THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, HOW YOU CAN GET ACCESS TO THIS INFORMATION, YOUR RIGHTS CONCERNING YOUR HEALTH INFORMATION AND OUR RESPONSIBILITIES TO PROTECT YOUR HEALTH INFORMATION. PLEASE REVIEW IT CAREFULLY.
State and Federal laws require us to maintain the privacy of your health information and to inform you about our privacy practices by providing you with this Notice. We are required to abide by the terms of this Notice of Privacy Practices. This Notice will take effect on January 1, 2014 and will remain in effect until it is amended or replaced by us.
We reserve the right to change our privacy practices provided law permits the change(s). Before we make a significant change, this Notice will be amended to reflect the changes, and we will make the new Notice available upon request. We reserve the right to make any changes in our privacy practices and the new terms of our Notice effective for all health information maintained, created and/or received by us before the date changes were made.
You may request a copy of our Privacy Notice at any time by contacting our Privacy Officer. Contact information can be found at the end of this Notice.
We will keep your Protected Health Information (PHI) confidential, using it only for the following purposes:
Treatment: While we are providing you with health care services, we may share your PHI including electronic protected health information (ePHI) with other health care providers, business associates and their subcontractors or individuals who are involved in your treatment, billing, administrative support or data analysis. These business associates and subcontractors, through signed contracts, are required by Federal law to protect your health information. We have established “minimum necessary” or “need to know” standards that limit various staff members’ access to your PHI according to their primary job functions. Everyone on our staff is required to sign a confidentiality statement.
Payment: We may use and disclose your PHI to seek payment for services we provide to you. This disclosure involves our business office staff and may include insurance organizations, collections or other third parties that may be responsible for such costs, such as family members.
Disclosure: We may disclose and/or share PHI including electronic disclosure with other health care professionals who provide treatment and/or services to you. These professionals will have a privacy and confidentiality policy like this one. Health information about you may also be disclosed to your family, friends and/or other persons you choose to involve in your care, only if you agree that we may do so. As of March 26, 2013 immunization records for students may be released without an authorization (as long as the PHI disclosed is limited to proof of immunization). If an individual is deceased we may disclose PHI to a family member or individual involved in care or payment prior to death. Psychotherapy notes will not be disclosed without your written authorization. The Genetic Information Nondiscrimination Act (GINA) prohibits health plans from using or disclosing genetic information for underwriting purposes. Uses and disclosures not described in this Notice will be made only with your signed authorization.
Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures” of your protected information if the disclosure was made for purposes other than providing services, payment, and/or business operations. In light of the increasing use of Electronic Medical Record technology (EMR), the HITECH Act allows you the right to request a copy of your health information in electronic form if we store your information electronically. Disclosures can be made available for a period of 6 years prior to your request and for ePHI 3 years prior to the date on which the accounting is requested. If for some reason we are not capable of an electronic format, a readable hardcopy will be provided. To request this list or accounting of disclosures, you must submit your request in writing to our Privacy Officer. A fee will apply for the disclosure. Please contact our Privacy Officer for an explanation of our fee structure.
Right to Request Restriction of PHI: If you pay in full out-of-pocket for your treatment, you can instruct us not to share information about your treatment with your health plan; if the request is not required by law. Effective March 26, 2013, The Omnibus Rule restricts provider’s refusal of an individual’s request not to disclose PHI.
Non-routine Disclosures: You have the right to receive a list of non-routine disclosures we have made of your PHI. You can request non-routine disclosures going back 6 years starting on April 14, 2003.
Emergencies: We may use or disclose your PHI to notify, or assist in the notification of, a family member or anyone responsible for your care, in case of any emergency involving your care. If at all possible, we will provide you with an opportunity to object to this disclosure. Under emergency conditions, or if you are incapacitated, we will use our professional judgment to disclose only information directly relevant to your care. We will also use our professional judgment to make reasonable inferences of your best interest by allowing someone to pick up filled prescriptions, x-rays or other similar forms of PHI and/or supplies unless you have advised us otherwise.
Healthcare Operations: We will use and disclose your PHI to keep our practice operable. Examples of personnel who may have access to this information include, but are not limited to, medical records staff, insurance operations, health care clearinghouses and individuals performing similar activities.
Required by Law: We may use or disclose your PHI when we are required to do so by law (court or administrative orders, subpoena, discovery request or other lawful process). We will use and disclose your PHI when requested by national security, intelligence and other State and Federal officials and/or if you are an inmate or otherwise under the custody of law enforcement.
National Security: The PHI of Armed Forces personnel may be disclosed to military authorities under certain circumstances. If the information is required for lawful intelligence, counterintelligence or other national security activities, we may disclose it to authorized federal officials.
Abuse or Neglect: We may disclose your PHI to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, domestic violence or other crimes. This information will be disclosed only to the extent necessary to prevent a serious threat to your health or safety or that of others.
Public Health Responsibilities: We will disclose your PHI to report problems with products, reactions to medications, product recalls, disease/infection exposure, and to prevent and control disease, injury and/or disability.
Marketing Health-Related Services: We will not use your PHI for marketing purposes unless we have your written authorization to do so. Effective March 26, 2013, we are required to obtain an authorization for marketing purposes if communication about a product or service is provided and we receive financial remuneration (getting paid in exchange for making the communication). No authorization is required if communication is made face-to-face or for promotional gifts.
Fundraising: We may use certain information (name, address, telephone number or e-mail information, age, date of birth, gender, health insurance status, dates of service, department of service information, treating physician information or outcome information) to contact you for the purpose of raising money. You will have the right to opt out of receiving such communications with each solicitation. Effective March 26, 2013, PHI that requires a written patient authorization prior to fundraising communication include: diagnosis, nature of services and treatment. If you have elected to opt out, we are prohibited from making fundraising communication under the HIPAA Privacy Rule.
Sale of PHI: We are prohibited to disclose PHI without an authorization if it constitutes remuneration. “Sale of PHI” does not include disclosures for public health, certain research purposes, treatment and payment, and for any other purpose permitted by the Privacy Rule, where the only remuneration received is “a reasonable cost-based fee” to cover the cost to prepare and transmit the PHI for such purpose or a fee otherwise expressly permitted by law. Corporate transactions (i.e., sale, transfer, merger, consolidation) are also excluded from the definition of “sale.”
Reminders: We may use your PHI to remind you of recommended services, treatment or scheduled appointments.
Access: Upon written request, you have the right to inspect and get copies of your PHI. We will provide access to PHI in a form/format requested by you. There will be some limited exceptions. If you wish to examine your PHI, you will need to complete and submit an appropriate request form. Contact our Privacy Officer for a copy of the request form. You may also request access by sending us a letter to the address at the end of this Notice. Once approved, an appointment can be made to review your records. I fee will apply if requesting copies of PHI. Access to your health information in electronic form (if readily producible) may be obtained with your request. If for some reason we aren’t capable of an electronic format, a readable hardcopy will be provided. If you prefer a summary or an explanation of your PHI, we will provide it for a fee. Please contact our Privacy Officer for an explanation of our fee structure.
Amendment: You have the right to amend your PHI if you feel it is inaccurate or incomplete. Your request must be in writing and must include an explanation of why the information should be amended. Under certain circumstances, your request may be denied.
Breach Notification Requirements: It is presumed that any acquisition, access, use or disclosure of PHI not permitted under HIPAA regulations is a breach. We are required to complete a risk assessment and, if necessary, inform Health and Human Services and take any other steps required by law. You will be notified of the situation and any steps you should take to protect yourself against harm due to the breach.