Notice of Privacy Practices The Health Insurance Portability and Accountability Act (HIPAA) took effect on April 14, 2003. One of the goals of this legislation is to set standards for the security and privacy of health information. The Milk Bank understands that medical information about clients is personal and we are committed to protecting this information. This notice describes how medical information about clients in our office may be used and disclosed, and how clients can get access to this information. We also describe client rights and certain obligations we have regarding the use and disclosure of medical information. Please review this carefully. The HIPAA law of 1996 requires The Milk Bank to: • Keep medical information that identifies clients private • Give clients notice of our legal duties and privacy practices with respect to medical information about them • Follow the terms of this notice Any protected health information (i.e. individual identifiable information such as name, date, phone/fax numbers, email addresses, demographic data) may be used in connections with our services to a client, payment of an account or health care operations. It is expected that any organization with which we share information is HIPAA compliant and therefore ensuring the security of client information. These are ways in which we may use or disclose medical information about a client: • Health care providers may request information about a client to meet our needs. For instance, a prenatal care provider may request verification of a patient’s birth date before releasing results of their prenatal blood work to us. In another example, a baby’s pediatrician may request information on how milk has been supplied for the baby receiving donor milk. • Medical information may be discussed with health insurers to verify eligibility for benefits, obtain prior authorization, or to bill and receive payment for the treatment and service provided by The Milk Bank. • Certifying, licensing and accrediting bodies may request information about our donors or recipients to verify our operation and compliance with standards. • Staff of The Milk Bank may use information to contact clients to check on pumping progress, paperwork needs or to inquire how an infant is progressing on donor milk. If we try to contact a client and they are not available, we may leave a message with a family member or on an answering machine unless a client specifically asks us not to do so. • We may display photos on our office bulletin board of donors or infants if they are sent to us by the donor or infant’s parent. • We may provide medical information to our business associates so that they can perform certain functions or services on our behalf. The associates could include hospitals, blood and tissue laboratories or fundraiser organizations. • We will disclose medical information about a client if we are required to do so by federal, state or local law. • We may disclose medical information about a client when necessary to prevent a serious threat to a client’s health and safety or that of another person or the public. • We may disclose medical information about a client for public health activities. These activities may include the prevention or control of disease, reporting of donor milk recipients, or reporting laboratory test results. 2 • We may disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of a client’s health. • Inadvertent disclosures of information may happen as a result of people overhearing conversations in The Milk Bank offices. Every effort will be made to prevent this from happening. These are the ways in which we keep personal health information private: • Personal health information is kept in individual locking files in our office. The office is unlocked during office hours when staff members are present but locked at all other times. • Staff and volunteers who access files will be trained in issues of confidentiality and privacy. • Publications coming from The Milk Bank office will contain no personal health information. • If someone requests information from a medical record for a legitimate reason, this will be documented in the client’s file. • Personnel trained in confidentiality and privacy issues access the electronic records only through The Milk Bank computers. • Milk containers with personal identifiers on them will be kept in bags in the freezer, accessed only by staff and volunteers trained in confidentiality and privacy issues. Persons potentially inadvertently exposed to private information include: • Volunteers • Staff of The Milk Bank • Breastmilk donors • Vendors • Students working at The Milk Bank • Breastmilk recipients or their guardians Individual rights under this agreement: • A client has the right to inspect or copy their record. To do this, please submit your request in writing to the privacy officer of The Milk Bank. • Amend the information contained in your record. Please send your request to the privacy officer in writing. • Request an accounting of all disclosures of health information. Please send requests to the privacy officer. • Request restrictions of access to a client record. Please send written request to the privacy office. • A client may also issue a complaint, without risk of retaliation, to the privacy officer of The Milk Bank or to the US Department of Health and Human Services. You can learn more about your rights, including how to file a complaint, from the website at www.hhs.gov/ocr/hipaa or by calling 1- 866- 627- 7748. Privacy Officer: Janice Sneider O’Rourke, MPA, RD Executive Director The Milk Bank 5060 E. 62nd Street, #128 Indianapolis, IN 46220 317•536•1670 Please keep this notice for your records. When you sign the Donor Consent Form you acknowledge that you have received and understand this notice. Thank you.