THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions about this Notice of Privacy Practices, please contact our Privacy Officer at 832-457-5046.
- Introduction. Ethos Wellness, LLC and its affiliates (“Ethos”) are required by law to maintain the privacy of Protected Health Information (“PHI”), to provide individuals with notice of our legal duties and privacy practices with respect to PHI and to notify affected individuals following a breach of unsecured PHI. PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition and relates to the provision of healthcare or payment for the provision of healthcare for your past, present, or future physical or mental health or condition and related healthcare services. This Notice of Privacy Practices (“Notice”) describes how we may use and disclose PHI to carry out treatment, obtain payment or perform our healthcare operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights with respect to PHI about you.
- Ethos is required to follow the terms of this Notice currently in effect. We will not use or disclose PHI about you without your written authorization, except as described in this Notice. We reserve the right to change our practices and this Notice and to make the new Notice effective for all PHI we maintain. Upon request, we will provide any revised Notice to you.
- Our Pledge. The privacy of your personal health information (PHI) is important to us. Your PHI includes, but is not limited to, medical, dental, pharmacy, and mental health information. The Notice describes our privacy practices. Our privacy practices must be followed by all of our employees and staff. This Notice tells you about the ways in which we may use and disclose your PHI. Also described are your rights and certain obligations we have regarding the use and disclosure of your PHI. We use and disclose your PHI is compliance with all applicable state and federal laws.
- Protected Health Information in Connection With Alcohol or Drug Recovery Services. Please note that in 42 C.F.R. Part 2 protects your health information if you are applying for or receiving services (including diagnosis, treatment or referral) for drug or alcohol abuse. Generally, if you are applying for or receiving services for drug or alcohol abuse, we may not acknowledge to a person outside the program that you attend the program or disclose and information identifying you as an alcohol or drug abuser except under certain circumstances that are listed in this Notice.
- How PHI About You May Be Used or Disclosed. The following categories describe different ways that we use and disclose PHI. For each category or use of disclosure, an explanation of what is meant and some examples are provided. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose PHI will fall within one of the categories.
For Treatment: We may use or disclose your health information to provide and coordinate the mental health treatment and services you receive. For example, if your mental health care needs to be coordinated with the medical care provided to you by another physician, we may disclose your health information to a physician or other healthcare provider. Also, counselors may disclose your health information to each other to coordinate individual and group therapy sessions for your treatment or information about treatment alternatives or other health-related benefits and services that are necessary or may be of interest to you.
For Payment: We may use and disclose your health information for various payment-related functions, so that we can bill for and obtain payment for the treatment and services we provide for you. For example, your PHI may be provided to an insurance company so that they will pay claims for your care.
For Healthcare Operations: We may use and disclose your health information for certain operations, administrative and quality assurance activities, in connection with our healthcare operations. These uses and disclosures are necessary to run the practice and to make sure that our patients receive quality treatment and services. For example, healthcare operations include quality assessment and improvement activities, reviewing the competence or qualifications of healthcare professionals, evaluating practitioner and provider performance, conducting training programs, accreditation, certification, licensing, or credentialing activities.
For Special Purposes: We are permitted under federal and applicable state law to use or disclose your PHI without your permission only when certain circumstances may arise. We may use or disclose your PHI without your permission for the following purposes:
- Individuals Involved in Your Care or Payment for Your Care: When appropriate we may disclose to a close personal friend or family member who is involved in your medical care or payment for your care. Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your Protected Health Information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgement.
- Disclosures to Parents or Legal Guardians: If you are a minor, we may release your PHI to your parents or legal guardians when we are permitted or required under federal and applicable state law.
- Worker’s Compensation: We may disclose your PHI to the extent authorized by and necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
- Public Health: We may disclose your PHI to federal, state, or local authorities, or other entities charged with preventing or controlling disease, injury, or disability for public health activities.
- Health Oversight Activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections as necessary for our licensure and for government monitoring of the healthcare system, government programs, and compliance with federal and applicable state law.
- Law Enforcement: We may disclose your PHI for law enforcement purposes as required by law or in response to a court order, subpoena, warrant, summons, or similar process; to identify or locate a suspect, fugitive, material witness, or missing person; about a death resulting from criminal conduct; about crimes on the premises or against a member of our workforce; and in emergency circumstances, to report a crime, the location, victims, or the identity, description, or location of the perpetrator of a crime.
- Judicial and Administrative Proceedings: If you are involved in a lawsuit or a legal dispute, we may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process that meets the requirements of federal regulations 42 C.F.R. Part 2 concerning Confidentiality of Alcohol and Drug Abuse Patient Records. Please note also that if your records are not actually “patient records” within the meaning of 42 C.F.R. Part 2 (e.g., if your records are created as a result of your participation in the program at another non-treatment setting), your records may not be subject to protections of 42 C.F.R. Part 2.
- United States Department of Health and Human Services: Under federal law, we are required to disclose your PHI to the U.S. Department of Health and Human Services to determine if you are in compliance with federal laws and regulations regarding the privacy of health information.
- Research: Under certain circumstances, we may use or disclose your PHI for research purposes. However, before disclosing your PHI, the research project must be approved by an institutional review board or a privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
- Coroners, Medical Examiners, and Funeral Directors: We may release your PHI to assist in identifying a deceased person or to determine a cause of death.
- Organ or Tissue Procurement Organizations: Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
- Notification: We may use or disclose your PHI to assist in a disaster relief effort so that your family, personal representative, or friends may be notified about your condition, status, and location.
- Correctional Institutions: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of others.
- To Avert a Serious Threat to Health or Safety: We may use your PHI to appropriate authorities when necessary to prevent a serious threat to your health and safety or the health and safety of another person or the public. We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, or domestic abuse or the possible victim of other crimes.
- Military and Veterans: If you are a member of the armed forces, we may release your PHI as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate military authority.
- National Security, Intelligence Activities and Protective Services for the President and Others:We may disclose your PHI to authorized federal officials for intelligence, counterintelligence, provision of protection to the President, other authorized persons or foreign heads of state, and other national security activities authorized by law.
- As Required by Law: We must disclose your PHI when required to do so by applicable federal or state law.
- Health-Related Benefits and Services: We may use and disclose your PHI to tell you about health-related benefits or services that may be of interest to you.
- Appropriate Reminders: We may use or disclose your PHI to provide you with appointment reminders (such as voicemail messages, postcards, or letters). You have a right, as explained below, to request restrictions or limitations on the PHI we disclose. You also have a right, as explained below, to request that information can be communicated with you in a certain way or at a certain location.
- Other Uses and Disclosures of PHI
Your Authorization: We will obtain your written authorization before using or disclosing your PHI for purposes other than those described above (or as otherwise permitted or required by law). If you give us an authorization, you may revoke it by submitting a written notice to our Privacy Official at the address listed below. Your revocation will become effective upon our receipt of your written notice. If your revoke your authorization, we will no longer use or disclose health information about you for the reasons covered by your written authorization. Your revocating will not affect any use or disclosure permitted by your authorization while it was in effect. Unless you give us a written authorization, we cannot use or disclose your health information for any reason except for those described in this Notice.
Psychotherapy Notes: We will not use or disclose psychotherapy notes without your written authorization, and only as permitted by law.
Marketing Health-Related Services: We will not use or disclose your protected health information for marketing communications without your written authorization, and only as permitted by law.
Sale of PHI: We will not sell your protected health information without your written authorization, and only as permitted by law.
- Use of Third Party Record Service. Ethos and/or any of its agents and affiliates keeps and stores records of each client in a record-keeping system produced and maintained by a third-party service (the “Service”). This system is “cloud-based”, meaning the records are stored on servers which are connected to the Internet. The Service employs various technical security measures to maintain the protection of these records from unauthorized use or disclosure. The Service is fully HIPAA compliant. Ethos and/or any of its agents and affiliates has entered into a HIPAA Business Associate Agreement with the Service. Because of this agreement, the Service is obligated by federal law to protect these records from unauthorized use or disclosure.
- Changes to this Notice. We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. We reserve the right to make the changed Notice effective for all health information that we maintain, including health information we created or received before we made the changes. When we make a change in our privacy practices we will change this Notice and make the new Notice available to you.
- Your Health Information Privacy Rights. You have privacy rights under federal and state laws that protect your health information. These rights are important for you to know. You can exercise these rights, ask questions about them, and file a complaint if you think that your rights are being denied or your health information isn’t being protected. Providers and health insurers who are required to follow federal and state privacy laws must comply with the following rights:
To Request Restrictions on Certain Uses and Disclosures of PHI: You have the right to request restrictions on our use or disclosure of your PHI by sending a written request to the Privacy Office. We are not required to agree to those restrictions. We cannot agree to restrictions on uses or disclosures that are legally required, or which are necessary to administer our business. We must agree to the request to restrict disclosure of PHI to a health plan if the disclosure is for the purpose of carrying out payment or healthcare operations and is not otherwise required by law, and the PHI pertains solely to a healthcare item or service for which you, or another individual other than a health plan on behalf of you, has paid us in full.
To Request Confidential Communications: You have the right to request that PHI be communicated to you by alternative means or at alternative locations. For example, you can ask that you only be contacted at work or by mail. We will accommodate all reasonable requests.
To Access PHI: You have the right of access to inspect and obtain a copy of your PHI. You may not be able to obtain all of your information in a few special cases. For example, if your treatment provider determines that the information may endanger you or someone else. In most cases, your copies must be given to you within thirty (30) days, but may be extended for another thirty days, if you are given a reason by us in writing. We may charge you a fee for the costs of copying, mailing, and supplies that are necessary to fulfill your request. In accordance with Texas law, you have the right to obtain a copy of your PHI in electronic form for records that we maintain using an Electronic Health Records (EHR) system capable of fulfilling the request. Where applicable, we must provide those records to you or your legally authorized representative in electronic form within fifteen (15) days of receipt of your written request and a valid authorization for electronic disclosure of PHI. You may request a copy of an authorization from the Privacy Office at the address below.
To Obtain a Paper Copy of the Notice Upon Request: You may request a copy of your current Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. You may obtain a paper copy from the Privacy Office at the address below. A reasonable fee may be charged for the costs of copying, mailing, or other supplies associated with your request.
To Request an Amendment of PHI: If you feel that PHI we have about you is incorrect or incomplete, you may request an amendment to the information. Requests must identify: (1) which information you seek to amend (2) what corrections you would like to make, and (3) why the information needs to be amended. We will respond to your request in writing within sixty (60) days (with a possible 30-day extension). In our response, we will either: (1) agree to make the amendment, or (2) inform you of our denial, explain our reason, and outline appeal procedures. If denied, you have the right to file a statement of disagreement with the decision. We will provide a rebuttal to your statement and maintain appropriate records of your disagreement and our rebuttal.
To Receive an Accounting of Disclosures: You have the right to request an accounting of your PHI disclosures for purposes other than treatment, payment, or healthcare operations. Your request must state a time period. The time period for the accounting of disclosures must be limited to less than six (6) years from the date of the request. We will respond in writing within sixty (60) days of receipt of your request (with a possible 30-day extension). We will provide an accounting per 12-month period free of charge, but you may be charged for the cost of any subsequent accountings. We will notify you in advance of the cost involved, and you may choose to withdraw or modify your request at that time.
To Notification in the Event of a Breach: You have a right to be notified of an impermissible use or disclosure that compromises the security or privacy of your PHI. We will provide notice to you as soon as is reasonably possible and no later than sixty (60) calendar days after discovery of the breach and in accordance with federal and state law.
To File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with our privacy official listed below. You may also file a complaint directly with any or all of the following federal and state agencies: the Secretary of the Department of Health and Human Services, the Office of the Attorney General of Texas, or the applicable Board of the Texas Department of Health and Human Services: Texas State Board of Examiners of Professional Counselors, Texas State Board of Examiners of Marriage and Family Therapists or Texas State Board of Social Worker Examiners. We will provide you with the addresses to file your complaint with the Secretary, the Office of the Attorney General of Texas or the applicable Board of the Texas Department of Health and Human Services: Texas State Board of Examiners of Professional Counselors, Texas State Board of Examiners of Marriage and Family Therapists or Texas State Board of Social Worker Examiners, upon request. You will not be penalized in any way for filing a complaint.
Violation of federal law and regulation on Confidentiality of Alcohol and Drug Abuse Patient Records is a crime and suspected violations of 42 C.F.R. Part 2 may be reported to the United States Attorney in the district where the violation occurs.
If you want more information about our privacy practices or have questions or concerns, please contact us.
The Lovett Center, LLC
900 Lovett Boulevard
Houston, TX 77006