Diversicare Healthcare Services Inc. (“Diversicare” or “We”) respect your privacy and is committed to protecting it through our compliance with this policy.
This policy describes the types of information we may collect from you or that you may provide when you visit the website www.dvcr.com (our “Website”) and our practices for collecting, using, maintaining, protecting and disclosing that information.
Children Under the Age of 13
Our Website is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at [email protected]
Information We Collect About You and How We Collect It
We collect several types of information from and about users of our Website, including information:
- by which you may be personally identified, such as name, postal address, e-mail address or telephone number (“personal information”);
- that is about you but individually does not identify you; and/or
- about your internet connection, the equipment you use to access our Website and usage details.
We collect this information:
- directly from you when you provide it to us; and/or
- automatically as you navigate through the Website. Information collected automatically may include usage details, IP addresses and information collected through cookies, web beacons and other tracking technologies.
Information You Provide to Us. The information we collect on or through our Website may include:
- information that you provide by filling in forms on our Website (including information provided at the time of creating a job applicant profile on our Website or contacting us via our Website);
- records and copies of your correspondence (including e-mail addresses), if you contact us; and/or
- your search queries on the Website.
When you engage with our content on or through third-party social media sites, plug-ins and applications, you may allow us to have access to certain information from your social media profile (e.g., name, e-mail address, photo, gender, birthday, location, your list of friends, people you follow and/or who follow you, the posts or the ‘likes’ you make) to deliver the content or as part of the operation of the application. We may also obtain non-personally identifiable information (e.g., content viewed) from your interaction with our content.
We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about the collection, use or disclosure of your information by such third parties, you should contact the responsible provider directly.
Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Website, we may automatically collect certain information about your equipment, browsing actions and patterns, including:
- details of your visits to our Website, including traffic data, location data and other communication data and the resources that you access and use on the Website; and
- information about your computer and internet connection, including your IP address, operating system and browser type.
The information we collect automatically is statistical data. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to estimate our audience size and usage patterns, speed up your searches and recognize you when you return to our Website.
We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.
How We Use Your Information
We use information that we collect about you or that you provide to us, including any personal information:
- to present our Website and its contents to you;
- to provide you with information, products or services that you request from us;
- to fulfill any other purpose for which you provide it;
- in any other way we may describe when you provide the information; and/or
- for any other purpose with your consent.
Google Analytics. We use certain features of Google Analytics to track certain usage and traffic data. For information about how Google collects and uses data in connection with Google Analytics, see “How Google uses data when you use our partners’ sites or apps”, located at www.google.com/policies/privacy/partners/. To prevent your data from being collected and used by Google Analytics, you can download and install the Google Analytics opt-out browser add-on at https://tools.google.com/dlpage/gaoptout/.
Disclosure of Your Information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
- to our subsidiaries and affiliates;
- to contractors, service providers and other third parties we use to support our business;
- to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Diversicare’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which personal information held by Diversicare about our Website users is among the assets transferred;
- to fulfill the purpose for which you provide it;
- for any other purpose disclosed by us when you provide the information; and/or
- with your consent.
We may also disclose your personal information to comply with any court order, law or legal process, including to respond to any government or regulatory request, and/or if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Diversicare, our customers or others.
Choices About How We Use and Disclose Your Information
We do not control third parties’ collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
Accessing and Correcting Your Information
You can review and change your personal information by logging into the “Career Opportunities” section of the Website and visiting your profile page or by contacting us at privacy @ dvcr.com. If you believe that any of your information is incorrect or needs updating, please let us know by contacting us at the e-mail address listed above. Diversicare will use reasonable efforts to correct your information and our records upon verification of the requested change.
Links to Other Websites
This Website may contain links to other websites, including links to pages that are operated by third-party vendors but display Diversicare branding (such as the career portal accessible from the “Careers” page of this Website). Diversicare is not responsible for the content, privacy policies, products, services, reliability, viewpoint, or accuracy of information on any such websites. We do not control and shall not be responsible for the collection of personal information by third-party websites, including websites owned or controlled by our distributors, vendors and/or websites not controlled by Diversicare. Third-party websites that are accessed through links on our Website have separate privacy policies. We have no responsibility or liability for the policies implemented by third parties on their websites. You should contact them directly to ask questions about their privacy policies.
Diversicare is committed to protecting the information you provide us. Diversicare implements and maintains administrative, physical and technical safeguards reasonably designed to protect the information we collect from loss, misuse, and unauthorized access or disclosure. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Website you can contact us at [email protected]
E-mail: privacy @ dvcr.com
U.S. Mail: Diversicare Healthcare Services Inc.
Attn: Website Privacy
1621 Galleria Boulevard
Brentwood, Tennessee 37027
NOTICE OF PRIVACY PRACTICES
Revised: March 11, 2014
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. WORDS SUCH AS “we” AND “Diversicare” REFER TO THE AFFILIATED HEALTHCARE FACILITY WHERE YOU CURRENTLY OR PREVIOUSLY RESIDED.
PLEASE READ IT CAREFULLY
If you have any questions about this Notice, please contact the center Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN 37027, or (615) 771-7575.
THE PURPOSE OF THIS NOTICE
This Notice will tell you about the ways in which Diversicare protects uses and discloses your Protected Health Information (“PHI“). This Notice also describes your rights and certain obligations we have regarding the use and disclosure of PHI.
PHI means any information, transmitted or maintained in any form or medium, which Diversicare creates or receives that relates to your physical or mental health, the delivery of health care services to you or payment for health care services, and that identifies you or could be used to identify you.
WHO IS COVERED BY THIS NOTICE
This Notice of Privacy Practices (the “Notice“) describes the privacy practices of Diversicare and any of our employees and agents who are authorized to have access to PHI.
YOUR PHI AT DIVERSICARE
We maintain your PHI in a record we create of the services you receive from Diversicare. We need this record to provide you with quality care and to comply with certain legal requirements. This Notice applies to all of those records which we create, receive and/or maintain. Your record may be in the form of written or printed documents, electronically stored records, or both.
Your personal physician or other health care provider may have different policies or notices regarding his or her use and disclosure of your PHI created in the physician’s or health care provider’s office or clinic.
OUR PLEDGE REGARDING PHI
We understand that information about you and your health is personal. We are committed to protecting the confidentiality of your PHI.
OUR OBLIGATIONS AS TO PHI
We are required by law to:
Make sure that PHI is kept private.
- Give you this Notice of our legal duties and privacy practices with respect to your PHI. We also make it available at the Diversicare facility in which you are a resident and post it on Diversicare’s website.
- Comply with the currently effective terms of this Notice.
BREACHES OF PHI
We must notify you within 60-days if we discover that there has been a breach of your unsecured PHI. A breach occurs when there is unauthorized acquisition, use, access or disclosure of unsecured PHI. PHI is unsecured when it is not rendered unusable, unreadable, or indecipherable to unauthorized individuals through use of an approved technology or methodology, such as electronic encryption. The breach must pose a low probability that the unsecured PHI has been compromised based on a risk assessment considering the nature and extent of the PHI involved, the unauthorized person who accessed the PHI, whether the PHI was actually acquired or viewed, and the extent to which the risk to the PHI, such as further disclosure, has been mitigated. We are not required to notify you, though, of the following events: unintentional access or acquisition of unsecured PHI; inadvertent disclosure to another who is otherwise authorized to access PHI; any disclosure or access in which we have a good faith belief the PHI could not reasonably been retained. Normally we will provide you with individual notice via mail or other individual means. However, in certain circumstances, such as when we do not have sufficient contact information for you, we can post the notice on our website. In cases where an unusually large number of individuals are affected by the same wrongful disclosure, we must notify local media.
HOW WE MAY USE AND DISCLOSE PHI ABOUT YOU
The following categories describe different ways that we use and disclose PHI.
Use for Treatment, Payment or Health Care Operations
We are permitted to use and disclose your PHI (1) to treat you by providing health care and related services, (2) to be paid for our services, and (3) to conduct health care operations. This section of this Notice discusses each of these types of uses and disclosures of PHI.
- For Treatment. We may use PHI about you to provide you with health care treatment or services. For example, we may use your PHI to diagnose or treat you for a particular condition. We may disclose PHI about you to Diversicare personnel, as well as to doctors, nurses, hospitals, clinics, or other health care providers who are involved in your care. For example, the clinician who referred your testing to us, or other doctors treating you for a particular medical condition may need to know about the testing services we performed and any related diagnoses. Diversicare may also share PHI about you in order to coordinate health care services and items that you may need.
- For Payment. We may use and disclose PHI about you so that our services may be billed to and payment may be collected from you, an insurance company, or a third party payor. For example, we may need to give your health plan information about the services provided on your behalf so that your health plan will pay us or reimburse you for the services or items.
- For Health Care Operations. We may use and disclose PHI about you for health care operations. These uses and disclosures are necessary to make sure you receive quality care. For example, we may use PHI to review our treatment and services and to evaluate the performance of our staff in providing services to you. We may also disclose information to doctors, nurses, hospitals, clinics, and other health care providers for review and learning purposes. We may remove information that identifies you from this set of PHI so others may use it to study health care and health care delivery without learning the names of the specific patients.
You may request that we not disclose your PHI for Treatment, Payment or Health Care Operations purposes, but you must pay the cost of the service that is the subject of the PHI in full, and in advance, in order for us to be able to honor such a request.
Other Uses and Disclosures of PHI
Listed below are a number of other ways we are permitted or required to use or disclose PHI. This list is not exhaustive. Therefore, not every use or disclosure in a category is listed.
- Appointment Reminders. We may use and disclose protected health information to contact you as a reminder that you have an appointment with Diversicare.
- Individuals Involved in Your Care or Payment for Your Care. We may release protected health information about you to a friend or family member who is involved in your medical care. We may also give information to someone who helps pay for your care. In addition, we may disclose protected health information about you to an entity assisting in an emergency so that your family can be notified about your condition, status, and location.
- As Required By Law. We will disclose protected health information about you when required to do so by federal, state, or local law.
- Public Health Risks.We may disclose protected health information about you for public health activities. These activities generally include the following:
- To prevent or control disease, injury, or disability;
- To report births and deaths;
- To report child abuse or neglect;
- To report reactions to medications or problems with products;
- To notify people of recalls of products they may be using;
- To notify a person who may have been exposed to a disease or may be at risk for contacting or spreading a disease or condition; and
- To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
- Health Oversight Activities. We may disclose protected health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Lawsuits and Disputes. If you are involved in a lawsuit or dispute, we may disclose protected health information about you in response to a court or administrative order. We may also disclose protected health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
- Law Enforcement. We may release protected health information if asked to do so by a law enforcement official:
- In response to a court order, subpoena, warrant, summons or similar process;
- To identify or locate a suspect, fugitive, material witness, or missing person;
- About the victim of a crime if, under certain limited circumstance, we are unable to obtain the person’s agreement;
- About a death we believe may be the result of criminal conduct;
- About criminal conduct; and
- In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime.
- Coroners and Medical Examiners. We may release protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.
- Organ and Tissue Donation. If you are an organ donor, we may release protected health information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
- Research. Under certain circumstances, we may use and disclose protected health information about you for research purposes. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with a patient’s need for privacy of their protected health information.
- To Avert a Serious Threat to Health or Safety. We may use and disclose protected health information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat (i.e., Department of Health).
- Military and Veterans. If you are a member of the armed forces, we may release protected health information about you as required by military command authorities. We may also release protected health information about foreign military personnel to the appropriate foreign military authority.
- National Security and Intelligence Activities. We may release protected health information about you to authorized deferral officials for intelligence, counter- intelligence, and other national security activities authorized by law.
- Protective Services for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state, or conduct special investigations.
- Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care, (2) to protect your health and safety of others, or (3) for the safety and security of the correctional institution.
- Health-Related Benefits and Services. We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.
- Workers’ Compensation. We may release protected health information about you for Workers’ Compensation or similar programs. These programs provide benefits for work-related injuries or illness.
Certain uses and disclosure generally will be made only upon your written authorization, including:
- uses and disclosures of psychotherapy notes (if recorded by us);
- uses and disclosures of PHI for marketing purposes, including subsidized treatment communications;
- disclosures that constitute a sale of PHI; and
- other uses and disclosures not described in this Notice.
You have the right to revoke such authorization, in writing, except where we have previously taken action in reliance on your prior authorization, or if the authorization was a condition to obtaining insurance coverage and other law provides the insurer with the right to contest a claim under the policy. You have the right to opt out of our use of your PHI for fundraising purposes, and to restrict our ability to disclose PHI to your family, personal representatives and/or friends relating to your care or payment for your care or when needed to notify individuals regarding your location or general condition.
YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU
You have the following rights with respect to your protected health information:
- Right to Inspect and Copy. You have the right to inspect and copy protected health information that may be used to make decisions about your care. Generally, this information includes medical and billing records but does not include: (1) psychotherapy notes; (2) information prepared in anticipation of or for use in a civil, criminal, or administrative action; and (3) protected health information maintained that is (a) subject to the Clinical Laboratory Improvements Amendments (‘CLIA”) of 1988, 42 U.S.C. 263a, if access to the individual would be prohibited by law, or (b) exempt from CLIA pursuant to 42 CFR 493.3(a)(2).
To inspect and copy protected health information maintained by Diversicare you must submit your request in writing to the Privacy Officer. That address may be found on Diversicare’s website. If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN 37027, or (615) 771-7575. We may charge a fee for the costs of copying, mailing, or other supplies associated with your request.
We may deny your request to inspect and copy your protected health information in certain limited circumstances. If you are denied access to medical information, you will receive a written denial. You may request that the denial be reviewed. Thereafter, another licensed health care professional chosen by Diversicare will review your request and the denial. The person conducting the review will not be the person who originally denied your request. We will comply with the outcome of the review. We may charge you reasonable fees for copying your PHI.
- Right to Amend. If you believe that the protected health information we have about you is inaccurate or incomplete, you may ask us to amend the information. You have the right to request an amendment for so long as the information is kept by or for Diversicare.
In order to request an amendment to your protected health information, your request must be made in writing and submitted to the Privacy Officer. That address may be found on Diversicare’s website. If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN 37027, or (615) 771-7575. In addition, you must provide a reason that supports your request. We will generally make a decision regarding your request for amendment no later than sixty (60) days after receipt of your request. However, if we are unable to act on the request within this time, we may extend the time for thirty (30) more days, but we will provide you with a written notice of the reason for the delay and the approximate time for completion. If we deny your requested amendment, we will provide you with a written denial.
We have the right to deny your request for an amendment if it is not in writing or does not include a reason to support the request. We are not required to agree to your request if you ask us to amend protected health information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the protected health information kept by or for Diversicare;
- Is not part of the protected health information which you would be permitted to inspect and copy; or
- Is already accurate and complete.
Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of the disclosures of protected health information we have made about you. With respect to disclosures made for the purposes of treatment, payment, or healthcare operations, we will provide an accounting of disclosures of electronic PHI, however, we do not maintain an accounting of paper or hard copy PHI made pursuant to a prior authorization by you or for certain law enforcement purposes.
In order to request this list or accounting of disclosure, your request must be submitted in writing to the Privacy Officer. That address may be found on Diversicare’s website. If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN 37027, or (615) 771-7575. Your request must also state a time period for which you want the accounting to cover, which may not be longer than six (6) years. Your request should also specify the format of the list you prefer (i.e., on paper or electronically). The first list you request within a twelve (12) month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the costs involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
- Right to Request Restriction of Uses and Disclosures. You have the right to request that we restrict the uses and disclosures of protected health information about you to carry out treatment, payment, or health care operations and/or to individuals involved in your care. We cannot restrict disclosures required by law or requested by the federal government to determine if we are meeting our privacy protection obligations.
We are not required to agree to your request; however, if we do agree, we will comply with your request unless the information is needed to provide you emergency medical treatment.
To request restrictions, you must make your request in writing to the Privacy Officer. That address may be found on Diversicare’s website. If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN 37027, or (615) 771-7575. Your request must specify (1) what protected health information you want to limit; and (2) whether you want to limit our use, disclosure, or both, and to whom you want the limits to apply (i.e., disclosures to your spouse).
We may terminate our agreement to the restriction if you orally agree to the termination and it is documented, you request the termination in writing, or we inform you that we are terminating our agreement with respect to any information created or received after receipt of our Notice.
In addition to the right to request a restriction as described above, you have the right to order that we not send your protected health information to any insurance company or person responsible for payment for your services, in order for Diversicare to be paid for our services on your behalf. However, should you wish to exercise this right, you will be required to pay for our services, at our undiscounted rates, in full and in advance.
- Right to Request Confidential Communications. You also have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. In order to request confidential communications, you must make your request in writing to the Privacy Officer. That address may be found on Diversicare’s website. If you do not know that address, you may send your request to the center’s Administrator/Local Privacy Officer, or the Corporate Privacy Officer, at Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN 37027, or (615) 771-7575. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- Right to Receive Notice Electronically. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice.
To obtain a paper copy of this Notice, please call or write the Center’s Administrator/Local Privacy Officer. That address may be found on Diversicare’s website. If you do not know that address, you may send your request to: Corporate Privacy Officer, Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN 37027, or (615) 771-7575.
CHANGES TO THIS NOTICE
We reserve the right to change our privacy practices that are described in this Notice. We reserve the right to make the revised or changed privacy practices applicable to protected health information we already have about you, as well as any information we receive in the future. A copy of our current Notice will be posted and made available in Diversicare offices(s), at our facilities and on our website. Prior to a material change to the uses or disclosures, your rights, our legal duties, or other privacy practices stated in this Notice, we will revise this Notice and make the revised version of the Notice available upon request, and on Diversicare’s website. This Notice will contain an effective date on the first page.
If you believe your privacy rights have been violated, you may file a complaint with Diversicare, or with the Secretary of the Department of Health and Human Services. To file a complaint with us, please call the center’s Administrator/ Local Privacy Officer. That address may be found on Diversicare’s website. If you do not know that address, you may send your request to: Corporate Privacy Officer, Diversicare Healthcare Services, Inc., 1621 Galleria Blvd., Brentwood, TN 37027, or (615) 771-7575. All complaints must be submitted in writing.
You will not be penalized or retaliated against for filing a complaint.
OTHER USES OF MEDICAL INFORMATION
Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written consent. If you provide us permission to use or disclose protected health information about you, you may revoke that consent, in writing, at any time. If you revoke your consent, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your consent, and that we are required to retain our records of the care that we provided to you.
The above Notice of Privacy Practices describes your rights and our obligations pursuant to the federal Health Insurance Portability & Accountability Act of 1996 (HIPAA), the Health Information Technology for Economic & Clinical Health Act (HITECH), and any implementing regulations. If the law of the sate in which our facility is located is more generous in describing your rights, or more restrictive in establishing our obligations, we will follow the law of that state.