COGNIT CORPORATION NOTICE OF PRIVACY PRACTICES
Effective Date of Notice: April 15, 2013
We do not collect any identifying information so your identity cannot be ascertained from any information disclosed, i.e., Cognit is used on a completely anonymous basis. For the protection of your privacy we ask that you create a username that cannot be used to identify you and you do not enter any information that can be used to identify you. Anonymity under the federal Common Rule requires that individuals cannot be readily ascertained by the investigator and cannot be associated with the data. According to the Common Rule standard, anonymous data may retain dates of treatment.
Should you choose to enter any information that could be used to identify you, you are protected by the Health Insurance Portability and Accountability Act H.I.P.A.A..
Health Insurance Portability and Accountability Act (H.I.P.A.A.)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are required by law to maintain the privacy of your Protected Health Information (“PHI”). PHI is personal information about you that may be used to identify you and relates to your past, present or future physical or mental health or condition, including treatment.
This Notice explains our legal duties and privacy practice with regard to your PHI. We are required by federal law to provide you with a copy of this Notice and to abide by the terms of this Notice. Accordingly, we will ask you to acknowledge that we have provided you with an electronic copy of the Notice. If you elect to you have the right to obtain a paper copy upon request.
We reserve the right to change the terms of this Notice at any time. The change may be retroactive and cover PHI that we received or created prior to the revision. If we do change the Notice, a copy of the new Notice will be posted in the Cognit Learning Management System (LMS) and on our website. We will provide you with a copy of the revised Notice upon your request.
I. PATIENT RIGHTS
You have six rights as a subscriber of Cognit:
1. The right to consider and sign an authorization for a non-authorized use: The law only allows us to use or disclose your PHI in certain circumstances, as explained more fully below. If we need to make a use or disclosure that does not fall into one of those exceptions we will ask you to sign an authorization. If we do not have a valid authorization on file specifically authorizing the proposed use or disclosure, then we will not make that use or disclosure. You may revoke an authorization at any time in writing, but the revocation will not apply to uses or disclosures we have already made in reliance on your original authorization.
2. The right to access your PHI: You have a right to access and receive a copy, summary or explanation of your PHI. If you want to exercise this right please ask for a Request to Access Medical Records form. This right does not extend to notes or information gathered by a third party that is not an employee of Cognit Corporation or information compiled in reasonable anticipation of legal action. We have the right to deny you access, but you will be notified of the reason for denial and be given the right to have the denial reviewed under certain circumstances.
3. The right to request restrictions on certain uses and disclosures: You may request restrictions of uses or disclosures of your PHI when it is used to carry out your treatment, obtain payment for your treatment or perform healthcare operations of our practice. You must request the restriction before we have used or disclosed the relevant information. We are not required to agree to the restriction, and we have the right to decide not to accept the restriction and not to treat you.
4. The right to receive confidential communications: You may request that we make confidential communications to you by an alternative means or at an alternative location. The request must be in writing we will accommodate reasonable requests.
5. The right to amend PHI: You have the right to ask us to amend your PHI. If you want to exercise this right, please ask us for a Request for Amendment of Medical Records form. You will need to complete this form, provide a reason for the request and submit it to us. We have the right deny your request for amendment, if we determine that your record was not created by us, is not maintained by us, would not be available for access, or is not accurate and complete. Your records will not be changed or deleted as a result of our granting your request, but the amendment will be attached to your record and its existence noted in your record as necessary. (Note: use of this procedure is not necessary for routine changes to your demographic information.)
6. The right to receive an accounting: You have the right to receive an accounting of our uses and disclosures of your PHI. If you want to exercise this right, please ask us for a Request for Accounting form. You will need to complete this form and submit it to us. The accounting does not have to list disclosures made (i) to carry out treatment, payment and healthcare operations; (ii) to you; (iii) pursuant to an authorization; (iv) for national security or intelligence purposes; (v) to correctional institutions or law enforcement personnel or (vi) that occurred prior to April 14, 2013. (Note: compliance with this right is time-consuming, and so we reserve the right to charge you a fee.)
II. USES AND DISCLOSURES
We intend to limit the disclosure of your PHI to that necessary for Treatment and Operations:
Treatment refers to specific sharing and use of your PHI relating to your direct care by our employees, including consulting other professionals and the use of disease management programs. For example, we will disclose your PHI to another health care professional or a testing facility to whom you have been referred for care or for assistance with treatment.
Operations refers to specific sharing and use of your PHI necessary for our administrative and technical operations, within the limitations imposed by professional ethics. Permissible activities would include, but are not limited to, accounting or legal activities, quality assessment, employee review, student training and other business activities. For example, we might need to disclose your PHI to a new employee as part of the educational process.
We will NOT permit the following disclosures without your written authorization, and your refusal to provide such authorization will not affect our duty to treat you:
Marketing. To your employer, except where necessary for provision of care or payment purposes (for example, if your employer is self-insured).
Disclosures outside our offices, unless for treatment, payment or operations.
For research purposes, unless certain safeguards are taken.
We may make disclosures in certain situations as required by law, even without your written authorization. These situations include, but are not limited to:
If all identifying information is removed so your identity cannot be ascertained from the information disclosed, i.e., on a completely anonymous basis.
When required by law, for example, public health reporting purposes or to a person who may be affected by a communicable disease.
To your employer, if we are providing care to you at your employer’s request to evaluate a work-related illness or injury, or medical surveillance of your workplace.
Pursuant to a warrant or court order.
For health oversight purposes as authorized by law, for example, an investigation of our practice for purposes unrelated to your treatment.
To a public health authority as required by law, including those designated to receive notification of abuse or neglect.
To the U.S. Food and Drug Administration, in the event of an adverse event.
To law enforcement for certain purposes.
Related to a judicial or administrative proceeding, including subpoenas.
For national security and intelligence purposes, or to correctional institutions.
For purposes of worker’s compensation law (or a similar law).
Regarding a decedent, including to a funeral director.
For military or veteran’s activities.
III. ORGANIZATIONAL POLICIES
We do not collect any identifying information so your identity cannot be ascertained from any information disclosed, i.e., Cognit is used on a completely anonymous basis.
You should also be aware of the following policies regarding our uses and disclosures of your PHI. You cannot avoid these uses and disclosures, but you should discuss any questions or concerns you might have with us:
We share PHI with third-party “business associates” that perform various functions for us (for example, counseling and treatment), but we have written contracts with those entities containing terms that require the protection of your PHI.
We will disclose your PHI to your personal representative(s), if any, unless we determine in the exercise of our professional judgment that such disclosure should not be made.
IV. QUESTIONS AND COMPLAINTS
You may complain to our Privacy and Security Officer or the United States Secretary of Health and Human Services if you believe your privacy rights have been violated. To complain to the Secretary, your complaint must be in writing, name us, describe the acts or omissions believed to be in violation of your privacy rights and be filed within 180 days of when you knew or should have known that the act or omission occurred.
You can file a complaint with us by asking for a Complaint Reporting Form. We will not retaliate against you for filing a complaint. If you want further information about the complaint process, please email our Privacy and Security Officer.