Effective Date: August 1, 2020
Revised: June 8, 2021

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

If you have any questions about this notice or need further information, please contact our Privacy Officer at 864-964-7511. Written requests should be addressed to:

Crossroads Treatment Centers
200 East Broad Street, Suite 300
Greenville, SC 29601
Attention: Privacy Officer

OUR PLEDGE REGARDING YOUR PROTECTED HEALTH INFORMATION:

The privacy of your protected health information or “PHI” is important to us. This notice will tell you about the ways in which we may use and disclose your PHI. This notice describes your rights with respect to your PHI we collect and maintain and also describes certain obligations we have regarding the use and disclosure of your PHI.

We are required by law to:

Maintain the privacy of your PHI;

Give you this notice describing our legal duties, privacy practices, and your rights regarding your PHI we collect and maintain;

Notify you if we discover a breach of any of your PHI that is not secured in accordance with federal guidelines; and

Follow the terms of the Notice of Privacy Practices that is currently in effect.

YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION:

You have the following rights with respect to your PHI:

1. Right to Inspect and Copy: You have the right to inspect and copy all or any part of your medical or health record, as provided by federal regulations. You may request and receive an electronic copy of your PHI if we maintain your PHI in an electronic health record.

To inspect and copy your PHI, you must submit your request in writing to our Privacy Officer at the address listed at the beginning of this notice. We shall comply with your request to inspect or copy your medical or health record within a reasonable time, but not to exceed 30 days from the date your request is received. We may charge a reasonable fee. We may deny your request under certain limited circumstances.

2. Right to Amend: You have the right to request that we amend your PHI or a medical or health record about you if you feel that health information we have about you is incorrect or incomplete. You have the right to request an amendment for as long as we keep the information. To request an amendment, your request must be made in writing, submitted to our Privacy Officer at the address listed at the beginning of this notice, and must provide a reason that supports your request for an amendment. We may deny your request under certain limited circumstances.

3. Right to an Accounting of Disclosures: You have the right to request a list accounting for any disclosures of your PHI we have made, except for disclosures made for the purpose of treatment, payment, health care operations and certain other purposes if such disclosures were made through a paper record or other health record that is not electronic, as set forth in federal regulations. If you request an accounting of disclosures of your PHI, the accounting may include disclosures made for the purpose of treatment, payment and health care operations to the extent that disclosures are made through an electronic health record.

To request an accounting of disclosures, you must submit your request in writing to our Privacy Officer at the address listed at the beginning of this notice. Your request must state a time period which may not be longer than 6 years. The first list you request within a 12 month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

4. Right to Request Restrictions: You have the right to request a restriction or limitation on the use and disclosure of your PHI. You also have the right to request a restriction or limitation on the disclosure of your PHI to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we restrict a specified nurse from use of your PHI or that we not disclose information to your spouse about a surgery you had.

If you pay for a service entirely out-of-pocket, you may request that information regarding the service be withheld and not provided to a third party payor for purposes of payment or health care operations. We are obligated by law to abide by such restriction.

To request a restriction on the use and disclosure of your PHI, you must make your request in writing to our Privacy Officer at the address listed at the beginning of this notice. In your request, you must tell us what information you want to limit and to whom you want the limitations to apply. We will notify you of our decision regarding the requested restriction. If we do agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment.

5. Right to Receive Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or have such communications addressed to a certain location. For example, you can ask that we only contact you at work or by mail to a post office box.

To request confidential communications, you must make your request in writing to our Privacy Officer at the address listed at the beginning of this notice. Your request must specify how or where you wish to be contacted.

6. Right to a Paper Copy of this Notice: You have the right to obtain a paper copy of this notice at any time upon request. At the time of first service rendered, we are required to provide you with a paper copy of this notice. To obtain a copy of this notice at any other time, please request it from our Privacy Officer at the address listed at the beginning of this notice.

7. Right to Choose Someone to Act for You: You have the right to give someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will confirm the person has this authority and can act for you before we take any action.

HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:

Medical records containing substance use disorder treatment information are protected by very strict laws including 42 CFR Part 2 and HIPAA. 42 CFR Part 2 generally prohibits treatment programs and certain third-party recipients from disclosing patient identities or records without patient consent. The following categories describe different ways that we may use and disclose your PHI without your authorization. Certain disclosures of PHI may be made electronically.

1. Medical Emergency: We may disclose your PHI to medical personnel to the extent necessary to meet a bona fide medical emergency in which your prior informed consent cannot be obtained pursuant to 42 CFR §2.51. Immediately following disclosure, we will document, in writing, the disclose in your medical record including the name of the medical personnel to whom the disclosure was made and there affiliation with us, the name of the individual making the disclosure, the date and time of the disclosure, and the nature of the emergency.

2. Research: We may disclose your PHI for the purpose of research pursuant to 42 CFR §2.52. We will only disclose your PHI for research purposes if we determine that certain conditions are met, including that the recipient of your PHI is a HIPAA covered entity or business associate and is bound by the requirements of 42 CFR Part 2.

3. Qualified Audit or Evaluation of the Program: We may disclose your PHI to a health oversight agency for activities authorized by 42 CFR §2.53. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

4. To Respond to a Court Order: We may disclose your PHI in response to a court order authorizing disclosure and use of patent records pursuant to 42 CFR §§2.61-2.67.

5. Child Abuse or Neglect Reports Required by State Law: We may disclose your PHI in order to report under state law incidents of suspected child abuse and neglect to the appropriate state or local authorities pursuant to 42 CFR §2.12(c)(6).

6. Law Enforcement: We may disclose your PHI to law enforcement officials for law enforcement purposes, but only as related to your commission of a crime on our property, against our employees, or a threat to commit such crime, and the disclosure is limited to the circumstances of the incident pursuant to 42 CFR §2.12(c)(5).

7. Qualified Service Organization Agreements: We may disclose your PHI to a qualified service organization as needed by the qualified service organization to provide services to the program pursuant to 42 CFR §2.12(c)(4). Examples of when we may use a qualified service organization include data processing, bill collecting, dosage preparation, laboratory analyses, or legal, medical, accounting or other professional services or services to prevent or treat child abuse or neglect. When we enter into contracts to obtain these services, we may need to disclose your PHI so that the organization may perform the job which we have requested. To protect your PHI, however, we require each qualified service organization to appropriately safeguard your information.

OUR RESPONSIBILITIES:

1. We are required by law to maintain the privacy and security of your protected health information.

2. We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

3. We must follow the duties and privacy practices described in this notice and give you a copy of it.

4. We must obtain an authorization for all other uses and disclosures of your PHI not described in this notice. If you provide us with written authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time.

CHANGES TO THIS NOTICE:

We reserve the right to change our privacy practices and any terms of this notice. If our privacy practices materially change, we will revise this notice and make copies of the revised notice available upon request. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any PHI we receive in the future.

TO MAKE A COMPLAINT:

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the United States Department of Health and Human Services. To file a complaint with us, contact our Privacy Officer at 864-964-7511 or at the address listed at the beginning of this notice. All complaints must be submitted in writing. There will be no retaliation against you for filing a complaint.

If you believe we have violated 42 CFR Part 2, you may report the violation to the United States Attorney for the judicial district in which you live, as well as to the Substance Abuse and Mental Health Services Administration (SAMHSA) office responsible for opioid treatment program oversight.