Eleanor Health community members, please read this notice closely. This notice covers:
1) The Eleanor Health privacy and confidentiality rights that you have as an Eleanor Health community member, when Eleanor Health is providing services as a treating provider.
2) How you and other authorized individuals can get access to protected health information (PHI) related to you and your care, when Eleanor Health is providing services as a treating provider.
3) How Eleanor Health collects, uses and discloses information about you online. When Eleanor Health provides services (e.g., case management and care coordination) on behalf of a health plan covered by regulations promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), it will comply with respective portions of the HIPAA regulations and the Business Associate Agreement executed separately with the health plan. Right to Confidentiality: You have the right to confidentiality at Eleanor Health. Your privacy and confidentiality are protected not just through HIPAA but also through 42cfr Part 2, a federal regulation that provides enhanced protections for people seeking treatment for addictions. Eleanor Health is committed to ensure your protected health information (name, birth date, diagnoses, etc) is not disclosed without legally sufficient reason. We will not disclose any PHI (personal protected health information like your name or birth date or address) or let anyone know that you are our patient unless:
- You have completed a release of information and consented in writing. b. A court order has been received that we have to follow. c. There is a medical emergency and the disclosure is to medical personnel (i.e. to an EMT if you’ve fainted on our property). d. It is to a company that we have a Business Associates Agreement to provide services to (like our language translating service or our electronic health record). e. Authorized people auditing our care for quality. These authorized people could be internal from our Eleanor Health Quality team or external from a state or federal or insurance provider auditing arm. f. It is required under state law in an incident of suspected child abuse and neglect g. You have died, and we have to report your death to a public health authority. h. The US Department of Health and Human Services wants to investigate whether we’ve complied with HIPAA privacy rules.
For additional detail, please see our Notice of Privacy Practices below.
Personal Information
Eleanor Health’s website, www.eleanorhealth.com, does not collect any information that personally identifies you unless you knowingly and willingly provide it by sending it to us via e-mail. Eleanor Health only gathers non-personally identifiable information such as which pages were visited, the order in which they were visited, and which hyperlinks were clicked. Collecting such information involves the logging of IP addresses, operating system and browser software used by each visitor to the site. Although such information is not personally identifiable, we can determine from the IP address a visitor’s Internet Service Provider and the geographic location of his or her point of connectivity. The non-personally identifiable information we collect helps us, among other things, to monitor our internal operations, improve our services, identify the most popular areas of our site and determine the effectiveness of our services and promotional activities. It also helps us make available, more useful online services by performing statistical analyses of the behavior of the users of our site, and by measuring demographics and interests regarding specific areas of our site.
Information Security and Quality
We have implemented appropriate technical and managerial procedures to maintain information that is accurate, current, and complete. We will make a sincere effort to respond to your requests to correct information inaccuracies in a timely manner. We reserve the right to disclose information contained within our access logs concerning any user as we reasonably feel is necessary to protect our systems or business. We also reserve the right to report any suspected illegal activity to law enforcement for investigation or prosecution.
Business Relationships
The Eleanor Health website contains links to other websites. Eleanor health is not responsible for the privacy practices or the content of such web sites. Eleanor Health uses the Google Maps API(s). Please refer to the Google Privacy Policy for more details.
Cookies
There are various technologies, including one called “cookies”, which can be used to provide you with better or more useful interactions and information from a website. Cookies are small text files placed on the hard drive of a visitor’s computer if permitted by the browser. Cookies are only read by the server that placed them, and are unable to read data from hard disks, execute any code, send you viruses or destroy your files. Cookies allow preferences to be set, and allow the automatic processing of text, monitor, and language preferences, among other things, and help us track user preferences and the pages of the site which they visit. Please check the Help file of your browser to determine how to set these user preferences.
Updating
Please note that we review and modify our privacy practices from time to time, and that those practices are therefore subject to change.
HIPAA Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This notice is specific to the privacy practices of Eleanor Health Professional NC, PLLC; Eleanor Health Professional NJ, LLC; Eleanor Health Professional MA, PLLC; Eleanor Health Professional WA, PLLC; Eleanor Health Professional LA, LLC; Eleanor Health Professional OH, LLC; Eleanor Health Professional TX, PLLC, and Eleanor Health Professional FL, PLLC (collectively referred to as “Eleanor”).
OUR PLEDGE REGARDING YOUR PROTECTED HEALTH INFORMATION:
Eleanor understands that information about you and your health is personal and we are committed to maintaining the privacy and security of this information. In particular, we protect the privacy and security of your substance use disorder patient records in accordance with 42 U.S.C. § 290dd–2 and 42 C.F.R. Part 2, the Confidentiality of Substance Use Disorder Patient Records (“Part 2”), in addition to HIPAA and applicable state law.
This notice describes your rights with respect to the protected health information (“PHI”) that we collect and maintain regarding you, the ways in which we may use and disclose your PHI, and certain obligations we have regarding the use and disclosure of your PHI.
We are required by law to:
- Maintain the privacy of your PHI;
- Give you this notice describing our legal duties, privacy practices, and your rights regarding your PHI that we collect and maintain;
- Notify you if we discover a breach of any of your PHI that is not secured in accordance with federal guidelines; and
- Follow the terms of the Notice of Privacy Practices that is currently in effect.
If you are the parent, legal guardian, or personal representative of an Eleanor Health member, the references in this notice to “you” and “your,” such as “…your personal health information…” shall be understood to refer to the member.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION:
You have the following rights with respect to your PHI:
- Right to Inspect and Copy: You have the right to inspect and copy all or any part of your medical or health record, including information maintained electronically as part of an electronic health record, as provided by federal regulations.
We will comply with your request to inspect or copy your medical or health record within a reasonable time, usually within thirty days of your request, or a shorter time to the extent required by applicable law. We may charge a reasonable, cost-based fee. Under certain limited circumstances, we may deny your access request.
- Right to Amend: You have the right to request that we amend your PHI or a medical or health record about you if you feel that health information we have about you is incorrect or incomplete. You have the right to request an amendment for as long as we keep the information. To request an amendment, your request must be made in writing, submitted to our Compliance Department in writing at the address listed at the beginning of this notice, and must provide a reason that supports your request for an amendment. We may deny your request under certain limited circumstances.
- Right to an Accounting of Disclosures: You have the right to request a list of the instances, i.e., an accounting, in which we have shared your health information for six (6) years prior to the date of your request, with whom we have shared your health information, and the reason why we have disclosed it. To request an accounting of disclosures, you must submit your request in writing to our Compliance Department at the address listed at the beginning of this notice We will include all disclosures except for those about treatment, payment or health care operations and certain other disclosures (such as those that we made at your request). We will provide one accounting per year for free but will charge a reasonable cost-based fee if you request another one within twelve (12) months.
- Right to Request Restrictions: You have the right to request a restriction or limitation on the use and disclosure of your PHI. You also have the right to request a restriction or limitation on the disclosure of your PHI to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we restrict a specified nurse from use of your PHI or that we not disclose information to your spouse about a treatment you received.
If you pay for a service entirely out-of-pocket, you may request that information regarding the service be withheld and not provided to a third-party payor for purposes of payment or health care operations. We are obligated by law to abide by such restriction.
To request a restriction on the use and disclosure of your PHI, you must make your request in writing to our Compliance Department at the address listed at the beginning of this notice. In your request, you must tell us what information you want to limit and to whom you want the limitations to apply. We will notify you of our decision regarding the requested restriction. If we do agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment.
- Right to Receive Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or have such communications addressed to a certain location. For example, you can ask that we only contact you at work or by mail to a post office box.
To request confidential communications, you must make your request in writing to our Compliance Department at the address listed at the beginning of this notice. Your request must specify how or where you wish to be contacted.
- Right to a Paper Copy of this Notice: You have the right to obtain a paper copy of this notice at any time upon request. At the time of first service rendered, we are required to provide you with a paper copy of this notice. To obtain a copy of this notice at any other time, please request it from our Compliance Department at the address listed at the beginning of this notice.
- Right to Revoke Authorization: If you execute any authorization(s) for the use and disclosure of your PHI, you have the right to revoke such authorization(s), except to the extent that action has already been taken in reliance on such authorization.
HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:
The following categories describe the ways that we may use and disclose your health information without your authorization under HIPAA and Part 2. To the extent applicable state law is even more restrictive than Part 2 on how we use and disclose any of your health information, we comply with more restrictive state law. Certain disclosures of PHI may be made electronically.
- For Treatment: We may use your PHI to provide you with health care treatment or services. We may disclose your PHI to other doctors, nurses, psychologists, social workers, technicians, health students, or other personnel who are involved in taking care of you. For example, another doctor treating you may need to know about certain conditions and treatments to provide appropriate care.
- For Payment: We may use and disclose your PHI so that the treatment and services you receive from us may be billed to and payment collected from you, an insurance company, or a third party. For example, we may need to give your health plan information about your use of our services so that your health plan will pay us or reimburse you for the treatment. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
- For Health Care Operations: We may use and disclose your PHI for operations of Eleanor. For example, we may use health information to review our treatment and services and to evaluate the performance of our staff in caring for you.
- Minors: We may disclose PHI of minor children to their parents or guardians unless disclosure is otherwise prohibited by law.
- For Research: We may disclose your PHI for the purpose of research. We will only disclose your PHI for research purposes upon your express authorization or if either (i) the research protocol has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI; or (ii) we have received assurances from a researcher that the health information is sought solely for review as necessary to prepare a research protocol or for similar purposes preparatory to research and no health information will be removed from our premises in the course of the review.
- As Required By Law: We may disclose your PHI when required to do so by federal, state, or local law.
- To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
- Military and Veterans: If you are a member of the armed forces or separated/discharged from military services, we may release your PHI as required by military command authorities or the Department of Veterans Affairs as may be applicable. We may also release health information about foreign military personnel to the appropriate foreign military authorities.
- Workers’ Compensation: We may release your PHI as authorized by, and in compliance with, laws related to workers’ compensation and similar programs established by law that provide benefits for work-related illnesses and injuries without regard to fault.
- Public Health Activities: We may disclose your PHI for public health activities. These activities generally include the following:
- to prevent or control disease, injury, or disability;
- to report births and deaths;
- to report child abuse or neglect;
- to report reactions to medications or problems with products;
- to notify people of recalls of products they may be using;
- to notify person or organization required to receive information on FDA-regulated products; and
- to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
Health Oversight Activities: We may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
- Law Enforcement: We may disclose your PHI to law enforcement officials for law enforcement purposes including the following:
- in reporting certain injuries, as required by law, gunshot wounds, burns, injuries to perpetrators of crime;
- in response to a court order, subpoena, warrant, summons or similar process;
- to identify or locate a suspect, fugitive, material witness, or missing person;
- about the victim of a crime, if the victim agrees to disclose or under certain limited circumstances, we are unable to obtain the person’s agreement;
- about a death we believe may be the result of criminal conduct;
- about criminal conduct on our premises; and
- in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime.
- Organ and Tissue Donation: We may disclose your PHI to organizations involved in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue, for the purpose of facilitating organ and tissue donation where applicable.
- Abuse, Neglect and Domestic Violence: We may disclose your PHI to an appropriate governmental authority if we reasonably believe that you may be a victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
- Coroners, Health Examiners and Funeral Directors: We may disclose your PHI to a coroner or health examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose your PHI to funeral directors as necessary to carry out their duties.
- National Security and Intelligence Activities: We may disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law, or for the purpose of providing protective services to the President or foreign heads of state.
- Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the correctional institution or law enforcement official. This release would be necessary (a) for the institution to provide you with health care; (b) to protect your health and safety or the health and safety of others; or (c) for the safety and security of the correctional institution.
EXAMPLES OF OTHER PERMISSIBLE OR REQUIRED DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:
- Business Associates/Qualified Service Organizations: We may disclose your information to third party “business associates” and “qualified service organizations” that perform various services on our behalf, such as transcription, billing, and collection services, and who agree to protect the privacy of your health information. To protect your PHI, however, we require them to sign a contract that states that they will appropriately safeguard your information.
- Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, close personal friend, or other person responsible for your care of your location and general condition. We will not disclose your PHI to your family members, personal representative, or close personal friends as described in this paragraph if you object to such disclosure. Please notify our Compliance Department if you object to such disclosures.
- Communication with Family Members: Health professionals, including those employed by or under contract with us may disclose to a family member, other relative, close personal friend or any other person you identify, health information relative to that person’s involvement in your care or payment related to your care, unless you object to the disclosure.
- Unlawful Conduct: Federal law allows for the release of your PHI to appropriate health oversight agencies, public health authorities or attorneys, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers, or the public.
WE MAY NOT USE OR DISCLOSE YOUR PROTECTED HEALTH INFORMATION FOR THE FOLLOWING PURPOSES WITHOUT YOUR AUTHORIZATION:
- We must obtain an authorization from you to use or disclose psychotherapy notes except for (a) use by the originator of the psychotherapy notes; (b) use and disclosure for certain of our training programs related to group, joint, family or individual counseling; (c) use and disclosure for our defense in certain legal proceedings; and (d) uses and disclosures required by law, permitted by health oversight activities, to a coroner or medical examiner, or to prevent a serious and imminent threat to health or safety.
- We must obtain an authorization for any use or disclosure of your PHI for any marketing communications to you about a product or service that encourages you to use or purchase the product or service unless the communication is either (a) a face-to-face communication or; (b) a promotional gift of nominal value. However, we do not need to obtain an authorization from you to provide refill reminders, information regarding your course of treatment, case management or care coordination, to describe health-related products or services that we provide, or to contact you regarding treatment alternatives. We must notify you if the marketing involves financial remuneration.
- We must obtain an authorization for any disclosure of your PHI which constitutes a sale of such PHI.
- We will not disclose your presence in treatment to individuals who may contact Eleanor unless you have provided your written authorization permitting the release.
- We must obtain an authorization for all other uses and disclosures of your PHI not described in this notice.
If you provide us with written authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time.
Note: AIDS and HIV-related information, genetic information, information about sexually transmitted diseases, alcohol and/or substance abuse records, mental health records, and other sensitive health information may be entitled to additional confidentiality protections under federal and state law. Any disclosure of PHI falling into those categories will be subject to those additional protections, to the extent applicable.
CHANGES TO THIS NOTICE:
We reserve the right to change our privacy practices and any terms of this notice. If our privacy practices materially change, we will revise this notice and make copies of the revised notice available upon request. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any PHI we receive in the future.
TO MAKE A COMPLAINT:
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the United States Department of Health and Human Services. To file a complaint with us, contact our Compliance Department at compliance@eleanorhealth.com or at the address listed at the beginning of this notice. All complaints must be submitted in writing.
There will be no retaliation against you for filing a complaint.
CONTACT INFORMATION
If you have any questions about this notice or need further information, please contact us:
By phone at 877-595-5017; or
By email at compliance@eleanorhealth.com; or
In writing to Eleanor Health, 221 Crescent St. Suite #202, Waltham, MA 02453, Attention: Compliance
Effective Date: September 21, 2023