Privacy Practices

TRIAD EAP PRIVACY PRACTICES THIS NOTICE DESCRIBES THE TYPES OF PERSONAL INFORMATION WE COLLECT, HOW IT IS STORED, AND WHO CAN ACCESS IT.
Triad is committed to earning and keeping customer and employee-client trust and confidence. To that end Triad is guided by the laws that oversee the maintenance of Protected Health Information (PHI). Triad privacy and security practices protect your PHI by following the Employee Assistance Professional Association’s ethical framework for maintaining stringent standards of privacy and confidentiality as well as the implementation of HIPAA standards. The purpose of this notice is to inform you of how Triad may use and disclose PHI. This notice also describes your client rights and informs you of how to contact Triad if you have a privacy concern.
CUSTOMER AGREEMENTS Triad includes, as part of the contract with each customer and provider (counselor or coach), a Business Associates Agreement to address the treatment of employee protected health information (PHI). Triad conforms to HIPAA standards for best practices and standards of care. In December of 2014, the Departments of Treasury, Labor, and Health and Human Services issued final rules on excepted benefit standards for limited-scope vision and dental benefits, as well as employee assistance programs (EAPs). Triad satisfies these standards and therefore exempt from mandates under the Health Insurance Portability and Accountability Act (HIPAA), the Patient Protection and Affordable Care Act (PPACA), and other federal laws. Triad does apply to HIPAA standards regardless of this final rule.

PRIVACY POLICY STAFF TRAINING Triad holds a training the 4th quarter of every year in order to review the Triad security- privacy policies. Ethical scenarios, the International Employee Assistance Professionals Association Code of Ethics, and our technology parameters are reviewed. New staff members and student interns must become familiar with these privacy policies within one month after hire and must sign an agreement of understanding to maintain the safety and privacy of PHI. ETHICAL FRAMEWORK FOR THE USE OF TECHNOLOGY Encryption: Triad uses encryption on work computers and devices. File storage is encrypted at rest and in transmission. Backup Systems: Records and data that are stored on the Triad hard drive are backed up either to an external drive or cloud services with a Business Associate Agreement. Password Protection: Triad ensures confidentiality of PHI and employee-client identifiers by password protecting each work computer and device, servers, client database, and stored files. Firewalls: Triad utilizes firewall protection in our router hardware, as well as software for work computers and devices. Virus Protection: Triad uses reliable anti-malware and assures that our work computers and devices are protected from viruses, ransomware, worms and trojans. Operating systems are updated regularly to increase protection from newly identified malware. Hardware: Triad understands the basic running platform of the work computer and we know whether or not a client’s hardware/platform is compatible with any communication programs that we use. Software: Triad knows how to download and operate software and assist customer employees and their families with the same when necessary to the delivery of services. Third-Party Services: Triad utilizes third-party technology service providers (e.g. for backup, storage, virus protection and communication) who have agreed to hold PHI securely through a Business Associate Agreement.

WHAT INFORMATION DO WE COLLECT? We obtain information about customer employee clients from a few sources. The employer provides employee names. When an employee contacts Triad to utilize their EAP benefits, Triad creates a confidential profile within the Triad secure database which may include name, contact info, physical home address, gender, reason for referral, emergency contact, and date of birth, family member names (only when using services), contact info, birthdates, and relationship to employee-client. Additionally, Triad affiliate providers may collect additional information beyond that provided by the employer or Triad including the employee’s date of birth, gender, marital status, health insurance provider, and/or a general description of the nature of the problem, illness or injury.

WHO ARE OUR AFFILIATES AND WHAT TYPES OF INFORMATION DO WE SHARE WITH THEM? Our affiliates include mental health providers, life/leadership coaches, financial advisors, and attorneys. Our affiliates are not Triad employees. They provide services for Triad clients as independent contractors. When an employee contacts Triad for authorization for services from an affiliate provider, Triad furnishes the provider with the employee name and/or client name if not the employee, pertinent contact information, reason for the referral, and a description of the EAP benefit available to that employee through an authorization, which is a referral form.

WHAT WILL HAPPEN WHEN THE EMPLOYEE MEETS WITH A MENTAL HEALTH COUNSELOR? Whether via telehealth (phone, video platform, email, text) the mental health provider protects privacy of all client therapy records and health information. They adhere to rigorous state and federal privacy rules. Employees will be requested to sign the counselor’s disclosure statement and will be advised of the counselor's privacy practices. WHAT DO WE DO WITH THIS INFORMATION? When an employee contacts Triad for services, only the above information is given to the affiliate provider in the authorization document. Any information then shared with the affiliate provider during a therapy session(s) is legally confidential and employee personal information will not be disclosed to the employer or any other party except in the following cases:
1. Employee signs a release-of- information form for the provider to give specific information to a specific person designated by the employee-client; 2. Communication is made outside of the confidential relationship;
3. Employee files a lawsuit or a complaint/inquiry against the EAP provider;
4. The mental health counselor is required to report child abuse or neglect;
5. The mental health counselor is required to warn of a serious threat to physically harm a specific person;
6. The mental health counselor may take steps to contact authorities or emergency contacts if a client poses a threat to themselves, another person, or group of people, to protect the client or other persons from imminent harm;
7. A court appointed evaluator may obtain information from a prior treating professional without obtaining the consent of the parents for a child under 15 years of age - a child who has reached 15 years of age must sign a consent to release this information.

Reporting. Triad reports statistics on utilization to the employer. Quarterly and annual statistics will show the number of employee-clients who have used EAP services, gender information, number of dependents-clients, type of referrals (counseling, legal, financial, etc.), and problem category. All information is aggregate and no employee-client names or identifying information are given. Employer Referral. When the employer notifies Triad that it will refer an employee for EAP services, then upon this employer request, Triad will seek signed consent from the employee to disclose whether he/she followed through on the referral by contacting Triad to schedule with an EAP provider; whether the employee-client attended the session; and, if employer requests it, recommendations to support the employee-client in reaching performance or behavioral goals. No other information will be disclosed to the employer. The employee-client has the option to deny signed consent for any or all of the feedback just referenced. Employer Referral, Position Jeopardy Situation. When the employer notifies Triad that it has or will make a "Supervisory Referral" because they have determined that the employee’s job is in jeopardy, then upon request of employer, Triad will ask the employee for signed consent to provide the employer with the following information:
1. The date(s) the employee attends or fails to attend.
2. Whether a follow-up appointment is scheduled and the date(s) of the appointment(s).
3. A brief statement indicating whether the employee demonstrate awareness of, and are engaged in discussing the behavior(s) identified by the supervisor.
4. Whether the employee has been referred for treatment or other services. Triad may contact the employee to provide appointment reminders or to schedule an appointment. Triad may contact the employee to administer a satisfaction survey which asks for the employee’s opinions about the services he /she received by Triad.

INFORMATION SECURITY We take reasonable physical, electronic and procedural steps to help safeguard employee personal information.

WHO CAN AN EMPLOYEE COMPLAIN TO? An employee may complain to Triad and/or his / her counselor if he /she believe privacy rights have been violated. For Triad, contact Marti Montoya, Privacy and Security Officer at:
Local: 970-242-9536, #3
Toll-free: 1-877-679-1100
Mail: 844 Grand Ave., Suite A, Grand Junction, CO 81501
Fax: 844-298-4042
Email: marti@triadeap.com

Employees may also complain to the Secretary of the United States Department of Health and Human Services, Office of Civil Rights. If a complaint is filed, Triad will not take any action against the employee or change our treatment of them in any way.

OTHER PRIVATE HEALTH INFORMATION RIGHTS Employees have many rights regarding their private health information (PHI). Employees may contact their counselor directly to determine what their rights are and how to:
1. Request restrictions on uses and disclosures of PHI
2. Request that the counselor(s) communicate PHI by alternative means
3. See and copy their PHI.
4. Request amendment of their PHI.
5. Request a listing of disclosures the counselor(s) have made about employee.

PRIVACY INFORMATION SPECIFIC TO INTERNET USAGE
A. When employees visit our web site (triadeap.com), we want to assure employees that we adhere to this Privacy Policy.
B. We collect and store information about "hits" on our web site for internal review purposes only. Such information may include the name of the domain from which the employee accessed the Internet (such as Compuserve.com or att.net), the date and time our site was accessed, and the Internet address of the web site from which the employee linked to us. This information enables us to see how employees use our web site to keep our web site user-friendly.
C. Our web site does not require employees disclose any personally identifying information. However, if employees provide personal information, such as mailing and e-mail address, telephone and fax numbers, or demographic and customer identification, we will not disclose (share, sell, or divulge) it except: In order to complete an inquiry initiated by the employee.  At employee’s request.  In response to legal process (for example, a subpoena that complies with applicable right to financial privacy laws).
D. In order to provide better service, we will occasionally use a "cookie." A cookie is a small piece of information, which a web site stores on a PC for later retrieval. The cookie cannot be read by a web site other than the one that set the cookie. We use cookies for a number of administrative purposes, for example, to store preferences for certain kinds of information or to store a password so that it does not have to be input for every visit someone makes to the Triad site. Most cookies last only through a single session or visit. None will contain information that will enable anyone to contact the visitor via telephone or e-mail. In addition, web browsers can be set to inform the visitor when cookies are set or to prevent cookies from being set. E. We do not knowingly solicit information from children and we do not market specifically to children. We recognize that protecting children's identities and privacy online is important and that the responsibility to do so rests with parents and the online industry.