Notice of Privacy Practices
NOTICE OF PRIVACY PRACTICES: Updated 10/12/2021
THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED, DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW CAREFULLY.
Arisa Health, Inc. is a 501(c)(3) non-profit organization incorporated in the State of Arkansas in 2020. This organization brought together 4 of Arkansas’ leading behavioral health providers to form the state’s premier integrated behavioral health system. Member affiliates integrate the professional staff and services of Professional Counseling Associates, Mid-South Health Systems, Ozark Guidance, and Counseling Associates. As such, information held by any of these legacy organizations may be shared, as needed, with the affiliated organizations.
Protected Health Information (PHI) means individually identifiable health information, as defined by HIPAA, that is created or received by the Arisa Health or its Affiliates as it relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual; and that identifies the individual or for which there is a reasonable basis to believe information can be used to identify the individual. PHI is any information, including verbal, electronic and on paper that is created or received by Arisa Health or its Affiliates for purposes of providing health care to patients and for purposes of billing and payment for those services. PHI includes information about behavioral healthcare needs, the services we provide, test and evaluation results, notes written by providers and clinical staff, plus other relevant information, such as your name, address, and telephone number, we need in order to provide quality healthcare services. PHI includes information of persons living or deceased.
OUR PLEDGE REGARDING MEDICAL INFORMATION
We understand that medical information about you and your health is personal. We are committed to protecting your PHI. We create a record of the care and services you receive at Arisa Health and its Affiliates. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all PHI generated by Arisa Health and its Affiliates, whether made by Arisa Health and its Affiliates personnel or your personal doctor. Your personal doctor may have different policies or notices regarding the doctor’s use and disclosure of your medical information created in the doctor’s office or clinic. This notice will tell you about the ways in which we may use and disclose your PHI. We also describe your rights and certain obligations we have regarding the use and disclosure of your PHI.
We will compile and maintain a medical record on you, using it: (1) to assist us and other healthcare professionals in providing you care and treatment; (2) to document and communicate to others a detailed description of the care you have received, and the status of your behavioral health; (3) to assist you, your insurer or other third-party payer in paying for healthcare services; (4) to meet a variety of legal obligations, some of which require us to communicate with third parties; and (5) to assist in training and other operational functions that help us maintain the highest standards of care.
- Confidentiality of Alcohol and Drug Abuse Records (applicable to patients receiving alcohol and drug abuse treatment)
- The confidentiality of alcohol and drug abuse patient records maintained by us is protected by Federal law and regulations at 42 CFR Part 2. Generally, we may not say to a person outside the treatment center that you are a patient of the treatment center, or disclose any information identifying you as an alcohol or drug abuser unless:
- (i) You consent in writing (in accordance with a valid authorization discussed below in this Notice);
- (ii) The disclosure is allowed by a court order (as discussed below); or
- (iii) The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit or program evaluation (as discussed below).
These restrictions may not apply to:
- (i) communications of information between or among our personnel having a need for the information in connection with their duties that arise out of the provision of diagnosis, treatment or referral for treatment;
- (ii) crimes on the premises, including crimes committed by you on the premises, or against program personnel; or
- (iii) reports of suspected child abuse and neglect.
Violation of the Federal law and regulations by Ozark Guidance related to alcohol and drug abuse patient records is a crime and violations may be reported to the United States Attorney for Arkansas, as well as to the Substance Abuse and Mental Health Services Administration office responsible for opioid treatment program oversight.
UNDERSTANDING YOUR HEALTH RECORD / INFORMATION
Each time you receive health care services from Arisa Health and its Affiliates a record of your service is made. Typically, this record contains your symptoms, examination, test results, diagnoses, treatment and a plan for further care or treatment. This information often referred to as your health or medical record serves as a:
- Basis for planning your care and treatment
- Means of communication among the many health professionals who contribute to your care
- Legal document describing the care you received
- Means by which you or a third-party payer can verify that services billed are actually provided
- A tool in educating health professionals, clinical and support staff
- A source of information for public health officials charged with improving the health of the nation (communicable diseases)
Your health or medical record also serves, in the following way, as a source of data for facility planning:
- A tool with which we can assess and continually work to improve the care we render and outcomes we achieve
Understanding what is in your record and how your health information is used helps you to:
- Ensure its accuracy
- Better understand who, what, when, where, and why others may access your health information
- Make more informed decisions when authorizing disclosure to others
YOUR HEALTH INFORMATION RIGHTS
Although your health record is the physical property of Arisa Health and its Affiliates or facility that compiled it, the information belongs to you. You have the right to:
- Inspect Obtain a paper or electronic copy of your medical record: You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this. We will provide a copy or summary of your health information, usually within 30 days of your request. There will be a reasonable, cost-based fee.
- Amend your medical record: You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this. We may say “no” to your request, but we will tell you in writing within 60 days.
- An Accounting of Disclosures: You can ask for a list (accounting) of the times that we have shared your PHI with others and why we have shared it for up to six years prior to the date of your request.
- Request Restrictions or ask us to limit what we share: You can ask us not to share certain health information for treatment, payment or our operations.
- Keep in mind that we are not required to agree with your request, and we may say “no” if it would affect your care.
- If you pay for a service or health care item out-of-pocket in full, then you can ask us not to share that information for the purpose of our operations with your health insurer.
- We will say “yes” to this request unless the law requires us to share that information.
- Request Confidential Communications: You can ask us to contact you in a specific way (for example, home or office phone) or to send mail via alternate means (E.g., fax) or to a different address such as a P.O. Box, etc. We will say “yes” to all reasonable requests.
- Receive Notice of a Breach: We will notify you if your unsecured PHI has been breached, unless there is a low probability that the PHI has been compromised based upon a risk assessment.
- Receive a Paper Copy of This Notice. You have a right to ask us for a copy of this notice at any time, even if you have agreed to receive the notice electronically. At the time of request, we will provide you with a paper copy promptly.
- Choose or appoint someone to act on your behalf: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure that the person has this authority and can act on your behalf before we take any action.
- File a complaint: You can complain if you feel we have violated your rights by following the steps outlined below in the “Complaints” section of this notice.
We are required to:
- Maintain policies and practices that protect the security and privacy of your protected health information
- Secure your electronic records from premature destruction and unauthorized disclosure
- Promptly notify you if a breach occurs that may have compromised the privacy or security of your information
- Provide you with this notice of our legal duties and privacy practices with respect to information we collect and maintain about you
- Abide by the terms of this notice, until such time as our privacy practices or the law changes
- Notify you if we are unable to agree to a requested restriction or amendment pertaining to your health information
- Accommodate reasonable request you may have to communicate health information by alternative means or at alternative locations
- Provide examples of our practices to help you better understand how your health information will be used and disclosed
- Not use or share your PHI other than as described in this notice unless you tell us we can in writing. Even then, you still have the right to change your mind at any time by letting us know in writing.
CHANGES IN OUR PRIVACY PRACTICES
We reserve the right to change the practices described in this notice and to make the new provisions effective for all PHI we maintain, including any information compiled before the change. Should our privacy practices change, we will make a copy available at your next scheduled visit. We will also post the revised notice in prominent public access locations throughout our facility and on our websites:
If you have questions and/or believe your privacy rights have been violated, you may file a complaint/appeal with Arisa Health and its Affiliates or with the Secretary of the Department of Health and Human Services. To file a complaint with Arisa Health and its Affiliates contact the Privacy Officer, 2707 Browns Lane, Jonesboro, AR 72401; (870) 972-4000. All complaints must be submitted in writing. You will not be penalized for filing a complaint.
DISCLOSURES FOR TREATMENT, PAYMENT AND HEALTH OPERATIONS (TPO)
We will use and disclose your information for your treatment, payment for services rendered, and health care operations of the Arisa Health and its Affiliates. Examples are included for information purposes. If you have questions about these or other permitted uses and disclosures of your health information, please discuss these with the Privacy Officer at (870) 972-4000.
We can use your health information and share it with other professionals who are treating you. Information obtained by a nurse, physician, mental health professional, or other member of your healthcare team will be recorded in your record and used to determine the course of treatment that should work best for you. Your healthcare providers will document in your record the actions they took and their observations. In that way, the treatment team will know how you are responding to treatment. Example: A doctor such as your primary care physician (PCP) who is treating you asks another doctor who is also treating you about your overall health condition or specifics concerning your health condition. In such cases as these and alike, we will provide subsequent healthcare providers with copies of certain health information necessary for treatment.
Our professionals are trained to identify and respond to emergency situations. When we conclude an emergency exists, our focus is on immediate intervention and stabilizing the client, not on privacy. Consequently, we will use and disclose health information as needed to provide appropriate healthcare service; even if it would conflict with a client’s normal privacy expectations.
We can use and share your health information to bill and obtain payment from health plans or other entities. A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you as well as your diagnosis, procedures, and supplies used. Example: We give information about you to your health insurance plan so that it will pay for your services.
We can use and share your health information to run our community mental health center, improve your care, and contact you when necessary. We share private health information internally and with selected business associates in order to continually improve the quality and effectiveness of the health care and service we provide. Example: We use health information about you to manage your treatment and services, assess your care received, and the outcomes of your case.
There are some services pertaining to treatment, payment or healthcare operations provided through contracts with business associates. Examples may include, but are not limited to certain laboratory tests, Patient Assistance Program, IT solutions, transcription services, and offsite records storage. When these services are contracted, we may disclose your health information to our business associate. To protect your health information, however, we require the business associate to appropriately apply and uphold the same safeguards that we do.
COMMUNICATION WITH FAMILY AND OTHERS
Health professionals using their best judgment and the authority conveyed by the Laws of the State of Arkansas may disclose to a parent and/or guardian, or other person you identify and authorize to have access to health information relevant to that person’s involvement in your care or payment related to your care. We may use or disclose information to notify and assist in notifying a family member, personal representation, or another person responsible for your care, your location, and general condition.
There are several situations where we might be required by law, law enforcement, courts or regulators to release some or all of your protected health information, whether or not you authorize such a release. Examples include but are not limited to a Coroner/ Medical Examiner, Public Health agencies, Workers Compensation Administrators, Law Enforcement Officers, Judicial Proceedings, and others.
OTHER USES OF PHI / MARKETING
As a part of our healthcare services, we may recommend or discuss options that relate to your treatment. Other uses and disclosures of PHI not covered by this Notice or the laws that apply to us (such as marketing or sale of PHI), will be made only with your written authorization. Additionally, psychotherapy notes will not be disclosed without your written authorization. If you provide us authorization to use or disclose your PHI, you may revoke that permission, in writing, at any time. If you revoke your authorization, we will no longer use or disclose your PHI for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of that care that we provided to you. Send all revocation requests to:
CONFIDENTIALITY OF ALCOHOL/SUBSTANCE ABUSE PATIENT RECORDS
Federal law and regulations protect the confidentiality of drug and alcohol abuse records maintained by Arisa Health and its Affiliates. Generally, we may not say to a person outside Arisa Health and its Affiliates that a client attends our program. We will not disclose any information identifying a client as an alcohol or drug abuser unless one of the following conditions is met: (1) the client consents in writing; (2) the disclosure is allowed by a court order; (3) the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
Violation of the federal law and regulations by any program or facility is a crime. Suspected violations may be reported to appropriate authorities in accordance with federal regulations. Federal law and regulations do not protect any information about a crime committed by a client either at the program / facility or against any person who works for the program / facility or about any threat to commit such a crime. Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.
For most other uses and disclosures of information, we will require your written consent in the form of a signed authorization before providing a third party with access to your protected health information, and you may revoke such authorization at any time.
Even though we can lawfully use and disclose your health information under a variety of circumstances, we always try to limit the information to the minimum necessary. This sometimes requires the exercise of professional judgment.
CHANGES IN OUR PRIVACY PRACTICES
We reserve the right to change this Notice in the future and to make those changes applicable to all PHI that we maintain, including PHI compiled, obtained or created before the effective date of the change. When we make a change to this Notice, it will be posted in our waiting room and on our websites. You may also call or write to the Privacy Officer to obtain the most recent version of this Notice.