HIPAA Compliance



All questions regarding The Heinzerling Community’s privacy practices and this Notice of Privacy Practices should be directed to our Privacy Officer at (614) 272-8888.
This notice describes how we use or disclose the resident’s protected health information (“PHI”). PHI is information that identifies the resident and relates to health care services, the payment of health care services or the resident’s physical or mental health or condition, in the past, present or future.

This notice also describes the resident’s rights (through his or her legal guardians) to access and control his or her PHI. Any further reference herein to a resident’s rights assumes that the resident’s legal guardian or legal representative is asserting or protecting the resident’s rights on his or her behalf and that The Heinzerling Community fulfills its duties and responsibilities pursuant to this notice through the resident’s legal guardian or legal representative.

Federal law requires that we abide by this notice and provide this notice to the resident. We reserve the right, however, to change any and all of the provisions contained herein at any time. We will promptly revise and distribute this notice whenever there is a material change to the uses or disclosures, the resident’s rights, our duties, or other practices stated in this notice. Except when required by law, a material change to this notice will not be implemented before the effective date of the new notice in which the material change is reflected.

This notice will become effective on September 23, 2013.

Our Responsibilities

The Heinzerling Community is required to:

  • Maintain the privacy of the resident’s PHI.
  • Provide you with this notice of our legal duties
    and privacy practices with respect to PHI.
  • Abide by the terms of this notice currently in effect.
  • Notify affected individuals following a breach of unsecured PHI.

Understanding Our Residents’ Health Record/Information

We keep records of all of our residents’ healthcare information. Typically, these records contain information such as resident symptoms, examination and test results, diagnoses, treatment and a plan for future care or treatment. This information, often referred to as a health or medical record, serves as a:

  • Basis for planning care and treatment.
  • Means of communication among health professionals who contribute to the residents’ care.
  • Legal document describing the care residents receive.
  • Means by which a third-party payer can verify that services billed were actually provided.
  • Tool in educating health professionals.
  • Source of data for medical research.
  • Source of information for public health officials who oversee health care delivery in the U.S.
  • Source of data for facility planning and utilization.
  • Tool with which we can assess and continually work to improve the care we render and the outcomes we achieve.

Our Residents’ Rights

Although the resident’s health record is the physical property of the facility, the information in this health record belongs to the resident. Residents and/or their legal guardians can assume the following rights:

  • Right to request that we not use or disclose PHI in certain ways. You may request that we not use or disclose the resident’s PHI for a particular reason related to treatment, payment and our general health care operations and/or to a particular family member, other relative or close personal friend. Although we will consider your request, please be aware that we are under no obligation to accept it or to abide by it unless the request concerns a disclosure of PHI to a health plan for purposes of carrying out payment or health care operations, and the PHI pertains solely to a health care service for which the provider has been paid out of pocket in full. We ask that such requests be made in writing on a form provided by our facility. For more information about this right, see 45 Code of Federal Regulations (C.F.R.) § 164.522(a).
  • Right to request to receive communications in an alternative manner or location. If you are dissatisfied with how or where you are receiving communications from us that are related to the resident’s PHI, you may request that we provide you with such information by alternative means or at alternative locations. Such a request must be made in writing, and submitted to the Privacy Officer. We will attempt to accommodate reasonable requests. We may not require that you provide an explanation for your request and will attempt to honor any reasonable requests. For more information about this right, see 45 C.F.R. § 164.522(b).
  • Right of access to inspect and obtain a copy of PHI. You may request to inspect and/or obtain copies of PHI about the resident maintained in a designated record set. We may charge a reasonable, cost-based fee to produce the records. A designated record set is the medical records and billing records about residents maintained by or for us. There are some exceptions as to what information can be accessed. For example, information compiled for legal proceedings cannot be accessed. If we deny access to the resident’s information, in part or in whole, we will notify the resident’s legal guardian. The denial will include the reason for the denial, review rights (if applicable), and information on how to file a complaint. You may make such requests orally or in writing; however, in order to better respond to your request, we ask that you make such requests in writing on our facility’s standard form. For a request form, please contact the Privacy Officer. For more information about this right, see 45 C.F.R. § 164.524.
  • Right to request an amendment to PHI. If you believe that any PHI in the resident’s record is incorrect or if you believe that important information is missing, you may request that we correct the existing information or add the missing information. We may deny the request if you ask us to amend information that: was not created by us; is not part of the PHI kept by us; is not part of the PHI you would be permitted to inspect or copy; or is accurate and complete. If a request is denied, you will be informed of the reason for the denial and will have an opportunity to submit a statement of disagreement to be maintained with your records. Such requests must be made in writing and must provide a reason to support the amendment. We ask that you use the form provided by our facility to make such requests. For a request form, please contact the Privacy Officer. For more information about this right, see 45 C.F.R. § 164.526.
  • Right to an accounting of disclosures of the resident’s PHI. You may request that we provide you with a written accounting of all disclosures of PHI made by us during the time period for which you request (not to exceed 6 years). We ask that such requests be made in writing on a form provided by our facility. Please note that an accounting will not apply to all disclosures, including disclosures made for reasons of treatment, payment or health care operations; disclosures made to you; or disclosures made with your written authorization. If you request such an accounting more than once in a 12-month period, you will be charged a reasonable fee. For more information about this right, see 45 C.F.R.. § 164.528.
  • Right to obtain a paper copy of our Notice of Privacy Policies upon request.

How We May Use or Disclose PHI for Treatment, Payment, and Health Care Operations

Treatment. We may use or disclose the resident’s PHI for treatment purposes, including for the treatment activities of other health care providers. For example, information obtained by a nurse, physician, or other member of the healthcare team will be recorded in the resident’s medical record and be used to determine the best course of treatment. A physician will document in the record his or her expectations of the members of the healthcare team. Members of the healthcare team will then record the actions they took and their observations. In that way, the physician will know how a resident responds to treatment. We will also provide the resident’s physician or a subsequent healthcare provider with copies of various reports that should assist him or her-in treatment in the event a resident is discharged from our facility.

Payment. We may use or disclose the resident’s PHI for payment, including for the payment activities of other health care providers or payers. For example, a bill may be sent to a third-party payer, including Medicare or Medicaid. The information on or accompanying the bill may include identifying information, as well as a diagnosis, procedures and supplies used.

Health care operations. We may use or disclose the resident’s PHI for our own regular health care operations. For example, members of the medical staff, the risk or quality improvement manager, or members of the quality improvement team may use information in a health record to assess the care and outcomes of a case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the healthcare and services we provide. Other operational activities requiring use and disclosure of PHI include legal, actuarial, and audit services. In addition, we may disclose PHI for certain health care operations of other entities under the following conditions: (a) the other entity must have, or have had in the past, a relationship with the resident; (b) the health information used or disclosed must relate to that other entity’s relationship with the resident; and (c) the disclosure must be for only one of the following purposes: (i) quality assessment and improvement activities; (ii) population-based activities relating to improving health or reducing health care costs; (iii) case management and care coordination; (iv) conducting training programs; (v) accreditation, licensing, or credentialing activities; or (vi) health care fraud and abuse detection or compliance.


We may contact you as part of a fundraising effort. However, you will be provided the opportunity to opt out of receiving such fundraising communications.

Disclosures You May Authorize Us to Make

We will not use or disclose the resident’s PHI without authorization, except as described in this notice. Most uses and disclosures of psychotherapy notes, as applicable, require your authorization. Subject to certain limited exceptions, we may not use or disclose PHI for marketing without your authorization. We may not sell PHI without your authorization. You may give us written authorization to use and/or disclose health information to anyone for any purpose. If you give us authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosure made pursuant to your authorization while the authorization was in effect.

Other Uses and Disclosures

Directory. Unless we are notified otherwise, we may use the resident’s name, location in the facility, general condition, and religious affiliation for directory purposes. This information may be provided to members of the clergy and, except for religious affiliation, to other people who ask for the resident by name. We may also use the resident’s name throughout the facility to identify the resident, his or her belongings and to support our programs and dedication to quality of life.

Notification. We may use or disclose the resident’s PHI to notify or assist in notifying a family member, personal representative, or another person responsible for the resident’s care, location and general condition. If we are unable to reach a family member or personal representative, then we may leave a message for them at a telephone number that they have provided us, e.g., on an answering machine or voicemail.
Communication with family. We may disclose to a family member, other relative, close personal friend or any other person involved in the resident’s health care, the resident’s PHI relevant to that person’s involvement in your care or payment related to your care.
Disaster relief. We may use and disclose the resident’s PHI to assist in disaster relief efforts.

Victims of abuse, neglect, or domestic violence. We may disclose the resident’s PHI to appropriate authorities as required by law to report abuse, neglect, or domestic violence.
Judicial/administrative proceedings. We may disclose the resident’s PHI in the course of any judicial or administrative proceeding as allowed or required by law, with your authorization, or as directed by a proper court order.

Law enforcement. We may disclose the resident’s PHI for law enforcement purposes as required by law or in response to a valid subpoena. Examples include in response to a warrant or subpoena for the purpose of identifying or locating a suspect, witness, or missing person.

Public health. We may disclose the resident’s PHI to public health or legal authorities charged with preventing or controlling disease, injury or disability. For example, we may disclose to the FDA, or to a person or entity subject to the jurisdiction of the FDA, health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.

Health oversight. Federal law allows us to release the resident’s PHI to appropriate health oversight agencies for health oversight activities. For example, we may disclose the resident’s PHI to the U.S. Department of Labor for activities authorized by law, including audits and investigations.

Transfer of information at death. In certain circumstances, we may disclose the resident’s PHI to funeral directors, medical examiners and coroners to carry out their duties consistent with applicable law.

Organ procurement organizations. Consistent with applicable law, we may disclose the resident’s PHI to organ procurement organizations or other entities engaged in the procurement, banking or transplantation of organs for the purposes of tissue donation and transplant.

Research. We may disclose the resident’s PHI to researchers when certain established steps have been taken to protect the resident’s privacy.

Serious threat. To avert a serious threat to health or safety, we may disclose the resident’s PHI consistent with applicable law to prevent or lessen a serious, imminent threat to the health or safety of a person or the public.

Specialized government functions. We may disclose the resident’s PHI for specialized government functions as authorized by law such as to Armed Forces personnel, for national security purposes, or to public assistance program personnel.

Workers’ compensation. We may disclose the resident’s PHI to the extent authorized by and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs established by law.

For More Information or to Report a Problem

If you have any questions and would like additional information:

You may contact our Privacy Officer at 614-272-8888. The Privacy Officer will investigate and address any issues of noncompliance with this notice.

If you believe that a resident’s privacy rights have been violated:

You may file a complaint with us. These complaints must be filed in writing on a form provided by our facility. The complaint form may be obtained from and returned to the Privacy Officer. You may also file a complaint with the secretary of the U.S. Department of Health and Human Services. There will be no retaliation for filing a complaint.

© Copyright Heinzerling Community 2017. All Rights Reserved