Effective December 1, 2019
Goodwin House takes your privacy seriously. Please review this policy carefully. This privacy notice covers the information we collect on the Goodwin House website. This notice covers:
- What personally identifiable information is collected from you through the website, how it is used and with whom it is shared.
- What choices you have regarding the use of your information.
- The security procedures we have put in place to protect your information.
- The procedures you can use to correct any inaccuracies in your information.
If you have any questions, please contact our Privacy Officer at 703.824.1111. Written requests should be addressed to:
Written requests should be addressed to:
Goodwin House Incorporated
Attn: Privacy Officer
4800 Fillmore Avenue
Alexandria, Virginia 22311
Information Collection, Use and Sharing
Goodwin House is the sole owner of the information collected on this website. We only have access to or collect information you voluntarily share with us via email, forms you send to us or other direct contact from you. We will not sell or rent this information with anyone.
We are required by law to:
- Ensure any health information that identifies you is kept private and secure.
- Offer you this notice of our legal duties and privacy practices regarding your health information you have shared with us.
Your Choices Regarding Your Information
You have the right to object to Goodwin House’s sharing of your personal health information to family members, personal representatives, close friends or someone responsible for your care.
To prevent this sharing of information, you must notify the Privacy Officer by calling 703.824.1111 and following the process they will provide you.
You may choose to opt out of any email lists at any time by choosing to unsubscribe via email.
You have the right to see what information we have collected about you. You also have the right to correct any information that is wrong.
Our Security Measures
We have taken the following precautions to protect any information you have shared with us via the website.
When you submit sensitive information via the website, your information is protected both online and offline. The sensitive information you submit, such as a credit card number for a donation, is encrypted and transmitted to us in a secure manner. You can verify this by looking for a lock icon in the address bar, and by the “https” at the beginning of the address of the Web page.
While we use encryption to protect sensitive information transmitted online, Goodwin House has also taken steps to secure your information offline. Only trusted employees who actually need the information to perform their job have access to information that identifies you. The computers and servers which store personally identifiable information are kept in a secure environment.
To Correct Inaccuracies
If your personal health information or other information changes, please contact our Privacy Officer at 703.824.1111 to discuss the specific procedure for correcting it.
OUR PLEDGE REGARDING HEALTH INFORMATION
It is the intent of the Board of Trustees and management of all Goodwin House communities, our affiliated organizations (Goodwin House Foundation, Goodwin House Community Services, and Goodwin House Development Corporation), to conduct all business with residents in a professional, compassionate and ethical manner. All staff members, Board members, volunteers, Business Associates, and other persons or entities defined as “covered entities” under the Health Insurance Portability and Accountability Act (HIPAA) statute are responsible for ensuring their conduct and practices are consistent with our Privacy Notice. Conduct violating this Notice or the Privacy Rule may be cause for various sanctions, penalties, and disciplinary action including, but not limited to, termination of employment, termination of the business relationship with GH, and fines or imprisonment imposed by governing authorities.
Where “Goodwin House Incorporated,” “GH” and “we” are used in this Notice, it should be understood as applying to Goodwin House and its current and future affiliated organizations.
We understand that health information about you and your health care is personal. We are committed to protecting health information about you. We create a record of the care and services you receive from us. We need this record to provide you with quality care and to comply with certain legal requirements. This notice will tell you about the ways in which we may use and disclose health information about you. This notice also describes your rights to get access to the health information we keep about you and describes certain obligations we have regarding the use and disclosure of your health information.
We are required by law to:
- Make sure any health information that identifies you is kept private.
- Give you this notice of our legal duties and privacy practices with respect to health information about you.
- Follow the terms of the Notice of Privacy Practices currently in effect.
YOUR RIGHTS REGARDING HEALTH INFORMATION ABOUT YOU
You have the following rights with respect to your Protected Health Information:
- Right to Inspect and Copy: You have the right to inspect and copy all or any part of your medical or health record, as provided by federal regulations. You may request and receive an electronic copy of your protected health information, or “PHI,” if Goodwin House maintains your PHI in an electronic health record. To inspect and copy your PHI, you must submit your request in writing to our Privacy Officer at the address listed on the top of this notice. If you request a copy of your PHI, we may charge a reasonable, cost-based fee in accordance with state law for the costs associated with fulfilling your request. We may deny your request to inspect and copy your PHI in certain limited circumstances.
- Right to Amend: You have the right to request that we amend your PHI or a medical or health record about you if you feel the health information we have about you is incorrect or incomplete. You have the right to request an amendment for as long as we keep the information. To request an amendment, your request must be made in writing, submitted to our Privacy Officer at the address listed at the top of this page of this notice. You must provide a reason supporting your request for an amendment.We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- Was not created by us, unless you provide a reasonable basis for us to believe that the person or entity who created the information is no longer available to make the requested amendment
- Is not part of the health information kept by or for our facility
- Is not part of the information which you would be permitted to inspect and copy
- Is accurate and complete
- Any amendment we make to your PHI or other medical or health records about you will be disclosed to those with whom we disclose information.
- Right to an Accounting of Disclosures: You have the right to request a list accounting for any disclosures of your PHI we have made, except for disclosures made for the purpose of treatment, payment, health care operations, and certain other purposes if such disclosures were made through a paper record or other health record that is not electronic, as set forth in federal regulations. If you request an accounting of disclosures of your PHI, the accounting may include disclosures made for the purpose of treatment, payment, and health care operations to the extent that disclosures are made through an electronic health record. To request an accounting of disclosures, you must submit your request in writing to our Privacy Officer at the address listed at the top of the page of this notice. Your request must state a time period, which may not be longer than six years. The first list you request within a 12 month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved, and you may choose to withdraw or modify your request at that time before any costs are incurred. We will, to the extent possible, mail you a list of disclosures in paper form within 60 days of your request, or notify you if we are unable to supply the list within that time period and by what date we can supply the list, which will be no later than 90 days from the date you made the request.
- Right to Request Restrictions: You have the right to request a restriction or limitation on the use and disclosure of your PHI. You also have the right to request a restriction or limitation on the disclosure of your PHI to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we restrict a specified nurse from use of your PHI or that we not disclose information to your spouse about a surgery you had. We are not required to agree to your request for restrictions, unless you pay for a service entirely out-of-pocket. If you pay for a service entirely out-of-pocket, you may request that information regarding the service be withheld and not provided to a third-party payor for purposes of payment or health care operations. We are obligated by law to abide by such restrictions.To request a restriction on the use and disclosure of your PHI, you must make your request in writing to our Privacy Officer at the address listed at the top of this page of this notice. In your request, you must tell us what information you want to limit and to whom you want the limitations to apply; for example, the use of any PHI by a specified nurse, or disclosure of specified surgery to your spouse. We will notify you of our decision regarding the requested restriction. If we do agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment.
- Right to Receive Confidential Communications: You have the right to request that we communicate with you about your health information in a certain way or have such communications addressed to a certain location. For example, you can ask that we only contact you at an alternate location or by mail to a post office box. To request confidential communications, you must make your request in writing to our Privacy Officer at the address listed at the top of the page of this notice. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- Right to a Paper Copy of this Notice: You have the right to obtain a paper copy of this notice at any time upon request. At the time of first service rendered, we are required to provide you with a paper copy of this notice. To obtain a copy of this notice at any other time, please request it from our Privacy Officer at the address listed at the top of the page of this notice.
- Right to Revoke Authorization: If you execute any authorization(s) for the use and disclosure of your PHI, you have the right to revoke such authorization(s), except to the extent that action has already been taken in reliance on such authorization.
- Right to Receive Notification of a Breach: You have the right to receive notification if we discover a breach of any of your PHI that is not secured in accordance with federal guidelines.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU WITHOUT YOUR AUTHORIZATION
The following categories describe different ways we can use and disclose your PHI without your authorization. For each category of these types of uses or disclosures, we will explain what we mean and give examples. Not every use or disclosure in a category is listed.
- For Treatment: We may use your PHI to provide you with health care treatment of services. We may disclose your PHI to provide you with health care treatment or services. We may disclose your PHI to doctors, nurses, technicians, health students, or other personnel who are involved in taking care of you. They may work at our facility, at the hospital if you are hospitalized under our supervision, or at a doctor’s office, lab, pharmacy, or other health care provider to whom we may refer you for consultation, to take X-rays, to perform lab tests, to have prescriptions filled, or for other treatment purposes. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian at our facility if you have diabetes so we can arrange for appropriate meals. We may also provide your PHI to an entity assisting in a disaster relief effort so your family can be notified about your condition, status and location.
- For Payment: We may use and disclose your PHI so that the treatment and services you receive from us may be billed to and payment collected from you, an insurance company or a third party. For example, we may need to give your health plan information about treatment you receive while at our facility so your health plan will pay us or reimburse you for the treatment. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
- For Health Care Operations: We may use and disclose your PHI for operations of our facility. These uses and disclosures are necessary to run our facility and ensure all of our patients receive quality care. For example, we may use health information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine health information about many patients to decide what additional services we should offer, what services are not needed, whether certain new treatments are effective, or to compare how we are doing with others and to see where we can make improvements. We may remove information that identifies you from this set of health information so others may use it to study health care delivery without learning who our specific patients are.
- For Research: We may disclose your PHI for the purpose of research. We will only disclose your PHI for research purposes upon your express authorization or if the research protocol has been approved by an institutional review board has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
- For Quality Improvement: We may use your PHI as a tool for quality assurance and continuous quality improvement.
- As Required By Law: We may disclose your PHI when required to do so by federal, state or local law.
- To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
- Military and Veterans: If you are a member of the armed forces or separated/discharged from military services, we may release your PHI as required by military command authorities or the Department of Veterans Affairs when applicable. We may also release health information about foreign military personnel to the appropriate foreign military authorities.
- Workers’ Compensation: We may release your PHI as authorized by, and in compliance with laws related to workers’ compensation and similar programs established by law that provide benefits for work-related illnesses and injuries without regard to fault.
- Public Health Risks: We may disclose your PHI for public health activities. These activities generally include the following:
- Prevent or control disease, injury or disability
- Report births and deaths
- Report abuse or neglect
- Report reactions to medications or problems with products
- Notify people of recalls of products they may be using
- Notify person or organization required to receive information on FDA-regulated products
- Notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
- Notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law
- Health Oversight Activities: We may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
- Law Enforcement: We may disclose your PHI to law enforcement officials for law enforcement purposes including the following:
- In reporting certain injuries, as required by law, gunshot wounds, burns, injuries to perpetrators of crime
- In response to a court order, subpoena, warrant, summons or similar process
- To identify or locate a suspect, fugitive, material witness or missing person
- Name and address
- Date of birth or place of birth
- Social security number
- Blood type or Rh factor
- Type of injury
- Date and time of treatment and/or death, if applicable
- A description of distinguishing physical characteristics
- About the victim of a crime, if the victim agrees to disclose or under certain limited circumstances, we are unable to obtain the person’s agreement
- About a death we believe may be the result of criminal conduct
- About criminal conduct at our facility
- In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime
- Organ and Tissue Donation: We may disclose your PHI to organizations involved in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue, for the purpose of facilitating organ, eye, and tissue donation where applicable.
- Abuse, Neglect and Domestic Violence: We may disclose your PHI to an appropriate governmental authority if we reasonably believe you may be a victim of abuse, neglect, or domestic violence.
- Coroners, Health Examiners, and Funeral Directors: We may disclose your PHI to a coroner or health examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose your PHI to funeral directors as necessary to carry out their duties.
- National Security and Intelligence Activities: We may disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law, or for the purpose of providing protective services to the President or foreign heads of state.
- Protective Services for the President and Others: We may disclose your PHI to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
- Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the correctional institution or law enforcement official. This release would be necessary: (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
EXAMPLES OF OTHER PERMISSIBLE OR REQUIRED DISCLOSURES OF HEALTH INFORMATION ABOUT YOU WITHOUT YOUR AUTHORIZATION
- Business Associates: Some activities of Goodwin House are provided on our behalf through contracts with business associates. Examples of when we may use a business associate include coding and claims submission performed by a third-party billing company, consulting and quality assurance activities provided by an outside consultant, billing and coding audits performed by an outside auditor, and other legal and consulting services provided in response to billing and reimbursement issues which may arise from time to time. When we enter into contracts to obtain these services, we may need to disclose your PHI to our business associates so the associate may perform the job which we have requested. To protect your PHI, however, we require our business associates to appropriately safeguard your information.
- Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, close personal friend, or other person responsible for your care of your location and general condition. Goodwin House will not disclose your PHI to your family members, personal representative or close personal friends as described in this paragraph if you object to such disclosure. Please notify the Privacy Officer at the number listed on the first page of this notice if you object to such disclosures.
- Communication with family members: Health professionals, including those employed by or under contract with Goodwin House may disclose to a family member, other relative, close personal friend or any other person you identify, health information relative to that person’s involvement in your care or payment related to your care, unless you object to the disclosure.
Federal law allows for the release of your PHI to appropriate health oversight agencies, public health authorities, or attorneys provided a workforce member or business associate believes in good faith that we have engaged in unlawful conduct or otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers, or the public.
WE MAY NOT USE OR DISCLOSE YOUR HEALTH INFORMATION FOR THE FOLLOWING PURPOSES WITHOUT YOUR AUTHORIZATION
- We must obtain an authorization from you to use or disclose psychotherapy notes unless it is for treatment, payment or health care operations or is required by law, permitted by health oversight activities, to a coroner or medical examiner, or to prevent a serious threat to health or safety.
- We must obtain an authorization for any use or disclosure of your PHI for any marketing communications to you about a product or service that encourages you to use or purchase the product or service unless the communication is either: (1) a face-to-face communication or (2) a promotional gift of nominal value. However, we do not need to obtain an authorization from you to provide refill reminders, information regarding your course of treatment, case management, or care coordination, to describe a health-related products or services we provide, or to contact you regarding treatment alternatives. If the marketing involves financial remuneration, we must notify you if such remuneration is involved.
- We must obtain an authorization for any disclosure of your PHI which constitutes a sale of such PHI.
GOODWIN HOUSE’S RESPONSIBILITIES
- We are required by law to maintain the privacy of your PHI, to provide you with this notice as to our legal duties and privacy practices with respect to your PHI we maintain and collect, and notify you if we discover a breach of any of your PHI that is not secured in accordance with federal guidelines.
- We are required by law to abide by the terms of this notice as it is currently in effect.
CHANGES TO THIS NOTICE
We reserve the right to change our privacy practices for all PHI we collect or maintain and any terms of this notice. If our privacy practices materially change, we will revise this notice and provide you with a copy of the revised notice. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any information we receive in the future. We will post a copy of the current notice in our facility. The notice will contain at the top of the page, the effective date.
FOR MORE INFORMATION OR TO MAKE A COMPLAINT
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, contact our Privacy Officer. All complaints must be submitted in writing.
There will be no retaliation against you for filing a complaint.
If you have any questions or would like additional information, or if you wish to file a complaint with us regarding our use and disclosure of your PHI, you may contact our Privacy Officer at 703-824-1111.
OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
Other uses and disclosures of your PHI not covered by this notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose health information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose protected health information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.
ACKNOWLEDGEMENT OF RECEIPT OF THIS NOTICE
We will ask you to sign a separate form or notice acknowledging you have received a copy of this notice. If you choose, or are not able to sign, a staff member will sign their name and date. This acknowledgement will be filed with your records.
This Notice has been reviewed and approved by the Privacy Officer and is to be effective on December 1, 2019.