PROTECTED HEALTH INFORMATION
LEGAL AUTHORITY: 45 Code of Federal Regulations, Parts 160 and 164
EFFECTIVE DATE: April 14, 2003
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU ("the Individual") MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The Health Insurance Portability and Accountability Act ("HIPAA") requires certain designated components within the State Board for Technical and Comprehensive Education and its colleges (collectively "the System"), to maintain the privacy of protected health information ("PHI") and to provide individuals with notice of the System's legal duties and privacy practices with respect to PHI.
HIPAA and its regulations specifically exclude from the definition of PHI any education records covered by the Family Educational Rights and Privacy Act ("FERPA"), treatment records of a student over 18 years of age, treatment records of a student enrolled in a post-secondary institution, and employment records held by the System in its role as an employer. Therefore, the System acknowledges that the business activities of only some of it components may be considered subject to the privacy regulations of HIPAA, which the System now designates as:
- System-controlled medical facilities which provide or manage healthcare and related services to any individual, System employee, alumni, independent contractor, or student of the System whose record of is not considered either treatment or a "student record" under the provisions of FERPA;
- The office(s) of any System-employee that is employed as a licensed healthcare provider or counselor who provides preventative, diagnostic, therapeutic, rehabilitative, or counseling services to any individual, System employee, alumni, independent contractor, or student of the System whose record of is not considered either treatment or a "student record" under the provisions of FERPA;
- The office that administers an employee welfare benefit plan (other than disability insurance, liability insurance, on-site clinics, or Workers Compensation) that is established or maintained for the purpose of offering or providing health benefits to System employees.
Disclose: release, transfer, provision of access to, or divulging in any other manner, of information outside the System.
Protected Health Information ("PHI"): individually identifiable health information that is transmitted or maintained by electronic media or any other form or medium; but does not include education records covered by the Family Educational Rights and Privacy Act, records of a student over 18 years of age or enrolled in a post-secondary educational institution, and employment records held by the System in its role as employer.
With respect to PHI, the Individual or to the Individual's personal representative has the right to:
- Request restrictions on certain uses and disclosures of PHI; however, the System is not required to agree to or comply with requested restriction;
- Receive confidential communications of PHI;
- Inspect and copy PHI;
- Submit a written request for an amendment of PHI to the Compliance Officer at the institution where the Individual's PHI record is kept;
- Receive an accounting of the System's disclosures of PHI; and
- Obtain a paper copy of this Notice, upon submission of a written request to the institution's Compliance Officer.
Uses and Disclosures of PHI
The System will not use or disclose PHI, except under circumstances which are either required or permitted by law, or pursuant to an authorization from the Individual or the Individual's personal representative.
The System is required to disclose PHI to the Individual or to the Individual's personal representative. The System is also required to disclose PHI, without the Individual's authorization, as required by law, and to the United States Department of Health and Human Services ("DHHS") for purposes of determining the System's compliance with HIPAA and its regulations.
The System is permitted to use and disclose PHI to third parties, without the Individual's authorization, for purposes of:
- Treatment, which includes the provision or management of healthcare and related services to an individual, including, but not limited to preventative, diagnostic, therapeutic, rehabilitative, and counseling services;
- Payment, including, but not limited to obtaining or furnishing reimbursement for the provision of healthcare, such as billing Medicaid for healthcare services provided;
- Healthcare Operations, including, but not limited to activities related to insurance, compliance, quality assurance, and professional competency;
- Compliance with a subpoena, court order, or warrant;
- Public health activities;
- Averting a threat to public health or safety;
- Reporting suspected victims of abuse, neglect, or domestic violence;
- Compliance with Worker's Compensation law;
- Identifying a decedent;
- Requests from health oversight organizations, including, but not limited to DHHS;
- Organ procurement;
- Government functions, including but not limited to law enforcement, the military, and veteran's affairs.
In addition, the System is permitted to contact the Individual or his/her representative to provide appointment reminders, and may also use and disclose PHI to the sponsor of a group health plan, including, but not limited to the South Carolina Budget and Control Board.
Limitations on Use and Disclosures
Except as described in this Privacy Notice, the System will disclose PHI to other third parties only with written authorization from the Individual or his/her personal representative. The Individual or his/her personal representative may revoke such authorization by providing written notice to the designated Compliance Officer at the institution where the Individual's PHI record is kept.
Under most circumstances, the System will take reasonable steps to use, disclose, and/or request from other covered entities only the minimum PHI reasonably necessary to accomplish the purpose of the use, disclosure, or request. However, the System is not limited in its use and/or disclosures of PHI made:
- To a health care provider for treatment;
- To the Individual or his/her personal representative;
- Pursuant to an authorization;
- To the United States Department of Health and Human Services ("DHHS");
- As required by law or court order; or
- As required for compliance with HIPAA and its regulations.
The System will not disclose PHI for research or fundraising purposes.
Contacts and Complaints
If you believe that your privacy rights under this Notice have been violated, you may notify the Compliance Officer at the institution where your PHI record is kept, or you may file a complaint with DHHS, by calling 866-OCR-PRIV (866-627-7748) or writing to DHHS at 200 Independence Avenue, S.W., Washington, D.C. 20201. The complaint must be in writing, naming the institution that is the subject of the complaint, and describing the acts or omissions believed to be in violation of the law. Federal regulations require complaints to be filed within 180 days of when the complainant knew or should have known that the act or omission complained of occurred. The System will not retaliate against any Individual for filing a complaint.
For further information, please contact the Director of Human Resources at:
Florence-Darlington Technical College
P.O. Box 100548, 2715 West Lucas Street
Florence, SC 29501
(843) 661-8371 Fax
The System is required by law to abide by the terms of this notice, which was first effective April 14, 2003. However, the System reserves the right to change the terms of this notice, and to make new notice provisions effective for all PHI.
 Except for psychotherapy notes, information exempted by the Clinical Laboratory Improvements Act, and information compiled in anticipation of or use in a civil, criminal, or administrative proceeding.