HIPAA – Privacy Policies
Notice of Privacy Practices
Last Revision, 2022
SunCloud Health, SC
THIS NOTICE DESCRIBES HOW HEALTH, MENTAL HEALTH AND SUBSTANCE USE DISORDER INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The Health Insurance Portability & Accountability Act of 1996 (HIPAA) requires all health care records and other individually identifiable health information (PROTECTED HEALTH INFORMATION) used or disclosed to us in any form, whether electronically, on paper, or orally, be kept confidential. This federal law gives you, the patient, significant new rights to understand and control how your health information is used. HIPAA provides penalties for covered entities that misuse personal health information. As required by HIPAA, we have prepared this explanation of how we are required to maintain the privacy of your health information and how we may use and disclose your health information.
Unless prohibited by federal or state law (see discussion of confidentiality of substance use disorder treatment records below), we are permitted to use and disclose your health care records for the purposes of treatment, payment and health care operations. Examples include the following:
Treatment means providing, coordinating, managing health care and /or related services by one or more health care providers. Examples of treatment would include therapy, medication management, labs, family therapy sessions surgery etc.
Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collection activities, and utilization review. An example of this would be billing your medical plan for your medical services.
Health Care Operations include the business aspects of running our practice, such as conducting quality assessment and improvement activities, auditing functions, cost-management analysis, outcome analysis, and customer service. An example would include a periodic assessment of our documentation protocols, etc.
In addition, your PROTECTED HEALTH INFORMATION may be used to remind you of an appointment (by phone, mail or text) or provide you with information about treatment options or other health-related services including release of information to friends and family members that are directly involved in your care or who assist in taking care of you.
We will use and disclose your PROTECTED HEALTH INFORMATION when we are required to do so by federal, state or local law. We may disclose your PROTECTED HEALTH INFORMATION to public health authorities that are authorized by law to collect information (i.e. the Centers for Disease Control) or to a health oversight agency for activities authorized by law included but not limited to: response to a court or administrative order, if you are involved in a lawsuit or similar proceeding, response to a discovery request, subpoena, or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested. We will release your PROTECTED HEALTH INFORMATION if requested by a law enforcement official for any circumstance required by law. We may release your PROTECTED HEALTH INFORMATION to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their jobs. We may release PROTECTED HEALTH INFORMATION to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation banks, as necessary to facilitate organ or tissue donation and transplantation if you are an organ donor. We may use and disclose your PROTECTED HEALTH INFORMATION when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat. We may disclose your PROTECTED HEALTH INFORMATION if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities. We may disclose your PROTECTED HEALTH INFORMATION to federal officials for intelligence and national security activities authorized by law. We may disclose PROTECTED HEALTH INFORMATION to federal officials in order to protect the President, other officials or foreign heads of state, or to conduct investigations. We may disclose your PROTECTED HEALTH INFORMATION to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary: (a) for the institution to provide health care services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety of other individuals or the public. We may release your PROTECTED HEALTH INFORMATION for workers’ compensation and similar programs.
We may also release your PROTECTED HEALTH INFORMATION to Business Associates of SunCloudHealth or SunCloud Holdings, as needed to allow them to perform services for us.
SunCloud collects outcome results from our patients on a regular basis at admit, during treatment and post treatment. This data is used internally to improve the quality of care that we provide directly to you and it is also used externally to support the secondary use of data for comparative effectiveness studies, policy assessment and other endeavors. Please note all data that is shared externally is aggregated and deidentified such that it does not identify any individual member and there is no reasonable basis to believe any of it could be used to identify an individual. An example of data that we might share would be the average age of a person who admits to SCH, an average length of stay, and or how much progress did people make on average according to one of the surveys we administer. You reserve the right to NOT participate in the collection of this data, and you can opt out at any time.
Any other uses and disclosures will be made only with your written authorization. You may revoke such authorization in writing and we are required to honor and abide by that written request, except to the extent that we have already taken actions relying on your authorization.
CONFIDENTIALITY OF SUBSTANCE USE DISORDER TREATMENT RECORDS
The confidentiality of substance use disorder treatment patient records maintained by substance use treatment programs at SunCloud (“Programs”) is protected by federal law and regulations. Generally, if you receive substance use treatment services from Programs, we may not acknowledge to a person outside a Program that you attend a substance use program, or disclose any information identifying you as having or having had a substance use disorder unless:
- You consent in writing;
- The disclosure is allowed by court order; or
- Disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit or program evaluation.
Federal law and regulations do not protect any information about a crime committed by you either at Programs or against any person who works for Programs or about any threat to commit such a crime. Federal law and regulations do not protect any information about suspected child abuse or neglect from being reported under State law to appropriate State or local authorities.
Violation of the federal law and regulations by a program is a crime. Suspected violations may be reported to the United States Attorney for the Northern District of Illinois, Eastern Division at:
United States Attorney’s Office
219 S. Dearborn St., 5th Floor
Chicago, IL 60604
Phone: (312) 353-5300
Specifically, for opioid treatment programs, suspected violations may be reported to Substance Abuse and Mental Health Services Administration Compliance Office at (240)276-2700. (See 42 U.S.C. 290dd–3 and 42 U.S.C. 290ee–3 for federal laws and 42 CFR part 2 for federal regulations.)
Confidentiality of Psychotherapy Notes
We must obtain your authorization to use or disclose psychotherapy notes. Psychotherapy notes may only be used for limited purposes, such by the treating professional. Disclosures are permitted only as required by law, for certain health oversight activities or to avert a serious threat to health or safety. .
OTHER SPECIAL RESTRICTIONS UNDER STATE LAWS
We will also comply with all other applicable state and federal laws. For example, under state law, there are more limits on when HIV and AIDS information, genetic testing information and sexually transmissible disease information may be disclosed. We abide by all applicable state and federal laws.
How you can exercise your rights to access and control your protected health information:
SunCloud Health will not disclose your PROTECTED HEALTH INFORMATION to a health plan under certain circumstances if you pay for services out of pocket.
You have certain rights in regards to your PROTECTED HEALTH INFORMATION, which you can exercise by presenting a written request to our Privacy Officer at the practice address listed below:
The right to request restrictions on certain uses and disclosures of PROTECTED HEALTH INFORMATION, including those related to disclosures to family members, other relatives, close personal friends, or any other person identified by you. We are, however, not required to agree to a requested restriction. If we do agree to a restriction, we must abide by it unless you agree in writing to remove it.
The right to request to receive confidential communications of PROTECTED HEALTH INFORMATION from us by alternative means or at alternative locations.
The right to inspect and request a copy of your PROTECTED HEALTH INFORMATION (charges for the copying are subject to state requirements).
The right to request an amendment to your PROTECTED HEALTH INFORMATION.
The right to receive an accounting of disclosures of PROTECTED HEALTH INFORMATION outside of treatment, payment and health care operations.
The right to obtain a paper copy of this notice from us upon request.
Our Duties
We are required by law to maintain the privacy of your PROTECTED HEALTH INFORMATION and to provide you with notice of our legal duties and privacy practices with respect to PROTECTED HEALTH INFORMATION.
We are required to abide by the terms of the Notice of Privacy Practices currently in effect. We reserve the right to change the terms of our Notice of Privacy Practices and to make the new notice provisions effective for all PROTECTED HEALTH INFORMATION that we maintain. Revisions to our Notice of Privacy Practices will be posted on the effective date and you may request a written copy of the Revised Notice from this office.
We are required to and will notify you directly in the event that there is an unauthorized breach of your PROTECTED HEALTH INFORMATION.
SunCloud Health reserves the right to refuse to amend a patient’s record if it has justification for denying such amendment.
SunCloud Health reserves the right to charge patients for accountings of disclosures if more than one is requested per year.
You have the right to file a formal, written complaint with us at the address below, or with the Department of Health & Human Services, Office for Civil Rights, in the event you feel your privacy rights have been violated. We will not retaliate against you for filing a complaint.
For more information about our Privacy Practices or to file a complaint, please contact:
Dr. Kimberly Dennis, MD.
SunCloud Health
40 Skokie Blvd, Suite 200
Northbrook, Illinois 60062
866-729-1012
For more information about HIPAA or to file a complaint:
The U.S. Department of Health & Human Services
Office for Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
877-696-6775 (toll-free)
Client Signature:
877-696-6775 (toll-free)
