Privacy Policy

Who we are

Our website address is: https://maritimebhm.com.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.

SMS

No mobile information (i.e. SMS) will be shared with third parties for marketing and/or promotional purposes.

PHI

1) Use and Disclosure of PHI for Treatment, Payment, or Healthcare Operations

    1. PHI may be disclosed without individual authorization for treatment, payment, or healthcare operations (TPO). This includes the following:
    1. The Company’s own treatment, payment, or healthcare operations (TPO).
    1. Treatment activities of another health care provider iii) The payment activities of another covered entity or healthcare provider; and
    1. The healthcare operation activities of another covered entity or health care provider, if each entity has or had a relationship with the individual who is the subject of the PHI being requested, and the disclosure is: a) For a purpose listed in the definition of health care operations; or b) For the purpose of health care fraud and abuse detection or compliance

2) Disclosures for Payment

    1. Only the minimum necessary PHI shall be disclosed for payment functions, as provided through contractual agreement.
    1. Persons handling PHI in a payment context shall refrain from publicizing individual diagnosis information.
    1. This policy shall apply to checks collected, credit card paper receipts, and envelopes.

3) Use and Disclosure of PHI for non-TPO Purposes

    1. The Company may not use and disclose PHI for non-TPO purposes, unless:
    1. The Company has obtained a valid authorization for disclosure of PHI signed by the individual or personal representative of the individual that meets the requirements of Quality Management

4) Inappropriate Use and Disclosure of PHI

    1. Company personnel must only use individual PHI when it is directly related to his/her work duties.
    1. Any use of disclosure of individual information outside the scope of employment is a breach of confidentiality.
    1. Medical records are not to be used as reading material or accessed out of curiosity.
    1. Discussing Individuals in public areas i.e. restrooms. Elevators, hallways, etc.
    1. Reviewing treatment information on a peer, colleague, or friend who is not actively engaged as an Individual in this facility.
    1. Examples of inappropriate use of PHI resulting in a breach of individual confidentiality include:
    1. A Company employee who uses an electronic system to look up the phone number and address of an individual for personal reasons.
    1. A Company employee that is involved in a family dispute and accesses information about the welfare of a family member, including information about when their next appointment at the Company is.

5) A Company employee is asked by a visitor the location of an individual. The Company employee looks up the information for the visitor even though it is not part of the employee’s job.

    1. A Company employee that accesses the Company bed census to find out where an individual is being treated.
    1. Company personnel are responsible for all information accessed under his / her username and password.
    1. Sharing passwords or leaving computers unattended and logged in to a program containing PHI while unattended jeopardizes individual confidentiality and will be considered a breach of confidentiality if the information is accessed inappropriately.
    1. Company personnel are responsible for all disclosures of PHI. The disclosure of PHI, whether written, oral, or electronic must be done solely for TPO purposes associated with the individual in accordance with this policy.
    1. Communicating confidential individual information inappropriately, carelessly, or negligently is a breach of confidentiality. (Ex. Casual discussions regarding individuals, discussion in public areas, and/or unauthorized release of information while on or off campus.)
    1. Professional discussion of individual conditions or medical plans should be limited to private areas and should not be discussed in public areas such as hallways or waiting areas.
    1. Casual discussions regarding individuals and/or unauthorized release of information are considered a breach of confidentiality.
    1. Examples of inappropriate disclosure of PHI resulting in a breach of individual confidentiality include:
    1. A Company employee, treating a well-known person in the community, telling other Company employees (not on the individual’s treatment team) about the treatment of the individual.
    1. A Company employee learns about the condition of an individual who is also a family member while at work. The Company employee then tells other family members about the individual’s condition.

6) A Company employee who sends an email to her spouse that contained PHI on individuals the employee was treating.

    1. A Company employee who discloses identifying information on an individual and talks about the medical condition of the individual in the dining hall with friends at lunch.  Company employee who accidentally leaves detailed medical notes on individuals on a table next to a soft drink machine while on break.

7) Transmission of PHI

    1. It is this facility’s policy that PHI may only be transmitted by the following:
    1. Mail – priority or certified mail or
    1. Facsimile – Faxing of PHI is the preferred method.
    1. Password protected files are allowed to be transmitted electronically in extreme instances. In certain circumstances, encrypted email may be utilized if required to comply with federal regulations.
    1. Transmission of documentation and records for virtual programming will be facilitated through an end-to-end encrypted patient portal.

Email is prohibited for exchange of PHI, except through the use of encryption software.

Minimum Necessary Rule prevails with all record requests.

Note: For any release of PHI where multiple items are requestor, Records Management in collaboration with Director of Quality Management and Compliance will evaluate which items will be sent based upon the minimum necessary rule and purpose of the request. Just because all items are requested, not all items will be sent.

All requests for PHI must be submitted in writing utilizing the “Authorization for Release” and be signed by the individual or the individuals authorized representative. Requests not submitted on this form will not be accepted, and the requestor will be made aware of this form. The Director of Quality Management will verify information to confirm it is a legitimate request.

A record of all transmissions of PHI will be recorded by the Medical Records department and will document the date the PHI was requested, the requestor/entity, verification of requestor, and date the PHI was released.