Privacy Policies & Disclosures
Privacy Statement
The Montrose Center collects personal information about individuals in several computer systems dependent upon the services requested for reasons that are discussed in our privacy policy:
- Housing – Homeless Management Information System (HMIS)
- HIV Services – Centralized Patient Care Data Management System (CPCDMS) and AIRES
- Substance Use Recovery Related Services – Clinical Management of Behavioral Health System (CMBHS)
- All Services – the Center’s electronic health record system CONTINUUM (only on-site)
- Insurance – PC-ACE 32 (only on-site) and Availity to transmit claims
We may be required to collect some personal information by organizations that fund the operation of this program. Other personal information that we collect is important to run our programs, to improve services for individuals, and to better understand the needs of individuals. In order to bill for services; to provide or coordinate individual referrals, case management, housing or other services; and some client records may be shared with other organizations that are required to have privacy policies in place in order to protect your personal information. We only collect information that we consider appropriate. If you have any questions or would like to see our privacy policy, our staff will provide you with a copy. A copy of the exceptions to confidentiality is listed in your handbook. You have the right as a client to decline to share your information.
Client Privacy Notice
This notice describes how mental health and medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
I. Uses and Disclosures for Treatment, Payment, and Health Care Operations
the Center may use or disclose your protected health information (PHI), for treatment, payment, and health care operations purposes with your consent. To help clarify these terms, here are some definitions:
- PHI refers to information in your health record that could identify you.
- Treatment, Payment and Health Care Operations
- Treatment is when we provide, coordinate or manage your mental health care and other services related to your care.
- Payment is when we obtain reimbursement for your healthcare or other service, such as insurance company billing.
- Health Care Operations are activities that relate to the performance and operation of the agency, such as audits and performance improvement.
II. Uses and Disclosures Requiring Authorization
the Center may use or disclose PHI for purposes outside of treatment, payment, and health care operations only when your specific, written authorization is obtained. You may revoke any such authorization at any time, provided each revocation is in writing. You may not revoke an
authorization to the extent that (1) we have relied on that authorization; or (2) if the authorization was obtained as a condition of obtaining insurance coverage, and the law provides the insurer the right to contest the claim under the policy.
III. Uses and Disclosures with Neither Consent nor Authorization
the Center may use or disclose PHI without your consent or authorization in the following
circumstances:
- Child Abuse: If we have cause to believe that a child has been, or may be, abused, neglected, or sexually abused, we must make a report of such within 48 hours to the Texas Department of Protective and Regulatory Services, the Texas Youth Commission, or to any local or state law enforcement agency.
- Elder and Disabled Abuse: If we have cause to believe that an elderly or disabled person is in a state of abuse, neglect, or exploitation, the Center staff member must immediately report such to the Department of Protective and Regulatory Services. If such person is in a facility operated, licensed, certified or registered by a state agency, the Center staff member shall report the suspected abuse, neglect of exploitation to the state agency that operates, licenses, certifies or registers the facility for investigation.
- Health Oversight: If authorized or required by law, we may release PHI to an oversight agency if necessary for audits, investigations and licensure.
- Judicial or Administrative Proceedings: If you are involved in a court proceeding and a request is made for information about your diagnosis and treatment and the records thereof, we will not release information, without written authorization from you or your personal or legally appointed representative, or a court order.
- Serious Threat to Health or Safety: If we determine that there is a probability of imminent physical injury by you to yourself or others, or there is a probability of immediate mental or emotional injury to you, we may disclose relevant confidential mental health information to medical or law enforcement personnel.
IV. Patient’s Rights and the Center’s Duties
Client’s Rights:
- Right to Request Restrictions –You have the right to request in writing restrictions on certain uses and disclosures of protected health information about you. In general, we are not required to agree to your request. We will agree to restrict disclosure to funding sources and insurance carriers if you are paying out of pocket the full cost of your services.
- Right to Receive Confidential Communications by Alternative Means and at Alternative Locations – You have the right to request and receive confidential communications of PHI by alternative means and at alternative locations. For example, you may request that we only contact you at work or by mail.
- Right to Inspect and Copy – You have the right to inspect and/ or obtain a copy of PHI in the Center mental health and billing records used to make decisions about you for as long as the PHI is maintained in the record. To obtain this information you must submit your request in writing to the Operations & Prevention Director of the Center. We may charge you for costs of copying, mailing or other costs incidental to complying with your request.
- Right to Amend – If you feel that information that we have about you is incorrect or incomplete, you have the right to request an amendment of PHI for as long as the PHI is maintained in the record. We may deny your request.
- Right to an Accounting – You have the right to receive an accounting of disclosures of PHI for disclosures of information about you other than for treatment, payment and heath care operations.
the Center’s Duties
- We are required by law to maintain the privacy of PHI and to provide you with a notice of our legal duties and privacy practices with respect to PHI.
- We reserve the right to change the privacy policies and practices described in this notice. We will post a current notice on the bulletin board off the downstairs lobby. The last date revised will be shown in the lower left corner.
- If we revise our policies and procedures, we will post a revised copy on the bulletin board in the downstairs hallway at 401 Branard, 2nd Floor; Houston, Texas and a personal copy may be obtained by telephone request to 713.529.0037, ext. 0.
V. Questions and Complaints
If you have questions about this notice, disagree with a decision made about access to your records, or have other concerns about your privacy rights, you may contact the Operations & Prevention Director at 713.529.0037, ext.320. If you believe that your privacy rights have been
violated and wish to file a complaint with the Center, you may send your written complaint to the Operations & Prevention Director; 401 Branard, 2nd Floor; Houston, TX 77006. You may also send a written complaint to the Secretary of the U.S. Department of Health and Human Services. The Center can provide you with the appropriate address upon request. You have
specific rights under the Privacy Rule. The Center will not retaliate against or penalize you for exercising your right to file a complaint.
VI. Effective Date
This notice will go into effect on April 14, 2003.
ONC Health IT – Disclosures
NIST 7742 User Centered Design Report
Certificate of Compliance
CONTINUUM Real World Testing Plan 2023
Real World Results Reports 2023
Montrose Center Real World Testing Plan 2024
Mandatory Disclosure
170.315(b)(10) single file sample
170.315(b)(10) multiple file sample
This Health IT Module is compliant with the ONC Certification Criteria for Health IT and has been certified by an ONC-ACB in accordance with the applicable certification criteria adopted by the Secretary of Health and Human Services. This certification does not represent an endorsement by the U.S. Department of Health and Human Services.
a. Vendor: the Montrose Center
b. Certified: March 20, 2023
c. Product name and version: CONTINUUM V2.0
d. ONC Identification #: 15.07.04.2005.CO02.01.01.0.230320
e. Clinical Quality Measures successfully tested: CMS#2, V10; CMS#69, V9; CMS#138, V9; CMS#159, V9; CMS#161, V9.
f. No additional software relied upon for certification.
g. Certification criterion tested and certified: 170.315(a) Clinical for (a)(5), (a)(12), and (a)(15); 170.315(b)(10); 170.315(c)(1) Clinical Quality Measures; 170.315(d) Privacy and Security for (d)(1), (d)(2)_C, (d)(3)_C, (d)(4), (d)(5), (d)(6), (d)(7), (d)(8), (d)(9), (d)(10)_C, (d)(12)_C, and (d)(13)_C; 170.315(g) Design and Performance for (g)(3), (g)(4), and (g)(5).
h. No additional costs to achieve certification.
i. No limitations incurred to achieve certification.
Homeless Management Information System (HMIS) Data Use and Disclosure Policy
The Montrose Center staff who have access to HMIS follow the data use Policies and Procedures to guide the data use of client information stored in HMIS. Client data may be used or disclosed for system administration, technical support, program compliance, analytical use, and other purposes as required by law. Uses involve sharing parts of client information with persons within an agency. Disclosures involve sharing parts of client information with persons or organizations outside an agency.
▪ Participating Agencies may use data contained in the system to support the delivery of services to homeless clients in the continuum. Agencies may use or disclose client information internally for administrative functions, technical support, and management purposes. Participating Agencies may also use client information for internal analysis, such as analyzing client outcomes to evaluate program.
▪ The vendor and any authorized subcontractor shall not use or disclose data stored in HMIS without expressed written permission in order to enforce information security protocols. If granted permission, the data will only be used in the context of interpreting data for research and system troubleshooting purposes. The Service and License Agreement signed individually by the HMIS Lead Agency (the Coalition for the Homeless) and vendor contain language that prohibits access to the data stored in the software except under the conditions noted above.