SmallMediumLargePrint

arch_ornament
Client Privacy Policy

Client Privacy and Rights & Client Care Policy

Privacy Practices for Medical Information: 
This notice describes how medical information about you may be used and disclosed and how you can get access to this information.  Please review it carefully.
CFIT provides you (the client) with health care by working with doctors and many other health care providers (referred to as we, our, or us).  This is a joint notice of our information privacy practices.  The following people or groups will follow this notice:

  • any health care provider who comes to CFIT to care for you.  These professionals include doctors, nurses, technicians, physician assistants and others.
  • all departments and units of our organization.
  • our employees, contractors, and volunteers, including regional support offices and affiliates.

Our Pledge to You:
We understand that medical information about you is private and personal.  We are committed to protecting it.  Hospitals, doctors and other staff make a record each time you visit.   This notice applies to the records of your care at CFIT, whether created by CFIT staff, hospital staff, or your doctor.   Your doctor and other health care providers may have different practices or notices about their use and sharing of medical information in their own offices or clinics.   We will gladly explain this notice to you or your family member.
We are required by law to:

  • keep medical information about you private. 
  • give you this notice describing our legal duties and privacy practices for medical information about you. 
  • follow the terms of the notice that is currently in effect. 


How We May Use And Share Your Medical Information:
This section of our notice tells how we may use medical information about you.  In all cases not covered by this notice, we will get a separate written permission from you before we use or share your medical information.  You can later cancel your permission by notifying us in writing.
We will protect medical information as much as we can under the law.  Sometimes state law gives more protection to medical information than federal law.  Sometimes federal law gives more protection than state law.  In each case, we will apply the laws that protect medical information the most.
Cognitive Fitness & Innovative Therapies is a small clinic who collaborates with other larger health systems.  With your written consent, and in accordance with HIPAA regulations and state and federal laws, we may use or share medical information about you for treatment, payment and health care operations.
For routine or recurring requests and disclosures, CFIT has implemented the following policies and procedures to limit the information disclosed or requested. For non-routine disclosures and requests, CFIT has developed criteria for determining and limiting the disclosure or request to the minimum necessary for the intended purpose, and will review and limit each disclosure or request on an individual basis in accordance with these criteria. For certain disclosures, HIPAA regulations permit CFIT to rely, if reasonable under the circumstances, on a requested disclosure as the minimum necessary for the stated purpose, such as when the information is requested by another covered entity. 45 C.F.R. § 164.514(d)(3).
Treatment:  With your written consent we will use and share medical information about you for purposes of treatment.  An example is sending medical information about you to your doctor or to a specialist as part of a referral.
Payment:  With your written consent we will use and share medical information about you so we can be paid for treating you.  An example is giving information about you to your health plan or to Medicare.
Health care operations:  With your written consent we will use and share de-classified medical information about you for our health care operations.  Examples are using non-specific information about you to improve the quality of care we give you, for disease management programs, client satisfaction surveys, compiling medical information, de-identifying medical information and benchmarking.
Appointment reminders:  We may contact you with appointment reminders.
Treatment options and health-related benefits and services:  We may contact you about possible treatment options, health-related benefits or services that you might want.
Fund-raising activities:  We may use limited, non-medical, information to contact you for fundraising events, activities and campaigns. 
Research:  With your written consent we may share your de-classified medical information for research projects, such as studying the effectiveness of a treatment you received.  We will get your written permission to use or share medical information for research.  All research projects must go through a special process that protects the confidentiality of your medical information.
Public Health:  We will report certain medical information for public health purposes.  For example, we are required by law to report births, deaths and certain diseases to the state.  We may also report problems with medicines or medical products to the manufacturer and to the FDA.  We may tell you about recalls of products you are using.
Required by Law:  We are sometimes required by law to report certain information.  For example, we must report abuse or neglect.  We also must give information to your employer about work-related illness, injury or workplace-related medical surveillance.  Another example is that we will share necessary information about tumors with state tumor registries for their research purposes.
Public Safety:  We may, and sometimes have to, share medical information about you in order to prevent or lessen a serious threat to the health or safety of a particular person or the general public.
Health Oversight Activities:  We may be required by law to share certain medical information about you for health oversight activities, audits or inspections.
Coroners, Medical Examiners and Funeral Directors:  We may share medical information about deceased clients with coroners, medical examiners and funeral directors.
Military, Veterans, National Security and Other Government Purposes:  We may use or share medical information about you for national security purposes.  We may be required by law to share medical information about you with the military for military command purposes when you are a member of the armed forces.
Judicial Proceedings:  We may use or share medical information about you in response to court orders or subpoenas only when we have followed procedures required by law.
Law Enforcement in California:  We may share medical information about you with police (or other law enforcement personnel) without your written permission:

  • If the police present a valid search warrant
  • If the police present a valid court order
  • To report abuse, neglect, or assaults as required or permitted by law
  • To report certain threats to third parties

Family Members and Others Involved in Your Care:  With your written consent we may share medical information about you with friends, family members, or others you have named who help with your care.  We may use or share medical information about you with disaster organizations so that your family can be notified of your location and condition in case of disaster or other emergency.
Procedure:
To ensure that CFIT is in compliance with the Privacy Rule, policies and procedures to ensure compliance with the Privacy Rule have been implemented. The policies and procedures contained herein are a demonstration of its compliance with the Privacy Rule. CFIT promptly changes its policies and procedures that accord with changes to the Privacy Rule. Notice provided to clients is also promptly changed to reflect the change in policy and procedure, unless the change does not materially affect our policies. The timing of the change and reliance on the change may depend on the terms for such changes at outlined by federal and state laws.

Safeguards:
To protect the privacy of the PHI of its patients, CFIT has in place appropriate administrative, technical, and physical safeguards, in accordance with the Privacy Rule. CFIT reasonably safeguards PHI from any intentional or unintentional use or disclosure that would violate the Privacy Rule. For example, passwords are required to access the computerized scheduling program and electronic medical records, which guards against unauthorized access of PHI. Patient medical records are guarded carefully, and are stored in locking file cabinets located in a locked and protected closet.

CFIT reasonably safeguards PHI to limit incidental uses or disclosures. For example, sound reduction materials are used in treatment rooms to guard against accidental breaches of confidentiality due to transfer of sound from room to room. Staff members make sincere efforts to discuss patient matters privately, for example, leaving the front desk or writing notes to transfer information discreetly to other staff members. A confidential sign-in sheet, although not required by HIPAA, is often used. The use of computerized scheduling eliminates the ability of clients to view other clients’ appointments. These safeguards are only a few of the many that have been implemented to protect patients’ privacy.

Documentation:
CFIT meets applicable state laws and the Privacy Rule’s requirements regarding documentation. Documentation is required throughout the Privacy Rule to demonstrate implementation of certain requirements. These documentation requirements include those specifically related to notice, authorization, the minimum necessary standard, and clients’ rights. CFIT maintains policies and procedures in written and electronic form. All written communication required by the Privacy Rule is maintained (or an electronic copy is maintained) as documentation.

If an action, activity, or designation is required by the Privacy Rule to be documented, a written or electronic copy is maintained as documentation.  Documentation is maintained for a period of six years from the date of creation or the date when it last was in effect, whichever is later.

Changes to this Notice:
We may change our privacy practices from time to time.  Changes will apply to current medical information, as well as new information after the change occurs.  If we make an important change, we will change our notice.  We will also post the new notice in our facilities and on our Web site at:  www.sbcfit.org You can ask, in writing, for a copy of this notice at any time by contacting CFIT.  If our notice has changed, we will give you a copy of the notice the next time you register for treatment.

Do you have concerns or complaints?
If you think your privacy rights may have been violated, you may contact CFIT (listed below).  You may also contact our Director of Operations at (805) 899.7777.  Finally, you may send a written complaint to the U.S. Department of Health and Human Services, Office of Civil Rights.  The CFIT office can provide you the address.  We will not take any action against you for filing a complaint.

Cognitive Fitness & Innovative Therapies
2409 De La Vina
Santa Barbara, CA 93105
Tel:  (805) 899.7777
Fax:  (805) 563.0857
www.sbcfit.org

When a client files a privacy complaint, the following process will be followed:
a) Validate the complaint with the individual.
b) If appropriate, attempt to correct any apparent misunderstanding of the policies and procedures on the client’s part; if after clarification, the client does not want to pursue the complaint any further, indicate that “no further action is required.” Record the date and time and file under dismissed complaints.
c) If not dismissed, log the complaint by placing a copy of the complaint letter/form in both the complaint file and in the client’s record.
d) Investigate the complaint by reviewing the circumstances with relevant staff (if
applicable).
e) If it is determined that the complaint is invalid, send a letter stating the reasons the complaint was found invalid. File a copy of the letter and form in an investigated
complaints file.
f) If the investigative findings are unclear, get a second opinion from your lawyer.
g) If it is determined that the complaint is valid and linked to a required process or an individual’s rights, follow the office sanction policy to the extent that an individual is responsible. If the complaint involves compliance with the standards that do not involve a single individual, then begin the process to revise current policies and procedures.
h) Once an appropriate sanction or action has been taken with respect to a complaint with merit, or if the response will take more than 30 days, send a letter explaining the findings and the associated response or intended response. Document the disposition of the complaint and file the letter and form in an investigated complaints file.
i) Place a copy of the complaint letter/form in the client’s record.
j) Review both invalid and investigated complaint files periodically, to determine if
there are any emerging patterns.

Sanctions:
CFIT applies appropriate sanctions against a member of my staff who fails to comply with the requirements of the Privacy Rule or its policies and procedures. CFIT may not apply sanctions against an individual who is testifying, assisting, or participating in an investigation, compliance review, or other proceeding. Sanctions include, but are not limited to verbal and written warnings and accompanying additional training, and termination.

Mitigation:
CFIT mitigates, to the extent possible, any harmful effect of which it becomes aware regarding its use or disclosure, or its business associates’ use or disclosure, of PHI in violation of policies and procedures or the requirements of the Privacy Rule.

Client Rights: 
The traditional doctor-client relationship takes on a new dimension when care is rendered within our uniquely organized structure - legal precedent has established that the institution itself bears a responsibility to the client.  Client rights are therefore presented with the expectation that their observance will contribute to more effective client care and greater satisfaction for the client, the clinic, and any other individuals involved.

  • A client has the right to respectful care by competent personnel. 
  • A client has the right, upon request, to be given the name of his/her physician, the names of all other physicians directly participating in his/her care, and the names and functions of other health care personnel who have had direct contact with the client. 
  • A client has the right to privacy with respect to his/her medical care program.  Case discussion, consultation, examination, and treatment are considered confidential and should be conducted discreetly.  Additionally all records pertaining to his/her medical care are strictly confidential except as otherwise provided by law or third-party contractual arrangements. 
  • Upon request, the Clinic shall provide the client or client designee access to all information contained in his/her medical records, unless access is specifically restricted by the physician for medical reasons. 
  • A client has the right to know what Clinic rules and regulations apply to his/her conduct as a client. 
  • The client has the right to expect emergency procedures to be implemented without unnecessary delay. 
  • The client has the right to quality care and high professional standards that are continually maintained and reviewed. 
  • The client has the right to full information in layman’s terms concerning his/her diagnosis, treatment, and prognosis, including information about alternative treatments and possible complications.  When it is not medically advisable to give such information to the client, the information shall be given on his/her behalf to the client’s next of kin or other appropriate person. 
  • Except for emergencies, the physician must obtain informed consent prior to the start of any procedure or treatment. 
  • A client or, in the event the client is unable to give informed consent, a legally responsible party, has the right to be advised when a physician is considering the client as a part of a medical care program or donor program, and the client, or legally responsible party, must give informed consent prior to actual participation in such a program.  A client or legally responsible party may, at any time, refuse to continue in any such program to which he or she has previously given informed consent. 
  • To the extent permitted by law, a client has the right to refuse any medication, treatment, or procedure offered by the Clinic, and the physician shall inform the client of the medical consequences of the client’s refusal of any medication, treatment or procedure. 
  • A client has the right to assistance in obtaining consultation with another physician at the client’s request and own expense. 
  • A client has the right to medical services without discrimination based upon race, color, religion, gender, sexual preference, national origin, or source of payment. 
  • The client who does not speak English should have access to, where possible, an interpreter. 
  • The client has the right to expect management techniques to be implemented within the Clinic that consider the efficient use of client time and avoid client discomfort. 
  • The client has the right to examine and receive a detailed explanation of his/her bill. 
  • The client has the right to information and counseling on available financial resources for his/her health care. 
  • A client cannot be denied the right of access to an individual or agency that is authorized to act on his/her behalf to assert or protect the rights set out in this section. 

Client Care Policy:
Policy:  All critical test results and critical values and results must be noted immediately to either the Care Coordinator for the client or the attending physician.  Documentation of the note including time and date and who received the critical value/result must be made as a permanent part of the client’s medical record.
Purpose:  To ensure immediate reporting of critical values/results to appropriate care providers to enable provision of timely, appropriate treatment to the client.
Definition:  A critical test is defined as a test with critical values/results or other results that are determined by the laboratorian, neurologist, or other diagnostician to be critical to the client’s subsequent treatment decisions.
Procedure:

  1. Include ordering physician’s name and mailing information at every intake interview.
  2. Validate the correct client by using two identifiers.
  3. Ask the staff member receiving the critical values/results to write them down and read them back to the client.
  4. Document the notification including time and date and who received the critical value/result as a permanent part of the client’s medical record.
  5. Prioritize monitoring of turnaround times for critical tests and evaluations based on periodic risk assessments.

Updated Last on August 23, 2010  •