Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Who We Are
This notice describes Delphi Behavioral Health Group’s privacy practices, which includes each of our facilities in California, Florida, Maryland, Massachusetts, and New Jersey. When we say “Delphi” we mean all these facilities, individually and collectively.
Our Privacy and Confidentiality Obligations
We are required by law to maintain the privacy and confidentiality of information about your health, healthcare, and payment for services related to your health (referred to generally in this notice as “protected health information” or “information”) and to provide you with this notice of our legal duties and privacy practices about your protected health information. When we use or disclose this information, we are required to abide by the terms of this notice (or notice in effect at the time of the use or disclosure).
Protected Health Information in connection with substance use disorder services:
- 42 CFR Part 2 protects health information when applying for or receiving services (including diagnosis or treatment, or referral) for substance use disorder. Generally, if you are applying for or receiving services for substance use disorder, we may not acknowledge to any person outside the program that you attend the program except in some cases as listed in this notice.
All Protected Health Information, including substance use disorder services:
- The Health Insurance Portability and Accountability Act (“HIPAA”) Privacy Regulations (45 CFR Parts 160 and 164), also protect your health information whether or not you are applying for or receiving services for substance use disorder. The differences are listed in this notice.
Uses and Disclosures With Your Authorization
Generally, we may use or disclose your protected health information when you give your written authorization in a way that meets the legal and regulatory requirements. You may revoke your authorization in writing unless we have already acted based on that authorization before knowing it was revoked.
But there are some exceptions that allow use and disclosure without your authorization or consent. They are listed below.
Uses and Disclosures Without Your Authorization
Even without your written authorization, we may use and disclose information as explained below. This list applies to all protected health information, including the information we get when you apply for or receive services for substance use disorder.
Treatment. We may use your health information and share it with other professionals who are treating you. We will obtain your consent before sharing your health information with professionals outside of this facility. For example, counselors may disclose your information to each other to coordinate your treatment plan or other services may benefit or interest you.
Health Care Operations. We may use and share your health information to run our facility, improve your care, and contact you when necessary. For example, we may disclose information to qualified personnel for program and outcome evaluation or financial audits. We may disclose your information as needed within Delphi to resolve any complaints or issues that may arise about your care. We may also disclose your protected health information to an agent or agency providing services to Delphi under a qualified service organization agreement or business associate agreement, as long as there is an agreement in place to protect the confidentiality of your information. Health care operations may also include using of your information for Delphi programs, like when we send you an invitation to an alumni event or marketing communications.
Other Permitted Uses and Disclosures. We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We must meet many conditions in the law before we can share your information for these purposes.
- Medical Emergencies. We can disclose your information to medical personnel as is needed to meet a bona fide medical emergency (as defined by 42 CFR Part 2). This information might include HIV status, if applicable.
- Crime on the Premises or Against Program Personnel. We can disclose your information to law enforcement officials if you commit a crime on the premises or against any personnel, or if you threaten to do so.
- Minors. We may disclose to a parent or guardian or other person authorized under state law to act on behalf of a minor, those facts about a minor which are relevant to reducing a threat to the life or physical wellbeing of the minor or any other individual, if the program director judges that the minor applicant lacks capacity to make a rational decision and the minor’s situation endangers the life or physical wellbeing of the minor or any other individual which may be reduced by communicating relevant facts to such person.
- Child Abuse and Neglect. We can disclose protected health information to report child abuse and neglect.
- Deceased and Incompetent Patients. In these cases, we can share protected health information with a personal representative, guardian, or other person authorized by applicable state law.
- Decedents. We can share protected health information with a coroner, medical examiner, or funeral director when an individual dies.
- Respond to Lawsuits and Legal Actions. We can disclose your information in response to a court order that meets legal requirements.
- Law Enforcement Purposes. We can disclose your information to law enforcement if the official has obtained a warrant with a special court order designed to preserve the confidentiality of individuals seeking or receiving substance use disorder treatment services.
- Research. We can use or share protected health information for health research, but only if the researcher has first obtained your consent or consulted an institutional review board formed to protect the privacy of research subjects.
- Marketing Communications. We may contact you with information about Delphi services and products that may be beneficial to you. These communications are part of Health Care Operations. Examples include invitations to alumni events and continuing care programs.
Uses and Disclosures Without Your Authorization – Not in Connection with Substance Use Disorder, Diagnosis, Treatment, or Referral
If you are not applying for or receiving services for substance use disorder, the rules governing the use and disclosure of protected health information are less restrictive in some cases. In this section, we list the additional permitted disclosures that can be made without your authorization if you are not applying for or receiving services for substance use disorder.
Payment. We may use and disclose your protected health information so that the treatment and services you receive at Delphi may be billed to and paid by an insurance company, you, or a third party. For example, we may disclose relevant information to your health plan to obtain approval for your diagnostic testing or treatment services.
When Required by Law. We may disclose your protected health information as required by state or federal law.
Authorized Representatives. We may disclose your health information to a person appointed by a court to represent or administer your interests.
Health or Safety. We may disclose your protected health information to avert or lessen a serious threat of harm to you, to others, or to the public.
Public Health and Health Oversight Activities. We may disclose your protected health information for public health and health oversight purposes, including for licensing, to auditing or accrediting agencies authorized or allowed by law to collect such information, including, for example, when we are required to collect, report or disclose information about disease, injury, vital statistics for public health purposes or other information for investigation, audit, or other health oversight purposes.
Secretary of Health and Human Services. We must disclose your health information to the United States Department of Health and Human Services when requested to enforce the privacy laws.
Reporting for Investigation of Abuse. We may disclose protected health information to a person legally authorized to investigate a report of abuse or neglect.
Law Enforcement Purposes. We may disclose protected health information to law enforcement officials in response to a valid court order or warrant or as otherwise required or permitted by law.
Judicial and Administrative Proceedings. We may disclose your health information under a valid court or administrative order, or in some cases, in response to a valid subpoena or discovery request.
Your Individual Rights
Right to Receive Confidential Communications. Normally we will communicate with you through the phone number or address you provide to us. But you may request, and we will accommodate, any reasonable, written request for you to receive your protected health information by alternative means of communication or at an alternative location.
Right to Request Restrictions. At your request, we will not disclose health information to your health plan if the disclosure is for payment of a health care item or service for which you have paid Delphi out of pocket and in full. You may also request restrictions on our use and disclosure of protected health information for treatment, payment, and health care operations. While we will consider requests for more restrictions carefully, we need not agree to a requested restriction. If you wish to request more restrictions and you are now receiving services, please contact your counselor or case manager. Once you are no longer receiving services, contact the Records Department in writing. We will send you a written response.
Right to Inspect and Copy Your Health Information. You may request access to your medical records for inspection and to request copies of the records. Under limited circumstances, we may deny you access to a portion of your records. If you desire access to your records and are now receiving services, please ask your counselor or case manager. Once you are no longer receiving services, contact the Records Department.
Right to Amend Your Records. You have the right to request that we amend protected health information maintained in your clinical file or billing records. If you desire to amend your records and are now receiving services, please contact your counselor or case manager. Once you are no longer receiving services, contact the Records Department. In some cases, Delphi has the right to deny a request to amend your records and will notify you of this denial as provided in the HIPAA regulations. If your requested amendment to your records is accepted, a copy of your amendment will become a permanent part of the medical record. When we “amend,” a record, we may append information to the original record, rather than physically removing or changing the original record. If your requested amendment is denied, you will be informed of your right to have a brief statement of disagreement placed in your medical record.
Right to Receive an Accounting of Disclosures. Upon request, you may obtain a list of instances when we have disclosed your protected health information other than when you gave written authorization or those related to your treatment and payment for services, or our health care operations. The accounting will apply only to covered disclosures before the date of your request. If you request an accounting more than once during a twelve-month period, we reserve the right to charge a fee. You will be told the cost before the request is filled.
Right to Receive Notification of Breach. You will be notified if we discover a breach has occurred (that is, when your protected health information may have been compromised). A risk analysis will be conducted to determine the probability that protected health information has been compromised. Notification will be made no more than 60 days after the discovery of the breach, unless it is determined by a law enforcement agency that the notification should be delayed.
Right to Receive a Paper Copy of this Notice. Upon request, you may obtain a paper copy of this notice.
If you would like more information about your privacy and confidentiality rights, you may contact the Delphi Records Department at 844-250-0617 or [email protected]. You may contact the Records Department if you are concerned that we have violated your privacy rights, if you disagree with a decision that we made about access to your protected health information, or if you wish to complain about our breach notification process.
You may also file a written complaint with the Secretary of the United States Department of Health and Human Services. Upon request, we will provide you with the address. We will not retaliate against you if you file a complaint. Violation of federal law and regulations on Confidentiality of Substance Use Disorder Patient Records is a crime, and suspected violations of 42 CFR Part 2 may be reported to the United States Attorney in the district where the violation occurs. Upon request, we will provide you with the appropriate agency contact information.
Effective Date and Duration of this Notice
Effective Date. The effective date of this notice is October 25, 2021.
Right to Change the Terms of this Notice. We may change the terms of this notice at any time. If we do so, we may make the new notice terms effective to all protected health information that we maintain, including any information created or received before issuing the new notice. We will post any changes to this notice in public access areas at our service sites and on our internet site at www.DelphiHealthGroup.com. You may also obtain any new notice by contacting the Delphi Records Department.
Records Department. You may contact the Delphi Records Department at 844-250-0617 or by email at [email protected].