Notice of Privacy Practices
The Health Insurance Portability and Accountability Act (HIPAA) took effect on April 14, 2003. One of the goals of this legislation is to set standards for the security and privacy of health information. The Milk Bank understands that all medical information about our clients is personal and we are committed to protecting this information. This notice describes how medical information may be used and disclosed, and how clients can gain access to this information. We also describe client rights and certain obligations we have regarding the use and disclosure of medical information. Please review this carefully.
The HIPAA law of 1996 requires The Milk Bank to:
- Keep medical information that identifies clients private
- Give clients notice of our legal duties and privacy practices with respect to medical information about them
- Follow the terms of this notice
Any protected health information (i.e. individual identifiable information such as name, date, phone/fax numbers, email addresses, demographic data) may be used in connection with our services to a client, payment of an account, or health care operations. It is expected that any organization with which we share information is HIPAA compliant and therefore ensuring the security of client information.
Donor relations and donor services are outside the scope of The Milk Bank HIPAA covered
components. For avoidance of doubt, donor information will be treated as confidential, but
donor information does not rise to the level of protected health information.
These are ways in which we may use or disclose medical information about a client:
- Health care providers may request information about a client to meet our needs. For instance, a prenatal care provider may request verification of a patient’s birth date before releasing results of their prenatal blood work to us. In another example, a baby’s pediatrician may request information on how milk has been supplied for the baby receiving donor milk.
- Medical information may be discussed with health insurers to verify eligibility for benefits, obtain prior authorization, or to bill and receive payment for the treatment and service provided by The Milk Bank.
- Certifying, licensing and accrediting bodies may request information about our donors or recipients to verify our operation and compliance with standards.
- The Milk Bank may use information to contact our clients. If they are not available, we may leave a message with a family member or on an answering machine unless a client specifically asks us not to do so.
- We may display photos on our office bulletin board of donors or infants if they are sent to us by the donor or infant’s parent.
- We may provide medical information to our business associates so that they can perform certain functions or services on our behalf. The associates could include hospitals, blood and tissue laboratories or fundraiser organizations.
- We will disclose medical information about a client if we are required to do so by federal, state or local law.
- We may disclose medical information about a client when necessary to prevent a serious threat to a client’s health and safety or that of another person or the public.
- We may disclose medical information about a client for public health activities. These activities may include the prevention or control of disease, reporting of donor milk recipients, or reporting laboratory test results.
- We may disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of a client’s health.
- Inadvertent disclosures of information may happen as a result of people overhearing conversations in The Milk Bank offices. Every effort will be made to prevent this from happening.
These are the ways in which we keep personal health information private:
- Personal health information is kept in individual locking files in our office. The office is unlocked during office hours when staff members are present but locked at all other times.
- Staff and volunteers who access files will be trained in issues of confidentiality and privacy.
- Publications coming from The Milk Bank office will contain no personal health information.
- If someone requests information from a medical record for a legitimate reason, this will be documented in the client’s file.
- Personnel trained in confidentiality and privacy issues access the electronic records only through The Milk Bank computers and/or systems.
- Milk containers with personal identifiers on them will be kept in bags in the freezer, accessed only by staff and volunteers trained in confidentiality and privacy issues.
Persons potentially inadvertently exposed to private information include:
- Volunteers
- Staff of The Milk Bank
- Breastmilk donors
- Vendors
- Students working at The Milk Bank
- Breastmilk recipients or their guardians
Individual rights under this agreement:
- A client has the right to inspect or copy their record. To do this, please submit your request in writing to the privacy officer of The Milk Bank.
- Amend the information contained in your record. Please send your request to the privacy officer in writing.
- Request an accounting of all disclosures of health information. Please send requests to the privacy officer.
- Request restrictions of access to a client record. Please send written request to the privacy office.
- A client may also issue a complaint, without risk of retaliation, to the privacy officer of The Milk Bank or to the US Department of Health and Human Services. You can learn more about your rights, including how to file a complaint, from the website at www.hhs.gov/ocr/hipaa or by calling 1- 866- 627- 7748.
HIPAA Executive:
Freedom Kolb, MBA, MEd
CEO
The Milk Bank
8020 Castleway Dr
Indianapolis, IN 46250
317-536-1670
Please keep this notice for your records. When you sign the Consent Form you acknowledge that you have received and understand this notice.
*Privacy Policy updated 11/2024