Privacy Policy

Who we are

Our website address is: https://greatstepsop.com.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.


NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. WE ARE REQUIRED BY LAW TO PROTECT MEDICAL INFORMATION ABOUT YOU

We are required by law to protect the privacy of medical information about you and that identifies you. This medical information may be information about healthcare we provide to you or payment for healthcare provided to you. It may also be information about your past, present, or future medical condition.

We are also required by law to provide you with this Notice of Privacy Practices explaining our legal duties and privacy practices with respect to medical information. We are legally required to follow the terms of this Notice. In other words, we are only allowed to use and disclose medical information in the manner that we have described in this Notice.We may change the terms of this Notice in the future. We reserve the right to make changes and to make the new Notice effective for all medical information that we maintain. If we make changes to the Notice, we will:

  1. Post the new Notice in our waiting area.
  2. Have copies of the new Notice available upon request.

Please contact Heidi Weege, our Privacy Officer at 154 19th Street South, Sartell, MN 56377 OR by phone at 320-258-0115 ext. 31 to obtain a copy of our current Notice.

The rest of this Notice will:

  1. Discuss how we may use and disclose medical information about you.
  2. Explain your rights with respect to medical information about you.
  3. Describe how and where you may file a privacy-related complaint.

If, at any time, you have questions about information in this Notice or about our privacy policies, procedures or practices, you can contact our Privacy Officer at 320-258-0115 ext. 31.

We use and disclose medical information about patients every day. This section of our Notice explains in some detail how we may use and disclose medical information about you in order to provide healthcare, obtain payment for that healthcare, and operate our business efficiently. This section then briefly mentions several other circumstances in which we may use or disclose medical information about you.


WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU IN SEVERAL CIRCUMSTANCES

For more information about any of these uses or disclosures, or about any of our privacy policies, procedures or practices, contact our Privacy Officer at 320-258-0115 ext. 31.

Minimum Necessary Rule:

HIPAA’s minimum necessary rule states that when a provider uses or discloses health information, providers must make reasonable efforts to limit the health information to the minimum necessary to accomplish the intended purpose of the use or disclosure. The minimum necessary standard does not apply to disclosures to: (a) health care providers for treatment; (b) disclosures made to the patient; (c) disclosures made pursuant to an authorization; (d) disclosures made to DHHS; (e) disclosures required by law; and (f) disclosures required for compliance with HIPAA.

  1. Treatment
    We may use or disclose your health care information in the provision, coordination or management of your health care. Our communications to you may be by telephone, cell phone, e-mail, patient portal, or by mail. For example we may use your information to call and remind you of an appointment or to refer your care to another physician. If another provider requests your health information and they are not providing care and treatment to you we will request an authorization from you before providing your information.
  2. Payment
    We may use or disclose your health care information to obtain payment for your health care services. For example, we may use your information to send a bill for your health care services to your insurer.
  3. Healthcare Operations
    We may use and disclose medical information about you in performing a variety of business activities that we call “healthcare operations.” These “healthcare operations” activities allow us to, for example, improve the quality of care we provide and reduce healthcare costs. For example, we may use your health information to evaluate the performance of our staff in caring for you or to help us decide what additional services we should offer. We may remove information that identifies you from this set of medical information to protect your privacy.

    Example: Jane was diagnosed with diabetes. Great Steps used Jane’s medical information – as well as medical information from all of the other health department patients diagnosed with diabetes – to develop an appropriate standard of care for assisting people with diabetes seeking therapeutic shoes and inserts. (Note: The standard of care training would not identify any specific patients without their permission).

    Example: Jane complained that she did not receive appropriate healthcare. Great Steps staff reviewed Jane’s record to evaluate the quality of the care provided to Jane. Great Steps also discussed Jane’s care with an attorney.
  4. Business Associates
    There are some services provided by Great Steps through contracts with business associates. Examples include fabrication companies, accounts payable service, and accounting service. When these services are contracted, we may disclose your health information to our business associate so that they can perform the job we’ve asked them to do. To protect your health information; however, we require the business associate to appropriately safeguard your information and sign a HIPAA Business Associate Agreement indicating that they will.
  5. Persons Involved in Your Care
    We may disclose medical information about you to a relative, close personal friend or any other person you identify if that person is involved in your care and the information is relevant to your care. If the patient is a minor, we may disclose medical information about the minor to a parent, guardian or other person responsible for the minor except in limited circumstances. For more information on the privacy of minors’ information, contact our Privacy Officer at 320-258-0115 ext. 31.

    We may also use or disclose medical information about you to a relative, another person involved in your care or possibly a disaster relief organization (such as the Red Cross) if we need to notify someone about your location or condition.

    You may ask us at any time not to disclose medical information about you to persons involved in your care. We will agree to your request and not disclose the information except in certain limited circumstances (such as emergencies) or if the patient is a minor. If the patient is a minor, we may or may not be able to agree to your request.

    Example: Jane’s husband regularly comes to Great Steps with Jane for her appointments and he helps her with her care. When the practitioner is discussing a treatment plan with Jane, Jane invites her husband to come into the private room. The practitioner discusses the treatment plan with Jane and Jane’s husband.
  6. Required by Law
    We will use and disclose medical information about you whenever we are required by law to do so. There are many state and federal laws that require us to use and disclose medical information. For example, state law requires us to report gunshot wounds and other injuries to the police and to report known or suspected child abuse or neglect to the Department of Social Services. We will comply with those state laws and with all other applicable laws.
  7. National Priority Uses and Disclosures
    When permitted by law, we may use or disclose medical information about you without your permission for various activities that are recognized as “national priorities.” In other words, the government has determined that under certain circumstances (described below), it is so important to disclose medical information that it is acceptable to disclose medical information without the individual’s permission. We will only disclose medical information about you in the following circumstances when we are permitted to do so by law. Below are brief descriptions of the “national priority” activities recognized by law. For more information on these types of disclosures, contact our Privacy Officer at 320-258-0115 ext. 31.

    a. Threat to health or safety: We may use or disclose medical information about you if we believe it is necessary to prevent or lessen a serious threat to health or safety.

    b. Public health activities: We may use or disclose medical information about you for public health activities. Public health activities require the use of medical information for various activities, including, but not limited to, activities related to investigating diseases, reporting child abuse and neglect, monitoring drugs or devices regulated by the Food and Drug Administration, and monitoring work-related illnesses or injuries. For example, if you have been exposed to a communicable disease (such as a sexually transmitted disease), we may report it to the State and take other actions to prevent the spread of the disease.

    c. Abuse, neglect or domestic violence: We may disclose medical information about you to a government authority (such as the Department of Social Services) if you are an adult and we reasonably believe that you may be a victim of abuse, neglect or domestic violence.

    d. Health oversight activities: We may disclose medical information about you to a health oversight agency – which is basically an agency responsible for overseeing the healthcare system or certain government programs. For example, a government agency may request information from us while they are investigating possible insurance fraud.

    e. Court proceedings: We may disclose medical information about you to a court or an officer of the court (such as an attorney). For example, we would disclose medical information about you to a court if a judge orders us to do so.

    f. Law enforcement: We may disclose medical information about you to a law enforcement official for specific law enforcement purposes. For example, we may disclose limited medical information about you to a police officer if the officer needs the information to help find or identify a missing person.

    g. Coroners and others: We may disclose medical information about you to a coroner, medical examiner, or funeral director or to organizations that help with organ, eye and tissue transplants.

    h. Workers’ compensation: We may disclose medical information about you in order to comply with workers’ compensation laws.

    i. Research organizations: We may use or disclose medical information about you to research organizations if the organization has satisfied certain conditions about protecting the privacy of medical information.

    j. Certain government functions: We may use or disclose medical information about you for certain government functions, including but not limited to military and veterans’ activities and national security and intelligence activities. We may also use or disclose medical information about you to a correctional institution in some circumstances.
  8. Authorizations
    Other than the uses and disclosures described above (#1-6), we will not use or disclose medical information about you without the “authorization” – or signed permission – of you or your personal representative. In some instances, we may wish to use or disclose medical information about you and we may contact you to ask you to sign an authorization form. In other instances, you may contact us to ask us to disclose medical information and we will ask you to sign an authorization form.

    If you sign a written authorization allowing us to disclose medical information about you, you may later revoke (or cancel) your authorization in writing (except in very limited circumstances related to obtaining insurance coverage). If you would like to revoke your authorization, you may write us a letter revoking your authorization or fill out an Authorization Revocation Form. Authorization Revocation Forms are available from our Privacy Officer. If you revoke your authorization, we will follow your instructions except to the extent that we have already relied upon your authorization and taken some action.

    The following uses and disclosures of medical information about you will only be made with your authorization (signed permission):
    a. Uses and disclosures for marketing purposes.
    b. Uses and disclosures that constitute the sales of medical information about you.
     c. Most uses and disclosures of psychotherapy notes, if we maintain psychotherapy notes.
    d. Any other uses and disclosures not described in this Notice.

    You have several rights with respect to medical information about you. This section of the Notice will briefly mention each of these rights. If you would like to know more about your rights, please contact our Privacy Officer at 320-258-0115 ext. 31.
  9. Right to a Copy of This Notice
    You have a right to have a paper copy of our Notice of Privacy Practices at any time. In addition, a copy of this Notice will always be posted in our waiting area. If you would like to have a copy of our Notice, ask the receptionist for a copy or contact our Privacy Officer at 320-258-0115 ext. 31.
  10. Right of Access to Inspect and Copy
    You have the right to inspect (which means see or review) and receive a copy of medical information about you that we maintain in certain groups of records. If we maintain your medical records in an Electronic Health Record (EHR) system, you may obtain an electronic copy of your medical records. You may also instruct us in writing to send an electronic copy of your medical records to a third party. If you would like to inspect or receive a copy of medical information about you, you must provide us with a request in writing. You may write us a letter requesting access or fill out an Access Request Form. Access Request Forms are available from our Privacy Officer.
    We may deny your request in certain circumstances. If we deny your request, we will explain our reason for doing so in writing. We will also inform you in writing if you have the right to have our decision reviewed by another person.

    We may be able to provide you with a summary or explanation of the information. Contact our Privacy Officer for more information on these services and any possible additional fees.

    YOU HAVE RIGHTS WITH RESPECT TO MEDICAL INFORMATION ABOUT YOU
  11. Right to Have Medical Information Amended
    You have the right to have us amend (which means correct or supplement) medical information about you that we maintain in certain groups of records. If you believe that we have information that is either inaccurate or incomplete, we may amend the information to indicate the problem and notify others who have copies of the inaccurate or incomplete information. If you would like us to amend information, you must provide us with a request in writing and explain why you would like us to amend the information. You may either write us a letter requesting an amendment or fill out an Amendment Request Form. Amendment Request Forms are available from our Privacy Officer.
    We may deny your request in certain circumstances. If we deny your request, we will explain our reason for doing so in writing. You will have the opportunity to send us a statement explaining why you disagree with our decision to deny your amendment request and we will share your statement whenever we disclose the information in the future.
  12. Right to an Accounting of Disclosures We Have Made
    You have the right to receive an accounting (which means a detailed listing) of disclosures that we have made for the previous six (6) years. If you would like to receive an accounting, you may send us a letter requesting an accounting, fill out an Accounting Request Form, or contact our Privacy Officer. Accounting Request Forms are available from our Privacy Officer.
    The accounting will not include several types of disclosures, including disclosures for treatment, payment or healthcare operations. If we maintain your medical records in an Electronic Health Record (EHR) system, you may request that include disclosures for treatment, payment or healthcare operations. The accounting will also not include disclosures made prior to April 14, 2003.
  13. Right to Request Restrictions on Uses and Disclosures
    You have the right to request that we limit the use and disclosure of medical information about you for treatment, payment and healthcare operations. Under federal law, we must agree to your request and comply with your requested restriction(s) if:

    a. Except as otherwise required by law, the disclosure is to a health plan for purpose of carrying out payment of healthcare operations (and is not for purposes of carrying out treatment); and,

    b. The medical information pertains solely to a healthcare item or service for which the healthcare provided involved has been paid out-of-pocket in full.
    Once we agree to your request, we must follow your restrictions (except if the information is necessary for emergency treatment). You may cancel the restrictions at any time. In addition, we may cancel a restriction at any time as long as we notify you of the cancellation and continue to apply the restriction to information collected before the cancellation.
    You also have the right to request that we restrict disclosures of your medical information and healthcare treatment(s) to a health plan (health insurer) or other party, when that information relates solely to a healthcare item or service for which you, or another person on your behalf (other than a health plan), has paid us for in full. Once you have requested such restriction(s), and your payment in full has been received, we must follow your restriction(s).
  14. Right to Request an Alternative Method of Contact
    You have the right to request to be contacted at a different location or by a different method. For example, you may prefer to have all written information mailed to your work address rather than to your home address.

    We will agree to any reasonable request for alternative methods of contact. If you would like to request an alternative method of contact, you must provide us with a request in writing. You may write us a letter or fill out an Alternative Contact Request Form. Alternative Contact Request Forms are available from our Privacy Officer.
  15. Right to Notification if a Breach of Your Medical Information Occurs
    You also have the right to be notified in the event of a breach of medical information about you. If a breach of your medical information occurs, and if that information is unsecured (not encrypted), we will notify you promptly with the following information:

    a. A brief description of what happened;
    b. A description of the health information that was involved;
    c. Recommended steps you can take to protect yourself from harm;
    d. What steps we are taking in response to the breach; and,
    e. Contact procedures so you can obtain further information.
  16. Right to Opt-Out of Fundraising Communications
    If we conduct fundraising and we use communications like the U.S. Postal Service or electronic email for fundraising, you have the right to opt-out of receiving such communications from us. Please contact our Privacy Officer to opt-out of fundraising communications if you chose to do so.

    YOU MAY FILE A COMPLAINT ABOUT OUR PRIVACY PRACTICES
    If you believe that your privacy rights have been violated or if you are dissatisfied with our privacy policies or procedures, you may file a written complaint either with us or with the federal government.

    We will not take any action against you or change our treatment of you in any way if you file a complaint.

    To file a written complaint with us, you may bring your complaint directly to our Privacy Officer, or you may mail it to the following address:
    Attn: Heidi Weege, HIPAA Privacy Officer
    154 19th Street South
    Sartell, MN 56377

    To file a written complaint with the federal government, please use the following contact information:
    Office for Civil Rights
    U.S. Department of Health and Human Services
    200 Independence Avenue, S.W. Room 509F, HHH Building Washington, D.C. 20201
    Toll-Free Phone: 1-(877) 696-6775
    Website: http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html
    Email: OCRComplaint@hhs.gov