BHES Patient Portal
HIPPA Notice of Privacy Services
(815) 609-1544 (Office)
email

OMNIBUS Rule

for the Healthcare Facility of: Behavioral Health and Education Specialists, Inc. 14953 S Van Dyke Road, Plainfield, IL 60544

HIPAA Notice of Privacy Practices (“Notice”)

PLEASE CAREFULLY REVIEW THIS NOTICE
THIS NOTICE DESCRIBES HOW WE MAY USE AND DISCLOSE YOUR MEDICAL INFORMATION AND HOW YOU CAN GET ACCESS TO THIS INFORMATION under the HIPAA Omnibus Rule of 2013.
For purposes of this Notice “us” “we” and “our” refers to Behavioral Health and Education Specialists, Inc. (“BHES”), and “you” or “your” refers to our patients (or their legal representatives as determined by us in accordance with State informed consent law). When you receive healthcare services from us, we will create and obtain access to your medical information (i.e. your health history). We are committed to maintaining the privacy of your health information and we have implemented numerous procedures to ensure we do so. The Federal Health Insurance Portability & Accountability Act of 2013, HIPAA Omnibus Rule, (formally HIPAA 1996 & HI TECH of 2004) requires us to maintain the confidentiality of all your medical records and other identifiable protected health information (“PHI”) used by or disclosed to us in any form, whether electronic, on paper or spoken. HIPAA is a Federal Law that gives you significant new rights to understand and control how your health information is used. Federal HIPAA Omnibus Rule and State law provide penalties for Covered Entities (such as us), Business Associates, their Subcontractors and Records Owners, respectively that misuse or improperly disclose PHI.
Starting April 14, 2003, HIPAA requires us to provide you with this Notice of our legal duties and the privacy practices we are required to follow when you first come into our office for healthcare services. If you have questions about this Notice, please ask to speak to our HIPAA Privacy Officer. Our doctors, clinical staff, employees, Business Associates, their Subcontractors and any other involved parties follow the policies and procedures set forth in this Notice. If at BHES, your primary healthcare provider(s) is/are unavailable to assist you (i.e. illness, on-call coverage, vacation, etc.), we may provide you with the name of another healthcare provider within or outside of BHES for you to consult with. If we do so, that provider will follow the policies and procedures set forth in this Notice or those established for his or her practice, so long as they substantially conform to those for our practice.

Our Rules on how we may use and disclose your PHI:

Under the law, we must have your signature on our written, dated Treatment Consent form and Notice of Privacy Practices Acknowledgment (“Acknowledgment”) form, before we will use or disclose your PHI for certain purposes as detailed in the rules below.
Documentation – You will be asked to sign our Acknowledgment form when you receive this Notice indicating you were provided a copy of this Notice. If you did not sign that form or need a copy of the one you signed, please immediately contact our HIPAA Privacy Officer. You may revoke your consent for treatment or any or all valid authorization for release of your PHI at any time (unless we have already acted based on it) by submitting our Treatment Consent Revocation and/or Revocation of Authorization for Release of PHI forms in writing to us at our address listed above. Your revocation(s) will take effect on the date we receive it. We cannot retroactive the date of the revocation(s) to ensure any actions we took on your behalf prior to the revocation will not be affected (i.e. if after we provide you services, you revoke your treatment consent or an authorization to release PHI in an attempt to prevent us from billing or collecting for those services, your revocation will have no impact on the services we provided or actions we took on your behalf prior to the date of the revocation).
General Rule – If you do not sign our Acknowledgment form or if you revoke your consent to treatment, as a general rule (subject to exceptions described below under “Healthcare Treatment, Payment and Operations Rule” and “Special Rules”), we cannot, after that date, in any manner use or disclose to anyone (excluding you, but including payers and Business Associates) your PHI or any other information in your medical record. By law, we are unable to submit claims to payers under assignment of benefits without your signature on our Authorization form. You will however be able to restrict disclosures of your PHI to your insurance carrier for services for which you choose to pay "out of pocket” under the new Omnibus Rule. We will not condition treatment on you signing an Authorization to Release PHI form, but we may have no other reasonable option but to decline you as a new patient or to discontinue you as an active patient if you choose not to sign or revoke your consent to treatment or decline to sign the Acknowledgment form.

Healthcare Treatment, Payment and Operations Rule:

With your signed consent to treatment and authorization to share your PHI, we may use or disclose your PHI in order to:
  • Provide you with or coordinate healthcare treatment and services. For example, we may review your health history form to form a diagnosis and treatment plan, consult with other doctors about your care, delegate tasks to ancillary staff, call in prescriptions to your pharmacy, disclose needed information to your family or others so they may assist you with home care, arrange appointments with other healthcare providers, schedule lab work for you, etc.
  • Bill or collect payment from you, an insurance company, a managed-care organization, a health benefits plan or another third party. For example, we may need to verify your insurance coverage and submit your PHI on claim forms in order to get reimbursed for our services, obtain pre-treatment estimates or prior authorizations from your health plan or provide your x-rays because your health plan requires them for payment; Remember, you will be able to restrict disclosures to your insurance carrier for services for which you choose to pay “out of pocket” under this new Omnibus Rule.
  • Run our office, assess the quality of our patients’ care and provide you with customer service. For example, to improve efficiency and reduce costs associated with missed appointments, we may contact you by telephone, text, email, mail or otherwise remind you of scheduled appointments, we may leave messages with whomever answers your telephone or email to contact us (but we will not give out detailed PHI), we will typically call you by first name from the waiting room, we may ask you to put your full name on a sign-in sheet, (we will cover your name just after checking you in), we may tell you about or recommend health-related products and complementary or alternative treatments that may interest you, we may review your PHI to evaluate our staff’s performance, or our HIPAA Privacy Officer may review your records to assist you with complaints. If you prefer we not contact you with appointment reminders or information about treatment alternatives or health-related products and services, please notify us in writing at our address listed above and we will not use or disclose your PHI for those purposes.
Note: The new HIPAA Omnibus Rule does not require we provide the above notice regarding Appointment Reminders, Treatment Information or Health Benefits, but we are including that information as a courtesy to you so you understand our business practices with regards to your PHI.
Additionally, you should be made aware of these protection laws on your behalf, under the new HIPAA Omnibus Rule:
  • Health Insurance plans that underwrite your health plan cannot use or disclose genetic information for underwriting purposes (this excludes certain long-term care plans). Health plans that post their Notice of Privacy Practices on their web sites must post these Omnibus Rule changes on their sites and notify you by U.S. Mail by the effective date of the Omnibus Rule. Plans that do not post their Notice of Privacy Practices on their Web sites must provide you information about Omnibus Rule changes within 60 days of these Federal revisions.
  • Psychotherapy Notes maintained by a healthcare provider, must state in their Notice that they can allow “use and disclosure” of such notes only with your written authorization.

Special Rules:

Notwithstanding anything else contained in this Notice, only in accordance with applicable HIPAA Omnibus Rule, and under strictly limited circumstances, we may use or disclose your PHI without your permission, Consent or Authorization for the following purposes:
  • When required under Federal, State or Local law.
  • When necessary in emergencies to prevent a serious threat to your health and safety or the health and safety of others.
  • If you are or were a member of the armed forces, or part of the national security or intelligence communities, we may be required by military command or other government authorities to release your PHI. We may also release information about foreign military personnel to the appropriate foreign military authority.
  • For intelligence, counterintelligence or other national security purposes (i.e., Veterans Affairs, U.S. military command, other government authorities or foreign military authorities may require us to release PHI about you).
  • For Worker’s Compensation purposes (i.e., we may disclose your PHI if you have claimed health benefits for a work-related injury or illness).
  • For public health reasons in order to prevent or control disease, injury or disability, reporting information such as ineffective or dangerous medications or products, suspected abuse, neglect or exploitation of children, disabled adults or the elderly, or domestic violence.
  • For Federal or State government healthcare oversight activities for fraud and abuse investigations, other investigations, audits, inspections, licensing purposes, permitting government programs or civil rights laws.
  • For judicial and administrative proceedings and law enforcement purposes (i.e., in response to a warrant, subpoena or court order, by providing PHI to coroners, medical examiners and funeral directors to locate missing persons, to identify deceased persons or determine cause of death).
  • For organ and tissue donation (i.e. if you are an organ donor, we may release your PHI to organizations that handle organ, eye or tissue procurement, donation and transplantation).
  • For research projects approved by an Institutional Review Board or a privacy board to ensure confidentiality (i.e. if the researcher will have access to your PHI because he/she is involved in your clinical care, we will ask you to sign an authorization).
  • To create a collection of information that is “de-identified” (i.e. it does not personally identify you by name, distinguishing marks or otherwise and no longer can be connected to you).
  • To family members, friends and others, but only if you are present and verbally give permission. We will give you an opportunity to object and if you do not, we reasonably assume, based on our professional judgment and the surrounding circumstances, that you do not object (i.e. you bring someone with you into the operating or exam room during treatment or into the conference area when we are discussing your PHI); we reasonably infer that it is in your best interest (i.e. to allow someone to pick up your records because they knew you were our patient and you asked them in writing with your signature to do so); or it is an emergency situation involving you or another person (i.e. your minor child or ward) and, respectively, you cannot consent to your care because you are incapable of doing so or you cannot consent to the other person’s care because, after a reasonable attempt, we have been unable to locate you. In these emergency situations we may, based on our professional judgment and the surrounding circumstances, determine that disclosure is in the best interest of you or the other person, in which case we will disclose PHI, but only as it pertains to the care being provided and we will notify you of the disclosure as soon as possible after the care is completed. As per HIPAA law 164.512(j) (i)… (A) Is necessary to prevent or lessen a serious or imminent threat to the health and safety of a person or the public and (B) Is to person or persons reasonably able to prevent or lessen that threat.

Minimum Necessary Rule

Our staff will not use or access your PHI unless it is necessary to do their job (i.e. doctors uninvolved in your care will not access your PHI; ancillary clinical staff caring for you will not access your billing information; billing staff will not access your PHI except as needed to complete the claim form for the latest visit or problematic claims; janitorial staff will not access your PHI, etc…). All of our team members are trained in HIPAA Privacy rules and sign strict confidentiality contracts with regards to protecting and keeping private your PHI. So do our Business Associates and their Subcontractors. Know that your PHI is protected several layers deep in relation to our business relations. Also, we disclose to others outside our staff, only as much of your PHI as is necessary to accomplish the recipient’s lawful purposes. Still in certain cases, such as listed below, we may use and disclose the entire contents of your medical record to:
  • You (and your legal representatives as stated above) and anyone else you list on an Authorization to receive a copy of your medical records.
  • Healthcare providers for treatment purposes (i.e. making diagnosis and treatment decisions or agreeing with prior recommendations in the medical record).
  • The U.S. Department of Health and Human Services (i.e. in connection with a HIPAA complaint).
  • Others as required under Federal or State law.
  • Our HIPAA Privacy Officer and others as necessary to resolve your complaint or accomplish your request under HIPAA (i.e. clerks who copy records need access to your medical record).
If we believe that a request from others for disclosure of your entire medical record is unnecessary, we will ask the requestor to document why this is needed, retain that documentation and make it available to you upon request.

Super-Confidential Information Rule

As we have PHI about you regarding communicable diseases, disease testing, alcohol or substance abuse diagnosis and treatment, or psychotherapy and mental health records (super-confidential information under the law), we will not disclose it under the General or Healthcare Treatment, Payment and Operations Rules (see above) without your first signing and properly completing our Authorization form (i.e. you specifically must initial the type of super-confidential information we are allowed to disclose). If you do not specifically authorize disclosure of your super-confidential information by initialing the specific areas of our Authorization form, we will not disclose it. If we disclose super-confidential information (either because you have initialed the consent form or the Special Rules authorizing us to do so), we will comply with State and Federal law that requires us to warn the recipient in writing that re-disclosure is prohibited.
In accordance with HIPAA law, we presume that requests for disclosure of PHI from another Covered Entity (as defined in HIPAA) are for the minimum necessary amount of PHI to accomplish the requestor’s purpose. Our HIPAA Privacy Officer will individually review unusual or non-recurring requests for PHI to determine the minimum necessary amount of PHI to disclose. For non-routine requests or disclosures, our HIPAA Privacy Officer will make a minimum necessary determination based on, but not limited to, the following factors:
  • The amount of information being disclosed
  • The number of individuals or entities to whom the information is being disclosed
  • The importance of the use or disclosure
  • The likelihood of further disclosure
  • Whether the same result could be achieved with de-identified information
  • The technology available to protect the confidentiality of the information
  • The cost to implement administrative, technical and security procedures to protect confidentiality

Incidental Disclosure Rule

We will take reasonable administrative, technical and security safeguards to ensure the privacy of your PHI when we use or disclose it (i.e. we shred all papers containing PHI, require employees to speak with privacy precautions when discussing PHI with you, use computer passwords and change them periodically (i.e. when an employee leaves us), use firewall and router protection to the Federal standard, back up our PHI data off-site and ensure it is encrypted to Federal standard, do not allow unauthorized access to areas where PHI is stored or filed and have any unsupervised Business Associates sign a Business Associate Agreement agreeing to the confidentiality of your PHI). 
However, in the event there is a breach in protecting your PHI, we will follow Federal Guidelines to HIPAA Omnibus Rule Standard to evaluate the breach situation using the Omnibus Rule 4-Factor Formula for Breach Assessment. Then we will document the situation, retain copies of the situation on file, and report all breaches (other than low probability as defined by the Omnibus Rule) to the U.S. Department of Health and Human Services at:http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
We will also make proper notification to you and any other parties of significance as required by HIPAA Law.

Business Associate Rule

Business Associates are defined as: an entity (non-employee), which in the course of their work will directly/indirectly use, transmit, view, transport, hear, interpret, process or offer PHI for BHES. Business Associates and other third parties (if any) that receive your PHI from us will be prohibited from re-disclosing it unless required to do so by law or are given prior express written consent by you for the re-disclosure. Nothing in our Business Associate Agreement will allow our Business Associate to violate this re-disclosure prohibition. Under Omnibus Rule, Business Associates will sign a strict confidentiality agreement binding them to keep your PHI protected and report any compromises of your PHI to us, you and the U.S. Department of Health and Human Services, as well as other required entities. Our Business Associates will also follow the HIPAA Omnibus Rule and have any of their Subcontractors that may directly or indirectly have contact with your PHI sign confidentiality agreements to the HIPAA Omnibus Standard.

Changes to Privacy Policies Rule

We reserve the right to change this Notice at any time as authorized by law. The changes will be effective immediately upon us making them. They will apply to all PHI we create or receive in the future, as well as to all previous PHI created or received by us (i.e. PHI about you we had before the changes took effect). If we make changes, we will post the changed Notice, along with its effective date, in our office and on our website. Upon request, you will be given a copy of our current Notice.

Authorization Rule

We will not use or disclose your PHI for any purpose or to any person other than as stated in the rules above without your signature on our Authorization for Release of PHI form. If we need your authorization, we must obtain it via a specific Authorization Release of PHI form, which may be separate from any authorization we may have previously obtained from you. We will not condition your treatment on whether you sign the Authorization form.

Faxing and Emailing Rule

When you request us to fax or email your PHI as an alternative communication, we may agree to do so, but only after having our HIPAA Privacy Officer or treating healthcare provider review your request. For this communication, our HIPAA Privacy Officer will: confirm that the fax number or email address is correct before sending the message to ensure the intended recipient has sole access to the fax machine or computer; confirm receipt; locate our fax machine or computer in a secure location so unauthorized access and viewing is prevented; use a fax cover sheet so the PHI is not the first page to print out (because unauthorized persons may view the top page); and attach an appropriate notice to the message. Our emails are all encrypted per Federal Standard for your protection.

Collections Rule

If we use or disclose your PHI for collections purposes, we will do so only in accordance with the law.

Marketing and Fundraising Rules:

The disclosure or sale of your PHI without authorization is prohibited. Under the new HIPAA Omnibus Rule, this would exclude disclosures for public health purposes, treatment or payment for healthcare, for the sale, transfer, merger, or consolidation of all or part of BHES and for related due diligence, to any of our Business Associates, in connection with the Business Associate's performance of activities for BHES, to a patient or beneficiary upon request and as required by law. In addition, the disclosure of your PHI for research purposes or for any other purpose permitted by HIPAA, will not be considered a prohibited disclosure if the only reimbursement received is “a reasonable, cost-based fee” to cover the cost to prepare and transmit your PHI which would be expressly permitted by law. Notably, under the HIPAA Omnibus Rule, an authorization to disclose PHI must state that the disclosure will result in remuneration to the Covered Entity. Notwithstanding the changes in the HIPAA Omnibus Rule, the disclosure of limited data sets (a form of PHI with a number of identifiers removed in accordance with specific HIPAA requirements) for remuneration pursuant to the existing agreement is permissible until September 22, 2014, so long as the agreement is not modified within one year before that date.
Under the HIPAA Omnibus Rule use of PHI does not require your authorization should we choose to include you in any fundraising efforts attempted by BHES. However, we will offer the opportunity for you to “opt out” of receiving future fundraising communications. Simply let us know you want to “opt out” of such situations. There will be a statement on your Authorization form where you can choose to “opt out”. Our commitment to your treatment and care will in no way be affected by your decision of whether to participate in our fundraising efforts.

Flexibility on the Use of PHI for Fundraising

Limitations on the disclosure of PHI regarding Remuneration

Limitation on the Use of PHI for Paid Marketing

We will, in accordance with Federal and State Laws, obtain your written authorization to use or disclose your PHI for marketing purposes, (i.e., to use your photo in ads) but not for activities that constitute treatment or healthcare operations. The HIPAA Omnibus Rule defines Marketing as "a communication about a product or service that encourages recipients to purchase or use the product or service." Under the HIPAA Omnibus Rule, we will obtain a written authorization from you prior to recommending you to an alternative therapist, or non-associated healthcare Covered Entity.
Under HIPAA Omnibus Rule we will obtain your written authorization prior to using your PHI or making treatment or healthcare recommendations should financial remuneration for making the communication be involved from a third party whose product or service we may promote (i.e., businesses offering BHES incentives to promote their products or services to you). This will also apply to our Business Associates who receive such remuneration for making treatment or healthcare recommendations to you. All such recommendations will be limited to those for whom we have received your expressed written permission.
We must clarify to you that financial remuneration does not include “as in-kind payments” and payments for a purpose to implement a disease management program. Any promotional gifts of nominal value are not subject to the authorization requirement, and we will abide by the set terms of the law to accept or reject these. The only exclusion to this would include: "refill reminders", so long as the remuneration for making such a communication is "reasonably related to our cost" for making such a communication. In accordance with law, BHES and our Business Associates will only ever seek reimbursement from you for permissible costs that include labor, supplies, and postage. Please note that “generic equivalents”, “adherence to take medication as directed” and “self-administered drug or delivery system communications” are all considered to be "refill reminders." Face-to-face marketing communications, such as sharing with you a written product brochure or pamphlet, is permissible under the HIPAA Omnibus Law.

Improvements to Requirements for Authorizations Related to Research

Under the HIPAA Omnibus Rule, we may seek authorization from you for the use of your PHI for future research. However, we would have to provide details about the uses of that research.
Also, if we request of you a compound authorization with regards to research, BHES would clarify that when a compound authorization is used, and research-related treatment is conditioned upon your authorization, the compound authorization will differentiate between the conditioned and unconditioned components.

Your Rights Regarding Your PHI:

You have the following rights regarding the PHI we maintain about you:
You may ask us for a list of those who were given your PHI from us by submitting a Request for Accounting of Disclosures form to us. The list will not cover some disclosures (i.e., PHI given to you, given to your legal representative(s), and/or given to others for treatment, payment or healthcare-operations purposes). Your request must state in what form you want the list (i.e., paper or electronically) and the time period you want us to cover, which may be up to but not more than the last six years. If you ask us for this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee to respond, in which case we will tell you the cost before we incur it and let you choose if you want to withdraw or modify your request to avoid the cost.

To Request Amendment/Correction to your PHI

To Inspect and Copy

You have the right to inspect and copy your PHI, such as medical and billing records, by submitting a written request to our HIPAA Privacy Officer. Original records will not leave the premises, but will be available for inspection only during our regular business hours, and only if our HIPAA Privacy Officer is present at all times. You may ask us to give you the copies in a format other than photocopies (and we will do so unless we determine it is impractical) or ask us to prepare a summary in lieu of the copies. We may charge you a fee, not to exceed State law, to recover our costs (including postage, supplies, and staff time as applicable, but excluding staff time for search and retrieval) to duplicate or summarize your PHI. We will not condition release of the copies on summary or payment of your outstanding balance for professional services (if you have one). We will comply with Federal Law to provide your PHI in an electronic format within 30 days, to Federal specification, when you provide us with proper written request. A paper copy of your records will also be made available. We will respond to requests in a timely manner, without delay for legal review, or, in less than 30 days if submitted in writing, and in 10 business days or less if malpractice litigation or pre-suit production is involved. We may deny your request in certain limited circumstances (i.e., we do not have the PHI, it came from a confidential source, etc.). If we deny your request, you may ask for a review of that decision. If required by law, we will select a licensed healthcare professional (other than the person who initially denied your request) to review the denial and we will follow his or her decision. If we select a licensed healthcare professional who is not affiliated with us, we will ensure a Business Associate Agreement is executed that prevents re-disclosure of your PHI without your consent by that outside professional.
If another healthcare professional involved in your care tells us in writing to change your PHI, we will do so in a timely manner upon receipt of the changes and will send you written confirmation that we have made the changes. If you think PHI we have about you is incorrect, or that something important is missing from your medical records, you may ask us to amend or correct it by submitting the Request for Amendment/Correction form to our HIPAA Privacy Officer. We will act on your request within 30 days from receipt, but we may extend our response time (within the 30-day period) no more than once and by no more than 30 days, or as per Federal Law allowances, in which case we will notify you in writing why and when we will be able to respond. If we grant your request, we will let you know within 5 business days that we will make the changes by noting (not deleting) what is incorrect or incomplete and adding to it the changed language, and send the changes within 5 business days to the persons you ask us to and the persons we know may rely on incorrect or incomplete PHI to your detriment. We may deny your request under certain circumstances (i.e., it is not in writing, it does not give a reason why the change is being requested, we did not create the PHI you want changed and the entity that did can be contacted, it was compiled for use in litigation, or we determine it is accurate and complete). If we deny your request, we will notify you in writing, within 5 business days, why the request was denied and how to file a complaint with us if you disagree. You may submit a written disagreement with our denial, and we may submit a written rebuttal and give you a copy of it. You may also ask us to disclose your initial request and our denial when we make future disclosure of PHI pertaining to your request, and you may complain to us and the U.S. Department of Health and Human Services.

To Request Restrictions

You may ask us to limit how your PHI is used and disclosed (i.e., in addition to our rules as set forth in this Notice) by submitting a written Request for Restrictions on Use Disclosure form to us (i.e., you may not want us to disclose your surgery to family members or friends involved in paying for our services or providing your home care). If we agree to these additional limitations, we will follow them except in an emergency where we will not have time to check for limitations. Also, in some circumstances we may be unable to grant your request (i.e., we are required by law to use or disclose your PHI in a manner that you want restricted, you signed an Authorization form, which you may revoke, that allows us to use or disclose your PHI in the manner you want restricted; in an emergency).

To an Accounting of Disclosures

Inactive Patient Records

We will retain your records for 7 years from your last treatment or examination, at which point you will become an inactive patient in our practice and we may destroy your records at that time; the records of inactive minor patients will not be destroyed before the child’s eighteenth birthday. We will do so only in accordance with the law (i.e., in a confidential manner, with a Business Associate Agreement prohibiting re-disclosure if necessary).

To Request Alternative Communications

You may ask us to communicate with you in a different way or at a different place by submitting a written request on the Alternative Communication form to us. We will not ask you why and we will accommodate all reasonable requests, which may include: sending appointment reminders in closed envelopes rather than by postcards; sending your PHI to a post office box instead of your home address; and communicating with you at a telephone number other than your home number. You must tell us the alternative means or location you want us to use and explain to our satisfaction how payment to us will be made if we communicate with you as requested.
These privacy practices are in accordance with the original HIPAA enforcement effective April 14, 2003, and updated to the HIPAA Omnibus Rule effective March 26, 2013 and will remain in effect until we replace them as specified by Federal and/or State Law.

To Complain or Get More Information

If you believe your privacy rights have been violated, you may file a complaint with our HIPAA Privacy Officer or with the U.S. Department of Health and Human Services. We will never penalize you for filing a complaint. To do so, please file a formal, written complaint within 180 days to:
The U.S. Department of Health & Human Services Office of Civil Rights 200 Independence Ave., S.W.Washington, DC 20201 (877) 696-6775
Or, submit a written Complaint form to our HIPAA Privacy Officer at the following address:
Robert Brucker Jr., HIPAA Privacy Officer Behavioral Health and Education Specialists, Inc. 14953 S Van Dyke Road Plainfield, IL 60544 (815) 609-1544 (Phone) (815) 609-1670 (Fax) bhes-officemanager@sbcglobal.net
You may receive our HIPAA Complaint form by calling our HIPAA Privacy Officer.