Health, is covered by two distinct federal laws that protect the privacy and confidentiality of information about your health, health care, and payment for services related to your health.
A. Confidentiality of Alcohol and Drug Abuse Patient Information (42 C.F.R. Part 2):
42 C.F.R. Part 2 protects health information. This includes persons who have applied for, participated in, or received an interview, counseling, or any other service from a federally assisted alcohol or drug abuse program. This means that we may not acknowledge to a person outside of the program whether you are a current or former patient, nor can we disclose any information identifying you as an alcohol or drug abuser (except under certain conditions which are outlined in this notice).
B. Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Regulations (45 C.F.R. Parts 160 and 164)
HIPAA protects all health information which identifies an individual, not just drug and alcohol related information.
II. PROTECTED HEALTH INFORMATION USES AND DISCLOSURES WITH YOUR CONSENT
We may use or disclose your protected health information if you have signed a consent or authorization form that meets requirements set forth in 42 C.F.R. Part 2 and HIPAA. You may revoke your information release authorization at any time, except to the extent that we have already taken action upon the authorization. If you are currently receiving care and wish to revoke your authorization, you will need to deliver a written statement to your counselor or AWS’ Business Office. If you are no longer receiving services from AWS, your will need to deliver a written statement to the attention of AWS’ Business Office.
It is important to note that a court with appropriate jurisdiction (or other authorized third party) may request or compel you to sign an information release authorization.
III. PROTECTED HEALTH INFORMATION USES AND DISCLOSURES WITHOUT YOUR CONSENT
We may use or disclose your protected health information (including information obtained when you are applying for or receiving services for drug or alcohol abuse) under the conditions indicated below, even if you have not signed a consent or authorization form.
A. Internal Program Communications/Treatment
AWS staff may use or disclose your protected health information to other AWS staff members within the program, or to an entity having direct administrative control over that program, if the recipient needs the information in connection with duties that arise out of the provision of alcohol or drug abuse diagnosis, treatment, referral or coordination of care. For example, program counselors may consult among themselves if their work facilitating your alcohol or drug treatment so requires.
B. Health Care Operations
AWS staff may use or disclose your protected health information for health care operations, such as internal administration and planning, that improve the quality and effectiveness of the care provided. We may disclose information to government agencies that regulate a program (state licensure or certification agencies,) private agency that provide third party payments, and peer review organizations that conduct program audits or evaluations. Any reports compiled as a result of these activities will not disclose, directly or indirectly, any individual patient identity. We may disclose your protected health information to an agent or agency which provides services to AWS under a Qualified Service Organization Agreement. This agreement includes a statement in which the agent or agency agrees to abide by applicable federal law and related regulations (42 C.F.R. Part 2 and HIPAA).
C. Payment for Care
We may disclose your protected health information to private agencies that provide third party payments. A group health plan, or health insurance issuer or HMO may disclose protected health information to the sponsor of the plan.
D. Medical Emergencies
We may disclose your protected health information to medical personnel to the extent necessary to treat a condition which poses an immediate threat to your health and which requires immediate medical intervention.
We may disclose to a parent or guardian, or other person authorized under state law to act on behalf of a minor, those facts about a minor which are relevant to reduce a threat to the life or physical wellbeing of the minor or any other individual, if AWS’ Chief Medical Officer judges that the threat will be reduced by communicating the relevant facts to such a person.
F. Incompetent or Deceased Patients
Legal guardians appointed by the court may sign consent forms on behalf of an individual who has been declared incompetent by a court. If a patient has not been declared incompetent by the court, but AWS’ Chief Medical Officer determines that his or her medical conditions prevents “knowing or effective action on his or her own behalf,” the Chief Medical Officer may authorize disclosures without patient consent for the sole purpose of obtaining payment for services from a third-party payer.
Protected patient information of deceased patients may be disclosed through authorization of a personal representative, guardian, or other person authorized by state law in accordance with 42 C.F.R. Part 2.
We may disclose protected health information to a coroner, medical examiner, or other authorized persons under laws requiring the collection of death or other vital statistics, or which permit inquiry into the cause of death.
G. Judicial and Administrative Proceedings
Your protected health information may be disclosed in response to a court order that meets the requirements of 42 C.F.R. Part 2 concerning Confidentiality of Alcohol and Drug Abuse Patient Records.
H. Commission of a Crime on Facility Premises or Against Program Personnel
Your protected health information may be disclosed to a law enforcement agency if you commit a crime or threaten to commit a crime on program premises or against program personnel. The information disclosed will be limited to information regarding the circumstances of the incident, the suspect’s name, address, last known whereabouts, and status as a patient in the program.
I. Child Abuse
Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.
J. Duty to Warn
If AWS learns that a patient has made a specific threat of serious physical harm to another individual or individuals, AWS will take appropriate steps to protect the intended victim(s) against such danger. This will include carefully considering options supported by 42 C.F.R. that would permit a disclosure to the intended victim(s) or appropriate authorities.
IV. YOUR INDIVIDUAL RIGHTS
A. Right to Receive Confidential Communications
We will accommodate reasonable requests by you to receive communications of your protected health information by alternative means or at alternative locations. For example, you may request that communications be emailed or sent to a different location other than your home.
B. Right to Request Disclosure Restrictions.
You have the right to restrict uses or disclosures of your protected health information by refusing to sign an information release authorization, or by amending the description of information to be disclosed. At your request, we will not disclose health information to your health plan, if the disclosure is for payment of a health care service or item for which you have paid AWS in full (out of pocket). You also have the right to request additional restrictions on the use and disclosure of your protected health information for treatment, payment, and health care operations. While we will carefully consider your requests for these additional restrictions, we are not required to agree to them. If you are currently receiving alcohol or drug treatment services and wish to request additional restrictions, please contact your counselor. Once you are no longer receiving services, please contact the Business Office.
C. Right to Inspect and Copy Your Health Information.
You have the right to request access to your AWS patient record so that you may inspect and/or obtain copies of the record. Under limited circumstances we may deny you access to a portion of your records. You can make your request through your counselor or the Business Office. We will act upon your request for access no later than thirty days after its receipt. We may impose a fee for each page copied. You will be informed of the proposed fee prior to any copies being made. If you disagree with a decision made about access to your records, please contact AWS at 815-977-4516.
D. Right to Amend Your Record.
You have the right to request an amendment to your health information kept in your patient record. Under certain circumstances, AWS may deny your request for amendment. If this occurs, AWS will notify you of this denial as outlined in the HIPAA regulations. If your request for amendment is accepted, you will be notified of the acceptance and a copy of the amendment will become a permanent part of your patient record. An amendment may be made by identifying the affected record(s) and appending or providing a link to the location of the amendment. We will work with you to obtain your consent so that we may notify any relevant persons with whom the amendment needs to be shared. You can make your request for any amendment through your counselor or the Business Office.
E. Right to Receive an Accounting of Disclosures.
Upon request, you may obtain an accounting of disclosures of your protected health information made during the six years prior to the date of your request. This does not include disclosures to you, those authorized by your written consent, or those related to your treatment, payment for services, or our health care operation.
F. Right to Breach Notification.
You will be notified in the event we discover a breach has occurred in your unsecured protected health information, or if we have reason to believe that your unsecured protected health information has been accessed, acquired, or disclosed as a result of the breach. Notification will be made no more than sixty days after the discovery of the breach, unless it is determined by a law enforcement agency that the notification should be delayed.
V. EFFECTIVE DATE AND DURATION OF THIS NOTICE.
This notice is effective as of June 1, 2022.
VI. RIGHT TO CHANGE TERMS OF THIS NOTICE:
We may change the terms of this notice at any time. If the terms of this notice are changed, the new terms will be made effective to all protected health information maintained by AWS, including any information created or received prior to issuing the new notice. The new notice will be posted in public access areas at our service sites and on our Internet site at www.awsillinois.com. You may also obtain any new notice by contacting the Business Office at 815-977-4516.
VII. CONCERNS OR COMPLAINTS.
You have the right to communicate concerns or complaints if you feel your privacy and/or confidentiality rights have been violated, without fear of prejudice or penalty. For further information about your privacy and confidentiality rights, or if you are concerned that your privacy rights have been violated, or if you have concerns about our breach notification process, please contact AWS’ Privacy Officer at 815-977-4516. You may file a written complaint with the Illinois Department of Public Health or the Secretary of the United States Department of Health and Human Services. Upon request, we will provide you with the correct addresses. You may also file a complaint with the Office of Civil Rights at the regional office in which the violation occurred. Violation of federal law and regulations on Confidentiality of Alcohol and Drug Abuse Patient Records is a crime and suspected violations may be reported to the United States Attorney in the district in which the violation occurs.