Health Insurance Portability and Accountability Act (HIPAA) Notice

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. During your interaction with Texas A&M Emergency Care Team, personal information may be gathered from you. This information is for TAMECT record-keeping purposes only and will not be used in any way to attempt to secure financial compensation (personal or via insurance) for our services.

PLEASE REVIEW THE FOLLOWING CAREFULLY.

Texas A&M University Emergency Care Team is required by law to maintain the privacy of certain confidential health information known as Protected Health Information and electronic protected health information, or PHI and e-PHI, and to provide you with a Notice of our legal duties and privacy practices with respect to your PHI and e-PHI. We are required to abide by the terms of this version of this notice, most currently in effect.

USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION (PHI) Texas A&M University Emergency Care Team may use PHI/e-PHI for the purposes of treatment, payment, and health care operations, in most cases without your written permission. Examples of our use of your PHI/e-PHI for these purposes are: For Treatment – This includes such things as verbal and written information that we obtain about you and use pertaining to your medical condition and treatment provided to you by us and other medical personnel including doctors who give orders to allow us to provide treatment to you. It also includes information we give to other healthcare personnel to whom we transfer your care and treatment, which includes transfer of PHI/e-PHI via radio or telephone to the hospital or dispatch center as well as providing the hospital with a copy of the written record we create in the course of providing you with treatment and transport. For Payment – This includes any activities we must undertake in order to get reimbursed for the services we provide to you, including such things as organizing your PHI/e-PHI and submitting bills to insurance companies (either directly or through a third party billing company) management of billed claims for services rendered, medical necessity determinations and reviews, utilization review, and collection of outstanding accounts. For Health Care Operations – This includes quality assurance activities, licensing, and training programs to ensure that our personnel meet our standards of care and follow established policies and procedures, obtaining legal and financial services, conducting business planning, processing grievances and complaints, and creating reports that do not individually identify you for data collection purposes.

OTHER PERMITTED USES AND DISCLOSURES OF PHI Other ways in which Texas A&M University Emergency Care Team is permitted to use and/or disclose your PHI/e-PHI are: As Required by Law - We may use or disclose your PHI/e-PHI to the extent that federal, state, or local law requires the use or disclosure. When used in this Notice, “required by law” is defined as it is in the HIPAA Privacy Regulations. For Public Health Activities – We may use or disclose your PHI/e-PHI for public health activities that are permitted or required by law. For example, we may use or disclose information to a public health authority authorized to receive reports of child abuse or neglect. For Health Oversight Activities – We may disclose your PHI/e-PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, licensure or disciplinary actions, civil, administrative, or criminal proceedings or other activities. Oversight agencies seeking this information include government agencies that oversee (1) the healthcare system, (2) government benefit programs, (3) other government regulatory programs, and (4) compliance with civil rights laws. Reporting Abuse or Neglect – We may disclose your PHI/e-PHI to a government authority that is authorized by law to receive reports of abuse, neglect, or domestic violence. Additionally, as required by law, we may disclose to a government entity authorized to receive such information, if we believe that you have been a victim of abuse, neglect, or domestic violence. Legal Proceedings – We may disclose your PHI/e-PHI (1) in the course of any judicial or administrative proceeding (2) in the response to an order of a court or administrative tribunal to the extent such disclosure is expressly authorized (3) in response to a subpoena, a discovery request, or other lawful process, once we have met all administrative requirements of the HIPAA Privacy Regulations. Law Enforcement – Under certain conditions, we also disclose your PHI/e-PHI to law enforcement officials. Some of the reasons for such a disclosure may include, but not limited to: (1) it is required by law or some other legal process (2) it is necessary to locate or identify a suspect, fugitive, material witness, or missing person (3) it is necessary to provide evidence of a crime that occurred on our premises. For Research – We may disclose your PHI/e-PHI to researchers when an institutional review board or privacy board has (1) reviewed the research proposal and established protocols to ensure the privacy of the information and (2) approved the researched. Coroners, Medical Examiners, Funeral Directors, and Organ Donation – We may disclose PHI/e-PHI to a coroner or medical examiner for purposes of identifying a deceased person, determining a cause of death, or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose, as authorized by law, information to funeral directors so that they may carry out their duties. Further, we may disclose PHI/e-PHI to organizations that handle organ, eye, or tissue donation and transportation. To Prevent a Serious Threat to Health or Safety – Consistent with federal and state laws, we may disclose your PHI/e-PHI if we believe that the disclosure is necessary to prevent or lessen a serious and imminent threat to health or safety of a person or the public. We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual. Military Activity and National Security, Protective Services – Under certain conditions, we may disclose your PHI/e-PHI if you are, or were, Armed Forces personnel for activities deemed necessary by appropriate military command authorities. If you are a member of foreign military service, we may disclose your information to the foreign military authority. We also may disclose your PHI to authorized federal officials for conducting national security and intelligence activities, and for the protection of the President, other authorized persons, or heads of state. Inmates – If you are an inmate of a correctional institution, we may disclose your PHI/e-PHI to the correctional institution or to a law enforcement official for (1) the institution to provide health care to you (2) your health and safety and the health and safety of others, or (3) the safety and security of the correctional institution. Worker’s Compensation – We may disclose your PHI/e-PHI to comply with worker’s compensation laws and other similar programs that provide benefits for work related injuries or illnesses. Others Involved in Your Health Care (TAMU CIRT) – Unless you object in writing we may disclose your PHI/e-PHI to a friend or family member that you have identified as being involved with your health care. We also may disclose your information to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location. If you are not present or able to agree to these disclosures of your PHI/e-PHI, then we may, using our professional judgment, determine whether the disclosure is in your best interest.REQUIRED DISCLOSURES OF YOUR PHI

The following is a description of the disclosures that we are required by law to make. Disclosures to the Secretary of the U.S. Department of Health and Human Services – We are required to disclose your PHI/e-PHI when the Secretary is investigating or determining our compliance with HIPAA Privacy Regulations. Disclosure to You – We are required to disclose to you most of your PHI in a “designated record set” when you request access to this information. Generally a “designated record set” contains medical and billing records as well as other records that are used to make decisions about your health care benefits. You also have the right to request to view your e-PHI in electronic form. We are also required to provide, upon your request, an accounting of most disclosures of your PHI/e-PHI.

OTHER USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION

Other uses and disclosures of your PHI/e-PHI that are not described above will be made only with your written authorization. If you provide us with such an authorization, you may revoke the authorization in writing, and this revocation will be effective for future disclosures of PHI/e-PHI. However, the revocation will not be effective for information that we have used or disclosed relying on the authorization.

YOUR RIGHTS

The following is a description of your rights with respect to your protected health information. Right to Request a Restriction – You have the right to request a restriction of the PHI/e-PHI we use or disclose about you for treatment, payment or health care operations. We are not required to agree to any restriction that you request unless you have paid the provider in full, out of pocket, at the time of the request. If we do agree to the restriction, we will comply with the restriction unless the information is needed to provide emergency treatment to you. Right to Request Confidential Communications - If you believe that a disclosure of all or part of your PHI/e-PHI may endanger you, you may request that we communicate with you regarding your information in an alternative manner or at an alternative location. For example, you may request that we contact you only at your work. Right to Inspect and Copy - You have the right to inspect and copy your PHI/e-PHI that is contained in the “designated record set.” However, you may not inspect or copy psychotherapy notes or certain other information. We may deny your request to inspect and copy your PHI/e-PHI in certain limited circumstances. If you are denied access to your information, you may request that the denial be reviewed. A licensed health care professional chosen by us will review your request and the denial. The person performing the review will not be the same one who denied your initial request. Under certain conditions our denial will not be reviewable. If this event occurs, we will inform you in our denial that the decision is not reviewable. Right to Request Amendment - If you believe that your PHI/e-PHI is incorrect or incomplete, you may request that we amend your information. In certain cases, we may deny your request for amendment. If we deny your request, you have the right to file a statement of disagreement with us. This statement will be linked with the disputed information and all future disclosures of the disputed information will include your statement of disagreement. Right of Accounting – You have a right to an accounting of most disclosures of your PHI/e-PHI. An accounting will include the date(s) of disclosure, to whom we made the disclosure, a brief description of the information disclosed, and the purpose of the disclosure. Your request may be for disclosures made up to six years for PHI and three years for e-PHI before the date of your request, but in no event, for disclosures made before April 14, 2003. Right to a Paper Copy of This Notice – You have the right to a paper copy of this Notice, even if you have agreed to accept this notice electronically.

PHI/e-PHI Breach Notification

Texas A&M Emergency Care Team must notify you of all unsecured PHI/e-PHI that has been, or is reasonably believed to have been breached. We will provide you with an individual notice, written, via first-class mail to the last known address, or email if you specify, no later than 60 days after discovery of the breach.

COMPLAINTS

You also have the right to complain to us, or to the Secretary of the United States Department of Health and Human Services if you believe your privacy rights have been violated. You will not be retaliated against in any way for filing a complaint with us or to the government. Should you have any questions, comments, or complaints you may direct all inquiries to the privacy officer listed at the end of this notice. Texas A&M University Emergency Care Team reserves the right to change the terms of this Notice at any time, and the changes will be effective immediately and will apply to all protected health information that we maintain. Any material changes to the Notice will be promptly posted in our facilities and posted on our web site, if we maintain one. 

If you have any questions or if you wish to file a complaint or exercise any rights listed in this Notice, please contact: TAMECT President at president@tamect.tamu.edu or by phone at (979) 299-9326.

Adopted with permission from Texas A&M Emergency Medical Services (TAMU EMS). Effective 12/2010.