This notice describes how medical information about you may be used and disclosed, and how you may obtain access to this information.
Please review this document carefully
Comprehensive Rehab Consultants, CRC, is dedicated to keeping the privacy of your health and medical records protected. This commitment is in line with the Health Insurance Portability and Accountability (HIPAA) Act, a United States federal legislation that provides data privacy and safeguards to medical information. Upon your treatment with us, nurse practitioners, physician assistants, physicians, and other staff may gather information about your health care history including the present. This Notice discusses how that “Protected Health Information,”(PHI) may be used and made available to others. The terms of this Notice cover the health records produced or gathered by Comprehensive Rehab Consultants.
Information used by a government authority, financial institution or insurance carrier to distinguish a person from other individuals such as but not limited to insurance policy number, social security number, credit card number is private. Such information can be used to identify an individual and certain information may be used to contact a person directly.
The aforementioned information are considered to be Personal Information (“PI”) and is private. Information about an individual’s health, such as insurance and billing information, is considered to be Personal Health Information (also known as “PHI”) and is private.
This Policy also will apply to non-personal information if such information can be used in combination with other Personal Information or non-personal information to identify an individual.
Please be aware that this Policy only covers information manually submitted to, or automatically collected by, us through use of this Site and/or our Services.
Comprehensive Rehab Consultants is required by law to uphold the privacy of your PHI and to advise this Notice about our privacy practices that discusses your rights as our patient and how, when, and why we may give out or make use of your PHI.
The federal law requires us to conform to the privacy practices detailed in this Notice, though we reserve the right to revise our privacy practices and the terms stated in this Notice at any time and to apply those conditions to the entire PHI in our custody. If we amend our privacy practices and the conditions of this Notice, we will post a copy in our office in a highly visible location, have copies of the amended Notice available at our headquarters, and give you a copy of the said Notice upon your request. The revised Notice will also be published on our website.
Other partners or third-party establishments or individuals that carry out services on our behalf must also comply in keeping the privacy of your data. These partners are not permitted to issue your information to anyone else unless specifically allowed by law. In addition, there could be other federal or state policies, which may provide further safeguards related to mental conditions, communicable disease, alcohol or substance abuse, or other medical conditions.
As a healthcare provider we are subject to laws and regulations governing the use and disclosure of PHI. In the United States, the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health of 2009 (“HITECH”), along with the regulations adopted under those statutes, and similar state laws (where those laws are more stringent than HIPAA) govern the handling of PHI. Healthcare providers are considered to be Covered Entities under HIPAA and are subject to its rules regarding PHI. If a provider delegates some of its work to a third party, and that party must access PHI in order to perform the work, then such party is considered by HIPAA to be a Business Associate and is subject to the same rules regarding the protection of PHI as the Covered Entity. To enforce protection, HIPAA requires Covered Entities to execute a “Business Associate Agreement” or ”BAA” with each of its Business Associates. Our U.S.-based customers are required to sign a BAA with us. As a Business Associate, we are required to use reasonable and appropriate measures to safeguard the confidentiality, integrity and accessibility of PHI that is stored and processed on behalf of Covered Entities.
We will discuss below the possible ways on how we will use or release your Protected Health Information for treatment, payment, or health care operations. We also cited some examples below, although we may not include every potential use or applications in specific categories.
We could use and may disclose health records about you for your medical treatments and health care purposes. A nurse practitioner or physician assistant may request for a medical record about you to update your health information as an example. Possibly, one of our physicians may use your medical information for consultation and referral should another physician handle your treatment and decide which option will be best for your medical needs. Excluding emergency situations, we will do our best effort, in good faith, to get your consent prior to making disclosures outside of your health facility or CRC for medical purposes.
We could use and may disclose health records about you to get payment for the medical care that we have successfully delivered to you. We may give your health plan provider a copy of the information about you including your diagnosis and the services administered to you while under our care so that your insurer could provide us payment, or recompense you, for the treatment. We may also get in touch with your health insurance provider to obtain prior consent about a possible treatment.
We could use and may disclose health records about you for CRC’s health care operations, which may include management, therapy sessions, quality assessment, and planning for the health services that we provided. Possibly, we may utilize your health records to assess the capability of our physicians and other health care workers in providing care for you. We may also use your data to evaluate health and quality results. In cases where we should share your health information outside CRC or other health facilities, we will ask your consent first before making any disclosures.
We could use and may disclose PHI to remind you of scheduled facility visits and to advise essential information about your appointment. We may also use or share health information to advise you on recommended potential alternative or medical options that you find interesting, or, subject to specific limitations, or to let you know about health- related advantages, and services. We may utilize email, phone calls or written communications to provide these types of information.
In some specific situations, CRC may share your important health information to people who are providing help on your treatment, either physically or financially, such as relatives, family members, or friends.
We may share information with them only if it’s necessary for these individuals to have the records in order to help you. For instance, we may give specific information to a family member so that they may purchase a prescription on your behalf. In most cases, we will get your consent first before any disclosure is made. In some instances where you are not capable of making health-related decisions, or there’s an emergency, CRC may choose to share relevant health information about you to the individual helping in your care.
In addition, we could use and may disclose your health record for the purpose of finding and informing your family or close personal friends of your location, health condition, or death, and to groups that are involved in those responsibilities during disasters.
Federal law authorizes CRC to use or disclose your health information for purposes of research, provided an Institutional Review Board reviewed and approved the research
to safeguard the confidentiality of your health data prior to the start of the study. With your written consent, we may share your health record. In some cases, researchers may be permitted to use information about you with some restrictions to determine
whether the possible research participants are appropriate. CRC will make sure, in good faith, to get your permission or refusal to partake in any study before disclosing any private information about you.
CRC maintains a normative database with de-identified information that is used for certain commercial purposes. All pieces of data (data elements) that can, individually or in combination, be used to uniquely identify an individual are removed. These data elements are:
We could use and release PHI about you in the circumstances listed below, with compliance to certain legal conditions described in the HIPAA Privacy Rule.
If you are military personnel or a veteran, we could disclose health information about you as ordered by command authorities; or if you have given us written consent. We may also share your health records for other specific government functions including intelligence work or national security.
If you are eligible for compensation due to an injury related to work, we may disclose health information about you for the purpose of compliance with the Workers Compensation claims.
We could use and release health information to your company if you are under health treatment with us upon the request of your employer, and there’s a provision of medical services either to conduct an assessment concerning the medical review of the workplace or to determine whether you have a work-related injury or disease. In such situations, we will send you a notice about the PHI disclosure. Further disclosures to your employer will only happen if you authorize the disclosure of that information.
We must share health information with a government health oversight department for activities that are obliged by state, federal, or local law. Oversight undertaking may include inspections, audits, and industry inspections and licenses. These events are needed to allow government agencies to observe various health care systems, government programs, and healthcare industry compliance with civil rights laws. Almost every state requires that classifying information about you be omitted from the records for health oversight reasons unless you have provided written content for the disclosure.
We could release health information if you are implicated in a dispute, lawsuit, or other legal proceedings, as may be required by a court or other lawful process, as last option should all efforts have been exhausted to notify you about the order, or acquire an order withholding the information asked for.
We may share your health information with a law enforcement authority if obliged by law, including some burns and gunshot wounds. We may also release information about you to law enforcement that is not related to your health data because of the following reasons:
We may disclose your health information if you are a prisoner of a correctional institution or under the custody of a law enforcement agency, only as the law requires it or with written consent from you. The disclosure is for the purpose of others and your health and safety, as well as for the safety and security of the penal institution.
We may disclose your PHI to an authorized medical examiner or coroner. This may be needed, for instance, to identify a deceased person’s body or to establish the cause of death. For a funeral director to perform his/her duties, we may also disclose your PHI whenever necessary.
In cases of privacy violations, the Secretary of the Department of Health and Human
Services (HHS) may decide to investigate. If requested, we must share your information with HHS as part of their investigation.
For other purposes which were not included above, we could only use or may disclose your health information upon your valid authorization. For instance, you should sign a consent form before we can send your medical records to your life insurance company. At any given time, you can opt to revoke your authorization.
We must also seek your written consent before your health information can be used for advertising and marketing purposes except to the following :
We can give you marketing resources with a face-to-face meeting or a sponsored gift of a small value should we choose to.
We may inform you about products or services related to your medication, supervise your care, or provide you with data about other treatments, and providers.
Federal and state law mandates distinct privacy safeguards for specific “Highly Confidential Information” about you, including any aspect of your health information that is regarding:
Prior to sharing your Highly Confidential Information for a purpose outside the law permits, we are required to ask for your written consent.
It is your right to review and be given a copy of your PHI. Before inspecting your records. your nurse, doctor, or the Medical Records Department should be notified with a request. Prior to disclosing copies of your PHI, the Medical Records Department should be advised first. For PHI in a selected recordset that is kept in an electronic format, you can request an electronic copy of such data. There may be a fee for requesting copies of your PHI.
Should you notice that there’s a possible error or lacking data on your health record, you are allowed to ask us to change the information, provided that CRC keeps the information. A written and a signed request is required for CRC to apply such correction. If your request is denied, we shall provide you with an explanation in writing. You may reply with a statement of disagreement and it will be added to your existing record. If we agree to your request to change the information, our process would be to notify others,
including those you identified, of the revision and to include the amendments in any future releases of that information.
It is your right to request a limitation or restraint on certain uses and sharing of your health information.
To request limitations, you must submit a written request to CRC with the following details :
You or your authorized representative must sign it.
While we are not obliged to approve your request, it will be in our best effort to assess all reasonable requests when suitable. We maintain the right to dismiss an agreed-to restriction if we believe such is necessary and appropriate. In the event of cessation, we will notify you of such termination. You also have the right to dismiss, either in oral or writing, any agreed-to restriction.
With some specific exceptions, you have the right to obtain a record of certain releases of your PHI. Your documentation request must be in writing and signed by you or your authorized representative and submitted to CRC. Your request must include the specific time in which the disclosures were made. The disclosures can only cover up to six years from the date of your request. You could get a one-time free record in any 12-month period. Additional requests will require certain fees.
It is your right to request that we discuss with you medical concerns in a confidential manner or at a particular location. You may request that we only notify you via mail to a post office box as an example. You must submit a written request to CRC. We will not question the reason for your request. Your request must also stipulate how or where you want to be contacted. All reasonable requests will be accommodated by CRC.
Even if you arranged to receive the Notice electronically, you have the right to request a paper copy of this Notice of Privacy Practices. At any time, you could request us to give you a copy of this Notice.
Other uses and releases of your health information not discussed in this Notice or covered by the laws that govern us will be furnished only with your written consent. It is within your right to retract your permission in writing at any moment, and CRC will cease future uses and disclosures of your health information for the grounds covered by your authorization. We will no longer be able to renounce any disclosures that were already arranged with your authorization, and we are required to maintain the information of the care that we provided to you.
If you have inquiries or would like to know further details, you may contact CRC at HIPAA@crehabconsultants.com
You may submit any grievances regarding the violations of your privacy rights, you may contact CRC at firstname.lastname@example.org
You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services if you believe that your rights have been violated. Rest assured that CRC will apply its non-retaliation policy for all valid complaints.
If we apply a substantial modification to this Notice, we will provide a revised Notice available at our facility or on our web site, crehabconsultants.com
Except where otherwise stated, to implement any of the rights defined in this Notice, for further information, or to file a complaint, please contact CRC at email@example.com or by mail at the address below
Comprehensive Rehab Consultants
17W110 22nd St, Suite 618
Oakbrook Terrace, IL 60181
We would love to hear from you. Fill out our contact form and our team will get back to you as soon as possible.