HIPAA Privacy Statement
Forum Extended Care Services, Inc., II - Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Our Commitment to Safeguard Your Health Information:
Forum Extended Care Services, Inc.,II (Forum) is committed to maintaining the privacy of your health information. State law and the Health Insurance Portability & Accountability Act of 1996 (HIPAA) require us to maintain the confidentiality of all your health-care records and other individually identifiable health information used by or disclosed to us in any form, whether electronically, on paper, or orally (PHI or Protected Health Information). HIPAA is a federal law that gives you significant rights to understand and control how your health information is used. HIPAA and state law provide penalties for covered entities and records owners, respectively, that misuse or improperly disclose PHI. Starting April 14, 2003, HIPAA requires us to provide you with the Notice of Privacy Practices (Notice) of our legal duties and the privacy practices we are required to follow on your first order of health-care services.
Forum is required to maintain the privacy of your PHI and provide you with a copy of this Notice. This Notice describes our health information privacy practices.
Forum reserves the right to change its privacy practices and the terms of this Notice at any time. In the event we materially change a privacy practice, the change will be effective for all information already maintained about you, and the revised Notice will be promptly posted at Forum and our website: www.forumpharmacy.com. You may also request a copy of the notice currently in effect from Forum at (800) 447-7108.
If you have any questions about the content of this Notice, please contact Forum’s Privacy Officer at (800) 447-7108
How Your Protected Health Information May Be Used Or Disclosed:
We have the right to use or disclose your protected health information for treatment, payment or health care operational activities, and under certain circumstances, the law may require us to disclose your protected health information. We may disclose your protected health information to a third party to perform a function or service on behalf of Forum, but before doing so, we will have an agreement in place that extends the same privacy protection to your health information that we must apply. Under the law, we must have your signature on a written, dated Consent form and/or an Authorization form (not an Acknowledgement form) before we will use and disclose your PHI for certain purposes as detailed in the rules below.
Documentation. You will be asked to sign a Consent form and/or an Authorization form when you receive this Notice of Privacy Practices. If you did not sign such a form or need a copy of the one you signed, please contact our Privacy Officer. You may take back or revoke your consent or authorization at any time (unless we already have acted based on it) by submitting our Revocation form in writing to us at our address listed below. Your revocation will take effect when we actually receive it. We cannot give it retroactive effect, so it will not affect any use or disclosure that occurred in our reliance on your Consent or Authorization prior to revocation (i.e. if after we provide services to you, you revoke your authorization or consent in order to prevent us billing or collecting for those services, your revocation will have no effect because we relied on your authorization or consent to provide services before you revoked it).
General Rule. If you do not sign our Consent form or if you revoke it, as a general rule (subject to exceptions described below under "Healthcare Treatment, Payment and Operations Rule" and "Special Rules"), we cannot in any manner use or disclose to anyone (excluding you, but including payers and Business Associates) your PHI or any other information in your medical record. Under state law, we are unable to submit claims to payers under assignment of benefits without your signature on our Consent form. We will not condition treatment on your signing an Authorization, but we may be forced to decline you as a new patient or discontinue you as an active patient if you choose not to sign the Consent or revoke it.
Disclosures Related To Treatment, Payment Or Operational Activities:
Treatment. Your protected health information may be used or disclosed to provide or manage your health care and related services, coordinate or manage your health care with a third party, consult with other health care providers. For example, if you are in need of emergency medical services we may provide protected health information to the emergency medical technician. We will disclose your protected health information to any future health care providers upon verification of the request for your information and with your authorization.
Payment. Your protected health information may be used or disclosed to obtain reimbursement for health care services provided by Forum to you. For example, your protected health information may be used to contact your health insurance company to determine if your insurance company will cover or pay for your care.
Health Care Operations. Your protected health information may be used or disclosed for health care operation purposes. These uses and disclosures are important to ensure that you are provided health care services in an efficient and cost-effective manner. For example, your protected health information may be used to determine additional services you may need; to evaluate the care you received in supervised staff training programs to improve their skills; to conduct or arrange for medical review or legal services; or for business planning and development.
Treatment Alternatives. Your protected health information may be used to provide you with information about treatment alternatives.
You May Agree or Object to the Following Uses and Disclosures of Your PHI:
Release of PHI to a Family Member, Friend or Other Persons Involved In Your Care And Treatment or For Notification Purposes. Protected health information about you may be disclosed to a family member, relative, close personal friend or any other person identified by you, only to the extent the health information is relevant to that person's involvement with your care or payment for your health care.
Your protected health information may also be used or disclosed to notify or assist in notifying a family member, personal representative or any other person responsible for your care, your location or general condition.
Disaster Relief. We may disclose your protected health information to a public or private entity authorized by law to assist in disaster relief efforts for the purpose of notifying or assisting in notifying a family member, a personal representative or another person of your location and general condition.
Other Uses or Disclosures of Your PHI:
Required By Law. Your protected health information may be disclosed when the use or disclosure is required by law.
Public Health Activities. Your protected health information may be disclosed for public health activities. For example, your protected health information may be disclosed to prevent or control disease, injury or disability; report child abuse or neglect; maintain vital records, such as births and deaths; notify a person regarding potential exposure to a communicable disease; notify a person regarding a potential risk for spreading or contracting a disease or condition; notify an appropriate government agency about the abuse or neglect of an adult individual (including domestic violence); or to the federal Food and Drug Administration (FDA) to report adverse events with medications, track regulated products, report product recalls, defects or replacements.
Abuse, Neglect, And Domestic Violence. If we reasonably believe you are a victim of abuse, neglect or domestic violence, to the extent the law requires, protected health information about you may be disclosed to an agency authorized by law to receive such reports.
Health Oversight Activities. Your protected health information may be disclosed to a health oversight agency to perform oversight activities authorized by law or for appropriate oversight of the health care system; for example, audits, investigations, inspections and licensure activities.
Judicial And Administrative Proceedings. We may disclose your protected health information in the course of any judicial or administrative proceeding. For example, we may disclose your protected health information in response to a court or administrative order, or in response to a discovery request, subpoena or other lawful process.
Law Enforcement. Your protected health information may be disclosed to report certain types of wounds or other physical injuries; to a law enforcement official to identify or locate a suspect, fugitive, material witness or missing person; to provide certain information about the victim of a crime, about a death due to criminal conduct, and in emergency circumstances, to report a crime, the location of a crime, to identify the victim of a crime, or the identity, description or location of the person who committed the crime
Coroners, Medical Examiners And Funeral Directors. Your protected health information may be disclosed to facilitate the duties of coroners, medical examiners and funeral directors.
Organ and Tissue Donation. Your protected health information may be disclosed to an organization to facilitate organ or tissue donation and transplantation.
Research. Your protected health information may be used or disclosed to a researcher with your authorization. You may authorize the use by permitting combined and unconditioned authorizations for research as long as the authorization clearly allows the ability to opt-in to the unconditioned research activities. Authorizations for research do not need to be study specific.
To Avert A Serious Threat To Health Or Safety. Your protected health information may be disclosed to reduce or prevent a serious threat to your health and safety or the health and safety of the public or another person. For example, to prevent or control disease; maintain vital records, such as births and deaths; report child abuse or neglect; report reactions to medications or problems with products; notify a person regarding potential exposure to a communicable disease; notify people of recalls of products they may be using; in response to a warrant, summons, court order, subpoena or similar legal process; identify/locate a suspect, material witness, fugitive or missing person; or in an emergency, to report a crime or the description, identity or location of the perpetrator.
Specialized Government Functions. If you are a member of U.S or foreign military forces (including veterans), Forum may use or disclose your protected health information to assure the proper execution of a military mission. Forum may disclose your protected health information to federal officials for intelligence and national security activities authorized by law, to protect the President, or to conduct investigations.
Workers' Compensation. Your protected health information may be disclosed for workers' compensation or similar programs in order for you to obtain benefits for a work-related injury or illness.
Fundraising. HIPAA rules prohibits the use or disclosure of PHI for fundraising purposes. The Rule specifies that each fundraising communication must include an opt-out for the individual to elect not to receive further fundraising communications with no more than a minimal cost to the individual, but the covered entity may provide a method for opting back in.
Minimum Necessary Rule
Forum’s staff will not use or access your PHI unless it is necessary to do their jobs (i.e. staff uninvolved in your care will not access your PHI; billing staff will not access your PHI except as needed to complete the claim form; janitorial staff will not access your PHI). Also, we disclose to others outside our staff only as much of your PHI as is necessary to accomplish the recipient's lawful purposes. For example, we may use and disclose the entire contents of your medical record.
- To you (and your legal representatives as stated above) and anyone else you list on a Consent or Authorization to receive a copy of your records
- To health-care providers for treatment purposes (i.e. making diagnosis and treatment decisions or agreeing with prior recommendations in the medical record)
- To the U.S. Department of Health and Human Services (i.e. in connection with a HIPAA complaint)
- To others as required under federal or state law
- To our Privacy Officer and others as necessary to resolve your complaint or accomplish your request under HIPAA (i.e. clerks who copy records need access to your entire medical record)
In accordance with the law, we presume that requests for disclosure of PHI from another Covered Entity (as defined in HIPAA) are for the minimum necessary amount of PHI to accomplish the requestor's purpose. Our Privacy Officer will individually review unusual or non-recurring requests for PHI to determine the minimum necessary amount of PHI and disclose only that. For non-routine requests or disclosures, the Plan's Privacy Officer will make a minimum necessary determination based on, but not limited to, the following factors:
- The amount of information being disclosed
- The number of individuals or entities to whom the information is being disclosed
- The importance of the use or disclosure
- The likelihood of further disclosure
- Whether the same result could be achieved with de-identified information
- The technology available to protect confidentiality of the information
- The cost to implement administrative, technical and security procedures to protect confidentiality
If we believe that a request from others for disclosure of your entire medical record is unnecessary, we will ask the requestor to document why this is needed, retain that documentation and make it available to you upon request
Healthcare Disclosure Rule
Forum will take reasonable administrative, technical and security safeguards to ensure the privacy of your PHI when we use or disclose it (i.e. Forum require employees to talk softly when discussing PHI with you, Forum use computer passwords and change them periodically (i.e. when an employee leaves Forum), Forum allow access to areas where PHI is stored or filed only when we are present to supervise and prevent unauthorized access.
Business Associate Rule
Business Associates and other third parties (if any) that receive your PHI from us will be prohibited from re-disclosing it unless required to do so by law or you give prior express written consent to the redisclosure. Nothing in our Business Associate agreement will allow our Business Associate to violate this re-disclosure prohibition.
Super-confidential Information Rule
If Forum has PHI about you regarding HIV testing, alcohol or substance abuse diagnosis and treatment, or psychotherapy and mental health records (super-confidential information under the law), Forum will not disclose it under the General or Health-care Treatment, Payment and Operations Rules (see above) without your first signing and properly completing our Consent form (i.e. you specifically must initial the type of super-confidential information we are allowed to disclose). If you do not specifically authorize disclosure by initialing the super-confidential information, we will not disclose it unless authorized under the Special Rules (see above) (i.e. we are required by law to disclose it). If we disclose super-confidential information (either because you have initialed the consent form or the Special Rules authorize us to do so), we will comply with state and federal law that requires us to warn the recipient in writing that redisclosure is prohibited.
Your Rights Related To Your PHI:
Right to Inspect and Copy. You have the right to inspect and obtain a copy of information used to make health care decisions about you (including medical records and billing records, but not psychotherapy notes) for a period of six (6) years or as required by state law. Privacy Rule permits you to ask for an electronic copy of the medical records, and Forum must provide access in electronic form if it is readily producible. You may be charged a fee for the cost of copying, mailing, labor and supplies associated with your request. To inspect and copy this information, you must submit your request in writing to Forum’s Privacy Officer.
We may deny your request to inspect or copy in certain limited circumstances; however, you may request a review of the denial. Reviews will not be conducted by the person that denied your request, but by Forum’s Privacy Officer.
Right to Amend. You have the right to request us to amend information in a record that you believe is incorrect or incomplete. Your request must be in writing and you must provide a reason that supports your request. Your request must be submitted to the Forum’s Privacy Officer.
We may deny your request if the information or record you want amended was not created by us; is not part of the medical information kept by us; is not part of the information which you would be permitted to inspect or copy; or if the information is accurate and complete.
Right to an Accounting of Disclosures. You have the right to request a list of those instances where your protected health care information has been disclosed other than disclosures: i) for treatment, payment or operational activities; ii) to you or as authorized by you; iii) to persons involved in your care or treatment; iv) for national security or intelligence activities; v) to correctional institutions or law enforcement officials; vi) incident to a disclosure we are required to make; or vii) made prior to April 14, 2003. To obtain an accounting of disclosures, you must submit your request in writing to Forum’ Privacy Officer.
Right to Request Restrictions. You have the right to request us to limit or restrict how your health information is used or disclosed for treatment, payment or health care operation activities; to a family member, other relative, close personal friend or any other person identified by you; and for disaster relief purposes. Your request must be in writing to Forum. Your request must describe in a clear and concise fashion: i) the information you wish restricted; ii) whether you are requesting a limit on the use of your health information for treatment, payment or operational activities, or whether you are requesting a limit on the disclosure of your information to family members or friends, or both; and iii) to whom you want the limits to apply.
We are not required to agree to your request; however, we will accommodate reasonable requests permitted by our operational processes. If we agree to a restriction, we are bound by the agreement, except when otherwise required by law, in emergencies when the information is necessary to treat you.
Right to Choose How We Communicate With You. You have the right to request that we communicate with you about your health and health-related issues in a particular manner or at a certain location. For instance, you may ask to be contacted by mail rather than by telephone. In order to request a type of confidential or alternate communication, you must submit a request in writing to Forum’s Privacy Officer. Your request must specify the alternate method of contact you are requesting or the location where you wish to be contacted. You do not need to give a reason for your request. We will accommodate reasonable requests.
Right to Revoke Authorization. You have the right to revoke your authorization to use or disclose health information, except to the extent that action has been taken in reliance upon your authorization. Your request must be in writing.
Right to Notification of Breach. You have the right to be notified if you are affected by a breach of unsecured health information about you.
Right to a Paper Copy of This Notice. You are entitled to receive a paper copy of this Notice at any time by contacting Forum’s Privacy Officer. You may also obtain a copy from Forum’s website.
Right to File a Complaint. If you are concerned that your privacy rights may have been violated, you may file a complaint with the Forum or with the Secretary of the Department of Health and Human Services' Office of Civil Rights. You will not be retaliated against for filing a complaint.
Other Uses of Medical PHI:
Authorization. Other uses and disclosures of medical information not covered by this Notice will be made only with your written authorization. You may revoke an authorization for the use or disclosure of your protected health information in writing at any time. Your request should be made in writing to Forum’s Privacy Officer. If you revoke the authorization, your protected health information will no longer be used or disclosed for the reasons covered by your written authorization; however, the revocation will not apply to any disclosures already made with your authorization.
Contact Information: If you have any questions, requests, or concerns about your Forum-related health information rights or our use and disclosure of health information, please contact: Privacy Officer, Forum Extended Care Services, Inc., II, 4201 W. Victoria St., Chicago, IL 60646. Toll Free Phone: 1-(800) 447-7108.
Prepared for Forum's Patients, effective September 10, 2013
Effective Date: June 15, 2017
The information and materials provided on or through the website, including any content, data, text, designs, graphics, images, photographs, illustrations, audio and video clips, logos, icons, and links (collectively, the “Materials”) are owned exclusively by Forum Extended Care Services and are intended to educate and inform you about the events and other products and services offered or described on the website. The website and all its original content are the sole property of Forum Extended Care Services and are, as such, fully protected by the appropriate international copyright and other intellectual property rights laws.
You understand that the technical processing and transmission of the website, including your User Content, may involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.
The website, the materials on the site, and any service obtained through the site is provided “as is” and “as available” without warranties of any kind, either express or implied. To the full extent permissible under law, Forum disclaims all warranties, express or implied, including but not limited to warranties of merchantability and fitness for a purpose, title, and non-infringement. Further, Forum does not warrant the accuracy, reliability, completeness, timeliness, or availability of this site or its content or of any linked website.
In using this website, you assume the risk of accessing and using the information provided herein. Forum assumes no responsibility and shall not be liable for any damages arising out of your use of the website or linked websites, including but not limited to direct, indirect, special, consequential, compensatory damage, incidental damage, lost profits or data, damages to your computer resulting from viruses, loss of or damage to other property, or claims of third parties arising out of the use, copying or display of this website or its contents, regardless of whether Forum has been advised, knew or should have known of the possibility of such damages or claims. Your sole and exclusive remedy against Forum is to cease use of this website.
You may browse the website and view content without registering, but as a condition to using certain aspects of the site, you may be required to register with Forum and select a password and display name (your “registration”). You are responsible for maintaining the confidentiality of your registration. You shall not (i) select or use as your registration a name of another person with the intent to impersonate that person; (ii) use as your registration a name subject to any rights of a person other than you without appropriate authorization; or (iii) use as your registration a name that is otherwise offensive, vulgar, or obscene.
You shall be responsible for all uses of your registration, whether it is authorized by you or not. You will immediately notify Forum in writing of any unauthorized use of your account, or other account related security breach of which you are aware. You also agree to: (a) provide true, accurate, current and complete information about yourself as submitted to Forum, and (b) maintain and promptly update your registration information to keep it true, accurate, current and complete. If you provide any information that is untrue, inaccurate, not current or incomplete, or Forum has reasonable grounds to suspect that such information is untrue, inaccurate, not current, or incomplete, Forum has the right to immediately suspend or terminate your account and refuse all current or future use of the website or services (or any portion thereof) in its sole discretion.
This website offers opportunities to communicate with Forum through email. Because normal email is not encrypted, the possibility exists that unauthorized individuals may intercept your email messages to Forum. Forum Extended Care Services is not responsible for privacy of e-mail messages except those stored in our system. Note that Forum will never ask for personal information such as social security numbers or bank account information through unsolicited email communications.
Forum Extended Care Services reserves the right to terminate your access to the website without any advanced notice.
Forum Extended Care Services values your privacy and is committed to protecting your personal information.
Forum Extended Care Services has implemented commercially reasonable precautions, including, where appropriate, password protection, encryption, and secure socket layering to protect our website and the information we collect from loss, misuse, and unauthorized access, disclosure, alteration, and destruction. Please be aware that despite our best efforts, no data security measures can guarantee 100% security all the time. Please keep this in mind when disclosing any of your personal information via the Internet.
You should take steps to protect against unauthorized access to your password, computer, and web-enabled devices, among other things, by signing off after using a shared computer, inserting a password on your web-enabled device, choosing a password that nobody else knows or can easily guess, keeping your password private, and periodically changing your password. You should never share your log-in information with others. We are not responsible for any lost, stolen, or compromised passwords, or for any activity on your account via unauthorized password activity.
Information we collect from you and why
Personal information is collected when a request for service has been issued. We also collect information from businesses, organization and individuals who request information from us.
Certain services offered through the website will require information from you.
When you pay a billing statement or register for an event, we may ask you to provide the following:
- Your first and last name
- Your account number
- Your email address and desired password (if applicable)
- Your display name
- Your profile data, such as contact information, business address, title or designation, organization or company name, professional license number (if applicable)
- Payment information, such as credit card or financial account numbers (if applicable)
We may use the information that we gather about you for the following purposes:
- To provide our services to you, to communicate with you about your use of our services, and for other customer service purposes;
- To provide information that you have requested to receive from us in response to your opt-in requests;
- To provide our services at the request of our clients;
- To administer Events;
- To provide and post results of Events;
- To improve our site and services by providing personalized experiences, location customization, personalized help, and instructions;
- To send you email or direct mail, follow-up questions about your event or your participation in an event, news and newsletters, promotions, and/or invitations to visit the site; and
- To better understand how access and use of our sites and services, both on an aggregated and individualized basis, and for other research purposes;
- For marketing and advertising purposes.
To stop receiving or opt out of marketing or promotional emails, direct mail, or phone calls from Forum, contact us via email to email@example.com .
When and how do we share information
- Affiliates: We may disclose the information we collect from you to our affiliates or subsidiaries; however, if we do so, their use and disclosure of your information will be subject to this Policy.
- Third-Party Vendors or Service providers: We may disclose the information we collect from you to third-party vendors, service providers, contractors, or agents who perform functions on our behalf. For example, these providers may help us administer our sites and applications manage and administer events, or process credit card payments. These third parties have agreed to maintain the confidentiality, security, and integrity of our information and may be located wherever Forum operates. Where required by law, these companies agree to only use such information for the purposes for which they have been engaged by us unless you expressly permit them to use your information for other purposes.
- Non-Affiliated Third Parties: We may disclose the information that we collect about you to non-affiliated third parties (with your consent, if consent is required by law), such as promotional partners and others with whom we have marketing or other relationships. Those third parties may use your information for marketing purposes, such as to market products and services that they believe would be of interest to you. We also may combine the information that we collect about you with other information that we obtain from third parties. This information may help us to determine what advertisements to direct to you, to place on our website, and where to advertise our services.
We may also share your information for the following reasons:
- To comply with laws, rules, regulations, or legal process;
- To respond to claims that any User Content violates the rights of third parties;
- To protect the rights, property or personal safety of Forum Extended Care Services, its users, and the public.
Forum’s Billing Department performs necessary steps to ensure timely research and analysis of accounts and prompt, accurate refunds of confirmed overpayments.
Because account discrepancies can occur for many reasons, accounts with credit balances or suspected overpayments require review and research to determine the underlying cause for the balance in question. Once confirmed, all bona fide overpayments must be refunded within 60 days to the appropriate patient, guarantor, or third-party payer. Refunds may be processed either by issuing a check or credit card refund.
Credit balances or overpayments are not refunded on active private pay accounts. The credit balance is applied to the subsequent invoice. The patient or patient’s responsible party must specifically request for a refund of overpayment to be processed and returned to the patient or patient’s responsible party.
To request a refund or credit on your account, please contact us at firstname.lastname@example.org or call (800) 447-7108, option 2.
Forum contracts exclusively with healthcare facilities and communities to deliver medications and services on an established schedule set for each location. In general, orders are delivered within 12 to 48 hours via licensed, bonded specialty couriers or common carrier, who are required to provide proof of delivery. Delivery service is included as part of the healthcare facility’s contract with Forum. There is no separate charge to the patient’s account.
Forum Extended Care Services has implemented the following policy for the collection, use, disclosure, storage and destruction of biometric information in accordance with applicable standards and laws including the Illinois Biometric Information Privacy Act (BIPA).
Definition: Forum Extended Care Services defines Biometric Identifier as a retina or iris scan, fingerprint or voiceprint, or scan of hand or face geometry and Biometric Information as any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier used to identify an individual.
Collection & Use: Forum Extended Care Services collects and uses biometric information for (a) time keeping entries, using systems provided by its third-party timeclock vendors such as Kronos in order to provide a verifiable and reasonable method to validate employee time worked; (b) Forum also utilizes biometric technology for the purpose of identifying employees for access to drug cabinets or other pharmacy related equipment or machines and establish a method of accountability; (c) Forum Extended Care Services will not sell, lease, trade, or otherwise profit from an individual’s biometric information.
Disclosure: Biometric information will not be disclosed by the company unless (a) consent is obtained, (b) disclosure is authorized by the subject, (c) disclosure is required by law, or (d) disclosure is required by warrant or subpoena.
Storage & Security: Biometric information will be stored using reasonable industry standard of care and in a manner that is the same or exceeds the standards used to protect other confidential information held by the company.
Retention & Destruction: Biometric information will be retained only until the initial purpose for collecting or obtaining the biometric information has been satisfied, or within 3 years of the employee’s last interaction with Forum, whichever occurs first.
Consent: An employee’s biometric information will not be collected or obtained by Forum without prior written consent of the employee; Forum will inform employees, in writing, that Biometric information is being collected or stored and of the purpose and length of term for which it is being collected, stored, and used.