Skip to Content

HIPPA Notice

HIPPA Notice

COUNTY OF BERKS

HIPAA NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.


The County of Berks (“County” or “We”) provide(s) certain health care and other social services to qualified individuals. To provide you with these services, County staff will ask you for personal information that they will keep in your records.  This information may include: 

    • Information that identifies you, such as your name, address, telephone number, date of birth and social security number.  
    • Financial information, which includes information about your income, your bank accounts or other assets, and any insurance coverage that you have. 
    • Protected health information, which includes any information that tells us about your past, present or future health or mental health treatment. 
    • Information about benefits or services that you are receiving or have received.   

This Notice of Privacy Practices (the “Notice”) describes the County’s legal obligations and your legal rights regarding your information, including protected health information as defined in under the Health Insurance Portability and Accountability Act of 1996 (as amended, “HIPAA”) and certain substance use disorder (“SUD”) records covered by 42 CFR part 2 (Part 2). Among other things, this Notice describes how your protected health information may be used or disclosed to carry out treatment, payment, or health care operations, or for any other purposes that are permitted or required by law.


We are required to provide this Notice to you pursuant to HIPAA. The HIPAA Privacy Rule protects only certain medical information known as “protected health information.” Generally, protected health information is individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health care clearinghouse, a health plan, or your employer on behalf of a group health plan, which relates to:

(1)your past, present or future physical or mental health or condition;

(2)the provision of health care to you; or

(3)the past, present or future payment for the provision of health care to you.


Contact Information

If you have any questions about this Notice or about our privacy practices, please contact the County’s designated HIPAA Privacy Officer: 


County of Berks 

Attention: Kevin Barnhardt, HIPAA Privacy Officer

Berks County Service Center, 13th Floor 

633 Court Street 

Reading, PA 19601 

Phone: 610-478-6136 

 

Effective Date

This Notice, as revised, is effective February 16, 2026.


Our Responsibilities

We are required by law to:

    • maintain the privacy of your protected health information;
    • provide you with certain rights with respect to your protected health information;
    • provide you with a copy of this Notice of our legal duties and privacy practices with respect to your protected health information; and
    • follow the terms of the Notice that is currently in effect.

We reserve the right to change the terms of this Notice and to make new provisions regarding your protected health information that we maintain, as allowed or required by law. If we make any material change to this Notice, we will provide you with a copy of our revised Notice of Privacy Practices. You may also obtain a copy of the latest revised Notice by contacting our Privacy Officer at the contact information provided above or on the County website (https://www.berkspa.gov/HIPPA-Notice). Except as provided within this Notice, we may not disclose your protected health information without your prior authorization.


How We May Use and Disclose Your Protected Health Information

Under the law, we may use or disclose your protected health information under certain circumstances without your permission. The following categories describe the different ways that we may use and disclose your protected health information. For each category of uses or disclosures we will explain what we mean and present some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose protected health information will fall within one of the categories.


For Treatment

We may use or disclose your protected health information to facilitate medical treatment or services. We may disclose medical information about you to health care providers, including doctors, nurses, technicians, medical students, or hospital personnel who are involved in taking care of you. For example, we might disclose information about your prior prescriptions to a pharmacist to determine if a pending prescription is inappropriate or dangerous for you to use. We may also disclose medical information about you to people who may be involved in your medical care. This may include family members, or visiting nurses to provide care in your home.


For Payment

We may use or disclose your protected health information to facilitate payment for the treatment and services you receive. For example, we may tell your health care provider about your medical history to determine whether a particular treatment is experimental, investigational, or medically necessary, or to determine whether your health plan will cover the treatment. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.  


For Health Care Operations

We may use and disclose medical information about you for health care operations where necessary to ensure you receive quality care. 


To Business Associates

We may contract with individuals or entities known as Business Associates to perform various functions on our behalf or to provide certain types of services. In order to perform these functions or to provide these services, Business Associates will receive, create, maintain, use and/or disclose your protected health information, and we may share such information with them, but only after they agree in writing with us to implement appropriate safeguards regarding your protected health information. For example, we may disclose your protected health information, including SUD treatment records, to a Business Associate to bill you or your health plan for services, but only after the Business Associate enters into a Business Associate Agreement with us.


Treatment Alternatives

We may use and disclose protected health information to tell you about possible treatment options or alternatives that may be of interest to you.

  

Health-Related Benefits and Services

We may use and disclose protected health information to tell you about health-related benefits or services that may be of interest to you.  


Health Information Exchange

The County may participate in a health information exchange (HIE). Generally, an HIE is an organization in which providers exchange patient information in order to facilitate health care, avoid duplication of services (such as tests) and to reduce the likelihood that medical error will occur. By participating in a HIE, we may share your protected health information with other providers that participate in the HIE. If you do not want your medical information to be available through the HIE, you may opt out by notifying the Privacy Officer.

  

Individuals Involved in Your Care or Payment for Your Care

We may disclose protected health information about you to a friend or family member who is involved in your care. We may also give information to someone who helps pay for your care. However, we can only give family and friends information that relates to their involvement or payment for your care. Where permitted by law, we may also tell your family or friends your condition and that you are receiving services. In addition, we may disclose protected health information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location. 


As Required by Law

We will disclose your protected health information when required to do so by federal, state or local law. For example, we may disclose your protected health information when required by national security laws or public health disclosure laws.


To Avert a Serious Threat to Health or Safety

We may use and disclose your protected health information when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat. For example, we may disclose your protected health information in a proceeding regarding the licensure of a physician.


Special Situations

In addition to the above, the following categories describe other possible ways that we may use and disclose your protected health information. For each category of uses or disclosures, we will explain what we mean and present some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.


Organ and Tissue Donation

If you are an organ donor, we may release your protected health information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.


Military and Veterans

If you are a member of the armed forces, we may release your protected health information as required by military command authorities. We may also release protected health information about foreign military personnel to the appropriate foreign military authority.


Workers’ Compensation

We may release your protected health information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.. These programs provide benefits for work-related injuries or illness.


Public Health Risks

We may disclose your protected health information for public health actions. These actions generally include the following:

    • to prevent or control disease, injury, or disability;
    • to report births and deaths;
    • to report child abuse or neglect;
    • to report reactions to medications or problems with products;
    • to notify people of recalls of products they may be using;
    • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
    • to notify the appropriate government authority if we believe that a patient has been the victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree, or when required or authorized by law.

Health Oversight Activities

We may disclose your protected health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.


Lawsuits and Disputes

If you are involved in a lawsuit or a dispute, we may disclose your protected health information in response to a court or administrative order. We may also disclose your protected health information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.


SUD treatment records received from programs subject to 42 CFR part 2, or testimony relaying the content of such records, shall not be used or disclosed in civil, criminal, administrative, or legislative proceedings against you unless based on your written consent, or a court order after notice and an opportunity to be heard is provided to you or the holder of the record, as provided in 42 CFR part 2. A court order authorizing use or disclosure must be accompanied by a subpoena or other legal requirement compelling disclosure before the requested record is used or disclosed.


Law Enforcement

We may disclose your protected health information if asked to do so by a law enforcement official—

    • in response to a court order, subpoena, warrant, summons or similar process;
    • to identify or locate a suspect, fugitive, material witness, or missing person;
    • about the victim of a crime if, under certain limited circumstances, we are unable to obtain the victim’s agreement;
    • about a death that we believe may be the result of criminal conduct;
    • about criminal conduct; and
    • in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.

Coroners, Medical Examiners and Funeral Directors

We may release protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients to funeral directors as necessary to carry out their duties.


National Security and Intelligence Activities

We may release your protected health information to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.


Inmates

If you are an inmate of a correctional institution or are in the custody of a law enforcement official, we may disclose your protected health information to the correctional institution or law enforcement official if necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.


Research

We may disclose your protected health information to researchers when:

(1)the individual identifiers have been removed; or

(2)when an institutional review board or privacy board has (a) reviewed the research proposal; and (b) established protocols to ensure the privacy of the requested information, and approves the research.


Required Disclosures

The following is a description of disclosures of your protected health information we are required to make.


Government Audits

We are required to disclose your protected health information to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA privacy rule.


Disclosures to You

When you request, we are required to disclose to you the portion of your protected health information that contains medical records, billing records, and any other records used to make decisions regarding your health care benefits. We are also required, when requested, to provide you with an accounting of most disclosures of your protected health information if the disclosure was for reasons other than for payment, treatment, or health care operations, and if the protected health information was not disclosed pursuant to your individual authorization.


Notification of a Breach.

We are required to notify you in the event that we (or one of our Business Associates) discover a breach of your unsecured protected health information, as defined by HIPAA.


Other Disclosures

Personal Representatives

We will disclose your protected health information to individuals authorized by you, or to an individual designated as your personal representative, attorney-in-fact, etc., so long as you provide us with a written notice/authorization and any supporting documents (i.e., power of attorney). Note: Under the HIPAA privacy rule, we do not have to disclose information to a personal representative if we have a reasonable belief that:

(1)you have been, or may be, subjected to domestic violence, abuse or neglect by such person;

(2)treating such person as your personal representative could endanger you; or

(3)in the exercise or professional judgment, it is not in your best interest to treat the person as your personal representative.

Psychotherapy Notes

We must receive prior authorization from you prior to using or disclosing your psychotherapy notes, unless the disclosure is for treatment, payment, or healthcare operations, or is used for other very limited purposes.

 

Substance Abuse Treatment

We may use or disclose any Substance Abuse Disorder Treatment Information (SUD) we receive from a substance abuse treatment program covered under 42 C.F.R part 2 through a consent you provided to the Part 2 program to provide treatment, obtain payment or assist is in the provision of health care operations as described in this notice. Any information that we receive through a consent you have provided to us or to another party other than the Part 2 program will only be disclosed in accordance with your specific consent.

 

State Restrictions

State law may provide greater protection for certain types of information. Where the state requirements are more stringent than federal requirements, we will comply with the state requirements. 


Authorizations

Other uses or disclosures of your protected health information not described above, including the use and disclosure of protected health information for fundraising or marketing purposes, will not be made without your written authorization. You may revoke written authorization at any time, so long as your revocation is in writing. Once we receive your written revocation, it will only be effective for future uses and disclosures. It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation. You may elect to opt out of receiving fundraising communications from us at any time.

Your Rights

You have the following rights with respect to your protected health information:


Right to Inspect and Copy

You have the right to inspect and copy certain protected health information that may be used to make decisions about your health care benefits. To inspect and copy your protected health information, submit your request in writing to the Privacy Officer at the address provided above under Contact Information. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request. We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to your medical information, you may have a right to request that the denial be reviewed and you will be provided with details on how to do so.


Right to Amend

If you feel that the protected health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the County. To request an amendment, your request must be made in writing and submitted to the Privacy Officer at the address provided above under Contact Information. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

    • is not part of the medical information kept by or for the County;
    • was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
    • is not part of the information that you would be permitted to inspect and copy; or
    • is already accurate and complete.

If we deny your request, you have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement.


Right to an Accounting of Disclosures

You have the right to request an “accounting” of certain disclosures of your protected health information. The accounting will not include (1) disclosures for purposes of treatment, payment, or health care operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends or family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures. 


To request this list or accounting of disclosures, you must submit your request in writing to the Privacy Officer at the address provided above under Contact Information. Your request must state a time period of no longer than six years (three years for electronic health records) or the period the County has been subject to the HIPAA Privacy rules, if shorter. 


Your request should indicate in what form you want the list (for example, paper or electronic). We will attempt to provide the accounting in the format you requested or in another mutually agreeable format if the requested format is not reasonably feasible. The first list you request within a 12-month period will be provided free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.


Right to Request Restrictions

You have the right to request a restriction or limitation on your protected health information that we use or disclose for treatment, payment, or health care operations. You also have the right to request a limit on your protected health information that we disclose to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had.

  

We are not required to agree to your request. However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you. To request restrictions, you must make your request in writing to the Privacy Officer at the address provided above under Contact Information. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply—for example, disclosures to your spouse.


Right to Request Confidential Communications

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the Privacy Officer at the address provided above under Contact Information. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests if you clearly provide information that the disclosure of all or part of your protected information could endanger you.


Right to a Paper Copy of This Notice

You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. To obtain a paper copy of this notice, telephone or write the Privacy Officer as provided above under Contact Information.


For more information, please see Your Rights Under HIPAA.


Complaints

If you believe that your privacy rights have been violated, you may file a complaint with the County or with the Office for Civil Rights of the United States Department of Health and Human Services. You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html.


To file a complaint with the County, you can email or call the Privacy Officer as provided above under Contact Information. You will not be penalized, or in any other way retaliated against, for filing a complaint with the Office of Civil Rights or with us. You should keep a copy for your records of any notices you send to the Privacy Officer.