Notice of Privacy Practices

Purpose and Background

The HIPAA Privacy Regulations require that every Covered Entity prepare and provide to each Individual a Notice of Privacy Practices (the "Notice"). The purpose of the Notice is to describe Bergen’s Promise’s duties, the Individual's rights, and how PHI is used by Bergen’s Promise to provide services to the Individual. Bergen’s Promise’s Notice must be provided to the Individual no later than the first date of services or upon request. In addition, Bergen’s Promise is required to post the Notice in a prominent location and on its website. This policy is designed to give guidance and to ensure compliance with the HIPAA Privacy Regulations and New Jersey laws and regulations.

Policy

1. Bergen’s Promise will provide to an Individual/Personal Representative a copy of its Notice of Privacy Practices regarding the Use or Disclosure of PHI, the Individual’s rights, and Bergen’s Promise’ legal duties.
2. Bergen’s Promise’ Notice of Privacy Practice regarding the Use and Disclosure of PHI will comply with the HIPAA Privacy Regulations and New Jersey laws and regulations.
3. Bergen’s Promise will make a good faith effort to obtain written acknowledgment from the Individual/Personal Representative of receipt of Bergen’s Promise’s Notice of Privacy Practices and, if not obtained, to document its good faith efforts to obtain such acknowledgment of the reason why the acknowledgment was not obtained.

Scope

This policy applies to all of Bergen’s Promise’ trustees, officers, employees, Business Associates and other individuals who do business with or provide services for Bergen’s Promise involving PHI.

Procedures

1. Bergen’s Promise’ Notice of Privacy Practice will be provided to an Individual/Personal Representative as follows:
   1. no later than the date of the first service delivery, including service delivered electronically;
   2. available at Bergen’s Promise for an Individual to request and to take with them;
   3. posted in a clear and prominent location where it is reasonable to expect Individuals/Personal Representatives to be able to read the notice;
   4. automatically and contemporaneously for electronic notices, when the response is to the Individual’s first request for service and the first service delivery is delivered electronically. The Individual who is the recipient of electronic notice must also be permitted to retain the right to obtain a paper copy of the notice from a covered entity upon request; and
   5. upon request after the effective date of a revision.
2. Bergen’s Promise will post its Notice on its website and make the Notice available electronically through the website.
3. If the Individual is a minor or incapacitated child, Bergen’s Promise will provide the Notice of Privacy Practices to the Individual’s Personal Representative.
4. If Bergen’s Promise provides Notice to an Individual/Personal Representative by e-mail, Bergen’s Promise will:
   1. ensure that the Individual/Personal Representative has agreed to electronic Notice and such agreement has not been withdrawn; and
   2. provide a paper copy of the Notice to the Individual if Bergen’s Promise knows that an e-mail transmission of the electronic Notice has failed.
5. Bergen’s Promise will make a good faith effort to obtain a signed acknowledgment from the Individual/Personal Representative confirming that the Individual received the Notice of Privacy Practices. If the Individual is under fourteen years old, the Personal Representative will sign, and if the Individual is fourteen or older, the Individual will sign. If the Individual/Personal Representative refuses to sign the acknowledgment, Bergen’s Promise will document the refusal.
6. Bergen’s Promise will document compliance with and maintain the Notice as applicable, by retaining copies of the Notices issued by Bergen’s Promise, and, if applicable, any written acknowledgments of receipt of the notice or documentation of good faith efforts to obtain such written acknowledgment, for a period of at least 6 years from the date of its creation or the date when it was last in effect, whichever is later.
7. Knowledge of a violation or potential violation of this policy must be reported directly to the Privacy Officer.

REFERENCE
45 CFR § 164.520

Rev. September 2013