As the Ecumenical Retirement Community services evolve, we may revise this policy, so please check back frequently. If you have questions about Ecumenical Retirement Community privacy practices please contact us at firstname.lastname@example.org.
Information Collection and Use
Ecumenical Retirement Community collects personally identifiable information when you register for an Ecumenical Retirement Community account and when you use certain Ecumenical Retirement Community products and services. Ecumenical Retirement Community also may receive personally identifiable information from its resellers and other business partners.
When you register with Ecumenical Retirement Community, we ask for your contact information (such as your name, street address and e-mail address), as well as certain information pertaining to your business, along with billing information such as a bank account and/or credit card number.
In the course of processing a payment transaction, we typically receive from the merchant or financial institution information related to the transaction. This normally includes information about the payment that a consumer has furnished the merchant or financial institution in placing the order. We do not acquire any information directly from consumers through the www.ecumenicalretirement.org website.
Ecumenical Retirement Community uses the information collected to fulfill your requests for certain products and services, process payment transactions, facilitate billing and otherwise deliver the payment gateway services. We also may send merchants service announcements, newsletters and periodic notices about specials and new products. Personally identifiable consumer information is used to process payment transactions and for no other purpose.
- Ecumenical Retirement Community does not offer services or sell products to children. Ecumenical Retirement Community does not request or knowingly collect personally identifiable contact information from anyone under the age of 13.
- Ecumenical Retirement Community has implemented Google Analytics Demographics and Interest Reporting to better understand the traffic we receive. Visitors can opt-out by clicking here.
Information Sharing and Disclosure
Protecting personally identifiable information about merchants and consumers is an important part of our business. We share and disclose such information only as described below. Ecumenical Retirement Community will send personally identifiable information about you to other companies or people when:
- we have your consent to share the information;
- we need to share your information to provide the product or service you have requested;
- we need to send the information to companies who work on behalf of Ecumenical Retirement Community to provide a product or service to you (unless we tell you differently, these companies do not have any right to use the personally identifiable information we provide them beyond what is necessary to assist us).
Personally identifiable consumer information is shared with third parties (such as banks and credit card processors) to the extent necessary for Ecumenical Retirement Community to deliver payment processing services. We also may release personally identifiable information when we believe release is appropriate to comply with law; enforce or apply our Merchant Agreement and other agreements; or protect the rights, property or safety of Ecumenical Retirement Community, our users or others. This includes exchanging information with other companies and organizations for fraud protection and risk reduction.
Information security is critical to our business. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information. The information gathered on secure computers is stored in a locked down data center. The number of employees involved in the management of the data center that have physical access to these computers is limited. We use firewalls and other security technology, as well as implement the highest industry standard security practices, to prevent our computers from being accessed by unauthorized persons.
We also require that any personally identifiable consumer information sent to us by you be encrypted using SSL encryption.
It is important for you to protect against unauthorized access to your login ID/password, other sensitive account data and to your computer. Be sure to sign off when finished using a shared computer and otherwise safeguard the password used to access the Ecumenical Retirement Community services.
Effective Date: 10/01/2017
Ecumenical Retirement Community
NOTICE OF PRIVACY PRACTICES FOR RESIDENTS
|THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION
PLEASE REVIEW IT CAREFULLY
Ecumenical Retirement Community respects your privacy. We maintain records containing your personal health information that are protected by law. This Notice of Privacy Practices explains how we may use or disclose your protected health information, your rights and our legal duties regarding your protected health information. In this Notice your protected health information is called your “Health Information.”
Our Duties Regarding Your Health Information
Ecumenical Retirement Community is required by law to maintain the privacy of your Health Information and provide you with this Notice of our legal duties and privacy practices with respect to your Health Information. We reserve the right to change our privacy practices and the terms of this Notice and make the provisions of a revised Notice effective for all your Health Information we maintain. If we revise the Notice we will provide it to you when it is in effect by posting it in a clear and prominent location in our facility, having a copy available for you to request and take with you and posting it on our website if we maintain a website. We must follow the terms of the Notice that is in effect. You may request a copy of the Notice any time and we will give you a copy of the Notice that is in effect when you request it.
You may contact our Privacy Official if you have any questions or would like further information about the matters covered by this Notice. You will find our Privacy Official’s contact information at the end of this Notice.
How We May Use and Disclose Your Health Information
Use and Disclosure of Your Health Information for Treatment, Payment and Health Care Operations
We are permitted to use and disclose your Health Information for purposes of treatment, payment and health care operations.
- Treatment. We may use or disclose your Health Information to provide you with health care treatment or services. For example, we may use your Health Information to diagnose and treat you or we may disclose your Health Information to a health care provider you may be referred to so that provider has information needed to diagnose or treat you.
- Payment. We may use or disclose your Health Information to obtain payment or be reimbursed for the health care treatment and services we provide. For example, we may give your Health Information to your health plan so it can reimburse you or pay us. We may also provide your Health Information to your health plan to obtain prior approval for treatment or to determine whether your plan will cover the treatment.
- Health Care Operations. We may use or disclose your Health Information in connection with our health care operations which are ways we provide health care and manage our organization. For example, we may use or disclose your Health Information to evaluate our performance in providing health care to you and identify ways we may improve our service.
Use and Disclosure of Your Health Information Required or Permitted by Law
There are situations besides treatment, payment or health care operations where we may use or disclose some of your Health Information without first obtaining your written authorization. Any such use or disclosure will be limited to your Health Information required or permitted by law in the following situations.
1. Public Health. We may disclose your Health Information to public health authorities that are authorized by law to collect or receive information to report vital information and prevent or control disease or injury. For example, we may report information about communicable diseases, child abuse or neglect, problems related to food, medications or medical devices or products and vital events such as births or deaths. We may also disclose your Health Information to a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition or findings concerning a work-related illness or injury or workplace related health issue to an employer. If we reasonably believe you are a victim of abuse, neglect, or domestic violence we may disclose your Health Information limited to requirements of law to a government authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect, or domestic violence.
2. Health Oversight Activities. We may disclose your Health Information to a health oversight agency that includes, among others, an agency of the federal or state government authorized by law to monitor the health care system. Authorized health oversight activities include audits; civil, administrative, or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative or other activities necessary for appropriate oversight of the health care system.
3. Judicial and Administrative Proceedings. We may disclose your Health Information in the course of judicial or administrative proceedings. For example, we make a disclosure in response to a court or administrative order or subpoena.
4. Law Enforcement Purposes. We may disclose your Health Information to a law enforcement official as required by law, in response to a law enforcement official’s lawful request to identify or locate a victim, suspect, fugitive, material witness or missing person or to report a crime that has occurred on our premises or that may have caused a need for emergency services.
5. Required by Law. We may use or disclose your Health Information when required by state, federal or other law to correctional institutions, the Food and Drug Administration and authorized federal officials for the conduct of lawful national security activities and the provision of protective services to the President or other persons as required by federal law.
6. Coroners, Medical Examiners and Funeral Directors. We may disclose your Health Information to coroners or medical examiners to identify a deceased person or to determine the cause of death and to funeral directors as necessary to carry out their duties.
7. Organ Donation. We may disclose your Health Information to an organ procurement organization or other facility that participates in or makes a determination for the procurement, banking or transplantation of organs or tissues.
8. Research. We may use or disclose your Health Information for research purposes under strict legal protection only if the use or disclosure has been reviewed and approved by a special Privacy Board or Institutional Review Board or if you authorize the use or disclosure.
9. Disaster Relief Incidents. We may use or disclose your Health Information to a public or private entity authorized to assist in disaster relief efforts such as the American Red Cross. If you tell us you object, we will not make this use or disclosure unless we must do so to respond to an emergency situation.
10. Persons Involved in Your Care. We may use or disclose your Health Information to persons involved in your health care or payment for health care including family members, your personal representative or another person identified by you unless you object to our use and disclosure of your Health Information to such persons.
11. Workers Compensation. We may use or disclose your Health Information to comply with worker’s compensation laws.
12. Avert a Serious Threat to Health or Safety. We may use or disclose your Health Information if we believe it is necessary to prevent or lessen a serious threat to the health or safety of a person or the public.
13. School Immunization Records. We may disclose your Health Information to provide proof of your immunization to a school if you are an adult or emancipated minor and you agree; or about a minor child if the child’s parent or guardian agrees.
14. Military. If you are a member of the armed forces, we may release medical information about you to military authorities as authorized or required by law. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
15. Business Associates. We may use entities that are called Business Associates to perform work or services for us such as legal, accounting or financial services where the Business Associate may be required to create, receive, maintain or transmit your Health Information but only if the Business Associate first agrees by written contract to safeguard your Health Information as we must and as is required by law.
16. Fundraising. We may use limited Health Information such as your name, address and treatment dates to contact you for fundraising purposes to support our health care purposes and mission. You have the right to elect not to receive fundraising communications and if you receive a fundraising communication from us you will also receive simple instructions about how to stop receiving any more fundraising communications.
Use and Disclosure of Your Health Information Requiring Written Authorization
Your written authorization is required for the following uses and disclosures of your Health Information:
- Marketing. We will not use or disclose your Health Information for marketing purposes without your written authorization. Marketing is defined as a communication about a product or service related to your health care for which we receive payment from a third party other than for cost of services provided to you.
- Sale of your Health Information. We will not use or disclose your Health Information in a way that is considered a sale of your Health Information without your written authorization. A sale of your Health Information is defined as an exchange where we, directly or indirectly, receive payment for your Health Information from the recipient of your Health Information.
- Psychotherapy Notes. If we maintain psychotherapy notes about you we will not disclose psychotherapy notes without your written authorization except in limited instances that are permitted or required by law.
All Other Uses and Disclosures of Your Health Information Require Written Authorization
Your written authorization is required for other uses and disclosures of your Health Information that are not described in this Notice.
You May Revoke an Authorization in Writing at Any Time
You may revoke an authorization to use or disclose your Health Information at any time. Your revocation must be in writing and it will not affect uses or disclosures of your Health Information made in reliance on your authorization before its revocation. If the Authorization was obtained as a condition of obtaining insurance coverage, other law may provide the insurer with the right to contest a claim under the policy or the policy itself.
Your Rights Regarding Your Health Information
This section explains your rights and how you can make use of your rights regarding your Health Information.
Your Right to Our Notice of Privacy Practices
You have the right to obtain a paper copy of our current Notice of Privacy Practices. You have the right to receive an electronic copy of this Notice from our web site if we maintain one or, if you agree in writing, by email. You have the right to obtain a paper copy of this Notice at any time even if you have agreed to receive it electronically. You may ask our Privacy Official whose contact information is at the end of this Notice to provide you with a copy of our current Notice at any time.
Your Right to Request Restrictions of Use and Disclosure of Your Health Information
Right to Request Restrictions – We Are Not Required to Agree
You have the right to request a restriction of your Health Information we use or disclose for your treatment, for payment of your health care services, or for activities related to our health care operations. You may also request a restriction on what Health Information we may disclose to someone who is involved in your care or payment for your care, like a family member or friend. Your request must be in writing and given to our Privacy Official whose contact information is at the end of this Notice. We will provide you with the form to make your written request. We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment and we will request that health care provider not to further use or disclose your Health Information. We may terminate our restriction if you ask us to terminate it. We may also terminate a restriction whether or not you ask us to end the restriction if we inform you we are terminating it. If we do terminate a restriction it will only affect your Health Information that was created or received after we inform you of the termination
Right to Request We Not Disclose Your Health Information to Your Health Plan (Health Insurance Provider) – We Must Agree Under Certain Conditions
You have the right to request that we not disclose your Health Information to your health plan (your health insurance provider) if the disclosure:
- is for the purpose of carrying out payment or health care operations,
- is not otherwise required by law, and
- someone other than the health plan on your behalf has paid for in full.
Your request must be in writing and given to our Privacy Official whose contact information is at the end of this Notice. We will provide you with the form to make your written request. We must agree to your request if all three conditions listed above are present.
Your Right to Request Confidential Communications
You have the right to request that we communicate with you about your Health Information by alternative means or at an alternative location. For example, you can ask that we only contact you by telephone at work or by mail in a sealed envelope (not a post card). We will not ask you the reason for your request and we will accommodate all reasonable requests. If we are unable to communicate with you by the alternative means or at the alternative location you have requested we may attempt to communicate with you using any information we have. Your request must be in writing and given to our Privacy Official whose contact information is at the end of this Notice. We will provide you with the form to make your written request.
Your Right to Inspect and Copy your Health Information
You have the right to inspect and copy your Health Information we maintain that may be used to make decisions about your treatment and care including billing records for as long as we maintain the information. You may also request an electronic copy of your Health information if we maintain it electronically. Your request must be in writing and given to our Privacy Official whose contact information is at the end of this Notice. We will provide you with the form to make your written request and provide access to your Health Information except in some limited circumstances. If we deny any part of your request we will explain in writing why we made the denial, if and how you may request a review of our denial and how you may make a complaint to us and the Secretary of the U.S. Department of Health and Human Services about our denial. We may charge a reasonable, cost-based fee for making copies of your Health Information and sending them to you that includes costs of labor, supplies and postage. We will not charge a fee if you only view and inspect your Health Information at a convenient time and place.
Your Right to Request Amendment of your Health Information
If you believe your Health Information we maintain is incorrect or incomplete you have the right to request we amend that Health Information. Your request must be in writing and given to our Privacy Official whose contact information is at the end of this Notice. We will provide you with the form to make your written request. We will inform you of our action on your request including what we will do if we accept your request for amendment in whole or in part. If we deny all or part of your request for amendment we will provide you with the reasons for the denial and inform you of your additional rights regarding our denial including your right to complain to us and the Secretary of the U.S. Department of Health and Human Services.
Your Right to an Accounting of Disclosures of your Health Information
You have the right to receive a list (accounting) of certain disclosures of your PHI. This is a listing of certain disclosures of your PHI made by the Facility or by others on our behalf, but does not include disclosures for treatment, payment and health care operations, disclosures made pursuant to a signed and dated Authorization, or certain other exceptions. To request an accounting of disclosures, you must submit a request in writing to the Privacy Official stating a time period that may not be longer than six years from the date of your request. The first list you request in a 12 month period will be free; for further requests we may charge you a reasonable fee for our costs. We will notify you of the cost involved and you can choose to withdraw or modify your request at that time before any costs are incurred.
Your Right to Make a Complaint that Your Privacy Rights Have Been Violated
If you believe your privacy rights have been violated, you have the right to file a complaint with us and with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint that your privacy rights have been violated. You may file a complaint with us by contacting the office of our Privacy Official listed below. Information about making a complaint to the Secretary is provided below.
For more information about the matters covered by this Notice, to make a request about any of your health information rights or to make a complaint that your privacy rights have been violated please contact our Privacy Official listed below. If you wish we will provide you with a form to make a complaint in writing to us. We will not retaliate against you for filing a complaint that your privacy rights have been violated.
Privacy Official of Ecumenical Retirement Community
830 Cherry Drive
Hershey, PA. 17033
Secretary, U. S. Department of Health and Human Services
You may make a complaint that your privacy rights have been violated to the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for making a complaint to the Secretary that your privacy rights have been violated. The process to make a complaint to the Secretary is explained on the Internet at HHS.gov. A complaint to the Secretary must be filed within 180 days of when you first knew of the reasons you believe your health information privacy rights were violated although the 180-day period may be extended if you can show “good cause.”
You may file a Health Information Privacy Complaint with the Secretary online through the OCR Complaint Portal or obtain a Health Information Privacy Complaint Form Package to fill out, print and submit by mail, fax or email.
If you have any questions about filing a complaint you may contact the Department of Health and Human Services, Office for Civil Rights by toll-free telephone at 1-800-368-1019, TDD: 1-800-537-7697.