Notice of Privacy Practices
Updated January 2026
THIS NOTICE DESCRIBES HOW MEDICAL AND HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY OHIOGUIDESTONE (“Agency”), YOUR RIGHTS WITH RESPECT TO YOUR HEALTH INFORMATION, AND HOW TO FILE A COMPLAINT CONCERNING A VIOLATION OF THE PRIVACY OR SECURITY OF YOUR HEALTH INFORMATION, OR OF YOUR RIGHTS CONCERNING YOUR INFORMATION.
PLEASE REVIEW THIS DOCUMENT CAREFULLY.
At OhioGuidestone, we believe your health information is personal, and we are committed to protecting your health information. This Notice describes OhioGuidestone’s privacy practices, and it applies to all of the health information that identifies you and the care you receive at OhioGuidestone.
Definitions:
Individually Identifiable Health Information – is health and demographic information collected from an individual (whether oral or recorded in any form or medium) that (i) is created or received by our Agency and (ii) relates to (a) the past, present, or future physical or mental health or condition of an individual, (b) the provision of health care to an individual, or (c) the past, present, or future payment for the provision of health care to an individual, and that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
Protected Health Information (PHI) – is Individually Identifiable Health Information that is (i) transmitted by electronic media, (ii) maintained in electronic media, or (iii) transmitted or maintained in any other form or medium.
Protected Health Information excludes Individually Identifiable Health Information (i) in education records covered by the Family Educational Rights and Privacy Act (20U.S.C. 1232g), (ii) in records described at 20 U.S.C. 1232g(a) (4)(B)(iv), (iii) in employment records held by our Agency in its role as employer, and (iv) regarding a person who has been deceased for more than fifty (50) years.
Our Responsibilities:
Federal law requires that we maintain the privacy of your PHI and provide you with this Notice of our legal duties and privacy practices. We are required to notify affected individuals following a breach of unsecured PHI. We are required to abide by the terms of this Notice, which may be amended from time to time. We reserve the right to change the terms of this Notice and to make new Notice provisions effective for all PHI that we maintain. We will promptly revise this Notice whenever there is a material change to the uses or disclosures, your rights, our duties, or other practices stated in this Notice. The new notice will be available upon request, in our offices, and on our website. Except when required by law, a material change to this Notice will not be implemented before the effective date of the new notice in which the material change is reflected.
How We May Use or Disclose Your Health Information:
Treatment. We may use and disclose your PHI to coordinate or manage your care within our Agency and with individuals or organizations outside of our Agency that are involved in your care, such as your attending physician, other health care professionals, contracted service providers or related organizations.
Payment. We may include PHI in invoices to collect or provide payment to or from third parties for the care you receive through our Agency.
Health Care Operations. We may use and disclose PHI for our own operations and as necessary to provide quality care to all of our service consumers. Our Agency is licensed, certified, and accredited by a number of outside entities. When these entities conduct reviews of the Agency to determine compliance with their regulations, they may need to review your case record. We have quality improvement and compliance staff that conduct internal reviews as well. These staff members may review your case record from time to time to make sure staff are providing and documenting your services correctly. Health care operations may also include activities designed to improve health or reduce health care costs, protocol development, case management and care coordination, professional review and performance evaluation, review and auditing, including compliance reviews, medical reviews, legal services, and business management and administrative activities of our Agency.
Contacting You. We may use and disclose your PHI to contact you about appointments and other matters. We may contact you by mail, telephone, email, text message, or other means of communication. We may use and disclose your PHI to send you information about health-related products and services available at OhioGuidestone.
Health Information Exchanges. We participate in one or more Health Information Exchanges. Your healthcare providers can use this electronic network to securely provide access to your health records for a better picture of your health needs. We, and other healthcare providers, may allow access to your health information through the Health Information Exchange for treatment, payment or other healthcare operations. This is a voluntary agreement. You may receive a copy of the form required to opt-out at any time by notifying the Privacy Officer.
Philanthropic Support. We may use or disclose certain health information about you to contact you in an effort to raise funds to support OhioGuidestone and its operations. You have a right to choose not to receive these communications, and we will tell you how to cancel them.
Health Research. We may, under very select circumstances, use your PHI for research. Before we disclose any of your PHI for such research purposes in a way that you could be identified, the project will be subject to an extensive review and approval process that reviews protections for patients/clients involved in research, including privacy.
Organ and Tissue Donation. Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in procurement, banking, or transplantation of organs for the purposes of tissue donation and transplant.
Public Health and Safety. We will disclose health information about you outside OhioGuidestone when required to do so by federal, state, or local law, or by the court process. We may disclose your PHI for public health and safety reasons, like reporting births, death, child abuse or neglect, reactions to medications, or problems with medical products. We may release your PHI to help prevent or control the spread of disease or to notify a person whose health or safety may be threatened. We may disclose your PHI if necessary to prevent or lessen a serious and imminent threat to your life, health or safety. We may disclose your PHI as required by court or administrative process. We may disclose specific and limited PHI for certain law enforcement purposes. Federal regulations may require or authorize us to use or disclose PHI to facilitate specific government functions relating to military and veterans; national security and intelligence activities; protective services for the President and others, medical suitability determinations; and inmates and law enforcement custody. We may use or disclose your PHI for worker’s compensation or similar programs. In certain circumstances, we may disclose your PHI to funeral directors, medical examiners, and coroners to carry out their duties consistent with applicable law.
Health Oversight. We may disclose your PHI to a health oversight agency for activities including audits, civil administrative or criminal investigations, inspections, licensure or disciplinary action. However, we may not disclose your PHI if you are the subject of an investigation, and your PHI is not directly related to your receipt of health care or public benefits.
Disclosures You May Authorize Us to Make:
We will not use or disclose your PHI without authorization, except as described in this Notice. Most uses and disclosures of psychotherapy notes require your authorization.
Subject to certain limited exceptions; we may not use or disclose PHI for marketing, or in any manner which would constitute a sale, without your authorization. You may give us written authorization to use and/or disclose health information to anyone for any purpose. If you authorize us to use or disclose such information, you may revoke that authorization in writing at any time, but we cannot take back any uses or disclosures of your PHI already made with your authorization.
Ohio law may require that we obtain your consent for certain disclosures of health information regarding the performance or results of an HIV test or diagnoses of AIDS or an AIDS-related condition, genetic test results, and drug or alcohol treatment you have received at our Agency.
Your Rights With Respect To PHI:
You have the following rights regarding the PHI that we maintain:
Right to a Personal Representative. You may identify persons to us who may serve as your authorized personal representative, such as a court appointed guardian, a properly executed and specific power-of–attorney granting such authority, a Durable Power of Attorney for Health Care if it allows such person to act when you are able to communicate on your own, or other method recognized by applicable law. We may, however, reject a representative if, in our professional judgment, we determine that it is not in your best interest.
Right to Request Restrictions. You may request restrictions on certain uses and disclosures of your health information. You have the right to request a limit on the disclosure of your PHI to someone who is involved in your care or the payment of your care. Although we will consider your request, please be aware that we are under no obligation to accept it or abide by it unless the request concerns disclosure of PHI to a health plan for purposes of carrying out payment or health care operations, and the PHI pertains solely to health care service for which the provider has been paid out of pocket in full. To request such restrictions, please contact your OhioGuidestone service provider or the Privacy Officer.
Right to Receive Confidential Information. You have the right to request that we communicate with you in a confidential manner. For example, you may ask us to conduct communications pertaining to your health information only with you privately, with no family members present. If you wish to receive confidential communications, please contact your OhioGuidestone service provider or the Privacy Officer.
We may not require that you provide an explanation for your request and will attempt to honor any reasonable requests.
Right to Inspect and Copy Your PHI. Unless your access to your records is restricted for clear and documented treatment reasons, you have a right to see your PHI upon request. You have the right to inspect and copy such health information, including billing records, at a reasonable time and place. A request to inspect and/ or for a copy of your record containing your PHI may be made to your OhioGuidestone service provider or the Privacy Officer.
If you request a copy of your health information, our Agency can charge for the labor for copying the PHI requested(whether in paper or electronic form), supplies for creating the paper copy or electronic media, postage and preparing an explanation or summary of the PHI.
Right to Amend Your PHI. You have the right to request that we amend your records, if you believe that your PHI is incorrect or incomplete. That request may be made as long as we maintain the information. A request for an amendment of records must be made in writing to your OhioGuidestone service provider or the Privacy Officer. We may deny the request if it is not in writing, or does not include a reason for the amendment. The request also may be denied if your health information records were not created by us, if the records you are requesting are not part of our records, if the health information you wish to amend is not part of the health information that you are permitted to inspect and copy, or if in our opinion, the records containing your health information are accurate and complete. We will respond within 60 days of receiving your request. We take the position that amendments may take the form of including a written statement from you and may not include changing, defacing or destroying any necessary information related to your health care.
Right to Know What Disclosures Have Been Made. You have the right to request an accounting of disclosures of your PHI made by us for certain reasons, including reasons related to public purposes authorized by law, and certain research. The request for an accounting must be made in writing to your OhioGuidestone service provider or the Privacy Officer. Accounting requests may not be made for periods of time in excess of six (6) years for mental health records and three (3) years for SUD records prior to the date on which the accounting is requested. We will include all disclosures except for those about treatment, payment and health care operations, and certain other disclosures (such as any you authorized or asked us to make). We will provide the first accounting you request during any 12 month period without charge. Subsequent accounting requests may be subject to a reasonable, cost based fee.
Right to a Paper Copy of This Notice. You have a right to a paper copy of this Notice in paper or electronic form and to discuss it with the Agency’s Privacy Officer.
Notice of Confidentiality of Substance Use Disorder (SUD) Patient/Client Records:
The confidentiality of Substance Use Disorder patient/client records maintained by our Agency is protected by federal law and regulations. Generally, unless otherwise permitted by law, our Agency will not convey to a person or entity outside of this Agency that a patient/client attends or receives services for substance use disorder or disclose any information identifying a patient/client as having a substance use disorder unless:
(i) the patient/client consents in writing; (Patient/client may provide a single consent for all future uses and disclosures of SUD records and information for purposes of treatment, payment, and health care operations (TPO). This consent does not permit use or redisclosure for civil, criminal, administrative, or legislative proceedings against you. If you provide a single consent for TPO, records disclosed to a covered entity or business associate under this consent may be redisclosed by the covered entity or business associate, to the extent allowed under HIPAA); (ii) the disclosure is allowed by court order; (iii) the disclosure is made to medical personnel in a medical emergency; or (iv) the disclosure is made to qualified personnel for research, audit or program evaluation.
Federal law and regulations do not protect any information about a crime committed by a patient/client, either at our Agency or against any person who works for our Agency, or about any threat to commit such a crime.
Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.
A court may authorize disclosure of a patient’s Part 2-protected records containing confidential communications if the disclosure is necessary to investigate or prosecute an extremely serious crime committed by anyone. A complete copy of Federal Laws, 42 U.S.C. 290 DD-3, and 42 U.S.C.EE-3 and Title 42 of the Code of Regulations, Part 2 are available upon request.
Where to File a Complaint:
You have a right to complain to us if you believe that your privacy rights have been violated, including the denial of any rights set forth in this Notice. Any complaints to us shall be made in writing to your OhioGuidestone service provider or the Privacy Officer at 343 W. Bagley Rd, Berea, Ohio 44017. We encourage you to express any concerns you may have regarding the privacy of your information. You will not be retaliated against in any way for filing a complaint.
You may also file a written complaint with the Centralized Case Management Operations of U.S. Department of Health and Human Services, 200 Independence Avenue SW, Room 509F HHH Bldg., Washington DC. 20201 or call toll free 1.800.368.1019, by e-mail to OCRComplaint@hhs.gov, by Fax 312.886.1807 or TDD 1.800.537.7697.
Contact Person
We have designated the Privacy Officer as our contact point for all issues regarding consumer privacy and your rights under this Notice. If you have questions regarding this Notice, please contact your service provider or the Privacy Officer at 343 W. Bagley Rd, Berea, Ohio 44017 or by phone at 440.260.8260.