McNeese Autism Program
Notice of Privacy Practices
Last Revised March 2016
MAP May Use and Disclose Information Without Your Authorization
- For treatment. MAP may use or disclose information to health care providers who are involved in your health care. For example, information may be shared to create and carry out a plan for treatment.
- For Payment. MAP may use or disclose information to get payment for the services you receive. For example, MAP may provide PHI to bill your health plan for services provided to you.
- For MAP Operations. MAP may use or disclose information in order to manage its programs and activities. For example, MAP may use PHI to review and evaluate the quality of services you receive.
- Appointments. MAP may send you reminders for appointments or eligibility renewal. MAP may send you information about services that may be of interest to you.
- Technical Support. MAP may use or disclose PHI in the process of receiving technical support from the McNeese State University Office of Information Technology. For example, in the event technical problems require computer repair or data transfer.
- As required by Law and for Law Enforcement. MAP will use and disclose information when required or permitted by federal or state or by court order. If federal or state law create higher standards of privacy, MAP will follow the higher standard.
- For Abuse Reports and Investigations. MAP is required by law to report abuse, neglect, or exploitation to law enforcement agencies.
- To Avoid Harm. MAP may use and disclose PHI to law enforcement agencies in order to avoid a serious threat to the health, welfare, and safety of a person or the public.
- For Research. MAP may use information for studies and to develop reports. For example, MAP may conduct research on effective behavioral interventions. If research is published, identifying information will not be included in the published report.
- Disaster Relief. MAP may use and disclose PHI to an agency organizing disaster relief efforts.
- Public Health Activities. MAP may use and disclose PHI for reporting to a public health or government authority for preventing or controlling disease, injury, or reporting child abuse or neglect.
- Food and Drug Administration (FDA). MAP may use and disclose PHI concerning adverse events or problems with products or medications for tracking purposes to enable product recalls or to comply with other FDA requirements.
- Communicable Diseases. MAP may use and disclose PHI to notify a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.
- Reporting to Law. MAP may use and disclose PHI to report victims of abuse, neglect, or domestic violence as required by law.
- Illness or Injury. MAP may use and disclose PHI for certain purposes involving workplace illnesses or injuries.
- Judicial and Administrative Proceedings. MAP may use and disclose PHI in response to a court or administrative order, subpoena, discovery requests, or other lawful process. Efforts will be made to notify you about the request or to obtain an order or agreement protecting the information.
- Health Oversight Activities. MAP may use and disclose PHI to a health oversight agency for activities authorized by law, such as, audits, inspections, investigations, licensure actions or other legal proceedings.
- Coroners, Medical Examiners, Funeral Directors, Organ Procurement Organizations. MAP may use and disclose PHI to these entities.
- Workers Compensation. MAP may use and disclose PHI for workers compensation related issues.
Other Uses and Disclosures Require Your Written AuthorizationFor other situations, MAP will ask for your written authorization before disclosing information. You may cancel this authorization at any time in writing. MAP cannot take back any uses or disclosures already made with your authorization.
Your Privacy Rights
- Right to see and get copies of your records. In most cases, you have the right to look at or get copies of your records. You must make the request in writing to the MAP Business Manager and allow 30 days for processing of the request. You may be charged a fee for the cost of copying your records.
- Right to request to correct, amend, or update your records. You may ask MAP to change or add missing information to your records if you think there is a mistake.
- Right to get a list of disclosures. You have the right to ask MAP for a list of disclosures made after June 1st 2008. You must make this request in writing. This list will not include the times that information was disclosed for treatment, payment, or MAP operations. The list will not include information provided directly to you or your family or information that was sent with your authorization.
- Right to request limits on uses or disclosures of PHI. You have the right to ask MAP to limit how your information is used or disclosed. You must make the request in writing and tell MAP what information you want to limit and to whom you want the limits to apply. MAP is not required to agree to the limit. You can request in writing that the limit be terminated.
- Right to revoke permission. If you are asked to sign an authorization to use or disclose information, you can cancel that authorization at any time. You must make the request in writing. This will not affect information that has already been shared.
- Right to file a complaint. You have the right to file a complaint with the MAP Security Officer at 4205 Ryan Street, Box 91895 Attn: Security Officer, Lake Charles, LA 70609. If your complaint is regarding the security officer, please address the complaint with the MAP Director.
- Right to get a paper copy of this notice. You have a right to ask for a paper copy of this notice at any time.
- Right to receive notice of change in MAP privacy practices. You have the right to receive notice of changes in MAP privacy practices that affect you on or after the effective date of the change.
- A Note About Timeliness: A request for medical records must be met by a covered entity within 30 days of receipt, though an additional 30-day period can be granted as long as the entity provides a written statement to the individual explaining the delay.
Information Excluded from the Right of AccessAn individual does not have a right to access PHI that is not part of a designated record set because the information is not used to make decisions about individuals. This may include certain quality assessment or improvement records, patient safety activity records, or business planning, development, and management records that are used for business decisions more generally rather than to make decisions about individuals. For example, a hospital’s peer review files or practitioner or provider performance evaluations, or a health plan’s quality control records that are used to improve customer service or formulary development records, may be generated from and include an individual’s PHI but might not be in the covered entity’s designated record set and subject to access by the individual.
In addition, two categories of information are expressly excluded from the right of access:
- Psychotherapy notes, which are the personal notes of a mental health care provider documenting or analyzing the contents of a counseling session, that are maintained separate from the rest of the patient’s medical record.
- Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding. However, the underlying PHI from the individual’s medical or payment records or other records used to generate the above types of excluded records or information remains part of the designated record set and subject to access by the individual.
- An additional note on Endangerment: A covered entity can also deny a records request if the entity determines that releasing the records could endanger the life of the patient. In this scenario, if the covered entity believed the release of the records could lead to a patient suicide, it could reject the request.