Privacy Policy
Effective Date: October 3, 2024
ABI Resources ("we," "us," or "our") is committed to protecting the privacy and confidentiality of personal, medical, and financial information that we receive, collect, or use in providing our services. This comprehensive privacy policy outlines how we collect, use, disclose, and safeguard information in compliance with applicable federal and state laws, including the Health Insurance Portability and Accountability Act (HIPAA), the Connecticut Personal Data Act, and other relevant regulations.
1. Overview of Privacy Practices
This Privacy Policy applies to all employees, contractors, volunteers, physicians, business associates, and individuals whose actions are under the direct control of ABI Resources. We are committed to safeguarding Protected Health Information (PHI) and Personally Identifiable Information (PII) that is collected, stored, or disclosed in our daily operations.
2. Key Privacy Commitments
As an organization providing healthcare-related services, we are legally required to:
-
Safeguard the privacy and security of PHI and PII.
-
Provide clear notice regarding how we use and disclose PHI and PII.
-
Notify individuals in the event of a breach involving unsecured PHI.
-
Follow the terms of this policy, except when changes are made, at which point we will update the policy as required.
3. Information We Collect and Store
Automatically Collected Information
When you visit our website, certain information is collected automatically, such as:
-
The domain name and IP address from which you access our site.
-
The type of browser and operating system used.
-
The date and time of your visit.
-
The pages you visit.
-
The referral source from which you linked to our site.
This information is used for statistical analysis and to improve our site’s performance. In certain cases, such as responding to legal requests, this information may be used to identify individuals and may be shared with relevant authorities.
Personal Information You Voluntarily Provide
You do not have to provide personal information to visit our website or use our services. However, when you choose to provide personal information, including PHI, by contacting us via email, submitting forms, or providing it for service purposes, we may use that information to:
-
Respond to your inquiries.
-
Coordinate care and services.
-
Handle billing and payments.
-
Facilitate healthcare operations.
We maintain and destroy personal information in compliance with the Federal Records Act and the National Archives and Records Administration (NARA).
4. Uses and Disclosures of PHI and PII
We may use and disclose PHI and PII in the following circumstances without requiring your authorization:
Treatment
We may use PHI to provide, coordinate, and manage your healthcare services. For example, doctors, nurses, and other healthcare professionals involved in your care may share your PHI to provide effective treatment.
Payment
We may use and disclose your PHI to bill you, your insurance company, or third parties for services rendered. This may include sharing PHI with billing agencies and insurance companies.
Healthcare Operations
We may use PHI for our internal operations, including quality assessment, improvement activities, staff training, and credentialing healthcare professionals.
Business Associates
We may share your PHI with third parties who perform certain functions on our behalf, such as billing or legal services, provided they agree to safeguard your information in accordance with HIPAA and other relevant laws.
Fundraising Activities
We may contact you for fundraising purposes but will provide you with the option to opt out of receiving such communications.
Research
In certain circumstances, we may use or disclose your PHI for research purposes, provided proper authorization is obtained, or the research is conducted in compliance with applicable laws and guidelines.
Public Health and Safety
We may disclose your PHI when required by law to public health authorities to prevent or control disease, injury, or disability. We may also disclose PHI to avert a serious threat to your health or safety.
Legal Proceedings and Law Enforcement
We may use and disclose PHI in response to legal requirements, such as court orders, subpoenas, or other lawful processes. This also includes disclosures to law enforcement in certain circumstances, such as identifying a suspect, fugitive, or missing person.
Specialized Government Functions
We may disclose PHI related to military, national security, intelligence activities, and for the protection of the President or other officials.
Other Uses and Disclosures
Any other uses and disclosures of your PHI will only be made with your written authorization. You may revoke your authorization in writing at any time, except to the extent that we have already relied on it.
5. Individual Rights
You have the following rights with respect to your PHI:
Right to Access and Copies
You have the right to inspect and obtain a copy of your PHI maintained by us. This includes the right to direct us to send a copy of your PHI to another individual or entity. Requests for copies may incur a reasonable, cost-based fee.
Right to Amend
If you believe that your PHI is incorrect or incomplete, you have the right to request an amendment to your records.
Right to Accounting of Disclosures
You have the right to request an accounting of certain disclosures of your PHI. This does not include disclosures for treatment, payment, and healthcare operations, or for disclosures authorized by you.
Right to Request Restrictions
You may request restrictions on the use and disclosure of your PHI. While we are not always obligated to agree, we will comply with requests to restrict disclosure to your health plan if you have paid for a service in full.
Right to Confidential Communications
You have the right to request that we communicate with you in a specific manner (e.g., only at a certain address or phone number).
Right to Receive a Copy of This Notice
You have the right to receive a paper copy of this Privacy Policy upon request.
6. Security Safeguards
We are committed to safeguarding your PHI through physical, electronic, and procedural security measures:
-
Encryption: We encrypt sensitive data in transit to protect your information from unauthorized access.
-
Access Controls: Access to PHI is restricted to authorized personnel based on job function and necessity.
-
Monitoring and Auditing: We regularly audit and monitor systems to detect potential breaches or unauthorized access.
-
Breach Notification: In the event of a breach of unsecured PHI, we will notify affected individuals as required by law.
7. Breach Notification Procedures
If a breach involving unsecured PHI occurs, we are required to notify affected individuals, the Secretary of Health and Human Services (HHS), and potentially the media under certain circumstances.
8. Third-Party Websites and Applications
We may interact with third-party websites and applications, such as social media platforms, for public engagement and transparency. While we control our own official accounts, your activity on third-party platforms is governed by their privacy policies. We encourage you to review the privacy policies of third-party platforms before interacting with them.
9. Changes to this Privacy Policy
We reserve the right to modify this Privacy Policy at any time. Changes will apply to all PHI we maintain and will be made available on our website or posted at our office locations. The effective date of any updates will be reflected on the policy.
10. Filing Complaints
If you believe that your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services (HHS). To file a complaint with ABI Resources, please contact:
ABI Resources – Privacy Officer
39 Kings HWY STE C
Gales Ferry, CT 06335
Email: ABI@CTBRAININJURY.com
Phone: (860) 942-0365
You may also contact the U.S. Department of Health and Human Services, Office for Civil Rights.
We will not retaliate against you for filing a complaint.