Sign up for our newsletter and join a community dedicated to building possibilities for every ability.

M

Tangram logo and tagline

DONATE

EDUCATE

JOIN OUR TEAM

Privacy Policy

Tangram, Inc.

NOTICE OF PRIVACY PRACTICES

 

Effective Date: January 31, 2011

Last Updated: May 13, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, HOW YOU MAY ACCESS THIS INFORMATION, AND YOUR RIGHTS REGARDING YOUR INFORMATION. PLEASE REVIEW IT CAREFULLY.

OUR COMMITMENT TO YOUR PRIVACY

Tangram is committed to protecting the privacy, confidentiality, integrity, and security of your Protected Health Information (“PHI”). We understand that information about your health, services, treatment, finances, and personal circumstances is sensitive.

We create records regarding the care and services you receive in order to provide quality services, comply with legal obligations, and operate our organization effectively.

We are required by law to:

  • Maintain the privacy and security of your PHI;
  • Provide you with this Notice of our legal duties and privacy practices;
  • Notify you if a breach occurs that may compromise the privacy or security of your information;
  • Follow the terms of the Notice currently in effect; and
  • Abide by applicable federal and state privacy laws, including the Health Insurance Portability and Accountability Act (“HIPAA”).

This Notice applies to all records created or maintained by Tangram, including records maintained electronically, verbally, in writing, or through other forms of communication.

WHAT IS PROTECTED HEALTH INFORMATION (PHI)?

Protected Health Information (“PHI”) is information that:

  • Identifies you or could reasonably identify you; and
  • Relates to your physical or mental health condition, healthcare services, treatment, payment for services, or related care.

Examples may include:

  • Medical or behavioral health information;
  • Treatment plans;
  • Insurance and billing information;
  • Medicaid or waiver information;
  • Service documentation;
  • Assessments and evaluations;
  • Appointment records;
  • Communication records;
  • Demographic information;
  • Electronic records;
  • Photographs or recordings used for treatment or identification purposes.

HOW WE MAY USE AND DISCLOSE YOUR INFORMATION

The following categories describe different ways Tangram may use or disclose your PHI without your written authorization unless otherwise required by law.

  1. TREATMENT

We may use and disclose your PHI to provide, coordinate, or manage your healthcare, treatment, therapy, support services, and related activities.

Examples include:

  • Coordinating care with physicians, therapists, nurses, behavioral clinicians, or specialists;
  • Developing and reviewing treatment plans;
  • Communicating with pharmacies or healthcare providers;
  • Consulting with treatment teams;
  • Referring you for services;
  • Reviewing assessments and service recommendations;
  • Coordinating crisis intervention or emergency support;
  • Conducting supervision or clinical review activities.
  1. PAYMENT

We may use and disclose your PHI to bill and collect payment for services provided.

Examples include:

  • Submitting claims to Medicaid, insurance companies, or funding agencies;
  • Verifying eligibility for services;
  • Obtaining prior authorizations;
  • Reviewing medical necessity;
  • Conducting utilization reviews;
  • Coordinating benefits;
  • Billing and collections activities.
  1. HEALTHCARE OPERATIONS

We may use and disclose PHI for operational activities necessary to run our organization and ensure quality services.

Examples include:

  • Quality improvement initiatives;
  • Accreditation activities;
  • Licensing and certification reviews;
  • Staff training and supervision;
  • Program management;
  • Compliance and auditing activities;
  • Risk management;
  • Financial and administrative operations;
  • Information systems management;
  • Legal and consulting services;
  • Performance improvement and service evaluation.
  1. BUSINESS ASSOCIATES

Tangram may share PHI with third-party vendors or contractors who perform services on our behalf. These entities are referred to as “Business Associates.”

Business Associates may include:

  • Electronic health record vendors;
  • Billing companies;
  • Secure cloud hosting providers;
  • IT support providers;
  • Microsoft 365 or SharePoint-related services;
  • Data storage providers;
  • Compliance consultants;
  • Legal or accounting professionals;
  • Technology service providers.

All Business Associates are required to appropriately safeguard PHI and comply with HIPAA requirements through written agreements.

  1. APPOINTMENT REMINDERS AND COMMUNICATIONS

We may contact you regarding:

  • Appointments;
  • Scheduling changes;
  • Service coordination;
  • Follow-up care;
  • Billing matters;
  • Benefits or eligibility issues;
  • Program-related communications.

Communications may occur through:

  • Telephone;
  • Voicemail;
  • Text message;
  • Email;
  • Secure messaging systems;
  • Mail;
  • Electronic portals.

While Tangram takes reasonable precautions to protect information, electronic communications may involve some level of security risk.

  1. FAMILY MEMBERS, GUARDIANS, AND CAREGIVERS

Unless you object, we may disclose relevant information to family members, guardians, caregivers, or others involved in your care or payment for care when appropriate.

If you are unable to agree or object due to an emergency or incapacity, Tangram may determine whether disclosure is in your best interest.

  1. EMERGENCIES OR SAFETY CONCERNS

We may disclose information when necessary to:

  • Prevent or lessen a serious threat to health or safety;
  • Respond to emergencies;
  • Assist emergency responders;
  • Prevent abuse, neglect, exploitation, or violence.
  1. AS REQUIRED BY LAW

Tangram may disclose PHI when required by federal, state, or local law.

Examples include:

  • Mandatory reporting requirements;
  • Public health reporting;
  • Court orders or subpoenas;
  • Law enforcement requests;
  • Government investigations;
  • Licensing reviews;
  • Regulatory audits.
  1. PUBLIC HEALTH ACTIVITIES

We may disclose PHI for public health purposes, including:

  • Reporting communicable diseases;
  • Preventing or controlling disease or injury;
  • Reporting adverse reactions or product recalls;
  • Reporting abuse, neglect, or domestic violence as permitted or required by law.
  1. HEALTH OVERSIGHT ACTIVITIES

We may disclose PHI to health oversight agencies for activities authorized by law, including:

  • Audits;
  • Investigations;
  • Inspections;
  • Accreditation reviews;
  • Licensing activities;
  • Medicaid oversight.
  1. JUDICIAL OR ADMINISTRATIVE PROCEEDINGS

We may disclose PHI in response to:

  • Court orders;
  • Subpoenas;
  • Discovery requests;
  • Administrative proceedings;
  • Other lawful legal processes.
  1. LAW ENFORCEMENT

We may disclose PHI to law enforcement officials when permitted or required by law.

Examples may include:

  • Reporting certain injuries or crimes;
  • Responding to warrants or subpoenas;
  • Locating missing persons;
  • Reporting criminal conduct occurring on our premises.
  1. RESEARCH

Under certain circumstances, PHI may be used or disclosed for approved research activities when legally permitted and appropriately reviewed.

  1. FUNDRAISING

Tangram may use limited demographic and contact information for fundraising communications.

You may opt out of fundraising communications at any time.

Tangram does not sell PHI.

  1. WORKERS’ COMPENSATION

We may disclose PHI for workers’ compensation or similar programs as authorized by law.

  1. ORGAN AND TISSUE DONATION

If applicable, PHI may be disclosed to organizations involved in organ, eye, or tissue donation.

USES AND DISCLOSURES REQUIRING YOUR WRITTEN AUTHORIZATION

Certain uses and disclosures require your written authorization.

Examples include:

  • Most uses or disclosures of psychotherapy notes;
  • Certain marketing activities;
  • Sale of PHI;
  • Uses not otherwise described in this Notice.

You may revoke your authorization at any time in writing, except to the extent action has already been taken.

YOUR RIGHTS REGARDING YOUR INFORMATION

You have the following rights regarding your PHI.

  1. RIGHT TO ACCESS AND RECEIVE COPIES

You have the right to inspect and obtain copies of your PHI maintained by Tangram.

Requests must generally be made in writing.

Tangram may charge a reasonable cost-based fee for copies, mailing, or electronic media.

Certain limited exceptions may apply.

  1. RIGHT TO REQUEST AMENDMENTS

If you believe information we maintain about you is incorrect or incomplete, you may request an amendment.

Tangram may deny the request under certain circumstances permitted by law.

  1. RIGHT TO REQUEST RESTRICTIONS

You may request restrictions regarding how PHI is used or disclosed.

Tangram is not required to agree to all requested restrictions unless required by law.

  1. RIGHT TO CONFIDENTIAL COMMUNICATIONS

You may request that Tangram communicate with you through alternative means or at alternative locations.

Examples include:

  • Alternative mailing addresses;
  • Different phone numbers;
  • Email communication preferences.
  1. RIGHT TO AN ACCOUNTING OF DISCLOSURES

You may request a list of certain disclosures Tangram has made of your PHI.

This right does not apply to all disclosures, such as disclosures for treatment, payment, healthcare operations, or disclosures authorized by you.

  1. RIGHT TO RECEIVE A PAPER COPY OF THIS NOTICE

You may request a paper copy of this Notice at any time, even if you previously agreed to receive it electronically.

ELECTRONIC RECORDS, TECHNOLOGY, AND SECURITY

Tangram utilizes electronic systems and technology platforms to support operations, documentation, communication, and service delivery.

Tangram maintains administrative, technical, and physical safeguards designed to protect information from unauthorized access, use, or disclosure.

Safeguards may include:

  • Access controls and role-based permissions;
  • Secure cloud storage;
  • Encryption technologies;
  • Multi-factor authentication;
  • Device management protections;
  • Secure remote access procedures;
  • Employee privacy and security training;
  • Vendor security reviews;
  • Incident response procedures;
  • Audit logging and monitoring.

Despite reasonable safeguards, no system can guarantee complete security.

TELEHEALTH, VIRTUAL SERVICES, AND ELECTRONIC COMMUNICATIONS

Tangram may utilize telehealth or virtual service technologies when appropriate.

Telehealth services may involve:

  • Video conferencing;
  • Secure communication platforms;
  • Electronic messaging;
  • Remote documentation systems.

By participating in electronic or virtual services, individuals acknowledge that some level of technology-related privacy or security risk may exist.

 

ARTIFICIAL INTELLIGENCE (AI) AND EMERGING TECHNOLOGIES

Tangram may utilize approved technology tools, including limited artificial intelligence (“AI”) technologies, for administrative, operational, quality improvement, or documentation support functions.

Tangram does not permit the unauthorized use of PHI in public or unapproved AI systems.

Any approved use of AI-assisted technologies must comply with:

  • HIPAA requirements;
  • Confidentiality obligations;
  • Security safeguards;
  • Organizational policies;
  • Vendor privacy and security requirements.

Tangram maintains human oversight over operational decisions involving protected information.

 

BREACH NOTIFICATION

Tangram is required by law to notify affected individuals if a breach involving unsecured PHI occurs.

Notifications may include:

  • A description of the breach;
  • The information involved;
  • Steps individuals should take to protect themselves;
  • Actions Tangram is taking in response.

CHANGES TO THIS NOTICE

Tangram reserves the right to revise or update this Notice at any time.

Updated versions will:

  • Apply to all information maintained by Tangram;
  • Be posted on Tangram’s website;
  • Be made available upon request.

The current version of this Notice will contain the effective date listed at the beginning of the document.

 

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with Tangram or with the U.S. Department of Health and Human Services Office for Civil Rights.

Tangram will not retaliate against you for filing a complaint.

 

CONTACT INFORMATION

Privacy Officer
Tangram
5155 Pennwood Drive, Indianapolis, IN 46205
317-571-1042
www.thetangramway.org

You may also contact:

U.S. Department of Health and Human Services
Office for Civil Rights
https://www.hhs.gov/ocr/privacy/hipaa/complaints/

ACKNOWLEDGMENT

Tangram may request acknowledgment that you received this Notice of Privacy Practices.

Your decision regarding acknowledgment does not affect your ability to receive services.

 

Additional Resources:

Tangram Donor Privacy Statement

Tangram Website Privacy Policy

 

DOWNLOAD FULL PRIVACY NOTICE
Tangram Skip to content