All original text on this website is the property of 211info unless otherwise noted. Except where expressly permitted on the website, content may not be reproduced or redistributed without 211info’s written approval. All the information, content, image files, software and materials on the 211info website may be protected by U.S. and international copyright and other intellectual property laws and by other applicable laws, including privacy laws.
211info grants users a personal, limited, revocable, non-exclusive and non-transferable right to access and use the website and service for personal, non-commercial use. 211info retains all ownership rights, title and interest in all aspects of the service and the website, including, but not limited to, all materials, and all current and future patents, copyrights, trademarks, trade secrets, know-how and other proprietary rights included or embodied in the website.
211info makes no representation with respect to the accuracy or completeness of the contents of this website. We specifically disclaim any implied responsibility for the accuracy of the information provided and shall in no event be liable for any loss or damage. 211info makes no warranty that the website or the service will be uninterrupted, timely, secure or error free, that the site or our servers are free of viruses or other harmful components, that the site, including the service will be available, or that data is secure from unauthorized access.
Inclusion of agencies and events on this website does not imply endorsement by 211info; exclusion does not imply disapproval.
This notice may be amended at any time without prior notification. Personal information collected by the through this website and the 211info Community Information Center only when appropriate. With client permission, 211info may disclose a client’s provided information in order to connect the client with resource referrals.
211info requires that all written, electronic and verbal information regarding clients be handled according to certain principles of confidentiality. 211info defines client confidentiality as the protection of any information shared by the client with a 211info staff member during the course of the client’s request for information, referral and/or assistance. It includes any written or electronic documents and data collected in the course of program reporting and measurement. Information about a client from written sources may be released only under the following circumstances:
- In a medical emergency, information will be given to medical personnel to the extent needed to meet the emergency.
- Information that, in the belief of the senior staff member available, indicates clear and immediate danger to the client or to other people will be given to the proper authorities who will be involved in dealing with that danger.
- Any written permit for release of information will be turned over to the director or coordinator of the service holding the information sought. No individual employee will release information on his or her own authority.
If, with the client’s verbal permission, and at his/her request, 211info is seeking help for that client from another agency, verbal information about the client may be given to that agency to the extent necessary to obtain help, or to establish that it is not available.There are some circumstances in which 211info staff members are required to break client confidentiality. Client confidentiality and rights to privacy do not apply in the following circumstances:
- Abuse: Specifically of a minor, elderly person or disabled adult in the care of another adult or agency serving as a caregiver.
- Suicide: Any threat to lethally harm oneself.
- Homicide: Any threat to lethally harm others.
211info collects and aggregates non-identifying client information for the purpose of data reports for funders, the public and website analysis.
Health care information
Any agency providing personally identifiable health care information to 211info will be required to certify that its health care data handling and security procedures are compliant with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). If such data and security services are provided to such agency or agencies by a third-party provider, the agency or agencies shall be responsible for such third party’s compliance with HIPAA.
For 211info contracts with outside organizations and foundations, certain health care providers may fax a medical form to 211info that is then communicated to a third-party service provider. The faxed form includes information gathered by the health care provider such as the client’s name, address, phone number, type of illness and where treatment will be provided. This information is accessed only by trained program staff and safely secured on site.
If you have any questions about these notices, please let us know by calling 211info at 503-226-3099.
This notice describes how medical information may be used and disclosed and how you can get access to this information. Please review it carefully.
I. WHAT IS “PROTECTED HEALTH INFORMATION?”
Your protected health information (PHI) is individually identifiable health information, including demographic information, about your past, present or future physical or mental health or condition, health care services you receive, and past, present or future payment for your health care. Demographic information means information such as your name, social security number, address, and date of birth.
PHI may be in oral, written or electronic form. Examples of PHI include your medical record, claims record, enrollment or disenrollment information, and communications between you and your health care provider about your care. Your individually identifiable health information ceases to be PHI 50 years after your death.
II. ABOUT OUR RESPONSIBILITY TO PROTECT YOUR PHI
- By law, we must protect the privacy of your PHI;
- Tell you about your rights and our legal duties with respect to your PHI;
- Notify you if there is a breach of your unsecured PHI; and
- Tell you about our privacy practices and follow our notice currently in effect.
We take these responsibilities seriously and have put in place administrative safeguards (such as security awareness training and policies and procedures), technical safeguards (such as encryption and passwords), and physical safeguards (such as locked areas and requiring badges) to protect your PHI and, as in the past, we will continue to take appropriate steps to safeguard the privacy of your PHI.
III. YOUR RIGHTS REGARDING YOUR PHI
This section tells you about your rights regarding your PHI, and describes how you can exercise these rights.
A. Your right to access and amend your PHI
- Request to view or get a copy of your PHI that we maintain in records relating to your care or decisions about your care or payment for your care. Requests must be in writing. After we receive your written request, we will let you know when and how you can see or obtain a copy of your record.
- If you agree, we will give you a summary or explanation of your PHI instead of providing copies. We may charge you a fee for the copies, summary or explanation.
- If we do not have the record you asked for, but we know who does, we will tell you who to contact to request it. In limited situations, we may deny some or all of your request to see or receive copies of your records, but if we do, we will tell you why in writing and explain your right, if any, to have our denial reviewed.
- If you believe there is a mistake in your PHI or that important information is missing, you may request that we correct or add to the record. Requests must be in writing, tell us what corrections or additions you are requesting, and why the corrections or additions should be made. We will respond in writing after receiving your written request. If we approve your request, we will make the correction or addition to your PHI. If we deny your request, we will tell you why and explain your right to file a written statement of disagreement. Submit all written requests for access or amendments to us at [email protected].
B. Your right to choose how we send PHI to you or someone else
- You may ask us to send your PHI to you at a different address (for example, your work address) or by different means (for example, fax instead of regular mail).
- If your PHI is stored electronically, you may request a copy of the records in an electronic format offered by 211INFO. You may also make a specific written request to 211INFO to transmit the electronic copy to a designated third party.
- If the cost of meeting your request involves more than a reasonable additional amount, we are permitted to charge you our costs that exceed that amount.
C. Your right to an accounting of disclosures of PHI
- You may ask us for a list of our disclosures of your PHI. Write to us at Release of Information Department, 10220 SE Sunnyside Road, Clackamas, OR 97015 for medical or dental records.
- You are entitled to one disclosure accounting in any 12-month period at no charge. If you request any additional accountings less than 12 months later, we may charge a fee.
- An accounting does not include certain disclosures, for example, disclosures:
i. to carry out treatment, payment, and health care operations;
ii. for which 211INFO had a signed authorization;
iii. of your PHI to you;
iv. from a Kaiser Permanente facility directory;
v. for notifications for disaster relief purposes;
vi. to persons involved in your care and persons acting on your behalf; or
vii. not covered by the right to an accounting.
D. Your right to request limits on uses and disclosures of your PHI
- You may request that we limit our uses and disclosures of your PHI for treatment, payment, and health care operations purposes. We will review and consider your request.
- You may write to us at 211INFO Release of Information Department, Portland, OR. for consideration of your request.
- We are not required to agree to your request, except to the extent that you request a restriction on disclosures to a health plan or insurer for payment or health care operations purposes and the items or services have been paid for out of pocket in full. However, we can still disclose the information to a health plan or insurer for the purpose of treating you. For requests to restrict your PHI for payment or health care operations purposes, please request the restriction prior to receiving 211INFO services.
- If the services are not paid for in full and out of pocket by you or by someone on your behalf, we do not have to agree to your request to restrict uses or disclosures of PHI for health care operations, payment or treatment purposes. We will consider all submitted requests and, if we deny your request, we will notify you in writing.
E. Your right to receive a paper copy of this notice
- You have a right to receive a paper copy of this notice upon request.
IV. HOW WE MAY USE AND DISCLOSE YOUR PHI
Your confidentiality is important to us. Our employees are required to maintain the confidentiality of the PHI of our clients, and we have policies and procedures and other safeguards to help protect your PHI from improper use and disclosure. Sometimes we are allowed by law to use and disclose certain PHI without your written permission. We briefly describe these uses and disclosures below and give you some examples.
How much PHI is used or disclosed without your written permission will vary depending, for example, on the intended purpose of the use or disclosure. Sometimes we may only need to use or disclose a limited amount of PHI, such as to send you an appointment reminder or to confirm that you are a health plan member. At other times, we may need to use or disclose more PHI such as when we are providing medical treatment.
- Providing Services or Making Referrals: This is the most important use and disclosure of your PHI. For example, staff may need to share your information with one of our partner agencies in order for you to access community resources or services.
- Payment: Your PHI may be needed to determine our responsibility to pay for, or to permit us to bill and collect payment for services that you receive. For example, we may have an obligation to pay for a service you receive from an outside provider. When you or the provider sends us the bill for health care services, we use and disclose your PHI to determine how much, if any, of the bill we are responsible for paying.
- Business associates: We may contract with business associates to perform certain functions or activities on our behalf, such as payment and health care operations. These business associates must agree to safeguard your PHI.
- Appointment reminders: We may use your PHI to contact you about appointments for services you may need.
- Identity verification: We may photograph you for identification purposes, storing the photo in your medical record. This is for your protection and safety, but you may opt out.
- Specific types of PHI: There are stricter requirements for use and disclosure of some types of PHI, for example, drug and alcohol addiction treatment information, mental health, and HIV testing information. However, there are still circumstances in which these types of information may be used or disclosed without your authorization.
- Communications with family and others when you are present: Sometimes a family member or other person involved in your care will be present when we are discussing your PHI with you. If you object, please tell us and we won’t discuss your PHI or we will ask the person to leave.
- Communications with family and others when you are not present: There may be times when it is necessary to disclose your PHI to a family member or other person involved in your care because there is an emergency, you are not present, or you lack the decision-making capacity to agree or object. In those instances, we will use our professional judgment to determine if it’s in your best interest to disclose your PHI. If so, we will limit the disclosure to the PHI that is directly relevant to the person’s involvement with your health care. For example, we may allow someone to pick up a prescription for you.
- Disclosure in case of disaster relief: We may disclose your name, city of residence, age, gender, and general condition to a public or private disaster relief organization to assist disaster relief efforts, unless you object at the time.
- Disclosures to parents as personal representatives of minors: In most cases, we may disclose your minor child’s PHI to you. In some situations, however, we are permitted or even required by law to deny you access to your minor child’s PHI. An example of when we must deny such access is if your minor child (14 years or older in Oregon; 13 years or older in Washington) contacts 211INFOR regarding alcohol and drug addiction.
- Public health activities: Public health activities cover many functions performed or authorized by government agencies to promote and protect the public’s health and may require us to disclose your PHI. For example, we may disclose your PHI as part of our obligation to report to public health authorities certain diseases, injuries, conditions, and vital events such as births. Sometimes we may disclose your PHI if you may have exposed someone to certain communicable diseases.
- Oversight: As an agency that provides a wide range of services that support access to medical care and community resources, we are subject to oversight conducted by federal and state agencies. These agencies may conduct audits of our operations and activities and in that process, they may review your PHI.
- Workers’ compensation: If you are an employee of 211INFO we may use or disclose your PHI in order to comply with workers’ compensation laws. For example, we may communicate your medical or dental information regarding a work-related injury or illness to claims administrators, insurance carriers, and others responsible for evaluating your claim for workers’ compensation benefits.
- Military activity and national security: We may sometimes use or disclose the PHI of armed forces personnel to the applicable military authorities when they believe it is necessary to properly carry out military missions. We may also disclose your PHI to authorized federal officials as necessary for national security and intelligence activities or for protection of the President and other government officials and dignitaries.
- Fundraising: We may use or disclose your demographic information and other limited PHI such as dates and where health care was provided, to certain organizations for the purpose of contacting you to raise funds for our organization. If we contact you for fundraising purposes, we will provide you with a clear opportunity to elect not to receive any further fundraising communications.
- Required by law: In some circumstances federal or state law requires that we disclose your PHI to others. For example, the Secretary of the Department of Health and Human Services may review our compliance efforts, which may include seeing your PHI.
- Lawsuits and other legal disputes: We may use and disclose PHI in responding to a court or administrative order, a subpoena, or a discovery request. We may also use and disclose PHI to the extent permitted by law without your authorization, for example, to defend a lawsuit or arbitration.
- Law enforcement: We may disclose PHI to authorized officials for law enforcement purposes, for example, to respond to a search warrant, report a crime on our premises, or help identify or locate someone.
- Serious threat to health or safety: We may use and disclose your PHI if we believe it is necessary to avoid a serious threat to your health or safety or to someone else’s.
- Abuse or neglect: By law, we may disclose PHI to the appropriate authority to report suspected child abuse or neglect or to identify suspected victims of abuse, neglect, or domestic violence.
- Coroners and funeral directors: We may disclose PHI to a coroner or medical examiner to permit identification of a body, determine cause of death, or for other official duties.
V. ALL OTHER USES AND DISCLOSURES REQUIRE YOUR PRIOR WRITTEN AUTHORIZATION
Except for those uses and disclosures described above, we will not use or disclose your PHI without your written authorization. Some instances in which we may request your authorization for use or disclosure of PHI are:
- Sale of PHI: We may only sell your PHI if we received your prior written authorization to do so. When your authorization is required and you authorize us to use or disclose your PHI for some purpose, you may revoke that authorization by notifying us in writing at any time. Please note that the revocation will not apply to any authorized use or disclosure of your PHI that took place before we received your revocation.
VI. HOW TO CONTACT US ABOUT THIS NOTICE OR OUR PRIVACY PRACTICES
If you have any questions about this notice, or want to lodge a complaint about our privacy practices, please let us know by calling 503-226-3099 or emailing [email protected]. You also may notify the Oregon Department of Human Services (DHS).
We will not take retaliatory action against you if you file a complaint about our privacy practices.
VII. CHANGES TO THIS NOTICE
We may change this notice and our privacy practices at any time, as long as the change is consistent with state and federal law. Any revised notice will apply both to the PHI we already have about you at the time of the change, and any PHI created or received after the change takes effect. If we make an important change to our privacy practices, we will promptly change this notice and make the new notice available in our facilities and on this website. Except for changes required by law, we will not implement an important change to our privacy practices before we revise this notice.
Effective date of this notice is April 28, 2014.