A Bief Overview of our California Rehab Privacy Policy

This privacy notice discloses the privacy practices for www.oceanhillsrecovery.com. This privacy notice applies solely to information collected by this web site. It will notify you of the following:

What personally identifiable information is collected from you through the web site, how it is used and with whom it may be shared.
What choices are available to you regarding the use of your data.
The security procedures in place to protect the misuse of your information.
How you can correct any inaccuracies in the information.
Information Collection, Use, and Sharing
We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

See what data we have about you, if any.
Change/correct any data we have about you.
Have us delete any data we have about you.
Express any concern you have about our use of your data.

Security
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

Cookies
We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 866-303-2444 or email via [email protected]

Additional Notes Regarding Privacy, HIPAA Compliance and Protected Health Information

Confidential Information Dissemination Policy

POLICY

It is the policy of The Ocean Hills Recovery, Inc. (OHR) to ensure that all verbal and written information of persons served is released in a manner that protects the individual’s right to confidentiality.  Information may not be released without the individual’s written permission, except as the law permits or requires. OHR will make reasonable efforts to limit use, disclosure of, and requests for private health information to the minimum necessary to accomplish the intended purpose.

PROCEDURE

  1. Information may be released in written and/or verbal form. The release of information will occur upon receipt of an authorization determined as valid. Validity is determined by the presence of each of the following items:
    1. The name of the person about whom information is to be released, including social security number
    2. The specific content of the information that is to be released
    3. The person to whom the information is to be released
    4. The signature of the person who is legally authorized to sign the release and the date on which the release is signed
    5. The expiration date of the authorization, not to exceed one year
    6. Information that defines how and when the authorization can be revoked
  2. Requests for Information:
    1. All requests for information will be in writing.
    2. Requests for information from an individual’s record will be answered within 30 days from the date of receipt. If the information cannot be provided within this period, the requester will be informed in writing of the reasons for the delay and the anticipated date the information will be available.
    3. Requests for records that have been incorporated into OHR’s records from outside sources will not be released and the requestor will be encouraged to seek those records from their original source.
  3. Release of Sensitive Information:
    1. Information contained within the individual records may have a serious adverse effect on an individual’s mental or physical health if disclosed to the individual. Such information may contain materials requiring an explanation or interpretation to assist in its acceptance and/or assimilation in order to avoid an adverse impact on the individual’s health. To minimize the risk of a release of information adversely impacting a person served, the following guidelines will apply:
      • The HIPAA Compliance Officer the acting Vice President will review all requests of individuals seeking direct access to their records. Information identified as potentially sensitive will be reviewed by the Vice President. This review will occur within one working day of the referral.
      • All materials directly related to behavioral health treatment that includes a diagnosis, assessment, or interpretative data will be reviewed by the HIPAA Compliance Officer the acting Vice President.
      • If after the professional review of the record, it is believed that disclosure of the information directly to the individual could have an adverse effect on that individual, arrangements will be made to disclose the information to a professional staff member selected by the individual. The staff member will discuss the information with the individual prior to the release.
      • Should it be determined by the professional staff member that after a careful and conscientious explanation of the information to the individual has been made, and it is the opinion that access to the information could be harmful, physical access will be denied. The justification for making the denial will be fully documented by the staff member and final concurrence will be made by the Vice President. The individual will be advised of the denial, the reasons for the denial of the request, and advised of the right to file a grievance, should the individual disagree with the decision.
    2. OHR’s legal counsel and liability insurance carrier will be notified and consulted when the release of information involves the following circumstances:
      1. Any request for records that are to be used in a suit against the organization or in a prosecution against a person served
      2. For all subpoenas for records that were not accompanied by a written consent signed by the person served, the Vice President will file a motion to quash with the Court which issued the subpoena. If that fails OHR legal counsel will be consulted
      3. All requests for information which indicates a possible liability for the cost of care and services
    3. Information may be released without the consent of persons served under the following conditions:
      1. For use by any OHR employee who has a need for the information in the performance of their duties to ensure continuity of care
      2. To medical personnel who have a need for the information for the purpose of treating a condition which poses an immediate threat to the health of a person served
      3. To public health authorities related to infection with HIV when there is a written request that the information and there is a fine or penalty for failure to comply
      4. To recover or collect the costs of medical care from third party health care insurance carriers contracted with by the persons served and required by the health plan to be disclosed
      5. To Federal, State, or local government agencies or entities charged under applicable laws with the protection of public health and safety. In such cases, the information may be release with the consent of the individual whose records are being requested, or upon receipt of a written request from the head of the government entity. A request for release under these circumstances may be either a standing written requested based on reporting requirements, or a specific written request from the head of a law enforcement agency for a special law enforcement purpose. Standing requests must be updated in writing every year.
      6. Disclosure as a result of a court order from a court of competent jurisdiction
      7. To the medical examiner, in conjunction with an investigation of a suspicious death
      8. To professional review organizations, in accordance with government contracts (Medicare/Medicaid)
      9. Disclosure of information to a third party payer in a care cost recovery action will be limited to date of birth; social security number; payment history; and account number, unless the individual provides a written consent designating further information to be released
    4. An accounting record will be maintained on all records released by OHR. It will include the date, nature and purpose of each disclosure, the name of the party to whom the disclosure is made, and the staff member that has approved the release of records and the name of the staff member compiling and sending the requested information. This accounting record will be maintained in the client record from which the disclosure was made, documented in the Protected Health Information section of the client record.
    5. Special consent is required to release records that contain information related to drug and alcohol addiction and abuse, and tests for, or infection with, human immune virus. Any authorized disclosure from records containing information of this type will be limited to that information which is necessary for the purpose of the disclosure. Because of the special nature of this information, the release must be processed by the HIPPA Compliance Officer the acting Vice President to assure compliance with the special regulatory requirements.
    6. The following type of communications do not constitute disclosure of information/records:
      1. Communication of information between any OHR employees who have a need for the information in connection with their official duties
      2. Communications with law enforcement offices which are directly related to the person served committing or threatening to commit a crime on the organization’s property or against an employee of the organization
      3. Communication of information which does not provide an individual’s identifying information
    7. OHR will protect the confidentiality of private health care information when transferring data electronically by adherence to the following guidelines:
      1. All data sets containing individual names transferred on a diskette, e-mail or any other electronic medium, will be password encrypted.
      2. The sending and receiving parties prior to transfer of the electronic data will negotiate passwords.
      3. Passwords will be at least eight characters in length, contain both letters and numbers, and must not be commonly used words.
      4. Passwords for encrypted files may not be mailed in the same shipping package as the encrypted file.
    8. OHR will adhere to the following guidelines when mailing confidential private health information:
      1. Stamp all envelopes containing records as confidential.
      2. Clearly indicate a particular office on the address where the envelope is to be delivered.
      3. Whenever possible, include in the address the name of the staff member authorized to open the envelope.
      4. All envelopes individually addressed will contain the following statement in the outside of the envelope: “TO BE OPENED BY ADDRESSEE ONLY.”
    9. When faxing confidential information, the following guidelines will apply:
      1. Confidential private health information will only be transmitted by fax when absolutely necessary or required by the requestor, and other traditional methods such as confidential mail is not possible to deliver the information.
      2. All fax cover pages for confidential information will contain the following:
        • The name and program of the person to whom the fax is intended
        • The name, program, and phone number of the person sending the fax
        • The statement “Confidential Information” in a large bold font
        • A statement that clearly identifies the accompanying material as confidential information that reads as follows: “The documents accompanying this facsimile transmission contain confidential information which is legally privileged. The information is intended only for the use of the recipient named above. If you have received this facsimile in error, please immediately notify us by telephone to arrange for return of the documents to us, and that you are hereby notified that and disclosure, copying, distribution or the taking of any action in reliance on the contents of this facsimile information is strictly prohibited.”
      3. In situations where the information is not being regularly faxed to a common organization and individual, a phone call will be made to the person receiving the fax to verify the fax number and a follow-up call will be made to ensure the receipt of the fax.
      4. Fax transmissions will be restricted to persons specifically authorized to transmit confidential information.
      5. Fax machines will not be situated in common public areas.
      6. Fax number lists will be current, accurate, and regularly checked.
      7. All transmission records will be checked to detect possible transmission errors and retained for confirmation purposes.
      8. Upon the receipt of any confidential misdirected fax, the sender will be contacted and the information will be shredded.
    10. Any information released verbally over the phone, can only be done after verification of the caller’s identity through taking the phone number and making a call back prior to releasing the information.
    11. All telephone calls from outside the organization that request confirmation of an individual being served by Ocean Hills Recovery, will be handled by repeating the following statement: “I can neither confirm or deny that the individual in question is receiving services or has ever received services without a written authorization from that individual.”
    12. Any OHR employee who knowingly and/or willfully violates provisions of this policy and procedures will face administrative disciplinary action that may result in termination of employment.

Confidentiality of Client Record and Protected Health Information

PURPOSE

To establish clear, appropriate and acceptable confidentiality of Protected Health Information (PHI) and all aspects of confidentiality, and to establish and maintain processes and resources for reporting, investigating, and resolving potential violations of applicable Federal and State laws within the organization. 

POLICY 

It is the policy of Ocean Hills Recovery (OHR) to establish a mechanism to protect the confidentiality of individual identifiable member health and financial information from any unauthorized intentional or unintentional use or disclosure in accordance with the requirements set forth in HIPAA 45 CFR 164.

Definition

Protected Health Information (PHI) – Any individually identifiable health or financial information, whether verbal, written, electronic, or otherwise recorded in any form or medium that is:

  1. Created or received by OHR or one of its employees, agents or contracted service providers
  2. Related to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual or the past, present, or future payment for the provision of health care to an individual

The Federal Privacy Regulations further specify that the following 17 pieces of “Individually Identifiable Information” that, when linked with health or medical information, constitutes PHI (45 CFR 164.514):

  1. Names of the individual, and relatives, employers or household members of the individual
  2. Geographic identifiers of the individual, including subdivisions smaller than a state, street address, city, county and precinct
  3. Zip code at any level less than the initial three digits; except if the initial 3 digits cover a geographical area of 20,000 or less people, than zip code is considered an identifier
  4. All elements of dates, except year, or dates directly related to an individual including birth date, admission date, discharge date, date of death and all ages over 89 and all elements of dates (including year) indicative of such age, except that such ages and elements may be aggregated into a single category of age 90 or older
  5. Telephone numbers
  6. Fax numbers
  7. Electronic mail addresses
  8. Social Security numbers
  9. Medical record numbers
  10. Health plan beneficiary numbers
  11. Account numbers
  12. Certificate/license numbers
  13. Vehicle identifiers and serial numbers, including license plate numbers
  14. Device identifiers and serial numbers
  15. Web Universal Resource Locators (URLs)
  16. Internet Protocol (IP) address numbers
  17. Biometric identifiers, including finger and voice prints
  18. Full-face photographic images and any comparable images

PROCEDURE

Protected Health Information may not be released without a complete and valid written consent or authorization signed by client, parent or legally authorized representative unless a release of the PHI is specifically allowed by State and Federal law without a valid authorization.  

Confidentiality Statement: All OHR staff is required to sign the OHR Confidentiality Statement before they are granted access to PHI.

All OHR employees that suspect, discover, or receive a report of PHI violations from another party have the obligation to report that violation in writing, in person, or by telephone to a supervisor, the Vice President, or anonymously.

Any personnel or contractors that report a violation should discuss the situation only with direct supervisors or the Vice President to ensure that confidentiality of the affected area/individuals can be maintained.

For supervisors that receive notice of a potential violation, this is to be communicated to the Vice President within twenty-four (24) hours.  The supervisor should not discuss the violation with other parties.

When the Vice President receives a report of a potential violation, he/she will then prepare a confidential corporate compliance report (if one has not been completed yet).  The Vice President will then conduct an initial investigation based on the report and coordinate with legal counsel if necessary.

PURPOSE

To assure the protection of all client rights to privacy and define the process through which Federal Confidentiality Guidelines are implemented.

POLICY

Confidentiality is a fundamental component of quality clinical services.  It is therefore the policy of Ocean Hills Recovery to safeguard the client right to privacy with respect to confidential information disclosed or revealed in the therapeutic setting.

In order to insure that client confidentiality is protected, upon employment all staff members of OHR will be required to review Federal Confidentiality Regulations relating to the “Confidentiality of Alcohol and Drug Abuse Patient Records,” and other confidentiality laws that may be applicable at that time.  After having reviewed said laws and regulations, the employee will be required to sign a statement acknowledging their understanding of this material, the implications contained therein, and that the employee agrees to abide by all applicable confidentiality and privacy regulations.  A copy of this signed statement will be included in each employee’s personnel file.

Federal Confidentiality Regulations, 42 CFR Part 2 “Confidentiality of Alcohol and Drug Abuse Patient Records,” will define the basic framework within which all operating policies and practices of OHR are to be conducted.  Any exceptions to the contents of this policy are to be enacted only in accordance with relevant clauses contained within the Federal Confidentiality Regulations, and then only upon approval of the President.  In the absence of the President, the Program Director will make such determinations as may be necessary.

The full text of the most recent Federal Confidentiality Regulations will be available through the Vice President.  In summary, these regulations state:

  • Program staff shall not convey to a person outside of the program that a client attends or receives services from the program or disclose any information identifying a client as an alcohol or other drug services client unless the client consents in writing for the release of information, the disclosure is allowed by a court order, or the disclosure is made to qualified personnel for a medical emergency, research, audit or program evaluation purposes.
  • Federal laws and regulations do not protect any threat to commit a crime, any information about a crime committed by a client either at the program or against any person who works for the program.
  • Federal laws and regulations do not protect any information about suspected child abuse or neglect being reported under state law to appropriate state or local authorities.

Any violation of client confidentiality, or knowledge of such violation, shall be immediately reported to the affected employee’s direct supervisor; who will immediately inform the Vice President.

Violation of client confidentiality by a staff member will result in disciplinary action that may include termination of employment.  Violation of one client’s confidentiality by another client may result in termination of services to the client who initiated the breach.

With the exception of situations previously referenced in this policy, and more fully described in the Federal Confidentiality Regulations, confidential information held by Ocean Hills Recovery may only be released or disclosed if the client in question has properly executed an “Authorization to Use and Disclose Protected Health Information” form.  Said information to be released or disclosed may include only information accumulated through the client’s involvement with OHR Reports from other organizations may be released only by the organization from which the report originated, unless the client has signed a specific “Authorization to Use and Disclose Protected Health Information” form that allows OHR to re-disclose such information.

“Authorization to Use and Disclose Protected Health Information” forms shall contain the following information:

  • Name of the organization or person to whom information may be disclosed
  • Extent and nature of the information to be disclosed
  • Purpose for the disclosure
  • Date upon which the authorization to disclose information automatically expires
  • Signature of the client about whom information is to be communicated; or, in the case of a minor client, the signature of a legal guardian
  • Prohibition on Redisclosure Statement

Confidential client information may be disclosed among employees of the different departments comprising OHR only to the extent necessary for said employees to perform the expected functions of their employment.  Graphically illustrated, confidential client information may be disclosed within a department and upwardly within the agency’s internal table of organization.  All other internal disclosures shall be limited to the extent necessary for the performance of one’s position responsibilities.

Information to be released to other organizations must be disclosed only in accordance with this policy, and with the best interest of the client as a paramount factor.  Such disclosures will contain only that information necessary to satisfy the professional obligations of OHR Disclosure of incidental information shall be avoided whenever possible.

Authorized disclosures of confidential client information to other organizations will be conducted by the clinician who is primarily responsible for the treatment of said client.  If this is not possible or prudent, the Vice President shall oversee the disclosure of confidential client information.

Confidential records are to be maintained in locked quarters within the agency at all times or secured electronically and password protected using the EMR system (KIPU).

In accordance with state law with regards to confidentiality, a client may request information pertaining to their clinical record.  Said request should be submitted in writing to either the Clinical Director or the Vice President.  Any information to be released shall include only elements detailed in the Release of Information Policy.

Ocean Hills Recovery Inc.

HIPAA

 

This notice describes how medical information about you may be used and disclosed and how you can get access to this information.

 

Treatment, payment and health care operations:

Ocean Hills Recovery Inc. (hereinafter Ocean Hills Recovery Inc.) uses and discloses your protected health information for treatment, payment, and health care operations.  Some examples of when our office may use or disclose your health care information for these purposes include:

  • Sharing test results with other health care providers for confirmation of a diagnosis;
  • Providing your diagnosis or other information about your health to your insurance provider or our billing service to obtain payment for the health care services we provide;
  • Reviewing information as part of our quality improvement program.

Other uses and disclosures:

Ocean Hills Recovery Inc. may also use or disclose your protected health information, in compliance with guidelines outlined by law, for the following purposes:

  • Providing you with information related to your health;
  • Contacting you regarding appointments, information about treatment alternatives, or other health related services;
  • Incidental uses or disclosures (e.g., listing your name on a sign-in sheet, etc.); 
  • Compliance with all laws (including reports of suspected abuse, neglect or violence);
  • Providing certain specified information to law enforcement or correctional institutions;
  • Providing information to a coroner, medical examiner, funeral director or organ procurement organization;
  • Public health activities when requested by a public health authority or the FDA.  Responding to health oversight agencies;
  • Responding to court or administrative tribunal orders, subpoenas, discovery requests or other lawful process;
  • Research activities;
  • When necessary to avert a serious threat to health or safety;
  • Military affairs, veterans affairs, national security, intelligence, Department of State, or presidential protective service activities;
  • Providing information to public or private disaster relief agencies; or Information to a family member, other relative, or close personal friend when: notification of your location, general condition or death; to assist in your health care (e.g. pick-up prescriptions or other documents, note follow-up care instructions, etc.)

Authorization for other uses: Ocean Hills Recovery Inc. will make other uses and disclosure of your protected health information only after obtaining your written authorization.  If you authorize a use not contained in this notice, you may revoke your authorization at any time, by notifying us in writing that you wish to revoke your authorization.

Your rights regarding the privacy of your health information: Subject to limitations outlined by law, you have certain rights related to use and disclosure of your protected health information, including the right to:

  • Request restrictions on certain uses and disclosures.  However, Ocean Hills Recovery Inc. is not obligated to agree to requested restrictions;
  • Receive confidential communications or protected health information;
  • Inspect and copy your protected health information with some limited exceptions;
  • Amend your health information;
  • Receive an accounting of disclosures of your health information;
  • Obtain a copy of this notice.

Ocean Hills Recovery Inc. duties regarding the privacy of your health information:

Subject to limitations outlined by law, Ocean Hills Recovery Inc. has certain duties related to your protected health information, including:  

  • Ocean Hills Recovery Inc. is required by law to maintain the privacy of protected health information and to provide individuals with notice of our legal duties and privacy practices with respect to protected health information.
  • Ocean Hills Recovery Inc. is required to abide by the terms of the privacy notice that is currently in effect.
  • Ocean Hills Recovery Inc. reserves the right to change a privacy practice described in this notice and to make such change effective for all protected health information.  Revised notice will be posted in our office and available upon request.

Concerns:

If you believe your privacy rights have been violated, you may make a complaint by contacting Program Director at 949-388-0112 x201 or by email at [email protected] or the Secretary for the Department of Health and Human Services.  No individual will be retaliated against for filing a complaint.