Facebook Notice of Privacy Practices | Burrell Behavioral Health Skip to Main Content

For Clients

Notice of Privacy Practices

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, YOUR RIGHTS WITH RESPECT TO YOUR HEALTH INFORMATION, HOW YOU CAN GET ACCESS TO YOUR HEALTH INFORMATION, AND HOW TO FILE A COMPLAINT CONCERNING A VIOLATION OF THE PRIVACY OR SECURITY OF YOUR HEALTH INFORMATION OR OF YOUR RIGHTS CONCERNING YOUR INFORMATION. YOU HAVE A RIGHT TO A COPY OF THIS NOTICE (IN PAPER OR ELECTRONIC FORM) AND TO DISCUSS IT WITH THE PRIVACY OFFICER AT (417) 761-5962 OR PRIVACY@LIVEBRIGHTLI.ORG IF YOU HAVE ANY QUESTIONS. PLEASE REVIEW IT CAREFULLY.

This Notice is on behalf of and applies to Brightli and its Affiliated Covered Entity (“Brightli ACE”) members. An ACE is a group of Covered Entities that is fully or partially owned by the same parent company and designates itself as a single entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). Certain members of the Brightli ACE may also be considered a Substance Use Disorder ("SUD") Treatment Program, which is governed by the Confidentiality of Substance Use Disorder Patient Records regulations set forth in 42 CFR Part 2. These members have designated themselves as a single SUD Treatment Program for compliance with 42 CFR Part 2. “We” as used in the Notice, refers collectively to the Brightli ACE. 

The members of the Brightli ACE will share, use and disclose protected health information (“PHI”) with each other for the treatment, payment, and health care operations of the Brightli ACE in accordance with this Notice and applicable law. Please visit our website at www.livebrightli.org for a current list of the members of the Brightli ACE. The list will also be made available upon request by contacting the Privacy Office listed on the last page of this Notice. 

Additionally, we participate with other behavioral health services agencies (each, a “Participating Covered Entity”) in the IPA Network established by Illinois Health Practice Alliance, LLC (“Company”). Through Company, the Participating Covered Entities have formed one or more organized systems of health care in which the Participating Covered Entities participate in joint quality assurance activities, and/or share financial risk for the delivery of health care with other Participating Covered Entities, and as such qualify to participate in an Organized Health Care Arrangement (“OHCA”), as defined by the Privacy Rule. As OHCA participates, all Participating Covered Entities may share the PHI of their patients for the Health Care Operations purposes of the OHCA. 

The Brightli ACE has designated itself as a hybrid entity, having both health care and non-health care components. This Notice does not apply to the non-health care components of the Brightli ACE. This Notice does not apply to health information that is not subject to HIPAA or similar state health information privacy laws, or information used or shared in a manner that cannot identify you. 

This Notice does not apply to any Brightli ACE member’s health plan or to a Brightli ACE member as an employer. Any Brightli ACE member health plan is considered a separate covered entity for the purpose of HIPAA and has its own notice of privacy practices. 

This Notice only applies to those parts of Brightli ACE members’ websites and mobile device applications where you can access your PHI or interact with a clinician regarding your specific care, such as our patient portal with respect to your PHI. However, these websites and applications may contain additional terms associated with your use. You should review those terms as well as the website terms contained on the Brightli ACE member website that you visit. 

You may have additional rights under other applicable state or federal law. Applicable state or federal laws that provide greater privacy protection or broader privacy rights will continue to apply and we will comply with such laws to the extent they are applicable.

OUR RESPONSIBILITIES AND DUTIES

By law, we must maintain the privacy of your PHI and abide by the terms of the Notice currently in effect. We are required by law to provide this Notice to you, implement safeguards to maintain the privacy of PHI, and promptly notify you if there is a breach of your unsecured PHI. In the event of a breach of your unsecured PHI experienced by us or one of our Business Associates, we will provide you with notice in accordance with applicable law.

We have the right to change this Notice at any time. If we change this notice, we may make the new terms effective for all PHI that we maintain. Any changes that we make will comply with federal, state, and other laws. The most recent copy of this Notice can be found on our website at www.livebrightli.org, at our facilities, or you may call or write to the Privacy Office listed at the end of this Notice to obtain the most recent version. You have the right to receive a paper copy of this Notice, even if you previously agreed to receive it electronically.
 

YOUR RIGHTS

The following are statements of your rights, subject to certain limitations, with respect to your PHI and apply equally with respect to Part 2 Records:

To inspect and receive a copy your PHI in a designated record set

You have the right to review and to receive a paper or electronic copy of your PHI maintain in our designated record set. Your request must be in writing. We may charge a reasonable, cost-based fee for the cost of providing you with access to or copies or your PHI in accordance with applicable law. Under federal law, you may not inspect or copy the following types of records: psychotherapy notes, information compiled as it relates to civil, criminal, or administrative action or proceeding; information restricted by law; information related to medical research in which you have agreed to participate; information obtained under a promise of confidentiality; and information whose disclosure may result in harm or injury to yourself or others. We may deny your request to inspect and copy in certain very limited circumstances. If we deny you access to your PHI for certain reasons, we will provide you with an opportunity to request that the denial be reviewed. A licensed health care professional chosen by us will perform such a review. This person will not be the same person who refused your request. Requests to inspect or receive a copy of your medical record may be submitted to your health care provider.

  • We may provide a patient portal as one option for patients to electronically access their PHI. If we have a patient portal, you may request access by contacting your health care provider. There is no fee for you to access PHI through our patient portal.
    To a summary or explanation of your PHI: You have the right to request only a summary of your PHI if you do not desire to obtain a copy of your entire record. You also have the option to request an explanation of the PHI to which you were provided access when you request your entire record.
  • To obtain an electronic copy of medical records: You have the right to request an electronic copy of your PHI for yourself or to be sent to another individual or organization when your PHI is maintained in an electronic format. We will make every attempt to provide the records in the format you request; however, in the case that the information is not readily accessible or producible in the format you request, we will provide the record in a standard electronic format or a legible hard copy form.

Ask for us to limit what we use or share

You can ask us not to use or share certain PHI or to limit such use or disclosure. Unless otherwise required by law, we may say “no” to your request. If you pay in full for your service and request that we not share the PHI about that service with your health plan, we will honor your request. If we agree to a restriction involving disclosures for treatment or health care operations, we will honor that agreement unless you need emergency treatment, and the disclosure is necessary for your care. You may request restrictions to the PHI we share by contacting your health care provider. Your request must be submitted in writing and include 1) what PHI you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosure to your spouse.

Ask for confidential communications

You have the right to request your PHI in a certain form or at a specific location. Your request must be in writing. For example, you can request that we not contact you at work, and you can tell us how and/or where you want to receive PHI. We will agree to reasonable requests. If we agree to your request, we will honor your request until you tell us in writing that you have changed your mind and no longer want confidential communication. You may submit your request for confidential communications to your health care provider. You do not have to disclose the reason for your request; however, you must submit a request with specific instructions in writing.

Ask us to correct your PHI in the designated record set

You can request your PHI be corrected if you believe it contains a mistake or is missing PHI. You must tell us the reasons for the change in writing using the request form you can get from your provider or from the Privacy Officer listed at the end of this notice. Please note that submitting a request for an amendment does not necessarily mean the PHI will be amended. If we approve your request, we will include the amendment in any future disclosures of the relevant PHI. If we deny your request for an amendment, you may file a written statement of disagreement, which we may rebut in writing. The denial, statement of disagreement, and rebuttal will be included in any future disclosures of the relevant PHI. We can deny your request if: (1) it is not in writing or does not include a reason for the change; (2) the PHI you want to change was not created by us; (3) the PHI is not part of the designated record set kept by us (unless the person or entity that created the information is no longer available to make the amendment); (4) the PHI is not information that you are permitted to inspect or copy; or (5) the PHI contained in the record is accurate and complete. All denials will be made in writing. You may submit a request to correct your medical record by contacting your health care provider.

To receive a list of who we have shared your PHI with

You have the right to request a list of those whom we have shared your PHI with (accounting of disclosures). We will provide you such an accounting, however, it will not include certain disclosures that are exempt from the accounting requirement, such as (but not limited to) disclosures made for the purposes of: treatment; payment; health care operations; notification and communication with family and/or friends; and those required by law. Your request must be in writing, and you must state the time period for the requested information, which generally may be no longer than 6 years prior to the date of your request. If you are requesting an accounting of disclosures of Part 2 Records made pursuant to your written consent in the 3 years prior to the date of the request (or a shorter time period chosen by you), we will provide such accounting consistent with these HIPAA requirements and Part 2. When regulations are effective requiring such accountings pursuant to HIPAA and Part 2, we will provide a patient with an accounting of disclosures of records for treatment, payment, and health care operations only where such disclosures are made through an electronic health record and during only the 3 years prior to the date on which the accounting is requested. We will provide one (1) free accounting per year and may charge you a reasonable fee for any additional requests. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. You may submit a request to receive an accounting of disclosures to your health care provider or privacy@livebrightli.org.

To appoint a personal representative, such as a medical power of attorney or if you have legal guardian

Your personal representative may be authorized to exercise your rights and make choices about your PHI. We will confirm the person has this authority and can act for you before we take any action based on their request.

To make a complaint if you feel your privacy rights have been violated

We hope you will tell us if you have a concern so we can try to fix it, but you also have the right to file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/ privacy/hipaa/complaints/. To file a complaint with the Secretary, you must 1) name the Brightli ACE place or person that you believe violated your privacy rights and describe how that place or person violated your privacy rights; and 2) file the complaint within 180 days of when you knew or should have known that the violation occurred. Violation of Part 2 is a crime. You may report suspected violations of Part 2 to the Secretary of the United States Department of Health and Human Services in the same manner as HIPAA violations are reported. Filing a complaint will not affect your ability to obtain care and we will not retaliate against you. If you wish to file a complaint with us, please submit it in writing to our Privacy Officer at the address or email provided in the Contact Information section below.

OUR USES AND DISCLOSURES

Below is a list of common ways in which we are required or permitted to use or share your PHI without your advance permission; however, applicable laws governing sensitive information (including behavioral health information, SUD information, reproductive health information, and information related to HIV/AIDS or other communicable diseases) may further limit these uses and disclosures.

  • Treatment and Care Coordination: We may use and share PHI about you with people involved in your care to provide treatment and/or services in order to manage and coordinate your medical care. For example, a doctor may need to look at your medical history before treating you.
  • Payment and Billing: We may use and disclose your PHI for billing purposes to obtain payment for your health care services. For example, we may share your PHI with your insurance company to receive payment for services. This use and disclosure may also include certain activities that your health plan requires prior to approving a service, such as determining benefits eligibility and prior authorization.
    • Health Care Operations: We may use and disclose PHI about you to manage, operate, and support the business activities of our practice. These activities include, but are not limited to, quality assessment, employee review, licensing, and conducting other business activities. For example, we may share PHI about you to evaluate our staff’s performance in caring for you. We may use or disclose your PHI, as necessary, to contact you to remind you of your appointment or for important services such as annual checkups and inform you about treatment alternatives or other health-related benefits and services that may be of interest to you. For example, we may call, text, or e-mail you to remind you of a scheduled appointment. We may also share your PHI for case management and care coordination purposes. We may share PHI with our students, trainees, and staff for review and learning purposes. We may also use and share your PHI to confirm the time, place and attendance of your appointment for treatment with third-party transportation services.
  • Research: We may share your PHI with researchers when their research has been approved by an institutional review board (IRB) or privacy board and found by the IRB not to require patient permission. Your permission is required for other types of research. We may use and share your PHI with a researcher if certain parts of your PHI that would identify you are removed before we share it with the researcher. This will only be done if the researcher agrees in writing not to share the information, will not try to contact you, and will obey other requirements that the law provides.
  • Public Health Activities: We may share your PHI for public health purposes such as to report the occurrence of communicable diseases. We may share your PHI with public health authorities for public health purposes to prevent or control disease, injury, or disability and for conducting public health monitoring, investigations, or activities.
  • Health Oversight, Audit and Evaluation Activities: We may share your PHI with agencies that oversee the health care system, government benefit programs, or agencies responsible for auditing, investigations, and inspections or enforcing compliance with civil rights laws.
  • Law Enforcement: We will disclose your PHI for law enforcement purposes when all applicable legal requirements have been met. We may share with law enforcement any PHI that is directly related to the commission of a crime on the premises or against our personnel or to a threat to commit such a crime. We may also share certain PHI to identify or apprehend an individual who has escaped from lawful custody, to identify or locate a missing person, to comply with a court order or warrant, or to prevent or lessen the threat to the health or safety of an individual.
  • Workers Compensation: We may share PHI to comply with workers' compensation laws.
  • Business Associates: We may disclose your PHI to Business Associates and/or Qualified Service Organizations contracted by us to perform services on our behalf which may involve receipt, use or disclosure of your PHI. All of our Business Associates must agree to: (i) protect the privacy of your PHI; (ii) use and disclose the PHI only for the purposes for which the Business Associate was engaged; and (iii) if receiving SUD information, be bound by 42 CFR Part 2 and, if necessary, resist in judicial proceedings any efforts to obtain access to patient records except as permitted by law. We may also share your PHI with a Business Associate who will remove information that identifies you so that the remaining information can be used or disclosed for purposes outside of this Notice.
  • Abuse, Neglect, and Domestic Violence or Other Threats to Safety: We may disclose your PHI to the appropriate government agency if we believe that a patient has been or is currently the victim of abuse, neglect, or domestic violence and the patient agrees to the disclosure or we are otherwise permitted or required by law to do so. In addition, your PHI may also be disclosed when necessary to prevent a serious threat to your health or safety or the health and safety of others to someone who may be able to help prevent the threat. State laws may require such disclosure when an individual or group has been specifically identified as the target or potential victim.
    • Required by Law; Judicial and Administrative Proceedings: We will use or disclose your PHI when required to do so by local, state, federal, and international law. For example, we may share your PHI as required to report a suspicious death or suspected child abuse or neglect. We may use and disclose your PHI in conjunction with judicial or administrative proceedings or for purposes of litigation as permitted by law. We may also share your PHI in response to an administrative or court order, or in response to a subpoena, a discovery request, or other legal process if we are advised that you have been made aware of the request or that efforts were made to secure a qualified protective order.
    • Decedents: We may share PHI related to cause of death to a public health authority that is authorized to receive such PHI. We may also share PHI with coroners, medical examiners and funeral directors as permitted by law.
    • Minors: PHI of minors will be disclosed to their parents or legal guardians acting as personal representatives, unless prohibited by law or in circumstances where the law permits us to withhold PHI, such as to prevent harm to the minor or another person or in cases of suspected child abuse or neglect.
  • Ownership Change: If our practice is sold, acquired, or merged with another entity, your PHI may become the property of the new owner. However, you will still have the right to request copies of your records and have copies transferred to another provider.
  • Breach Notification Purposes: If for any reason there is an unsecured breach of your PHI, we will utilize the contact information you have provided us with to notify you of the breach, as required by law. In addition, your PHI may be disclosed as a part of the breach notification and reporting process.
  • Other Purposes: We may share your PHI, unless prohibited by law, for organ and tissue donation purposes, for national security activities, for protection of the president or other officials, with correctional institutions for care or safety purposes, with appropriate military command authorities when related to members of the armed forces, and for other purposes as required by state or federal law.

YOUR CHOICES

  • We may use or share your PHI for any of the purposes described in this section after we have given you an opportunity to agree or object. Your written request must be given to your care provider or to the Privacy Officer listed at the end of this Notice.
  • We may include limited information about you in a facility directory while you are a patient. The information may include your name, location in the building, general condition, and your religious affiliation. Except for your religious affiliation, the directory information may be released to people who ask for you by name. We may give your religious affiliation to a member of the clergy, such as a priest or rabbi, even if they don't ask for you by name. You have the right to ask that all or part of your information not be given out.
    In the event of a disaster, your PHI may be disclosed to disaster relief organizations (such as the American Red Cross) to coordinate your care and/or to notify family members or friends of your location and condition. Whenever possible, we will provide you with an opportunity to agree or object.
  • We may contact you about our sponsored fundraising programs and events unless you ask us not to by contacting the Privacy Office listed at the end of this Notice. If you opt out of fundraising communications, it will not affect your care.
  • We may share your PHI with a friend, family member, personal representative, or any individual you identify who is involved in your care or is paying for some or all your care. If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your PHI if we believe it is in your best interest.
  • We may use a Health Information Exchange (HIE) to exchange electronic PHI about you with other healthcare providers or entities that are not part of our healthcare system. PHI exchanged between providers or entities may be stored in their own systems and can be used for the purposes described in this Notice, to coordinate your care and as permitted by law. You are automatically opted in to such HIEs. If you wish to opt out, you must make a written request, which we will comply with unless disclosure is required by law. If you opt out of participating in these HIEs, your health information will no longer be provided to other health care entities through the HIE. However, your decision does not affect the health information that was exchanged prior to the time you opted out of participation. Note that certain sensitive information requires your consent prior to disclosure for these purposes, such as Part 2 Records, and will not be shared though the HIE unless we have obtained your consent as required by applicable law.

REPRODUCTIVE HEALTH PRIVACY

Federal law recognizes and protects the confidentiality of comprehensive reproductive health care services, including abortion care, and places additional restrictions on the use or disclosure of PHI related to reproductive health care. Reproductive health care means health care that affects the health of an individual in all matters relating to the reproductive system and to its functions and processes. This includes, but is not limited to, contraception, including emergency contraception; preconception screening and counseling; management of pregnancy and pregnancy-related conditions, including pregnancy screening, prenatal care, miscarriage management, treatment for preeclampsia, hypertension during pregnancy, gestational diabetes, molar or ectopic pregnancy, and pregnancy termination; fertility and infertility diagnosis and treatment, including assisted reproductive technology and its components (e.g., in vitro fertilization (IVF)); diagnosis and treatment of conditions that affect the reproductive system (e.g., perimenopause, menopause, endometriosis, adenomyosis); and other types of care, services, and supplies used for the diagnosis and treatment of conditions related to the reproductive system (e.g., mammography, pregnancy-related nutrition services, postpartum care products). We are prohibited from using or disclosing any PHI potentially related to reproductive health care for the following activities: (i) to conduct criminal, civil or administrative investigation into a person for the mere act of seeking, obtaining, providing or facilitating reproductive health care, (ii) to impose criminal, civil or administrative penalties for the mere act of seeking, obtaining, providing or facilitating reproductive health care, or (iii) to identify a person for either of these purposes. Seeking, obtaining, providing, or facilitating reproductive health care includes, but is not limited to, any of the following: expressing interest in, using, performing, furnishing, paying for, disseminating information about,
arranging, insuring, administering, authorizing, providing coverage for, approving, counseling about, assisting, or otherwise taking action to engage in reproductive health care; or attempting any of the same. Outside of these activities, we may continue to use and disclose PHI related to reproductive health care for all other purposes described in this Notice.

The prohibition on use and disclosure of reproductive health care information only applies where the relevant activity is in connection with a person seeking, obtaining, providing, or facilitating reproductive health care, and we have reasonably determined either that:

  • The reproductive health care is lawful under the law of the state in which such health care is provided under the circumstances in which it is provided. For example, if a resident of one state traveled to another state to receive reproductive health care, such as an abortion, that is lawful in the state where such health care was provided.
  • The reproductive health care is protected, required, or authorized by Federal law, including the United States Constitution, under the circumstances in which such health care is provided, regardless of the state in which it is provided. For example, if use of the reproductive health care, such as contraception, is protected by the Constitution.

Where the reproductive health care is provided by someone other than us, we may presume it is lawful unless either of the following is true:

  • We have actual knowledge that the reproductive health care was not lawful under the circumstances in which it was provided. For example, an individual discloses to their doctor that they obtained reproductive health care from an unlicensed person and the doctor knows that the specific reproductive health care must be provided by a licensed health care provider.
  • The requestor provides factual information that demonstrates a substantial factual basis that the reproductive health care was not lawful under the specific circumstances in which it was provided. For example, a law enforcement official provides a health plan with evidence that the information being requested is reproductive health care that was provided by an unlicensed person where the law requires that such health care be provided by a licensed health care provider.

When we receive a request for PHI potentially related to reproductive health care for purposes of health oversight activities, judicial and administrative proceedings, law enforcement purposes, or regarding decedents, as described above, we will obtain a valid, signed attestation from the requestor that the use or disclosure is not for a prohibited purpose, as provided in this section. For example, if we receive a subpoena for medical records related to a civil lawsuit to which the patient is a party from an attorney, we will obtain such an attestation from the attorney before providing the records. We are only permitted to disclose reproductive health information for law enforcement purposes where the disclosure is not subject to the prohibition above, the disclosure is required by law, and the disclosure meets all applicable conditions of HIPAA’s permission to use or disclose PHI as required by law.

SUBSTANCE USE DISORDER RECORDS SUBJECT TO PART 2

Federal law protects the confidentiality of substance use disorder patient records and places additional restrictions on the use or disclosure of such health information. A substance use disorder is a cluster of cognitive, behavioral, and physiological symptoms indicating that the individual continues using the substance (such as drugs or alcohol but not including tobacco or caffeine) despite significant substance-related problems such as impaired control, social impairment, risky use, and pharmacological tolerance and withdrawal. If you receive services from us covered by such laws, we comply with the federal Confidentiality of Substance Use Disorder Patient Records laws and regulations that protect information regarding substance use disorder diagnosis, treatment and referral for treatment. See 42 U.S.C 290dd-3 and 42 U.S.C. 290ee-3 for Federal laws and 42 CFR Part 2 for Federal regulations (collectively, "Part 2"). Additionally, if we receive records containing information regarding substance use disorders, these records may also be protected by Part 2. Where Part 2 is applicable, we will not disclose your substance use disorder records, that you are enrolled in a Part 2 program, or any other information that would identify you as having or having had a substance use disorder (collectively, "Part 2 Records") except in compliance with this Section.

We will obtain your written consent to use and disclose your Part 2 Records unless we are permitted to use and disclose Part 2 Records without your written consent consistent with Part 2. The following categories describe the ways that we may use and disclose your Part 2 Records without your written consent under Part 2.

  • Medical Emergencies. We may disclose your Part 2 Records to medical personnel to the extent necessary to meet a bona fide medical emergency in which the your prior written consent cannot be obtained or in which we are closed and unable to provide services or obtain your prior written consent during a temporary state of emergency declared by a state or federal authority as the result of a natural or major disaster, until such time as we resume operations. We will obtain your authorization prior to disclosing your information for non-emergency treatment. We may also disclose your Part 2 Records to medical personnel of the Food and Drug Administration (FDA) who assert a reason to believe that your health may be threatened by an error in the manufacturer, labeling, or sale of a product under the FDA jurisdiction, and that your Part 2 Records will be used for the exclusive purpose of notifying you or your physicians of potential danger.
  • Research. Under certain circumstances, we may use and disclose your Part 2 Records without your consent for research purposes. Generally, we would first obtain your written consent; however, in certain circumstances, we may be permitted to use or disclose your Part 2 Records for research purposes without your consent to the extent permitted by HIPAA, FDA and HHS regulations related to human subject research where a waiver of consent has been granted.
  • Management and Financial Audits and Program Evaluation. Under certain circumstances we may use or disclose your Part 2 Records for purposes of the performance of certain program financial and management audits and evaluations. For example, we may disclose your identifying information to any federal, state, or local government agency that provides financial assistance to the Part 2 program or is authorized by law to regulate the activities of Part 2 program. We may also use or disclose your identifying information to qualified personnel who are performing audit or evaluation functions on behalf of any person that provides financial assistance to the Part 2 program, which is a third-party payer or health plan covering you in your treatment, or which is a quality improvement organization (QIO), performing QIO review, the contractors, subcontractors, or legal representatives of such person or QIO, or an entity with direct administrative control over our program.
  • Fundraising. Consistent with provisions elsewhere in this Notice, we may also use or disclose your Part 2 Records for fundraising purposes.
  • Public Health. We may use or disclose to a public health authority your Part 2 Records for public health purposes. However, the contents of the information from the Part 2 Records disclosed will be de-identified in accordance with the requirements of the HIPAA regulations, such that there will be no reasonable basis to believe that the information can be used to identify you.

We may use and disclose your Part 2 Records when you give your written consent satisfying the requirements of Part 2.

  • Designated person or entities. We may use and disclose your Part 2 Records in accordance with the consent to any person or category of persons identified or generally designated in the consent. For example, if you provide written consent naming your spouse or a healthcare provider, we will share your health information with them as outlined in your consent.
  • Single Consent for Treatment, Payment or Healthcare Operations. We may also use and disclose your Part 2 Records when the consent provided is a single consent for all future uses and disclosures for treatment, payment, and healthcare operations, as permitted by the HIPAA regulations, until such time you revoke such consent in writing.
  • Central Registry or Withdrawal Management Program. We may disclose your Part 2 Records to a central registry or to any withdrawal management or treatment program for the purposes of preventing multiple enrollments, with your written consent. For instance, if you consent to participating in a drug treatment program, we can disclose your information to the related program to coordinate care and avoid duplicate enrollment.
  • Criminal Justice System. We may disclose information from your Part 2 Records to those persons within the criminal justice system who have made your participation in the Part 2 program a condition of the disposition of any criminal proceeding against you. The written consent must state that it is revocable upon the passage of a specified amount of time or the occurrence of a specified, ascertainable event. The time or occurrence upon which consent becomes revocable may be no later than the final disposition of the conditional release or other action in connection with which consent was given. For example, if you consent, we can inform a court-appointed officer about your treatment status as part of legal agreement or sentencing conditions.
  • PDMPs. We may report any medication prescribed or dispensed by us to the applicable state prescription drug monitoring program if required by applicable state law. We will first obtain your consent to a disclosure of Part 2 Records to a prescription drug monitoring program prior to reporting of such information.

Any Part 2 Record, or testimony relaying the content of such Part 2 Records, shall not be used or disclosed in a civil, administrative, criminal, or legislative proceeding against you unless you provide specific written consent (separate from any other consent) or a court issues an appropriate order. Your Part 2 Records will only be used or disclosed based on a court order after notice and an opportunity to be heard is provided to you, the Brightli ACE or other holder of the Part 2 Record in accordance with Part 2. A court order authorizing use or disclosure of Part 2 Records must be accompanied by a subpoena or other similar legal mandate compelling disclosure before the Part 2 Records may be used or disclosed.

Part 2 does not protect health information about a crime committed on our premises or against any of our personnel or about any threat to commit such crime. Part 2 also does not prohibit the disclosure of health information by us to report suspected child abuse or neglect under state law to appropriate state or local authorities. The restrictions on use and disclosure in Part 2 do not apply to communications of Part 2 Records between or among personnel having a need for them in connection with their duties that arise out of the provision of diagnosis, treatment, or referral for treatment of patients with substance use disorders if the communications are within the program (or with an entity that has direct administrative control over the program the communications between a part 2 program) and to communications of Part 2 Records to a qualified service organization if needed by the qualified service organization to provide services to or on behalf of the Brightli ACE (similar to provisions herein regarding Business Associates). To the extent applicable state law is even more stringent than Part 2 on how we may use or disclose your health information, we will comply with the more stringent state law.

Please note that if Part 2 Records are disclosed to us or our business associates pursuant to your written consent for treatment, payment, and healthcare operations, we or our business associates may further use and disclose such health information without your written consent to the extent that the HIPAA regulations permit such uses and disclosures, consistent with the other provisions in this Notice regarding PHI.

USES AND DISCLOSURES REQUIRING AUTHORIZATION

Uses and disclosures not described in this Notice will only be made with your written permission. You can obtain an authorization/consent form from us upon request. Additionally, we will not share your PHI (including Part 2 Records) without your written permission with respect to the following:

  • Marketing Purposes: Disclosures for marketing purposes which result in our receiving financial payment from a third party whose product or services is being marketed will require your written authorization. This does not include compensation that merely covers our cost of reminding you to take and refill your medication or otherwise communicate about a drug or biologic that is currently prescribed to you. However, we may use or disclose your PHI without your authorization to send you information about alternative medical treatments, our own programs or about health-related products and services that may be of interest to you, provided that we do not receive financial remuneration for making such communications. For example, we may use your PHI to assess your eligibility and propose newly available treatments. When we see you face-to-face, we may also use your PHI without your authorization to encourage you to maintain a healthy lifestyle and get recommended tests, suggest that you participate in a disease management program, provide you with promotional gifts of nominal value, or tell you about government sponsored health programs.
  • Sale of PHI: For example, we cannot share your PHI in exchange for direct or indirect remuneration constituting a sale of PHI under HIPAA without your prior authorization.
  • Psychotherapy/SUD Counseling Notes: Psychotherapy/SUD Counseling notes are defined as notes taken to analyze a conversation during a session that are maintained separate from your health record. We do not maintain these types of notes.

REVOKING YOUR AUTHORIZATION

If you give us written permission to use and share your PHI, you can take back your permission at any time, if you tell us in writing. If you take back your permission, we will stop using or sharing your PHI, but we cannot take back any PHI we have already shared.

ELECTRONIC MEDICAL INFORMATION SHARING THROUGH APPLICATION PROGRAMMING INTERFACES

You have the right to request or authorize that your electronic PHI in your designated record set be transmitted to you or another person or organization through an application programming interface (“API”). APIs are computer coding mechanisms that permit two or more electronic computer applications or software programs to communicate with each other and share information. We are required by law to comply with requests regarding API transmissions, subject to certain exceptions. You understand that PHI transmitted through an API at your request will no longer be under our protection and control, will no longer be subject to the protections and rights outlined in this Notice, and may no longer be subject to the same laws, regulations, policies or procedures regarding its confidentiality, security, privacy, use, or disclosure. You understand and agree that you make any request to us to transmit your PHI through an API at your own risk and you assume all liability for the consequences of such action taken by us at your direction. We caution you to confirm any confidentiality, security or privacy protections with respect to your transmitted PHI with the recipient of the PHI prior to submitting a request to us to transmit your PHI through an API.

NOTICE OF REDISCLOSURE

PHI that is disclosed pursuant to this Notice may be subject to redisclosure by the recipient and no longer protected by HIPAA. Law applicable to the recipient may limit their ability to use and disclose the PHI received, such as if they are another covered entity subject to HIPAA or a program or entity subject to Part 2.
 

Contact Information:
Privacy Officer
1111 S. Glenstone Ave.
Springfield, MO 65804
Toll Free Phone: 1-855-450-5770
Email: privacy@livebrightli.org

  1. Our Services
  2. Our Locations
  3. Our Team

If you or a loved one is experiencing a mental health or substance-use crisis, please call our toll-free 24-hour telephone line. Our team can help provide immediate assistance.

Southwest Missouri: 1-800-494-7355

Central Missouri: 1-800-395-2132

National Help Line: Call or Text 988