REACH EDUCATIONAL SERVICES, INC. 

(“Practice”) 

PO Box 725 • East Sandwich, MA 02537 

(ph)774-205-2237 • (fax)774-413-9810 

NOTICE OF PRIVACY PRACTICES 

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. 

This Notice describes the privacy practices of the “Practice.” The Practice is required by law to maintain the privacy of medical and health information about the patient (“Protected Health Information” or “PHI”) and to provide them/personal representatives with this Notice of the Practice’s legal duties and privacy practices with respect to PHI. When the Practice uses or discloses PHI, the Practice is required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure). 

How the Practice May Use and Disclose Your PHI 

The following categories describe ways the Practice may use and disclose patient PHI (however, not every use or disclosure in a category is listed). Patient/personal representative written authorization is not required before the Practice may use or disclose PHI for the purposes listed below, unless otherwise noted. 

Treatment – The Practice uses PHI to provide treatment and other services to patients – for example, to complete an evaluation and develop a program specifically tailored to your needs. With patient/personal representative consent, the Practice may disclose information about the patient to other health care providers who are involved in the patient’s care and treatment. 

Payment – The Practice may use, and with patient/representative consent, disclose PHI so that the services patient’s receive may be billed and payment collected from the patient, an insurance company or third party payor. For example, the Practice may disclose PHI to file claims and obtain payment from the insurer for the services provided by the Practice. With your/the representative consent, the Practice also may disclose PHI to other health care providers so that they may seek payment for services they rendered to the patient. 

Health Care Operations – The Practice may use, and with your/ representative’s consent, disclose PHI as necessary to support the day-to-day activities and management of the Practice. For example, the Practice may use and disclose your PHI for purposes of internal administration and planning, quality review and improvement, legal services, etc.

Information Related to Patient Care – The Practice may use patient PHI to communicate with you/patient representative about products or services relating to treatment, case management or care coordination, or alternative treatments, therapies, providers or care settings. The Practice also may use patient PHI to identify health-related services and products provided by the Practice that may be beneficial to the patient’s health and then contact the patient/personal representative about the services and products. The Practice will not use or disclose PHI for purposes of marketing (as defined by federal privacy laws) without first obtaining patient/personal representative prior authorization. 

Communication with Family and Others –The Practice may disclose patient PHI to a family member, other relative, close personal friend or others who are identified by the patient/representative, who are involved in patient care or payment for patient care, when patient/personal representative is present for, or otherwise available prior to, the disclosure, and does not object to such disclosure after being given the opportunity to do so. The Practice also may disclose PHI to such person with patient/personal representative verbal agreement or written consent. If the patient is incapacitated or in an emergency circumstance, the providers at the Practice may exercise their professional judgment to determine whether a disclosure is in patient’s best interest. If the Practice discloses PHI in such an event, the Practice would disclose only PHI that we believe is directly relevant to the person’s involvement with the patient’s health care or with payment related to the health care. The Practice also may disclose PHI in order to notify (or assist in notifying) such persons of the patient’s location, general condition or death. 

Public Health Reporting – Patient PHI may be disclosed for public health purposes as required by law. For instance, the Practice is required to: (1) report cases of child abuse and neglect, elder abuse, disabled persons abuse, rape, and sexual assault; (2) report medical information for the purpose of preventing or controlling disease, injury or disability; (3) report information about products and services under the jurisdiction of the U.S. Food and Drug Administration; (4) report information to your insurer and/or the Massachusetts Industrial Accident Board (and any party involved in the Workers’ Compensation matter) as required under laws addressing work-related illnesses and injuries or workplace medical surveillance; (6) file a death certificate. 

Health Oversight Activities – Patient PHI may be disclosed to health oversight agencies as required by law. Health oversight activities include audit, investigation, inspection, licensure or disciplinary actions, and civil, criminal or administrative proceedings or actions. The Practice also is required to disclose patient PHI to the Secretary of Health and Human Services, upon request, to determine our compliance with the Health Insurance Portability and Accountability Act. 

Health or Safety – The Practice may use or disclose PHI to prevent or lessen a serious and imminent danger to a patient or to others if the disclosure is to a person who is reasonably able to lessen or prevent the threat, including the target of the threat. 

Judicial and Administrative Proceedings – The Practice may disclose PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process. 

Law Enforcement Officials – Patient PHI may be disclosed to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena accompanied by a court order. 

~ 2 ~

Specialized Government Functions – The Practice may use and disclose Patient PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State under certain circumstances as required by law. 

Ordered Examinations – The Practice may release Patient PHI when required to report findings from an examination ordered by a court or detention facility. 

Decedents – The Practice may disclose patient PHI to a coroner or medical examiner as authorized by law. 

Research – The Practice may use or disclose patient PHI without that patient’s consent or authorization for research purposes if an Institutional Review Board/Privacy Board approves a waiver of authorization for such use or disclosure. 

Required by Law – The Practice may use and disclose a patient’s PHI when required to do so by federal, state or local law. 

Sale of PHI, Marketing, and Other Uses and Disclosures Require Your Authorization – The Practice will not sell PHI or otherwise use or disclose it for purposes of marketing (as defined by federal privacy laws) without obtaining a patient/personal representative prior written authorization. Furthermore, use or disclosure of PHI for any purpose other than those listed above requires a patient’s written authorization or that of a legal representative. We will not deny clinical treatment if a patient/representative does not sign the authorization. Furthermore, the patient/personal representative may revoke the authorization at any time, in writing. If the authorization is revoked, we will no longer use or disclose information about the patient for the reason covered by the written revocation. 

Highly Confidential Information – Federal and state law require special privacy protections for certain highly confidential information about a patient (“Highly Confidential Information”), including: (1) patient HIV/AIDS status; (2) genetic testing information; (3) substance use disorder information protected under 42 CFR Part 2; (4) confidential communications with a psychotherapist, psychologist, social worker, sexual assault counselor, domestic violence counselor, or other allied mental health professional, or human services professional; (5) (6) mental health community program records; (7) research involving controlled substances; (8) In order for us to disclose a patient’s Highly Confidential Information, we must obtain the patient/personal 

representative’s separate, specific written consent and/or authorization unless we are otherwise permitted by law to make such disclosure. Most uses and disclosures involving Psychotherapy Notes (as defined in the Federal privacy regulations) require your authorization. 

Patient Rights Regarding PHI 

Although patient records are the physical property of the Practice, patients have certain rights with regard to the information we maintain about them in those records. 

Notice – Patient’s/Personal representatives have the right to receive a paper copy of this Notice (even if they have agreed to receive this Notice electronically). 

Revoke Authorization – Patient’s/Personal representatives have the right to revoke their authorization (or consent) to our use/disclosure of their PHI, as long as they make their request in ~ 3 ~

writing to the Practice. Patients/Personal representatives can revoke their authorization (or consent) for future disclosures, but not for any disclosures made prior to when they first gave your authorization (or consent). 

Request Restrictions – Patients/personal representatives have the right to request restrictions on uses and disclosures of their PHI: (i) for treatment, payment, and health care operations; (ii) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with the patient care or with payment related to the care, or (iii) to notify or assist in the notification of such individuals regarding patient location and general condition. The Practice will consider patient/personal representative requests; however, we are not required to agree to the restriction (with one limited exception relating to disclosures to a health plan where the patient pays out of pocket in full for the item or service). Restrictions we have agreed to do not apply to disclosures that are made mandatory by health oversight activities or law. If a patient/personal representative wishes to request restrictions, please submit a written request to our Compliance Officer. We will send a written response. 

Receive Confidential Communications – Patients have the right to receive confidential communications of their PHI from the Practice by alternative means or at alternative locations. We are required to accommodate any reasonable request patients/personal representatives make. Requests must be submitted in writing to the Practice. 

Inspect and Copy Your PHI – Patients/ Personal representatives have the right to inspect and copy their PHI that we hold in a designated record set. This usually includes medical records (excluding psychotherapy notes) and billing records. To the extent that electronic health records are available, patients have a right to an electronic copy of their record, and, if they choose, to direct us to transmit a copy of the electronic health record to a designated individual or entity. We may charge a fee for copies of patient records. If patient/personal representatives wish to access their records, please submit a written request to our Compliance Officer. Questions about fees may be directed to our Compliance Officer as well. 

Amend Your PHI – A patient/personal representative has a right to request that we amend their PHI if they feel that the information we have is inaccurate or incomplete, as long as the Practice created the information the patient/representative wishes to amend. We will not make changes to medical information created by another health care provider or changes that would make a patient record inaccurate or incomplete. If a patient wishes to request an amendment to records, please submit a written request to our Compliance Officer. 

Accounting – Patients have a right to receive a list of how and to whom certain of their information has been disclosed, called an “accounting of disclosures.”If a patient/personal representative would like to request an accounting, please submit a written request to our Compliance Officer. 

Notice of a Breach – Each patient has a right to receive a breach notification that complies with applicable Federal and State laws and regulations in the event of a breach of their unsecured PHI. 

Revisions to the Practice’s Privacy Policies and Practices 

The Practice is required by law to: make sure that the privacy of patient PHI is maintained, provide the patient/personal representative with this Notice of our legal duties and privacy practices and abide by the terms of the Notice that is currently in effect. The Practice reserves the right to change ~ 4 ~

its privacy policies and practices, including this Notice, and to make the new policies and practices, including the revised Notice provisions, effective for all PHI that we maintain. You may request a copy of it at any time. 

Questions Regarding the Privacy of Your Information 

If you have questions regarding information contained in this Notice, if you would like to obtain additional information about our privacy practices, or if you wish to exercise patient rights as listed in this Notice, you may contact our Compliance Officer. 

How to File a Complaint 

If you would like to submit a comment or complaint about our privacy practices, you can do so by contacting our Compliance Officer. You may also contact the Secretary of the Department of Health and Human Services. You will not be penalized or otherwise retaliated against for filing a complaint. 

Office for Civil Rights 

Department of Health and Human Services 

Attn: Patient Safety Act 

200 Independence Ave., SW, Rm. 509F 

Washington, D.C. 20201 

Email: ocrmail.@hhs.gov 

Practice Contact Information: 

You may contact our Privacy Officer, Melissa Sheldon at: 

Phone Number: 774-205-2237 

Fax Number: 774-413-9810 

Email Address: msheldon@reachcoastalaba.com 

Mailing Address: PO Box 725, East Sandwich, MA 02537 

Ef ective Date 

This Notice was adopted as of May 7, 2020. 

~ 5 ~