Notice of Privacy Practices

Home » About CompleteCare NJ » Notice of Privacy Practices

 THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. 

PLEASE REVIEW IT CAREFULLY. 

 

  1. Who We Are
    This Notice describes the privacy practices of CompleteCare Health Network (“CompleteCare,” “we,” “us,” “our”) as a HIPAA covered entity. It applies across all CompleteCare locations and programs, including our outpatient clinics, mobile services, and telehealth. It covers our workforce, including employees, employed clinicians, residents, students, and volunteers, when they provide services for CompleteCare.

 

  1. Our Privacy Obligations
    We are required by law to maintain the privacy of your protected health information (“PHI”), to provide you with this Notice describing our privacy practices and legal duties, and to notify you following a breach of unsecured PHI. We will abide by the terms of the Notice that are currently in effect. We reserve the right to change the terms of this Notice and to make the new terms effective for all PHI we maintain. When we do, we will post the revised Notice at our sites, on our website, and provide it upon request.

 

III. Permissible Uses and Disclosures Without Your Written Authorization
We may use or disclose your protected health information (“PHI”) without your written authorization as described below, consistent with HIPAA and applicable law: 

 

  1. Treatment, Payment, and Health Care Operations (TPO). We may use and disclose your PHI to treat you (e.g., care coordination and referrals), obtain payment for your care (e.g., claims, eligibility/benefit checks), and run our health care operations (e.g., quality review, accreditation, compliance, and training). We may contact you with appointment reminders and information about treatment alternatives or other health-related benefits and services. We may also disclose PHI to other health care providers and health plans for their treatment or payment activities, and to other covered entities for certain health care operations when both entities have or had a relationship with you and the PHI relates to that relationship (for example, quality assessment or case management). To support these activities, we may disclose PHI to our business associates (e.g., billing, IT, data analytics, accreditation, legal, auditing) who perform services on our behalf. We require business associates—and their subcontractors—to safeguard your PHI, report breaches to us, and use/disclose PHI only as permitted by our agreements and applicable law. 

 

  1. Health Information Exchange (HIE). To support your care, we may share your PHI electronically with other health care providers and health plans through secure Health Information Exchanges (HIEs) for treatment, payment, and health care operations, as permitted by HIPAA. You may opt out of HIE sharing at any time by contacting our Privacy Office, (see Section VII). Your choice will not affect your access to care. Opting out applies only to sharing via HIEs and does not prevent us from using or disclosing PHI through other lawful means for TPO or as required by law. 

 

  1. People Involved in Your Care or Payment; Notifications. If you are present (or otherwise available), we may share PHI with a family member, relative, close friend, or another person you identify if you agree, have an opportunity to object and do not, or we reasonably infer you do not object. If you are unavailable, incapacitated, or in an emergency, we may use our professional judgment to share information directly relevant to that person’s involvement in your care or payment, and to help notify family/friends of your location, general condition, or death, including through authorized disaster relief efforts. 

 

  1. Additional Protections for Certain Information. Some types of health information are subject to stricter laws and will be used and disclosed only as permitted by those laws. This includes, for example, substance use disorder (SUD) treatment records protected by 42 C.F.R. Part 2, certain HIV/STD information, and other categories under applicable state law. We follow Part 2’s requirements for SUD records. A recent federal rule aligns Part 2 more closely with HIPAA, with a required compliance date of February 16, 2026; we will continue to meet all current requirements and update our practices as those changes take effect. 

 

  1. Fundraising Communications. We may contact you to raise funds for CompleteCare. For this purpose, we may use or disclose limited information, (for example, your name, mailing or email address, phone number, dates and department of service, treating clinician, and outcome of care), as permitted by HIPAA.  Each fundraising communication will include a clear, no-cost way to opt out of future solicitations, and your choice will not affect your care. You may also opt out at any time by contacting our Privacy Office (see Section VII).   

 

  1. Public Health Activities. We may disclose PHI for public health purposes, such as reporting diseases, injuries, vital events, child abuse/neglect, adverse events to the FDA, exposures to communicable diseases, and as required for workplace illness/injury and medical surveillance. 

 

  1. Victims of Abuse, Neglect, or Domestic Violence. We may disclose PHI to authorized government authorities as permitted or required by law, including where you agree, where reporting is required, or where allowed to prevent serious harm; we will provide notice to you when required. 

 

  1. Health Oversight Activities. We may disclose PHI to health oversight agencies for activities authorized by law, such as audits, investigations, inspections, licensure/discipline, and oversight of government benefit programs. 

 

  1. Judicial and Administrative Proceedings. We may disclose PHI in response to a court or administrative order,  limited to the PHI expressly authorized by the order, or, in response to subpoenas or other lawful process with required satisfactory assurances or after we provide notice to you or seek a qualified protective order. 

 

  1. Law Enforcement Officials. We may disclose permitted PHI for certain law-enforcement purposes, such as complying with laws/court orders, locating or identifying a suspect, fugitive, material witness, or missing person, reporting certain crimes on our premises, or responding to a warrant, subpoena, or similar process, subject to legal requirements. 

 

  1. Reproductive Health Information. We will not use or disclose PHI to investigate, prosecute, or impose liability for seeking, obtaining, providing, or facilitating reproductive health care that was lawful where provided (or otherwise protected by federal law), nor to identify anyone for those purposes. We apply a presumption of lawfulness unless we have actual knowledge or are given reliable facts to the contrary. When required by federal rules, we will obtain a signed attestation confirming that any requested use or disclosure is not for a prohibited purpose. 

 

  1. Decedents. We may disclose PHI to coroners/medical examiners and to funeral directors as needed to carry out their duties, including disclosures prior to and in reasonable anticipation of death. 

 

  1. Organ and Tissue Procurement. We may disclose PHI to organ procurement organizations and similar entities to facilitate organ, eye, or tissue donation and transplantation. 

 

  1. Research. We may use or disclose PHI for research with your authorization or without authorization if an Institutional Review Board (IRB) or Privacy Board approves a waiver or alteration. We may also disclose PHI preparatory to research (without removing PHI from our premises), for research solely on decedents’ information, or disclose a limited data set under a Data Use Agreement. 

 

  1. Serious Threat to Health or Safety. If we believe in good faith that it is necessary to prevent or lessen a serious and imminent threat to a person or the public, we may use or disclose PHI to someone able to help prevent or lessen the threat (including the target of the threat), consistent with law and ethical standards. 

 

  1. Specialized Government Functions. We may use or disclose PHI for specialized government activities, including military and veterans’ activities, national security and intelligence, protective services for the President and others, State Department functions, and correctional/law enforcement custodial situations, as permitted by law. 

 

  1. Workers’ Compensation. We may disclose PHI as authorized by and to the extent necessary to comply with workers’ compensation or similar programs. 

 

  1. As Required by Law. We may use or disclose PHI when required by law, and such disclosures will comply with and be limited to the relevant legal requirements. 

 

  1. Uses and Disclosures Requiring Your Written Authorization

 

  1. General Rule. For any use or disclosure of your PHI not described in Section III, we will obtain your written authorization. You may revoke an authorization at any time in writing (we may rely on your prior authorization to the extent we already acted on it). We do not condition your treatment on signing an authorization. The only exceptions are if the treatment is part of a research study that requires your authorization, or if you request a service performed solely to create information for a third party (for example, a life-insurance or employment exam). 

 

  1. Marketing. We will obtain your authorization before using or disclosing PHI for marketing. We may communicate face-to-face with you or give you a nominal-value promotional gift without an authorization. Communications about a currently prescribed drug/biologic (e.g., refill reminders/adherence) are not marketing if any payment we receive is reasonably related to our cost of making the communication. If a marketing communication involves financial remuneration, the authorization will state that fact. 

 

  1. Sale of PHI. We will obtain your authorization for any disclosure that is a sale of PHI; the authorization will state that the disclosure will result in remuneration to CompleteCare. 

 

  1. Psychotherapy Notes. We will obtain your authorization to use or disclose psychotherapy notes (defined as the therapist’s separate notes analyzing counseling conversations), except for limited purposes such as use by the originator for treatment, training programs, our legal defense, certain required-by-law disclosures, oversight of the originator, coroner/medical examiner activities, or to address a serious and imminent threat. 

 

  1. Information Subject to Stricter Laws. Certain information is subject to additional protections under federal or state law and may further limit how we use or disclose it, even with an authorization. Examples include HIV/AIDS information (e.g., confidentiality limits under New Jersey law), communicable disease information (including sexually transmitted infections and tuberculosis) under public health regulations, and genetic information under New Jersey’s Genetic Privacy Act. Where these laws apply, we will follow them in addition to HIPAA. 

 

  1. Your Rights Regarding Your Protected Health Information

 

  1. Questions or Complaints. To learn more about your privacy rights, to raise a concern, or to disagree with a decision about your PHI, contact our Privacy Office. You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) at hhs.gov/ocr/privacy/hipaa/complaints. We will not retaliate against you for filing a complaint with us or with OCR. 

 

  1. Right to Request Additional Restrictions. You may ask us to restrict how we use or disclose your PHI for treatment, payment, or health care operations, or to people involved in your care or payment. We will consider all requests but are not required to agree, except we must agree not to disclose PHI to a health plan for payment or operations if the PHI relates solely to an item or service that you (or someone for you) paid in full out-of-pocket, unless disclosure is otherwise required by law. To request a restriction, contact the Privacy Office; we will confirm our response in writing. 

 

  1. Right to Receive Confidential Communications. You may request to receive PHI by alternative means or at alternative locations (for example, a different mailing address or phone number). We will accommodate reasonable requests. You do not need to explain the reason, and if you tell us disclosure could endanger you, health plans must accommodate reasonable requests. 

 

  1. Right to Revoke Your Authorization. You may revoke any authorization (including marketing authorizations) in writing at any time, except to the extent we have already acted in reliance on it. Instructions are available from the Privacy Office. 

 

  1. Right to Inspect and Obtain a Copy of Your Health Information. You have the right to inspect and obtain a copy of PHI about you maintained in our designated record sets (for example, medical and billing records), with limited exceptions (e.g., psychotherapy notes). We will act on your request within 30 days (with one 30-day extension if needed, with written notice). If you request an electronic copy of PHI that we maintain electronically, we will provide it in the form and format you request if readily producible, or in a readable alternative electronic format we agree on; you may also direct us to send a copy to a third party in writing. We may charge a reasonable, cost-based fee for copies (limited to labor for copying, supplies, and postage). Per-page fees are not permitted for electronic copies of PHI that we maintain electronically. We do not charge for inspection only, or for searching for or retrieving your records. We do not charge for inspection only or searching for or retrieving your records. Access by parents/guardians to a minor’s records will be provided consistent with applicable law. 

 

  1. Right to Request an Amendment. You may request that we amend PHI about you in our designated record sets if you believe it is incorrect or incomplete. We will act within 60 days (with one 30-day extension if needed, with written notice). If we grant the request, we will amend the information and notify appropriate parties who received the PHI. If we deny the request, you may submit a statement of disagreement, and we will include it (or a summary) with future disclosures as required.
     
  1. Right to an Accounting of Disclosures. You may request an accounting of disclosures of your PHI made by us in the six years prior to your request, excluding disclosures for treatment, payment, health care operations, and certain other permitted disclosures (e.g., those you authorized). We will provide the accounting within 60 days (with one 30-day extension if needed, with written notice). If you request more than one accounting in 12 months, we may charge a reasonable, cost-based fee. 

 

  1. Right to Receive Paper Copy of this Notice. You may request a paper copy of this Notice at any time, even if you agreed to receive it electronically. This Notice is also available on our website. 

 

  1. Effective Date and Duration of This Notice

 

  1. Original Effective Date:  April 14, 2003 

 

  1. Current Revision Date: August 6th, 2025 

 

  1. Right to Change Terms of this Notice. We may change the terms of this Notice at any time. If we do, the revised Notice will apply to all PHI we maintain, including PHI created or received before the revision. We will post the revised Notice on our sites in a prominent location, make it available upon request on or after the revision’s effective date, and post it on our website. Except when required by law, we will not implement a material change before the revised Notice’s effective date. 

 

 

 

 

 

 

VII. Privacy Office
For questions, requests, or complaints about this Notice or our privacy practices, contact:
Inez Acosta, Chief Legal Officer / Privacy Officer
CompleteCare Health Network
P.O. Box 597
Bridgeton, NJ 08302
Phone: (856) 451-4700 ext. 2088
Email: iacosta@chcinj.org 

 

Make a Payment

Appointment Center

Find A Heath Center

Become A New Patient

Access Patient Portal