Notice of Privacy Practices

Child and Family Agency of Southeastern Connecticut, Inc. (CFA)

Effective Date:  September 23, 2013 – updated April 10, 2023

It is important to read and understand this Notice before signing the Acknowledgement Form.

If you have any questions about this Notice or would like further information concerning your privacy rights, please contact your provider, their supervisor, or this Agency’s Privacy Officer.

CFA Privacy Officer: Katarina H. Moroch, MPA CFA Administrative Offices:
PO Box 120, 7 Vauxhall Street  PO Box 120, 7 Vauxhall Street
New London, CT 06320 New London, CT 06320
860-437-4550 Ext. 1612 860-437-4550

Purpose of the Notice of Privacy Practices

This Notice of Privacy Practices (the “Notice”) is meant to inform you of the ways we may use or disclose your protected health information (hereafter also referred to as “PHI”). It also describes your rights to access and control your protected health information and certain obligations we have regarding the use and disclosure of your PHI.

Your PHI is information about you created and received by us, including demographic information, that may reasonably identify you and that relates to your past, present, or future physical or mental health or condition, or payment for the provision of your health care. By law, we are required to maintain the privacy of your PHI. You will receive notification from us of a breach of your unsecured PHI, if such a breach occurs.

We are also required by law to provide you with this Notice of our legal duties and privacy practices with respect to your PHI, and to abide by the terms of the Notice currently in effect. However, we may change our notice at any time.  The new revised Notice will apply to all of your PHI maintained by us. You will not automatically receive a revised Notice.  If you would like to receive a copy of any revised Notice, you should access our website at, contact Child and Family Agency of Southeastern Connecticut, Inc. (CFA), or ask for a copy at your next appointment.

  1. How We May Use or Disclose Your Protected Health Information

Child and Family Agency of Southeastern Connecticut, Inc. (also referred to hereafter as “CFA”) will ask you to sign a consent form that allows CFA to use and disclose your protected health information. Even if not specifically listed below, CFA may use and disclose your PHI as permitted or required by law or as authorized by you. We will make reasonable efforts to limit access to your PHI to those persons or classes of persons, as appropriate, in our workforce who need access to carry out their duties. In addition, if required, we will make reasonable efforts to limit the PHI to the minimum amount necessary to accomplish the intended purpose of any use or disclosure and to the extent such use or disclosure is limited by law. We may use and disclose your PHI for the following:

  • For Treatment – For treatment purposes, we may disclose your PHI to internal or external individuals or organizations, such as behavioral health or medical health professionals involved in your care, after your discharge from CFA. All of these providers are required to take the necessary steps to protect the confidentiality of your information. 
  • For Payment – so that we can bill and receive payment for the treatment and related services you receive. We may disclose your health information to your payment source, including insurance or managed care company, Medicare, Medicaid, or another third-party payor. For example, we may need to provide your health plan information to confirm your coverage, to request prior authorization for a proposed treatment, or to document the treatment you received so your health plan will reimburse us.
  • For Health Care Operations – as necessary for operations of CFA, such as quality assurance and improvement activities, reviewing the competence and qualifications of health care professionals, medical review, legal services, and auditing functions, and general administrative activities of CFA. For example, we may use your health care information to work to improve the quality of the services we provide.
  • Business Associates – There may be some services provided by our business associates, such as a billing service or legal or accounting consultants. We may disclose your PHI to our business associate so that they can perform the job we have asked them to do. To protect your health information, we require our business associates to enter into a written contract that requires them to appropriately safeguard your information.
  • Appointment Reminders – unless otherwise instructed, to remind you that you have an appointment.
  • Treatment Alternatives and Other HealthRelated Benefits and Services – to tell you about or recommend possible treatment options or alternatives and to tell you about health-related benefits, services, or medical education classes that may be of interest to you.
  • To Persons Involved in Your Care or Payment of Your Care. As long as you do not object, we may, based on our professional judgment, disclose your PHI to a family member or other person if they are involved in or paying for your care. Similarly, we may also disclose limited PHI to an entity authorized to assist in disaster relief efforts, including giving information on your general condition or location, to coordinate notification to someone responsible for your care.
  • Public Health Activities – to a public health authority that is authorized by law to collect or receive information, such as for the purpose of preventing or controlling disease, injury, or disability; reporting births, deaths or other vital statistics; reporting child abuse or neglect; notifying individuals of recalls of products they may be using; notifying a person who may have been exposed to a disease, or may be at risk of contracting or spreading a disease or condition.
  • Proof of Immunization: We may disclose immunization records to a school about a child who is a student or prospective student at the school, as required by state or other law, if authorized by the parent/guardian, emancipated minor or other individual as applicable.
  • Health Oversight Activities – to a health oversight Agency for activities authorized by law, such as audits, investigations, inspections, accreditation, licensure and disciplinary actions.
  • Judicial and Administrative Proceedings – If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to your authorization or a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process, as permitted by law.
  • Law Enforcement – for certain law enforcement purposes if permitted or required by law. For example, to report gunshot wounds; to report emergencies or suspicious deaths; to comply with a court order, warrant, or similar legal process; or to answer certain requests for information concerning crimes.
  • Coroners, Medical Examiners, Funeral Directors, Organ Procurement Organizations – to a coroner, medical examiner, funeral director, or, if you are an organ donor, to an organization involved in the donation of organs and tissues.
  • To Avert a Serious Threat to Health or Safety – when necessary to prevent a serious threat to your health or safety or the health or safety of the public or another person. Any disclosure, however, would be to someone able to help prevent the threat.
  • Military and National Security – as required by military command authorities or the Department of Veteran Affairs or to authorized federal officials for the conduct of lawful intelligence, counterintelligence, and other national security activities authorized by law, or to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
  • Workers’ Compensation – as permitted by laws relating to workers’ compensation or related programs.
  • Health Information Exchanges. We participate in initiatives to facilitate electronic sharing of patient information, including but not limited to Health Information Exchanges (HIEs). HIEs involve coordinated information sharing among HIE members for purposes of treatment, payment, and health care operations. You may opt out of the Child & Family Agency’s information sharing through its HIE activities. If you wish to opt out, please speak with your patient/customer services associate or contact the CFA Privacy Officer as described below. Learn more about Health Information Exchanges.
  • Special Rules Regarding Disclosure of Behavioral Health, Substance Abuse, and HIV–Related Information – For disclosures concerning PHI relating to care for psychiatric conditions, substance abuse, or HIV-related testing and treatment, special restrictions apply. For example, we generally may not disclose this specially protected information in response to a subpoena, warrant, or other legal process unless you sign a special Authorization or a court orders the disclosure.
    • Behavioral health information.  Certain behavioral health information may be disclosed for treatment, payment, and health care operations as permitted or required by law. Otherwise, we will only disclose such information pursuant to an authorization, court order, or as otherwise required by law. For example, all communications between you and a psychologist, psychiatrist, social worker and certain therapists and counselors will be privileged and confidential in accordance with State and Federal law.
    • Substance abuse treatment information. If you are treated in a specialized substance abuse program, the confidentiality of alcohol and drug abuse patient records is protected by Federal law and regulations. We may not say to a person outside the program that you attend the program, or disclose any information identifying you as an individual being treated for drug or alcohol abuse, unless:
      • You consent in writing;
      • The disclosure is allowed by a court order; or
      • The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation. Violation of these Federal laws and regulations is a crime. Suspected violations may be reported to appropriate authorities in accordance with Federal regulations.  Federal law and regulations do not protect any information about a crime committed by a patient either at the substance abuse program or against any person who works for the program or about any threat to commit such a crime. Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under State law to appropriate State or local authorities.
    • HIV-related information. We may disclose HIV-related information as permitted or required by State law. For example, your HIV-related information, if any, may be disclosed without your authorization for treatment purposes, certain health oversight activities, pursuant to a court order, or in the event of certain exposures to HIV by personnel of the health center, another person, or a known partner (if certain conditions are met).
    • Minors. We will comply with State law when using or disclosing PHI of minors. For example, if you are an unemancipated minor consenting to a health care service related to HIV/AIDS, venereal disease, abortion, outpatient mental health or alcohol/drug treatment, and you have not requested that another person be treated as a personal representative; you may have the authority to consent to the use and disclosure of your PHI.

2. When We May Not Use or Disclose Your Protected Health Information

Except as described in this Notice, or as permitted by State or Federal law, we will not use or disclose your PHI without your written authorization. Your written authorization will specify particular uses or disclosures that you choose to allow. Under certain limited circumstances, CFA may condition treatment on the provision of an authorization, such as for research related to treatment. If you do authorize us to use or disclose your PHI for reasons other than treatment, payment, or health care operations you may revoke your authorization in writing at any time by contacting this Agency’s Privacy Officer. If you revoke your authorization, we will no longer use or disclose your PHI for the purposes covered by the authorization, except where we have already relied on the authorization.

Examples of Uses and Disclosures that Require Your Prior Authorization

  • Psychotherapy Notes – A signed authorization is required for the use or disclosure of psychotherapy notes except for our own use to treat you, for our training programs and to defend ourselves in a legal action or other proceeding.
  • Marketing – A signed authorization is required for the use or disclosure of your PHI for a purpose that encourages you to purchase or use a product or service except for certain limited circumstances (e.g. when the marketing communication is face-to-face or includes the distribution of a promotional gift of nominal value provided by CFA).
  • Sale of Protected Health Information – Except when permitted by law, we will not sell your protected health information unless we receive a signed authorization from you.
  • Uses and Disclosures Not Described in this Notice – Unless otherwise permitted by Federal or State law, other PHI uses and disclosures that are not described in this Notice will be made only with your signed authorization.
  1.    Your Health Information Rights

You have the following rights with respect to your PHI, which you may exercise as described:

  • Right to Request Restrictions of Your Protected Health Information – You have the right to request certain restrictions or limitations on the PHI we use or disclose about you. You may request a restriction or revise a restriction on the use or disclosure of your PHI by providing a written request stating the specific restriction requested. You may require a restriction on disclosure of your PHI to a health plan (other than Medicare or other federal health care program that requires CFA to submit information) and CFA must agree (unless otherwise required by law) to your request, if it is for purposes of payment or other health care operations (but not treatment) if you paid out of pocket, in full, for the item or service to which the protected information pertains.  Otherwise, we are not required to agree to your requested restriction. If or when we agree to accept your requested restriction, we will comply with your request except as needed to provide you with emergency treatment. If restricted PHI is disclosed to a health care provider for emergency treatment, we will request that such health care provider not further use or disclose the information. In addition, you and CFA may terminate the restriction (other than a restriction to a health plan for purposes of payment) if the other party is notified in writing of the termination. Unless you agree, the termination of the restriction is only effective with respect to PHI created or received after we have informed you of the termination.
  • Right to Receive Confidential Communications – You have the right to request a reasonable accommodation regarding how you receive communications of PHI. You have the right to request an alternative means of communication or an alternative location where you would like to receive communications. You may submit a request in writing to CFA requesting confidential communications.
  • Right to Access, Inspect and Copy Your Protected Health Information – You have the right to access, inspect, and obtain a copy of your PHI that is used to make decisions about your care for as long as the PHI is maintained by CFA. You also have the right to obtain an electronic copy of any of your PHI that we maintain in electronic format. You also have the right to request that CFA transmit a copy of your PHI directly to another person designated by you. To access, inspect, and copy your PHI that may be used to make decisions about you, you must submit your request in writing to CFA. If you request a copy of the information, we may charge a fee for the costs of preparing, copying, mailing or other supplies associated with your request. We may deny, in whole or in part, your request to access, inspect, and copy your PHI under certain limited circumstances. If we deny your request, we will provide you with a written explanation of the reason for the denial. You may have the right to have this denial reviewed by an independent health care professional designated by us to act as a reviewing official. This individual will not have participated in the original decision to deny your request. You may also have the right to request a review of our denial of access through a court of law. All requirements, court costs, and attorney’s fees associated with a review of denial by a court are your responsibility. You should seek legal advice if you are interested in pursuing such rights.
  • Right to Amend Your Protected Health Information – You have the right to request an amendment to your PHI for as long as the information is maintained by or for CFA. All requests for changes must be in writing, signed by you or your representative, and state the reasons for request. If we decide to make an amendment, we may also notify others who have copies of the information about the change. If we accept your request, we may not delete any information already documented in the medical record.
  • Right to Receive an Accounting of Disclosures of Protected Health Information – You have the right to request an accounting of certain disclosures of your PHI by this Agency or by others on our behalf. We are not required to account for all disclosures, including disclosure for treatment, payment or health care operations.  However, effective January 1, 2014, if we have made any disclosures for treatment, payment or operations through an electronic health record, we are required to include those disclosures that occurred with three (3) years of the date of your request. To request an accounting of disclosures, you must submit a request in writing, stating a time period beginning on or after April 14, 2003 that is within six (6) years (or on or after January 1, 2014 that is with three (3) years for disclosures of PHI through an electronic health record) from the date of your request. We may charge you a reasonable, cost-based fee for each future request for an accounting within a single twelve-month period. However, you will be given the opportunity to withdraw or modify your request in order to avoid or reduce the fee. Please note that, at times, companies we work with (called “business associates”) may have access to your PHI. When you request an accounting of disclosures from CFA, we may provide you with the accounting of disclosures or the names and contact information of our business associates, so that you may then contact them directly for an accounting.
  • Right to Obtain a Paper Copy of Notice – You have the right to obtain a paper copy of this Notice, even if you have agreed to receive this Notice electronically. You may request a copy of this Notice at any time by contacting CFA. In addition, you may obtain a copy of this Notice at our web site
  • Right to Request Transmission of Your Protected Health Information in Electronic Format – You may direct us to transmit an electronic copy of your PHI in electronic format to an individual or entity you designate. To request the transmission or your electronic health information, you must submit the request in writing to CFA.
  • Right to Complain – You may file a complaint with us or the Secretary of Health and Human Services if you believe your privacy rights have been violated by us. You may file a complaint with us through our Privacy Officer, for which you will not be penalized. We will make every reasonable effort to resolve your complaint with you.
  • Right to be Notified of a BreachYou have the right to be notified in the event of a breach of the privacy or security of your protected health information.
  • Right to Revoke – CFA will comply with a written request of an individual to revoke an authorization.