TMI Privacy Policy

Introduction

This policy (the 'Privacy Policy') defines the manner in which TMI (“We” or “we”) collects, uses, maintains, and discloses information that individuals may provide to it or through its website (tmi-inc.org) (the 'Site') or otherwise due to the provision of its services. It also describes the choices available to the person providing the information or data ('You' or 'Your') regarding the use of, Your access to, and how to update and correct Your personal information.
 

Although TMI is a non-profit entity, TMI complies with applicable United States (“U.S.”) state and federal laws relating to data privacy, patient privacy and health data security. TMI recognizes that when You provide Your personal information, You expect and trust TMI to handle that information carefully and responsibly. TMI is committed to making sure Your personal information is safe and secure.
 

Please read this Privacy Policy carefully. By voluntarily using the Site and/or providing data or other information to TMI, You are indicating your consent to these terms and agree (on behalf of Yourself and/or the legal entity that You represent) to be bound by these terms. If You do not accept and agree to be bound by these terms, You are not authorized to access or otherwise use the Site or receive the services.
 

If You are a California resident, please see the California section below. For protected health information in the U.S., please see the HIPAA Privacy Rule section below. If You have any questions or wish to exercise Your rights and choices, if any, please contact us as set out in the Contact section below.
 

Personal Identification Information

For the purpose of this policy, personal information means information about an identifiable individual. This includes an individual’s name, home address and phone number, age, sex, marital or family status, an identifying number, financial information, educational history, medical information, etc. Personal information does not include anonymous or non-personal information (i.e., information that cannot be associated with or tracked back to a specific individual).
 

Web Browser Cookies

Cookies are small data files containing small amounts of information that are placed on your computer or mobile device when you visit a website. Cookies remember things about your visit to our Site, such as your preferred language and other choices/settings and generally make the site easier to use. They can also be used for relevant advertisements.

There are various types of cookies that may be applicable.

  • Cookies by the Site owner (here, TMI).

  • Third party cookies that enable third party features or functionality to be provided on or through the Site (e.g. usage analytics). The parties that set third party cookies can recognize your computer both when it visits the Site and also when it visits certain other websites.

  • Persistent cookies are activated each time that you visit the Site and remain on your device for the period of time specified in the cookie.

  • Session cookies are activated when you open the browser window and finish when you close the browser window; once you close the browser, all session cookies are deleted.
     

Like most websites, Site may use 'cookies' to enhance your experience. Your web browser places cookies on your hard drive for record-keeping purposes and sometimes to track information about you. You may choose to set your web browser to refuse cookies or to alert you when cookies are being set, although some parts of the Site may not function properly.

 

You can disable certain tracking as discussed in this section. For strictly necessary and functionality cookies, which are essential to our website, as applicable, and which are required in order to deliver the Site to you, you cannot refuse them. You can block or delete them by changing your browser settings however. You can set or update your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our Site though your access to some functionality and areas of our Site may be restricted and/or have limited functionality. You should visit your browser's help menu for more information (web browser controls vary from browser-to-browser). For further information on cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit www.allaboutcookies.org.

 

Responsibilities of TMI

We are committed to safeguarding the privacy of personal information entrusted to us. This information may also include health care information that you and/or other service agencies provide us on your behalf.

 

We make every reasonable effort to ensure that client information is accurate and complete. We protect client personal information in a manner appropriate for the sensitivity of the information. We make every reasonable effort to prevent any loss, misuse, disclosure or modification of personal information, as well as any unauthorized access to personal information.

This policy outlines the principles and practices we follow in protecting and managing our client’s personal and health care information to the best of our efforts in accordance with California and U.S. laws protecting your privacy.

A copy of this policy is provided to TMI employees, all clients receiving support services through TMI and is available on our Site.

What Personal Information Do We Collect and Use?

We collect the personal identification and/or medical information that we need for the purpose of providing support services to our clients through our agency programs. We collect this information from our clients and from our referring funding/placement providers. As described above, personal information may also be collected through the use of our Site.

We inform our clients, before or at the time of collecting personal identification and/or medical information, of the purposes for which we are collecting the information.

Examples of Personal Information 

  • Contact information (address, phone numbers, location)

  • Emergency Contact(s)

  • Physician and Health Care Providers

  • Physical and Cognitive Diagnosis

  • Medications

  • Day Program or Employment Information
     

TMI may collect and use Personal Identification Information, Medical Information, and non-personal identification information (collectively, 'Your Information') for the following purposes:

  • To provide the Site and/or services. TMI may request Your Information that is necessary to provide the Site and/or to provide You with TMI's services.

  • To authenticate and personalize the use of the Site and/or to provide our services. If You are a client, we use Your personal information to provide You with an identity in Your usage of the services TMI offers. We use cookies to remember users’ settings (e.g. language preference), for authentication on our Site. 

  • To improve customer service. TMI may use Your Information to respond to customer service requests and support needs more efficiently.

  • To manage Client and Partnership Relationships. If You are a TMI client, We may use Your personal information You provided to us, particularly Your business contact information and information relevant for the engagement, for the purpose of managing the relationship and in connection with any potential contractual arrangements between our companies. We also may process Your personal information as a part of a professional services engagement and/or in order to provide You with our technical support services.

  • To improve the Site or Our Business. TMI may use Your feedback and usage data to improve our Site or our services.

  • To process payments. TMI may use Your Information to collect and remit payments. TMI does not share this information with outside parties except to the extent necessary to provide the service.

  • To contact You. TMI may use email addresses to send client's information and updates pertaining to the services. TMI may use such information to schedule program support at your home, pick you up at your residence to for program or to remind you of appointments or meetings.
     

Use and Disclosure of Personal Information With Authorization 

To ensure confidentiality, every recipient of TMI services will sign release forms which comply with state and federal regulations before TMI employees will communicate with other persons or agencies on the individual's behalf. All information generated by TMI can be shared with other persons, based on the job and/or support responsibilities of TMI personnel. Agency provided release forms are on file.

TMI may use or disclose client health information as needed, in order to provide, coordinate or manage your health care when providing support services. This includes sharing a client’s health information with his/her TMI service support team and/or other health care providers. regarding your treatment when we need to coordinate and manage your health care (i.e., medications, doctor visits, etc.).

 

Example: We may share your health information with doctors, nurses and other health care personnel who are involved in providing your health care. For example, we need to provide an urgent care nurse or physician enough information about your health status so that the nurse or physician can determine how to dispense proper medical care based on your medications and diagnosis when applicable. Disclosing your health information to another health care provider would be especially important if your doctor knew you had allergic reactions to particular substances that could be life threatening. So sharing a client’s health information with another health care provider is essential for your protection and quality care.

There is no provision for confidentiality in the case of threatened or attempted suicide, or threatened or attempted bodily harm to others. Support staff who have specific concerns about a client, such as emotional stability, are encouraged to discuss these issues with management personnel to pursue resolution.

 

Use and Disclosure of Personal Information Without Authorization 

TMI may use and/or disclose your personal and/or health information for those circumstances that have been determined to be so important that your authorization may not be required. Prior to disclosing your health information, we will evaluate each request to ensure that only necessary information will be disclosed. Those circumstances include disclosures that are:

  • Required by law

  • For public health activities
     

For example, we may disclose health information to public health authorities if you have a communicable disease and we have reason to believe, based upon information provided to us, that there is a public health risk such as evidence of your noncompliance with your treatment plan. If you suffer from a communicable disease such as tuberculosis or HIV/AIDS, information about your disease will be treated as confidential. Other than circumstances described to you in other sections of this Notice, we will not release any information about your communicable disease except as required to protect public health or the spread of a disease, or at the request of the State or Local Health Director

  • Regarding abuse, neglect or domestic violence

  • For health oversight activities such as licensing of foster homes

  • For law enforcement purposes unless otherwise prohibited by State or Federal law

  • For court proceedings such as court orders to appear in court with your health information

  • Related to death such as disclosures to a funeral director

  • To avert a serious threat to the health or safety of a person or the public

  • Related to specialized government activities such as national security

  • To correctional/custodial institutions or other law enforcement officials when you are in their custody

  • For Worker’s Compensation in cases pending before the Industrial Commission

  • For the purpose of liability referencing destruction of property by a TMI client to our organization, an employee or another individual.
     

TMI may be legally obligated to disclose information about You to the government or third parties under certain circumstances, such as in connection with illegal activity on the Site or to respond to a subpoena, court order, or other legal process. TMI reserves the right to release Your Information to law enforcement or other government officials as deemed necessary or appropriate in TMI's sole and absolute discretion.
 

Storage and Access - Records Containing Personal Information  

It is the policy of TMI to maintain information and records of all persons served (clients) by the agency in files referred to as “client files.” TMI maintains these files to reflect accurate and current record keeping practices and upholds the strictest privacy policy and protocol to protect the client information and records contained within the client files. Where such information is electronic, TMI uses commercially reasonable practices to safeguard Your data.
 

In all TMI locations, the program’s client files are stored in locked filing cabinets located in designated file rooms or within the office of the Manager who oversees their designated client files. TMI takes steps to protect Your Information against unauthorized access when in digital form as well. These measures include appropriate data collection, storage and processing practices, and security measures to protect against unauthorized access, alteration, disclosure, or destruction of Your personal information, Your name, password, transaction information, and data stored by TMI. However, You should keep in mind that digital storage is run on software, hardware, and networks, any component of which may, from time to time, require maintenance or experience problems or breaches of security beyond TMI's control.
 

TMI will make every reasonable effort to secure its Site and digital security efforts, but it does not represent, warrant, or covenant anything related to sage, complete, or hack-proof transmissions in transit or at rest. You assume the risk of any unauthorized disclosure or intentional intrusion, or of any delay, failure, interruption, or corruption of data or other information transmitted or stored at rest in connection with the use of the Site or our services.

Some examples of confidential/personal information found in a Client’s file are:

  • Identification data including a photo

  • Name, address and phone number of the client’s emergency contact, personal representative, conservator, guardian, and/or representative payee, if one has been appointed, for the person served

  • Medical Information including, but not limited to:

  • Pertinent history, diagnoses or disabilities, presenting need(s) or functional limitation(s), special communication needs, and desired outcomes and expectations

  • Prescribed medications and listed side effects and the name and phone number of prescribing physician(s)

  • Relevant medical information - e.g., allergies, seizure disorders

  • Reports of initial and ongoing assessments

  • Reports from referring agencies/sources

  • Reports of ancillary service referrals by TMI

  • Reports from outside consultants

  • Designation of the individual currently coordinating services

  • Evidence of the direct involvement of the person served in the decision-making process related to his/her program

  • Reports of planning team meetings

  • Reports of family conferences if held

  • The individual plan of the person served, including the overall plan and the plans for specific services

  • Signed and dated progress notes and/or appropriate data sheets

  • Correspondence pertinent to the person served

  • Release forms

  • The exit/discharge summary

  • Follow-up reports
     

Changes to Personal Information 

It is the responsibility of the client or the client’s designated emergency contact, personal representative, conservator, guardian, and/or representative payee (if one has been appointed) to notify us if there is a change or a correction to their personal information that may affect their relationship with our organization. Changes to a client’s personal information must be in the form of a written request for change or correction.

Retention of Personal Information  

We retain current client personal information for the duration of the client’s admission and service supports through program.

Once a client is discharged from support services, it is the practice of TMI to maintain all programmatic, records up to five years. Any records governed by professional, research, administrative and legal requirements shall be maintained in accordance with current, relevant and prevailing laws or standards.

Destruction of Records 

We use appropriate security measures when destroying client personal information, including shredding paper records and permanently deleting electronic records.

HIPAA Privacy Rule and Breach of PHI 

The HIPAA PRIVACY RULE establishes national standards to protect individuals' medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically.

Breach of Confidential/Protected Health Information

A “breach” is defined as the “acquisition, access, use or disclosure of PHI” in violation of the HIPAA Privacy Rule. It is generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. An impermissible use or disclosure of protected health information is presumed to be a breach unless the covered entity or business associate, as applicable, demonstrates that there is a low probability that the protected health information has been compromised based on a risk assessment which follows pointed factors.

These rules also apply to covered entities and business associates. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules' requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.

As a covered entity, TMI follows an agency-wide protocol that includes incident documentation, logging and reporting of Confidential and Protected health information breaches.
 

Revisions to this Privacy Policy 

TMI may from time to time make changes to this Privacy Policy to reflect changes in its legal or regulatory obligations or in the manner in which we deal with your personal information. We will communicate any revised version of this Privacy Policy. Any changes to this Privacy Policy will be effective from the time they are communicated, provided that any change that relates to why we collect, use or disclose your personal information will not apply to you, where your consent is required to such collection, use or disclosure, until we have obtained your consent to such change.

Interpretation of this Privacy Policy 

  • Any interpretation associated with this Privacy Policy will be made by the Director of Human Resources. 

  • This Privacy Policy includes examples but is not intended to be restricted in its application to such examples, therefore where the word 'including' is used, it shall mean 'including without limitation.

  • This Privacy Policy does not create or confer upon any individual any rights, or impose upon Agrium any rights or obligations outside of, or in addition to, any rights or obligations imposed by the privacy laws applicable to such individual's personal information.

  • Should there be, in a specific case, any inconsistency between this Privacy Policy and such privacy laws, this Privacy Policy shall be interpreted, in respect of that case, to give effect to, and comply with, such privacy laws.
     

Your Rights Regarding Your Personal Information 

You have the following rights regarding your personal information as created and maintained by this agency.

 

Right To Receive A Copy Of This Policy

You have a right to receive a copy of TMI’s Personal Information Privacy Notice Policy. At your admission to program with this agency, you will be given a copy of this Policy and asked to sign an acknowledgement that you have received it.

 

In addition, copies of this Policy have been posted in several public areas throughout this agency, as well as the agency’s web site at www.tmi-inc.org. You have the right to request a paper copy of this Policy at any time from the agency’s Human Resources Director.

 

Right To Request Different Ways To Communicate With You

You have the right to request to be contacted at a different location or by a different method. For example, you may request all written information be sent to your work address rather than your home address. We will agree with your request as long as it is reasonable to do so; however, your request must be made in writing and forwarded to our agency Privacy Official.

Right To Request To See And Copy Your Personal Information

You have the right to request to see and receive a copy of your personal information. You may request access to your program’s Director (or Social Worker in Family Support Services).

Right To Request Amendment Of Your Personal Information

You have the right to request changes in your personal information. If you believe that we have information that is either inaccurate or incomplete you may document this by writing a statement of concern and attaching it to the item(s) in question. The Program Director will assist clients in the completion of this process, as needed.

 

We may deny your request if:

  • the information was not created by this agency (unless you prove the creator of the information is no longer available to change the information)

  • the information is not part of the records used to make decisions about you

  • we believe the information is correct and complete

  • you do not have the right to see and copy the record.

If we deny your request to change your personal information, we will tell you in writing the reasons for denial and describe your rights to give us a written statement disagreeing with the denial.

If we accept your request to change your personal information, we will make reasonable efforts to inform others of the changes, including persons you name who have received your personal information and who need the changes.

 

Right To Deny Sharing Of Your Personal Information

Adult participants who are not under conservatorship have the right to deny TMI permission to share information, even with their own parents. Specific issues may be reviewed individually especially where health and safety are jeopardized.

 

Guidelines or advice on how to proceed may be sought from the Office of Clients’ Rights Advocacy (OCRA), Clients' Rights Advocate, Regional Center, ABXIII, or Department of Rehabilitation Client Assistance Program (CAP).

 

California

While TMI is a non-profit organization and the California Consumer Privacy Act (“CCPA”) does not apply to TMI, we use every reasonable effort to safeguard Your personal information and therefore provide the following disclosures to individuals who reside in California. The CCPA provides additional rights to know, delete and opt out, and requires businesses collecting or disclosing Personal Information to provide notice of rights California residents have and can exercise. Please note that TMI is not required to provide this notice pursuant to the CCPA and while it will use reasonable efforts to accommodate California consumer requests, it cannot guarantee such.

 

California Notice of Collection. TMI collects information corresponding to the following categories of information identified in the CCPA.

  • Identifiers, including name, address, email address, account name, date of birth, Social Security Number, IP address and account identification details assigned to Your account.

  • Client records, phone number, billing address, credit or debit card information, employment or education information.

  • Analytics and Advertising, including purchases and engagement with TMI.

  • Internet activity, including history of visiting and interacting with Our Site.
     

TMI does not generally sell information as the term “sell” is traditionally understood. However, to the extent “sale” under the CCPA is interpreted to include advertising technology activities, we will use commercially reasonable efforts to comply with applicable law as to such activity.
 

TMI discloses the following categories of information for commercial purposes:

  • Commercial Information;

  • Client Records;

  • Demographic Data;

  • Location Data;

  • Identifiers;

  • Inferences; and

  • Internet activity.
     

Right to Know and Delete. If You are a California resident, You have the right to know certain information about Our data practices in the 12 months preceding any such request. In particular, You have the right to request the following from Us.

The categories of Personal Information We have collected about You:

  • The categories of Personal Information We have collected about You;

  • The categories of sources from which the Personal Information was collected;

  • The categories of Personal Information about You that We disclosed for a business purpose or sold;

  • The categories of third parties to whom the Personal Information was disclosed for a business person or sold; 

  • The business or commercial purpose for collecting or selling the Personal Information; and

  • The specific pieces of Personal Information We have collected about You.
     

You also have the right to have the Personal Information that TMI has collected from You deleted. This is, however, not an absolute right and TMI may have legal grounds for keeping such data. Further, as stated above, TMI is exempt from CCPA compliance as a non-profit entity and does not waive such exemption or guarantee compliance with any part of the CCPA.

 

Exercising Your Rights. To exercise any of these rights, please submit a request to HR@tmi-inc.org. Your request should specify which right You are seeking to exercise and the scope of the request. We will strive to confirm receipt of Your request within 10 days. We may require specific information from You to help us verify Your identity and process Your request. If We are unable to verify Your identity, we may deny Your requests to know or delete.
 

Authorized Agent. You can designate an authorized third party to submit requests on Your behalf. However, we will require written proof of the agent’s permission to do so and verify Your identity directly.

Right to Non-Discrimination. You have the right to not be discriminated against by Us as a result of Your exercising any of Your rights.

 

Changes to this Policy

TMI has the discretion to update this policy at any time. If and when TMI does so, TMI will post a notification on the Site. TMI encourages User to frequently check this page for any changes to stay informed about how TMI is protecting Your Information collected through the Software and Services. You acknowledge and agree that it is Your responsibility to review this policy periodically and be aware of modifications.

 

Contact

If have any questions about this policy, the practices of TMI, or if You wishes to exercise any of the rights described above or submit a complaint, contact TMI at: info@tmi-inc.org