Therefore, St. Michael’s Passport2Recovery maintains the highest level of respect for the privacy of its donors. In furtherance of Passport2Recovery’s commitment to protecting its donors, St. Michael’s Passport2Recovery has developed the following donor privacy policies. St. Michael’s Passport2Recovery INC. is committed to protecting its participants’ personal information. We adhere to our internal privacy policies and data protection practices that comply with applicable laws throughout the world. St. Michael’s Passport2Recovery INC.’s privacy policies and practices reflect and reinforce St. Michael’s Passport2Recovery INC.’s guiding principles of integrity, dedication, and quality.
HIPAA Privacy Notice
- MICHAEL’S PASSPORT2RECOVERY INC.
Notice of Privacy Practices (Effective April 14, 2003)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
St. Michael’s Passport2Recovery INC. is committed to maintaining the confidentiality of all information it receives. St. Michael’s Passport2Recovery INC. is required by law to maintain the privacy of Protected Health Information (“PHI”) and to provide all individuals with notice of St. Michael’s Passport2Recovery INC.’s legal duties and privacy practices with respect to PHI. The purpose of this notice is to inform you of how St. Michael’s Passport2Recovery INC. may use and disclose PHI. This notice also describes your patient rights and informs you of how to contact St. Michael’s Passport2Recovery INC. St. Michael’s Passport2Recovery INC. will abide by the terms set forth in this Notice.
Uses and Disclosure of PHI without your authorization
Your PHI will be used by St. Michael’s Passport2Recovery INC. to ensure that you receive the services covered by your benefit plan. St. Michael’s Passport2Recovery INC. may use or disclose PHI as described below without your authorization for purposes of treatment, payment or health care operations. The following are examples of how information is used and disclosed for such purposes:
When you contact St. Michael’s Passport2Recovery INC., we may ask you certain questions to determine how we can best help you. Once we gather information, we will identify the service provider(s). In some situations, we may need to contact the provider(s) to discuss your care and coordinate the referral. Once any referrals are made, we may send the provider(s) information including confirmation of your referral.
When a provider bills St. Michael’s Passport2Recovery INC. for services, the claim will be evaluated for payment. In the event St. Michael’s Passport2Recovery INC. is not responsible for payment, St. Michael’s Passport2Recovery INC. will notify the provider of the denial.
Outside auditors and other third parties may gather various information from St. Michael’s Passport2Recovery INC. to track the quality of services St. Michael’s Passport2Recovery INC. provides.
The following are other circumstances where St. Michael’s Passport2Recovery INC. may disclose PHI without your authorization:
1) To comply with applicable law;
2) for specified public health activities and purposes;
3) for health oversight activities;
4) in judicial or administrative proceedings in response to a legal order or other lawful processes;
5) to the police or other law enforcement officials as required by law or in compliance with a court order or other process authorized by law;
6) to prevent or lessen a serious and imminent threat to the health or safety of an individual or the public;
7) to units of the government with special functions, such as the U.S. military or the U.S. Department of State; or
8) as necessary to comply with workers’ compensation laws.
Uses and Disclosure of PHI that require your authorization
St. Michael’s Passport2Recovery INC.’s use or disclosure of your PHI other than those exceptions listed above as permitted in this Notice of Privacy Practices will be made only with your written authorization. More specifically St. Michael’s Passport2Recovery INC. must obtain your authorization for: 1) uses and disclosures of psychotherapy notes with limited exceptions; 2) use and disclosure of your PHI made for marketing purposes; 3) prior to making a communication of your PHI for which St. Michael’s Passport2Recovery INC. may receive payment; and 4) certain PHI that is “highly confidential information” such as information about mental health and developmental disabilities, alcohol or drug abuse, genetic testing and HIV/AIDS.
If you do provide authorization for use or disclosure of PHI listed above or any other disclosure not specifically permitted in this Notice of Privacy Practices, you have the right to revoke such authorization at any time to stop any future uses and/or disclosures. Any revocation will not apply to disclosures made prior to the revocation.
Your Patient Rights
You have the right to request to inspect and copy your PHI that St. Michael’s Passport2Recovery INC. maintains. Under certain circumstances, St. Michael’s Passport2Recovery INC. may deny your request. St. Michael’s Passport2Recovery INC. may charge a fee for all costs associated with your request. You have the right to request that St. Michael’s Passport2Recovery INC. amend your PHI that St. Michael’s Passport2Recovery INC. maintains. Under certain circumstances, St. Michael’s Passport2Recovery INC. may deny your request. Your request must include a reason supporting the requested amendment. For any additional requests, St. Michael’s Passport2Recovery INC. may charge a fee. You have the right to request that St. Michael’s Passport2Recovery INC. restrict its use or disclosure of your PHI when carrying out treatment, payments or health care operations. It is important to understand that St. Michael’s Passport2Recovery INC. is not required to agree to your request. All requests must specifically state what information you want to limit and to whom the limitation applies. You have the right to request that St. Michael’s Passport2Recovery INC. communicate with you in a specific manner.
If you need further information about matters covered by this Notice, you may contact St. Michael’s Passport2Recovery INC. at the address given below. Except in emergency situations, all correspondence or requests to St. Michael’s Passport2Recovery INC. must be in writing and sent to St. Michael’s Passport2Recovery INC.’s privacy official: email@example.com
If you believe that your privacy rights have been violated, you may contact St. Michael’s Passport2Recovery INC. directly or the Secretary of the U.S. Department of Health and Human Services. You will not be retaliated against for reporting a violation of your privacy rights.
St. Michael’s Passport2Recovery INC. reserves the right to change its privacy practices at any time and any such change shall apply to all PHI St. Michael’s Passport2Recovery INC. maintains, including information created or received by St. Michael’s Passport2Recovery INC. prior to issuing a new Notice. If St. Michael’s Passport2Recovery INC. materially changes its privacy practices, this Notice shall be amended and disseminated to all individuals.
- Legal Notice
This Policy applies to and is limited to, the processing of identifiable Personal Data that Company receives in the United States that was collected from Data Subjects (as defined below) who reside in the European Union, Iceland, Norway, Lichtenstein or Switzerland.
This Policy does not cover data (whether or not the data is Personal Data) through which individuals are no longer identifiable, or identifiable only with a disproportionately large expense in time, cost or labor, or data combined with pseudonyms rather than actual names or other identifiable information.
- Defined Terms
“Sensitive Data” means Personal Data that discloses a Data Subject’s medical or health condition, race or ethnicity, political, religious or philosophical affiliations or opinions, sexual orientation or trade union membership.
“Third Party” means any individual or entity that is neither Company nor a Company employee, agent, contractor or representative.
- Collection and Use of Personal Data
Company may receive Personal Data concerning Data Subjects: (1) directly from the Data Subject, (2) from Third Parties, or (3) through other means.
- How and Why We Collect Personal Data
Contact Information. When a Data Subject contacts us to utilize our services, Company may collect that Data Subject’s contact information, including name, telephone number, e-mail address and street address, in order to provide the requested services.
Behavioral Health Information. In order to provide a Data Subject with behavioral health services, Company may collect behavioral health information about Data Subjects, including behavioral health history and current concerns.
Inquiry-related Information. When a Data Subject contacts us to inquire about, request or receive information or services from Company, we may collect certain Personal Data in order to provide the requested information or services or to otherwise respond to the inquiry.
Employment Information. In order to determine a Data Subject’s eligibility for our services, to pay providers for services, to bill for our services, or for other related purposes, we may collect information related to a Data Subject’s employment, such as employer name, address, and phone number.
Other Information. We collect information in the course of conducting our business operations or in furtherance of our legitimate business interests that may lead to the incidental collection of Personal Data.
- Creation of Anonymous Data
We may create Anonymous Data records from Personal Data by excluding information (such as your name) that makes the data personally identifiable to you. We use this Anonymous Data to analyze usage patterns and enhance our services. Company reserves the right to use Anonymous Data for any purpose and disclose Anonymous Data to Third Parties in its sole discretion.
- How We Use Personal Data
Company uses Personal Data for legitimate business purposes, including without limitation: (a) to provide requested services or information to Data Subjects, including behavioral health services and other related services; (b) to manage and administer employee assistance programs, behavioral health programs, work-life services, and health and wellness programs; (c) to communicate with Data Subjects; (d) to provide customer service or technical support; (e) to assess and improve the quality of our website, products, services and business operations; (f) to satisfy governmental reporting and tax requirements; (g) to address security, health, and safety concerns; (h) to plan and implement potential acquisitions and mergers; and (i) for other business-related purposes permitted or required under applicable local laws and regulations.
- Onward Transfers of Personal Data
Except as otherwise provided herein, Company discloses Personal Data only to those Third Parties who reasonably need to know such data for a legitimate business purpose, such as those who are engaged by us to provide a Data Subject with services. Such recipients must agree to abide by confidentiality obligations consistent with the Privacy Shield Principles.
Company may also provide Personal Data to Third Parties who act as agents to perform tasks on behalf of and under the instructions of Company. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by Company and they must either: (1) comply with the Privacy Shield Principles or another mechanism permitted by the EU and/or Swiss Data Protection Directive for transfers and processing of Personal Data; or (2) agree to provide adequate protections for Personal Data that are no less protective than those set out in this Policy. Company may allow exceptions to this policy, permitting Personal Data to be disclosed, when a Data Subject has consented to the disclosure. If Company learns that one of its data processors/service providers is using or disclosing Personal Data in a manner contrary to this Policy, Company will take necessary steps to prevent or stop the use or disclosure. Company acknowledges its potential liability in cases of its onward transfer of Personal Data to third parties that do not meet the criteria set forth in the immediately preceding paragraph.
- Sensitive Data
You have the right to opt-in to allow collection of Sensitive Data. Except as stated otherwise herein, Company does not process or disclose Sensitive Data to Third Parties without the express consent of Data Subjects. Further, Company does not use Sensitive Data for any purpose other than (i) for the purpose for which it was originally provided by the Data Subject, (ii) for a purpose later expressly consented to by the Data Subject, or (iii) for an exception expressly noted below. Notwithstanding the above, Company may use or disclose Sensitive Data (and other Personal Data) without prior express consent where such disclosure or use: (a) is in the vital interests of the Data Subject or another person; (b) is necessary for the establishment of legal claims or defenses, to obtain legal advice, or for the purposes of establishing, exercising or defending Company’s legal rights; (c) is required to provide behavioral and medical care or diagnosis; (d) is necessary to carry out Company’s obligations under applicable employment, workers’ compensation, public health or other laws; (e) is necessary for specified public health activities and purposes; (f) is data manifestly made public by the Data Subject; (g) is required by law enforcement officials or public authorities in response to a lawful request made pursuant to national security interests or law enforcement requirements; or (h) as otherwise required or permitted by law.
- Confidentiality and Security of Personal Data
Company maintains reasonable physical, administrative and technical safeguards designed to secure Data Subjects’ Personal and Sensitive Data and to prevent unauthorized access to such information. For example, all customer communication and files in digital format are stored on a secure network, accessible only by approved staff. All critical systems and servers are separately housed within Company’s secure facilities and are accessible only by authorized personnel. Company takes precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration, and destruction. Company periodically performs network backups; all backup files are stored offsite and are handled by authorized personnel only.
Despite these precautions, however, no data security safeguards are foolproof. Identity thieves, hackers and other unauthorized individuals may find ways to obtain Personal Data. Although this is unlikely, if Company learns that any Personal Data was obtained without authorization and there is a risk of fraud or identity theft, Company will notify the affected Data Subject(s) and take steps to mitigate harm.
- Right to Access, Change or Delete Personal Data
- Data Integrity
Company will use reasonable efforts to maintain the accuracy and integrity of any Personal Data it receives and update it as appropriate.
- Changes to this Policy
Company may amend this Policy from time to time. Company will only amend this Policy in a manner consistent with Privacy Shield Principles and other applicable law. Changes to the Policy will be posted on Company’s website www.yourpassporttorecovery.org You should check Company’s website regularly for any changes to this Policy.
- Enforcement and Dispute Resolution
Company periodically verifies that the Policy is accurate and comprehensive for the information intended to be covered and conforms to the Privacy Shield Principles and applicable data privacy and protection laws. We encourage interested persons to raise any concerns with us about this Policy.
If you have any questions, complaints or disputes regarding the manner in which Company handles or protects your Personal Data, please contact the Company’s Privacy Official (contact information above). Company will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy.
Company has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to the American Arbitration Association, a non-profit alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://go.adr.org/privacyshield.html for more information and to file a complaint.
Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel to be created jointly by the US Department of Commerce and the European Commission.
Company retains sole and absolute discretionary authority to resolve all questions relating to the administration, interpretation and application of this Policy. This authority includes interpreting the terms of this Policy, including any disputed or doubtful terms. Company is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
St. Michael’s Passport2Recovery INC. authorizes use of this Website for personal and non-commercial purposes only. Use for any other purpose, including, without limitation, reproduction, modification, adaptation, redistribution, publication, in whole or in part, is strictly prohibited without the express written consent of St. Michael’s Passport2Recovery INC. All information in this Web site is protected by copyright.
NO WARRANTY or GUARANTEE
St. Michael’s Passport2Recovery INC. reserves the right to change the information on this Web site at any time without notice. While St. Michael’s Passport2Recovery INC. strives to include only material that is correct, accuracy cannot be guaranteed, and St. Michael’s Passport2Recovery INC. does not assume any responsibility for the accuracy, completeness or authenticity of any information contained on this Web site. This Web site and all information and materials contained herein is provided to you “as is” without warranty of any kind.
The Internet is not a completely secure environment. St. Michael’s Passport2Recovery INC. treats all confidential communications in a confidential manner. Please read the following policy to understand how your personal information will be used when you utilize our services.
St. Michael’s Passport2Recovery INC. uses reasonable commercial standards of technology and operational security designed to protect information provided by visitors via this Website from unauthorized third-party access. Unfortunately, data transmission over the Internet is not completely secure. While we try to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
Accounts created by you with associated websites, including, without limitation, Online, may be password protected. We highly recommend that you do not disclose your password to anyone. You are responsible for maintaining the secrecy of your password(s). We will not request your password in an unsolicited phone call or e-mail.
Remember to log out of your account and close your browser window when you have finished. This helps prevent others from accessing your personal information and correspondence.
Registration and Submission of Personal Information
When you register on this website or submit information to inquire about or receive services from St. Michael’s Passport2Recovery INC. or to gain access to certain content on this website, we may require you to submit personal information. This data may be used by St. Michael’s Passport2Recovery INC. to respond to you; to allow St. Michael’s Passport2Recovery INC. to manage its relationship with you, such as providing you with information it feels would be of interest to you or to facilitate responding to further requests or inquiries from you; to personalize your Web site experience, as well as inform you of new products or changes to products and services. If your personal information changes at any time, St. Michael’s Passport2Recovery INC. will provide you with a way to correct, update or remove the personal information you give us. We will not intentionally disclose your personally identifiable data to third parties without your permission. However, personally identifiable information may be provided to third party service providers for processing purposes or in connection with a third-party service provider’s hosting or maintaining of this Web site. Where appropriate, personally identifiable information may be disclosed to law enforcement, regulatory or other government agencies, or third parties where necessary or desirable to comply with legal or regulatory obligations or requests or for the purposes identified above or may be disclosed if it becomes necessary to bring legal action against someone who has violated the terms and conditions of this Web site.
We also may obtain anonymous information, which may be used by St. Michael’s Passport2Recovery INC. for marketing purposes or for improving the services we offer. It would not include information that would identify any particular user. St. Michael’s Passport2Recovery INC. also may share the anonymous information it collects, in aggregate form, with advertisers and other partners.
St. Michael’s Passport2Recovery INC. will collect IP addresses for systems administration, to report aggregate information, to troubleshoot problems and to audit and improve the use of our Web site. We will use IP addresses to identify a user only when necessary to enforce compliance with our terms of service or to protect our service, site, customers or others.
If you received a mailing from us, either (a) your e-mail address is listed with us as someone who has expressly shared this address for the purpose of receiving information in the future (“opt-in”), or (b) you have an existing relationship with us.
We use security measures to protect against the loss, misuse and alteration of data used by our system. We will never share, sell or rent your individual personal information with anyone without your advance permission or except as required by law or as otherwise stated herein. Information submitted to us is only available to employees managing this information for purposes of contacting you or sending you e-mails, and to contracted service providers for purposes of providing services relating to our communications with you.
Each e-mail sent will contain an easy, automated way for you to stop receiving e-mail from us. If you wish to do this, simply follow the instructions at the end of any e-mail.
St. Michael’s Passport2Recovery INC. Nondiscrimination Policy
St. Michael’s Passport2Recovery INC. complies with applicable Federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex. St. Michael’s Passport2Recovery INC. does not exclude people or treat them differently because of race, color, national origin, age, disability, or sex.
St. Michael’s Passport2Recovery INC.:
- Provides free aids and services to people with disabilities to communicate effectively with us, such as:
- Written information in other formats (large print, audio, accessible electronic formats, other formats)
- Provides free language services to people whose primary language is not English, such as:
- Qualified interpreters
- Information written in other languages
If you need these services, contact St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator. If you speak any language other than English, language assistance services, free of charge, are available to you. If you believe that St. Michael’s Passport2Recovery INC. has failed to provide these services or discriminated in another way on the basis of race, color, national origin, age, disability, or sex, you can file a grievance with: firstname.lastname@example.org You can file a grievance in person or by email. If you need help filing a grievance, St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator is available to help you. Any person who believes someone has been subjected to discrimination on the basis of race, color, national origin, sex, age or disability may file a grievance under this procedure.
- Grievances must be submitted to St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator within 60 days of the date the person filing the grievance becomes aware of the alleged discriminatory action.
- A complaint must be in writing, containing the name and address of the person filing it. The complaint must state the problem or action alleged to be discriminatory and the remedy or relief sought.
- St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator (or her/his designee) shall investigate of the complaint. This investigation may be informal, but it will be thorough, affording all interested persons an opportunity to submit evidence relevant to the complaint. St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator will maintain the files and records of St. Michael’s Passport2Recovery INC. relating to such grievances. To the extent possible, and in accordance with applicable law, St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator will take appropriate steps to preserve the confidentiality of files and records relating to grievances and will share them only with those who have a need to know.
- St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator will issue a written decision on the grievance, based on a preponderance of the evidence, no later than 30 days after its filing, including a notice to the complainant of their right to pursue further administrative or legal remedies.
- The person filing the grievance may appeal the decision of St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator by writing to St. Michael’s Passport2Recovery INC.’s Office of the General Counsel within 15 days of receiving St. Michael’s Passport2Recovery INC.’s Civil Rights Coordinator’s decision. The Office of the General Counsel shall issue a written decision in response to the appeal no later than 30 days after its filing.