Notice of Privacy Practices
Health Insurance Portability and Accountability Act (HIPAA) – HITECH & Part 2
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Psychiatric and Behavioral Health of NJ and its employees are dedicated to maintaining the privacy of your personal health information (“PHI”), as required by applicable federal and state laws. These laws require us to provide you with this Notice of Privacy Practices, and to inform you of your rights and our obligations concerning Protected Health Information, or PHI, which is information that identifies you and that relates to your physical or mental health condition. We are required to follow the privacy practices described below while this Notice is in effect.
- Why You Need This Notice:
This Notice of Privacy Practices describes how we may use and disclose your medical information.
It also describes your rights to access and control your medical information. We are committed to maintaining the privacy of your protected health information (PHI). Your PHI includes medical information about you such as your medical record and the care and services that you have received from us. We need this information to provide you with the appropriate level of care and also to comply with certain legal obligations we may have. We are required by law to provide you with this Notice of our legal duties and privacy practices with respect to your PHI that we maintain.
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended by the Health Information Technology for Economic and Clinical Health Act, the federal Confidentiality of Alcohol and Drug Abuse Patient Records regulations at 42 C.F.R. Part 2 (“Part 2”), and applicable State laws place certain obligations upon us with regard to your PHI and require that we keep private and confidential any PHI that identifies you. Under these laws, we may not disclose any information to anyone outside our facility that would, directly or indirectly, identify you as an alcohol or drug treatment patient, or as having received mental health services. Nor may we disclose any other PHI except as permitted by law. We take this obligation and your privacy seriously and when we need to use or disclose your PHI, we will comply with the full terms of this Notice. Anytime we are permitted to or required to share your PHI with others, we only provide the minimum amount of data necessary to respond to the need or request unless otherwise permitted by law.
What does this Notice cover?
This Notice of Privacy Practices applies to all of your PHI used to make decisions about your care that we generate or maintain, including sensitive information such as mental health, communicable disease and drug and alcohol abuse information. It applies to your PHI in written and electronic form. It applies to your PHI while you are living and for 50 years after your death. Different privacy practices may apply to your PHI that is created or kept by other people or entities.
- Permitted Disclosures of PHI That DO NOT REQUIRE Your Authorization: The HIPAA Privacy Rule permits, but does not require us to obtain patient consent for uses and disclosures of protected health information for treatment, payment, and health care operations. We are permitted by law to use and disclose your PHI without your written or other form of authorization under certain circumstances as described below; this means that we do not have to ask you before we use or disclose your PHI for purposes listed below. Not every use or disclosure in a category will be listed. If you are concerned about a possible use or disclosure of any part of your PHI, you may request a restriction.
- Treatment. We will use and disclose your PHI to provide you with medical treatment and services. We will record your PHI in an electronic medical record to determine the best course of treatment for you. We will generally seek your authorization prior to disclosures to outside healthcare providers, expect in an emergency and as otherwise authorized by law. For example, we may disclose medical information about you to physicians, nurses, technicians or personnel who are involved with the administration of your care.
- Payment. We may use and disclose PHI about you for our payment activities as permitted by law (exceptions may require specific consents for substance abuse treatment covered under 42 CFR Part2). Common payment activities include, but are not limited to: Determining eligibility under a plan, as well as Billing and Collection activities. For example, we may send a bill to you or to a third party payor for the rendering of services by us. The bill may contain information that identifies you, your diagnosis and procedures and supplies used. We may need to disclose this information to insurance companies to establish insurance eligibility benefits for you. We may also provide your PHI to our business associates, such as billing companies, claims processing companies and others that process our health care claims.
- Health Care Operations. We may use and disclose your PHI in connection with our health care operations. Health care operations include quality assessment activities, reviewing the competence or qualifications of health care professionals, evaluating provider performance, and other business operations. For example, we may use your PHI to evaluate the performance of the health care services you received. We may also provide your PHI to accountants, attorneys, consultants and others to make sure we comply with the laws that govern us.
- Health Information Exchange. We may participate in a health information exchange (HIE). Generally, an HIE is an organization in which providers exchange patient information in order to facilitate health care, avoid duplication of services (such as tests) and reduce the likelihood that medical error will occur. By participating in a HIE, we may share your health information with other providers that participate in the HIE or participants of other HIE’s. You have the right to “opt-out” or decline participation in the HIE. If you do not want your PHI to be available through HIE, you must request a restriction using the processed outlined below.
- Individuals Involved in Your Care or Payment for Your Care. We may release:
- Non-specific PHI about you to a friend, family member or legal guardian who is involved in your medical care if you do not object. We may tell your family or friends your condition and that you are in the hospital. In addition, we may disclose PHI about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
- Research. With your written authorization, we may disclose your PHI for certain research purposes, but only if we have protections and protocols in place to ensure the privacy of your PHI. In most circumstances, you must sign a separate form specifically authorizing us to use and/or disclose PHI for research.
- Treatment Alternatives. We may use and disclose your PHI to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
- Change of Ownership. In the event that our agency is sold or merged with another organization, your PHI will become the property of the new owner.
- Required by Law. We may disclose your PHI for law enforcement purposes and as required by state or federal law.
- Examples include but are not limited to:
(1) Public Health Activities: We may disclose your PHI for certain public health activities only to the extent required by law, including reporting communicable diseases as well as known and/or suspected child abuse or neglect to public health authorities or other government authorities authorized by law to receive such reports.
(2) Victims of Abuse, Neglect: In most circumstances, we may release PHI upon request to the New Jersey Division of Child Protection and Permanency or other appropriate public health authority in connection with investigations and reports of child abuse or neglect;
(3) Court Order: When we are ordered by a judge to release PHI in response to a court order.
(4) Duty to Warn and Protect: When there is a legal duty to warn/protect; if you make threats to an individual, notification may be made to that individual, parent/guardian and/or authorities based on State law.
(5) Decedents: We may disclose your health information to coroners or officials within the offices of the State Medical Examiner or a County Medical Examiner making investigations and conducting autopsies, pursuant to State law.
(6) Law Enforcement Officials: Certain PHI may be released where directly relevant to crimes or threats of crime committed on Psychiatric and Behavioral Health of NJ property or against Psychiatric and Behavioral Health of NJ personnel. We may also release PHI to law enforcement officials under other circumstances to the extent permitted by law.
- Serious Threat to Health or Safety. We may disclose your PHI if we believe it is necessary to avoid a serious threat to the health and safety of you or the public.
- Deceased Information – Your PHI may be released, after your death, to a personal representative as defined by state law. It may also be released to family members and others who are involved in your care to the extent permitted by state law, unless doing so is inconsistent with any of your prior expressed preferences that are known to us. We may also disclose a deceased consumer’s PHI without authorization to a healthcare provider who is treating a surviving relative for similar medical conditions such as an inherited disease.
- Health Oversight Activities – We may disclose PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure.
- Example: (1) We may disclose your medical records with the office of licensing or with a third party payer or to a health oversight agency that monitors the health care system and ensures compliance with the rules of government health programs, such as Medicare or Medicaid. (2) We may share your PHI with a professional standards review organization or with an accreditation reviewer.
- Direct Contact with You. We may use your PHI to contact you to remind you that you have an appointment, or to inform you about treatment alternatives or other health-related benefits and services that may be of interest to you.
- Use and Disclosures Requiring Written Authorization. We will seek your specific written authorization for at least the following information unless the use or disclosure would be otherwise permitted or required by law as described above. If you provide us with authorization to use or disclose your PHI, you may revoke the authorization, in writing, at any time. If you revoke your authorization, we will not use or disclose your PHI for the reasons covered by your authorization. Any revocation must include your name, address, telephone number, date of authorization, my signature, and that I should send it to my service provider of record. You may also contact the agency’s Ombudsperson, Robert White.
Your authorization is required for the following purposes:
- Psychotherapy Notes. We must receive your written authorization to disclose psychotherapy notes unless otherwise permitted by law. Where the psychotherapy notes involve family therapy and the records for all participants have been integrated, no single family member shall have access to those records unless all adult participants and the guardians of any minor participants agree through a signed authorization form.
- Marketing and Sale of PHI. We must receive your written authorization for any disclosure of PHI for marketing purposes or for any disclosure which is a sale of PHI.
- Activities where we receive money for exchanging PHI. For certain activities in which we would receive money (remuneration) directly or indirectly from a third party in exchange for your PHI, we must obtain your specific written authorization prior to doing so. However, we would not require your authorization for activities such as for treatment purposes. You have a right to revoke your authorization at any time. To revoke an authorization, please contact the service provider of record. Any revocation must include consumer’s name, address, telephone number, date of the authorization, signature, and should be directed to the service provider of record. You may also contact the Privacy Officer at: firstname.lastname@example.org.
- Family and Friends. With your written authorization, we may disclose your PHI to a family member, friend or any other person who you identify as being involved with your care or payment for care, unless you object.
- HIV/AIDS information. In most cases, we will NOT release any of your HIV/AIDS related information unless your authorization expressly states that we may do so. There are certain purposes, however, for which we may be permitted to release your HIV/AIDS information without obtaining your express authorization. For example, to comply with a court order or, when otherwise required by law, to the Department of Health or other governmental entity.
- Sexually transmitted disease information. In most cases, we must obtain your specific authorization prior to disclosing any information that would identify you as having or being suspected of having a sexually transmitted disease. We may use and disclose information related to sexually transmitted diseases without obtaining your authorization only where permitted by law, including to the Department of Health and only under limited circumstances.
- Tuberculosis Information. We must obtain your specific written authorization prior to disclosing any information that would identify you as having or being suspected of having tuberculosis (TB). We may use and disclose TB information where authorized by law, to the Department of Health, or otherwise authorized by court order.
- Drug and alcohol information. We must obtain your specific written authorization prior to disclosing information related to drug and alcohol treatment or rehabilitation under certain circumstances such as where you received drug or alcohol treatment at a federally funded treatment facility or program.
- Information related to emancipated treatment of a Minor. If you are a minor who has sought emancipated treatment from us, i.e. treatment related to your pregnancy or treatment of your child, or a sexually transmitted disease (STD), we must obtain your specific written authorization prior to disclosing any of this information to another person, including your parent or guardian, unless otherwise permitted or required by law.
- Specialized Government Activities. If you are active military or a veteran, we may disclose your PHI as required by military command authorities with your written authorization. We may also be required to disclose PHI to authorized federal officials for the conduct of intelligence or other national security activities.
- Disaster Relief. With your written authorization, we may disclose your PHI to a governmental agency or private entity (such as FEMA or Red Cross) assisting with disaster relief efforts.
- Your Rights. You have the rights described below in regard to the PHI that we maintain about you. You are required to submit a written request to exercise any of these rights. You may contact your treatment provider and/or a Privacy Official to obtain a form that you can use to exercise any of the rights listed below.
- Right to Receive a Paper Copy of This Notice. You have the right to receive a paper copy of this Notice upon request.
- Right to Access PHI. You have the right to inspect and copy your PHI for as long as we maintain your medical record. You must make a written request for access to the Compliance Officer at the address listed at the end of this Notice. We may charge you a reasonable fee for the processing of your request and the copying of your medical record consistent with state law. If you want a paper copy of your PHI we may charge $1.00 per page. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. In certain circumstances we may deny your request to access your PHI, and you may request that we reconsider our denial. Depending on the reason for the denial, another licensed health care professional chosen by us may review your request and the denial. The person conducting the review will not be the person who denied you original request.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the use or disclosure of your PHI for the purpose of treatment, payment or health care operations, except for in the case of an emergency. If you have given us written consent to share with family member or friend who is involved with your care or payment of care, you also have the right to request a restriction on the information we disclose to a family member or friend who is involved with your care or the payment of your care. However, we are not legally required to agree to such a restriction. You have the right to restrict the disclosure of your PHI to a health plan if the PHI pertains to health care services for which you paid in full directly to us.
- Right to Request Amendment. You have the right to request that we amend your PHI if you believe it is incorrect or incomplete, for as long as we maintain your medical record. You must provide a reason that supports your amendment request. We may deny your request to amend if (a) we did not create the PHI, (b) is not part of the PHI that we maintain, (c) is not information that you are permitted to inspect or copy, or (d) we determine that the PHI is accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures of PHI made by us (other than those made for treatment, payment or health care operations purposes) from a designated record set within the period of three (3) years from the date of your request. You must make a written request for an accounting, specifying the time period for the accounting, to the Compliance Officer at the address listed at the end of this Notice.
- Right to Confidential Communications. You have the right to request that we communicate with you about your PHI by certain means or at certain locations. For example, you may specify that we call you only at your home phone number, and not at your work number. You must make a written request, specifying how and where we may contact you, to the Compliance Officer at the address listed at the end of this Notice.
- Right to Notice of Breach. We are required by law to protect the privacy and security of your PHI through appropriate safeguards. We will notify you in the event a breach occurs involving or potentially involving your unsecured PHI and inform you of what steps you may need to take to protect yourself.
- Right to an Electronic and/or Paper Copy of This Notice: You have the right to a paper copy of this notice. We reserve the right to change this Notice at any time in accordance with applicable law. Prior to a substantial change to this Notice related to the uses or disclosures of your PHI, your rights or our duties, we will revise and distribute this Notice.
- Acknowledgment of Receipt of Notice. We will ask you to sign an acknowledgment that you received this Notice.
- Questions and Complaints. If you would like more information about our privacy practices or have questions or concerns, please contact us. If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made regarding the use, disclosure, or access to you PHI, you may complain to us by contacting the Compliance Officer at the address and phone number at the end of this Notice. You also may submit a written complaint to the U.S. Department of Health. We will provide you with the address to file such a complaint upon request.
We support your right to the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health. Please direct any of your questions or complaints to:
Compliance Officer: Caitlin Simpson
This notice is effective as of 4/12/2021
- Information Psychiatric and Behavioral Health of NJ Collects
- Personal Information and Non-Identifying Information
When you access or use our Website or Services, we may ask you for personally identifiable information. This refers to information about you that can be used to contact or identify you (“Personal Information”). Personal Information may include, but is not limited to, your name, username (if it identifies you), phone number, email address, home and business postal addresses, and any other information that you provide to Psychiatric and Behavioral Health of NJ that could be used to personally identify you.
We also collect other information that you may provide when using our Website or Services that does not identify you (“Non-Identifying Information”). Non-Identifying Information includes, but is not limited to, your zip code (on its own), gender, age, and individual preferences. Certain Non-Identifying Information would be considered a part of your Personal Information if it were combined with other identifiers (for example, combining your zip code with your street address) in a way that enables you to be identified. But the same pieces of information are considered Non-Identifying Information when they are taken alone or combined only with other non-identifying information (for example, your viewing preferences).
We use your Personal Information (in some cases, in conjunction with your Non-Identifying Information) mainly to provide portions of the Website and Services and respond to correspondence from you. For example, we may use your Personal Information to contact you with newsletters and other information that you request. If you decide at any time that you no longer wish to receive such communications from us, please follow the unsubscribe instructions provided in any of the communications.
We may also combine your Personal Information with Non-Identifying Information and aggregate it with information collected from other End Users to attempt to provide you with a better experience, to improve the quality and value of the Website and Services, and to analyze and understand how the Website and Services are used.
- Usage Data
When you visit the Website, our servers automatically record information that your browser sends whenever you visit a website. The information sent automatically by your browser is referred to as “Usage Data.” This Usage Data may include information such as the manufacturer and model of your mobile device or other hardware; your Internet Service Provider (ISP); your device’s Internet Protocol (“IP”) address (or other device identifier), browser type, and operating system; referring/exit pages; clickstream data; pages of the Website that you visit, the time spent on those pages or interacting with certain portions of the Website or Services, information you search for on the Website and Services, Website access times and dates; and other statistics. Usage Data may also include certain geographic data that identifies your general location when accessing the Website and Services.
We use this information to monitor and analyze use of the Website and Services and for technical administration of the same, to increase the functionality and user-friendliness of the Website and Services, and to better tailor it to our End Users’ needs. For example, some of this information is collected so that when you visit the Website time after time, it will recognize you and serve information appropriate to your interests. Geographic Usage Data may be used to prioritize information about a Psychiatric and Behavioral Health of NJ location near you.
Usage Data may be non-identifying or it may be associated with you. Whenever we associate Usage Data with Personal Information, we will treat it as Personal Information.
- Collection of Information
- Collection of Personal Information and Non-Identifying Information
Please note that if you use any blog, bulletin board, chat room, comment posting feature, or other public communication service, forum, or feature offered through the Website or Services, or post any information available for viewing by other End Users, any of the information that you share will be visible to other End Users. The information that you make available can be read, used, and collected by other End Users to send you unsolicited messages outside of the Website and Services. Psychiatric and Behavioral Health of NJ is not responsible for the manner in which the Personal Information that you decide to share will be used by other End Users.
- Collection of Usage Data
Usage Data are collected automatically by the Website and Services servers and software. For example, because the Website automatically collects Usage Data for all End Users that visit the Website, your session on our Website will be tracked by Psychiatric and Behavioral Health of NJ.
Additionally, in some of our email messages, Psychiatric and Behavioral Health of NJ may use a “click-through URL” linked to content on the Website and Services. When an End User clicks onto one of these URLs, the End User will pass through our server before arriving at the destination Web page. Psychiatric and Behavioral Health of NJ tracks this click-through data to help us determine End User interest in certain subject matter and measure the effectiveness of these End User communications. You can avoid being tracked in this way by not clicking text or graphic links in emails from Psychiatric and Behavioral Health of NJ.
Finally, we may use clear gifs or pixel tags, which are tiny graphic images, in order: (i) to advise us of what parts of the Website and Services End Users have visited, (ii) to measure the effectiveness of any searches End Users perform, and (iii) to enable us to send emails in a format that End Users can read and tell us whether such emails have been opened in order to ensure us that we are sending messages that are of interest to End Users.
Some Web browsers may be configured to send Do Not Track signals to websites, or users may use similar mechanisms, to indicate a user’s preference that certain web technologies not be used to track the user’s online activity. Our Website does not accept or process such Do Not Track signals or similar mechanisms.
- Use and Sharing of Information by Psychiatric and Behavioral Health of NJ
The End User information that Psychiatric and Behavioral Health of NJ collects may be added to our databases and used for business purposes, including for Psychiatric and Behavioral Health of NJ’s marketing and promotional purposes, for a statistical analysis of End Users’ behavior, for product development, for content improvement, or to customize the content and layout of the Website and Services.
Psychiatric and Behavioral Health of NJ’s policy is not to share the End User information it collects with third parties other than as specified below, or where an End User expressly consents to our sharing of certain information with a third party. We may share End User information with third parties under the following circumstances:
We may employ third party companies and individuals for any of the following: to facilitate the Website and Services; to provide the Website and Services or portions of the Website and Services on our behalf; to perform related services, including without limitation, maintenance services, database management, fulfillment, web analytics, and improvement of the features or functionality; or to assist us in analyzing how the Website and Services are being used. Such parties may have access to and use End User information in order to provide such services to or on behalf of Psychiatric and Behavioral Health of NJ.
- Business Transfers
As we continue to develop our business, we may buy, sell, or share assets in connection with, for example, a merger, acquisition, reorganization, sale of assets, or bankruptcy. In such transactions, information about End Users is often a transferred business asset. In the event of such a business transaction, information about our End Users may be one of the transferred assets.
- Compliance with Law and Protection of Psychiatric and Behavioral Health of NJ and Others
We may release End User information when we believe, in our sole discretion, that release is appropriate: to comply with the law, including but not limited to, in response to a subpoena served on Psychiatric and Behavioral Health of NJ; to enforce or apply the Agreement, including the Terms and Conditions and other agreements, rules, and policies; to protect the rights, property, or safety of Psychiatric and Behavioral Health of NJ, our End Users, or others; or to prevent activity that we believe, in our sole discretion, may be or may become illegal, unethical, or legally actionable (including exchanging End User information with other companies and organizations for fraud protection).
- Aggregate Site Use Information
We may release aggregate End User information (without revealing any Personal Information about you) to advertisers and other third parties in order to promote or describe use of the Website and Services.
- International Transfer
- Deleting Your Information
You may request that Psychiatric and Behavioral Health of NJ completely delete all Personal Information you have provided to Psychiatric and Behavioral Health of NJ through the Website or Services by contacting email@example.com. We will use commercially reasonable efforts to honor such a request. We may, however, retain an archived copy of your records consistent with our records retention policies or as required by law.
We are very concerned with safeguarding your information. We employ administrative, physical, and electronic measures designed to protect your information from unauthorized access. For example, we use commercially reasonable security measures such as encryption and firewalls to protect End User Information.
Please note that no security system is impenetrable. Accordingly, we do not guarantee the security of our databases, nor that information you supply won’t be intercepted while being transmitted to us over the Internet or other network. Any information you transmit to Psychiatric and Behavioral Health of NJ, you do at your own risk. We will make any legally required disclosures of any breach of the security, confidentiality, or integrity of your unencrypted electronically stored “personal data” (as defined in applicable state statutes on security breach notification) to you via email (when available) or a conspicuous posting through the Website and Services in the most expedient time possible and without unreasonable delay, as consistent with (i) the legitimate needs of law enforcement or (ii) any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.
- Children’s Privacy
We do not knowingly collect personally identifiable information from children/adolescents under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us at 732-675-2451. If we discover that a child under 18 has provided us with Personal Information, we will delete such information from our servers immediately.
- Contacting Us
Interested in Working for Psychiatric & Behavioral Health
- Individual, Family & Group
- Medication Management Services
- Child/Adolescent Services
- Adult/Geriatric Services
Areas We Can Help You:
- Anxiety/Depressive Symptoms
- Mood Disorders
- Life Transitions
- Child Behavioral Concerns
- Child Anxiety/Depressive Related Concerns
- Personal Growth and Development
- Family Conflict
- LGBTQIA+ Related Concerns
- Stress Related Symptoms
- Grief & Loss
- Relationship Concerns
- Self Esteem / Self Worth