For purposes of this Notice, the following definitions apply:

HIPAA means Health Insurance Portability and Accountability Act of 1996

Community Mental Health Center (CMHC) means, for purposes of this Notice:

  • All departments or units of the CMHC.
  • Any member of a volunteer group we allow to help you while you are being treated at any of our CMHC locations.
  • All employees, staff, and other CMHC personnel.
  • Any health care professional authorized to enter information into your CMHC chart.
  • All CMHC remote sites and locations.

Protected Health Information (PHI) means individually identifiable health information, as defined by HIPAA, that is created or received by the Hospital as it relates to the past, present or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present or future payment for the provision of health care to an individual; and that identifies the individual or for which there is a reasonable basis to believe information can be used to identify the individual. PHI includes information of persons living or deceased.


We understand that medical information about you and your health is personal. We are committed to protecting your PHI. We create a record of the care and services you receive at the Community Mental Health Center (CMHC). We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all PHI generated by the Hospital, whether made by the CMHC personnel or your personal doctor. Your personal doctor may have different policies or notices regarding the doctor’s use and disclosure of your medical information created in the doctor’s office or clinic. This notice will tell you about the ways in which we may use and disclose your PHI. We also describe your rights and certain obligations we have regarding the use and disclosure of your PHI. 


Each time you receive health care services from the agency a record of your service is made. Typically, this record contains your symptoms, examination, test results, diagnoses, treatment and a plan for further care or treatment. This information often referred to as your health or medical record serves as a:

  • Basis for planning your care and treatment
  • Means of communication among the many health professionals who contribute to your care
  • Legal document describing the care you received
  • Means by which you or a third-party payer can verify that services billed are actually provided
  • A tool in educating health professionals, clinical and support staff
  • A source of information for public health officials charged with improving the health of the nation (communicable diseases)

A source of data for facility planning

  • A tool with which we can assess and continually work to improve the care we render and outcomes we achieve

Understanding what is in your record and how your health information is used helps you to:

  • Ensure its accuracy
  • Better understand who, what, when, where, and why others may access your health information
  • Make more informed decisions when authorizing disclosure to others


Although your health record is the physical property of this agency or the facility that compiled it, the information belongs to you. You have the right to:

  • Inspect/ Obtain a paper or electronic copy of your medical record: You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this. We will provide a copy or summary of your health information, usually within 30 days of your request. There will be a reasonable, cost-based fee.
  • Amend your medical record: You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this. We may say “no” to your request, but we will tell you in writing within 60 days.
  • An Accounting of Disclosures: You can ask for a list (accounting) of the times that we have shared your PHI with and why for up to six years prior to the date of your request.
  • Request Restrictions or ask us to limit what we share: You can ask us not to share certain health information for treatment, payment or our operations.
  •  Keep in mind that we are not required to agree with your request, and we may say “no” if it would affect your care.

If you pay for a service or health care item out-of-pocket in full, then you can ask us not to share that information for the purpose of our operations with your health insurer.

  • We will say “yes” to this request unless the law requires us to share that information.
  • Request Confidential Communications: You can ask us to contact you in a specific way (for example, home or office phone) or to send mail via alternate means (E.g., fax) or to a different address such as a P.O. Box, etc. We will say “yes” to all reasonable requests.
  • Receive Notice of a Breach: We will notify you if your unsecured PHI has been breached, unless there is a low probability that the PHI has been compromised based upon a risk assessment.
  • Receive a Paper Copy of This Notice. You have a right to ask us for a copy of this notice at any time, even if you have agreed to receive the notice electronically. At the time of request, we will provide you with a paper copy promptly.
  • Choose or appoint someone to act on your behalf: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure that the person has this authority and can act on your behalf before we take any action.
  • File a complaint: You can complain if you feel we have violated your rights by following the steps outlined below in the “Complaints” section of this notice.


We are required to:

  • Maintain policies and practices that protect the security and privacy of your protected health information
  • Secure your electronic records from premature destruction and unauthorized disclosure
  • Promptly notify you if a breach occurs that may have compromised the privacy or security of your information
  • Provide you with this notice of our legal duties and privacy practices with respect to information we collect and maintain about you
  • Abide by the terms of this notice, until such time as our privacy practices or the law changes
  • Notify you if we are unable to agree to a requested restriction or amendment pertaining to your health information
  • Accommodate reasonable request you may have to communicate health information by alternative means or at alternative locations
  • Provide examples of our practices to help you better understand how your health information will be used and disclosed
  • Not use or share your PHI other than as described in this notice unless you tell us we can in writing. Even then, you still have the right to change your mind at any time by letting us know in writing. 


We reserve the right to change the practices described in this notice and to make the new provisions effective for all PHI we maintain, including any information compiled before the change.Should our privacy practices change, we will make a copy available at your next scheduled visit. We will also post the revised notice in prominent public access locations throughout our facility and on our website at ­­­­­­­­­­www.mshs.org.


If you have questions and/or believe your privacy rights have been violated, you may file a complaint/appeal with Mid-South Health Systems (MSHS) or with the Secretary of the Department of Health and Human Services. To file a complaint with MSHS, contact the Corporate Privacy Officer, 2707 Browns Lane, Jonesboro, AR 72401; (870) 972−4046. All complaints must be submitted in writing. You will not be penalized for filing a complaint.


We will use and disclose your information for your treatment, payment for services rendered, and health care operations of the agency. Examples are included for information purposes. If you have questions about these or other permitted uses and disclosures of your health information, please discuss these with the Privacy Officer at (870) 972-4046. 


We can use your health information and share it with other professionals who are treating you. Information obtained by a nurse, physician, mental health professional, or other member of your healthcare team will be recorded in your record and used to determine the course of treatment that should work best for you. Your healthcare providers will document in your record the actions they took and their observations. In that way, the treatment team will know how you are responding to treatment. Example: A doctor such as your primary care physician (PCP) who is treating you asks another doctor who is also treating you about your overall health condition or specifics concerning your health condition. I such cases as these and alike, we will provide subsequent healthcare providers with copies of certain information necessary for treatment. 


Our professionals are trained to identify and respond to emergency situations. When we conclude an emergency exists, our focus is on immediate intervention and stabilizing the client, not on privacy. Consequently, we will use and disclose health information as needed to provide appropriate healthcare service; even it would conflict with a client’s normal privacy expectations. 


We can use and share your health information to bill and obtain payment from health plans or other entities. A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used. Example: We give information about you to your health insurance plan so that it will pay for your services.


We can use and share your health information to run our mental health center, improve your care, and contact you when necessary. We share private health information internally and with selected business associates in order to continually improve the quality and effectiveness of the health care and service we provide. Example: We use health information about you to manage your treatment and services, assess your care received, and the outcomes of your case.


  • There are some services pertaining to treatment, payment or healthcare operations provided in our organization through contracts with business associates. Examples include, but are not limited to certain laboratory tests, Patient Assistance Program, and offsite records storage, etc. When these services are contracted, we may disclose your health information to our business associate. To protect your health information, however, we require the business associate to appropriately apply and uphold the same safeguards as we do. 


Health professionals using their best judgment and the authority conveyed by the Laws of the State of Arkansas may disclose to a parent and/or guardian, or other person you identify and authorize to have access to health information relevant to that person’s involvement in your care or payment related to your care. We may use or disclose information to notify and assist in notifying a family member, personal representation, or another person responsible for your care, your location, and general condition.  


There are several situations where we might be required by law, law enforcement, courts or regulators to release some or all of a client’s protected health information, whether or not you authorize such a release. Examples include, but are not limited to certain information we are required to release to the Medical Examiner, Public Health agencies, Workers Compensation Administrators, Law Enforcement Officers, Judicial Proceedings, and others.


As a part of our healthcare services, we may recommend or discuss options that relate to your treatment. Other uses and disclosures of PHI not covered by this Notice or the laws that apply to us (such as marketing or sale of PHI), will be made only with your written authorization. Additionally, psychotherapy notes will not be disclosed without your written authorization. If you provide us authorization to use or disclose your PHI, you may revoke that permission, in writing, at any time. If you revoke your authorization, we will no longer use or disclose your PHI for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of that care that we provided to you. Send all revocation requests to:

Mid-South Health Systems, Inc.

Attention: Privacy Officer

2707 Browns Lane

Jonesboro, Arkansas 72401

Phone: 870−972−4046


The confidentiality of alcohol and drug abuse patient records maintained by this program is protected by federal law and regulations. Generally, the program may not say to a person outside the program that a patient attends the program, or disclose any information identifying a patient as an alcohol or drug abuser unless one of the following conditions is met: (1) the patient consents in writing; (2) the disclosure is allowed by a court order; (3) the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.

Violation of the federal law and regulations by a program is a crime. Suspected violations may be reported to appropriate authorities in accordance with federal regulations. Federal law and regulations do not protect any information about a crime committed by a patient either at the program or against any person who works for the program or about any threat to commit such a crime. Federal laws and regulations do not protect any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities. 


For most other uses and disclosures of information, we will require a signed authorization by the client before providing a third party with access to your individually identifiable health information. Most other uses and disclosures will be made only with the individual’s written consent or authorization and the individual may revoke such authorization at any time. 


Even though we can lawfully use and disclose your health information under a variety of circumstances, we always try to limit the information to the minimum necessary. This sometimes requires the exercise of professional judgment.

Effective Date: September 23, 2013.

Revised: 9/17/13 5015