The Department of Health and Human Services, Office of Civil Rights, under the Public Law 104-191, (The Health Insurance Portability and Accountability Act of 1996) (HIPAA), mandates that we issue this new revised Notice of Privacy Practices to our patients. This privacy notice to our patients meets all current requirements, including the HIPAA/HITECH Omnibus final rule, as it relates to Standards for Privacy of Individually Identifiable Health Information IIHI;affecting our patients. You are urged to read this notice.
Every patient must receive our new Notice of Privacy Practices and execute a new Patient Authorization Form before this office may use your information for treatment, payment, or other health care operations (TPO). Your health information may be in the form of written or electronic records or spoken words, and may include information about your health history, health status, symptoms, examinations, test results, diagnoses, treatments, procedures, prescriptions, related billing activity and similar types of health-related information. This notice will tell you about the ways in which we may use and disclose health information about you and describes your rights and our obligations regarding the use and disclosure of that information.
How We May Use and Disclose Your Protected Health Information
Our Notice of Privacy Practices informs you of our use and disclosure of your Protected Health Information (PHI), defined as: “any information, whether oral or recorded in any medium, that is either created or received by a health care provider, health plan, public health authority, employer, life insurance company, school or university or clearinghouse and that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past present or future payment for the provision of health care to an individual”.
Our office will use or disclose your PHI for purposes of treatment, payment and other healthcare purposes as required to provide you the best quality healthcare services that we offer to the extent permitted by your Patient Authorization Form. It is our policy to control access to your PHI; and even in cases where access is permitted, we exercise a “minimum necessary information” restriction to that access. We define the minimum necessary information as the minimum necessary to accomplish the intent of the request.
Your PHI may be used and disclosed by your physician, our office staff and others outside of our office who are involved in your care and treatment for the purpose of providing health care services to you. Your PHI may also be used and disclosed to pay your health care bills and to support the operation of your physician’s practice.
Below are listed examples of the types of uses and disclosures of your PHI that our office is permitted to make.
Treatment: We may use and disclose your PHI to provide, coordinate, or manage your health care and any related services. We may disclose your PHI to doctors, nurses, technicians, staff or other personnel who are involved in taking care of you and your health.
Different personnel in our organization may share information about you and disclose information to people who do not work for our organization in order to coordinate your care, such as calling in prescriptions to your pharmacy, scheduling lab work and ordering x-rays. Family members and other health care providers may be part of your medical care outside of our office and may require information about you that we may have. We will request your permission and authorization before sharing your PHI with your family or friends unless you are unable to give permission to such disclosures due to your health condition.
Payment: We may use and disclose your PHI so that the treatment and services you received at our office may be billed to and payment may be collected from you, an insurance company, or a third party.
Health Care Operations: We may use or disclose, as needed, your PHI in order to make sure that you and our other patients receive quality care. These activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, fundraising activities, and conducting or arranging for other business activities.
In limited circumstances, The Privacy Standard permits, but does not require, covered entities to continue certain existing disclosures of health information without individual authorization for specific public responsibilities.
We may use or disclose your PHI for the following purposes, subject to all applicable legal requirements and limitations:
- To Avert a Serious Threat to Health or Safety:We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
- Required By Law:We will disclose your PHI when required to do so by federal, state, or local law.
- Lawsuits and Disputes:If you are involved in a lawsuit or a dispute, we may disclose health information about you in response to a court or administrative order. Subject to all applicable legal requirements, we may also disclose PHI in response to a subpoena.
- Law Enforcement:We may release PHI if asked to do so by a law enforcement official in response to a court order, subpoena, warrant, summons, or similar process, subject to all applicable legal requirements.
- Organ and Tissue Donation:If you are an organ donor, we may release health information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate such donation and transplantation.
- Military, Veterans, National Security and Intelligence:If you are or were a member of the armed forces, or part of the national security or intelligence communities, we may be required by military command or other government authorities to release PHI. We may also release information about foreign military personnel to the appropriate foreign military authority.
- Workers’ Compensation:We may release PHI for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
- Public Health Risks:We may disclose your PHI for public health reasons in order to prevent or control disease, injury or disability; or report births, deaths, suspected abuse or neglect, non-accidental physical injuries, reactions to medications or problems with products.
- Health Oversight Activities:We may disclose your PHI to a health oversight agency for audits, investigations, inspections, or licensing purposes. These disclosures may be necessary for certain state and federal agencies to monitor the health care system, government programs, and compliance with civil rights laws.
- Research:We may use and disclose your PHI for research projects that are subject to a special approval process. We will ask you for your permission if the researcher will have access to your name, address, or other information that reveals your identity, or will be involved in your care at the office.
- Information Not Personally Identifiable:We may use or disclose PHI in a way that does not personally identify you or reveal who you are.
- Coroners, Medical Examiners and Funeral Directors:We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.
- Family and Friends:We may disclose your PHI to your family members or friends if we obtain your permission and written authorization.
- Specific State Laws:There are specific state laws that required the disclosure of health care information related to Hepatitis C and AIDS. Where the state laws are more stringent than HIPAA Privacy Standard, the state laws will prevail.
Other Uses and Disclosures of Your Personal Health Information
We will not use or disclose your PHI for any purpose other than those identified in the previous sections without your specific, written Authorization. Examples of disclosures requiring your written authorization include disclosures to your partner, spouse, children, and your attorney.
On some occasions we may furnish your PHI to a third party. This could be an insurance company for the purpose of payment or another health care provider for further treatment or additional services. Although we will institute a “chain of trust” contract and monitor our business associates’ contracts with us, we cannot absolutely guarantee that they will not use or disclose your PHI in such a way as to violate the Privacy Standard.
You, as our patient, may revoke your Patient Authorization Form at any time, in writing, and all use and disclosure and administration of related healthcare services will be revised accordingly, with the exception of matters already in process as a result of prior use of your PHI. To revoke either your Patient Authorization Form you will have to provide this office with a written request with your signature and date and your specific instructions regarding an existing Patient Authorization Form. Any revocation will not apply to information already used or disclosed.
If you had a “personal representative” initiate as Authorization you may revoke that authorization at any time.
Uses and Disclosures that Require Us to Give You an Opportunity to Object
Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment.
Patient Rights Regarding Your PHI
You, the patient, have access to your health care information and have the following rights regarding health information we maintain about you:
- Right to Inspect and Copy:You have the right to inspect and copy your health information, such as medical and billing records, that we keep and use to make decisions about your care. You must submit a written request to our office in order to inspect and/or copy records of your health information. You may request to view a copy of your health information. If you wish to inspect your health information, please submit your request in writing to our office. You have the right to request a copy of your health information in electronic form if we store your health information electronically.
- Right to Amend:If you believe health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment as long as the information is kept by our office. To request an amendment, complete and submit a Patient Request Form for Medical Record Information / Amendment to Medical Record to our office. We may deny your request for an amendment if your request is not in writing or does not include a reason to support the request. In addition, we may deny or partially deny your request if you as us to amend information that:
- We did not create, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the health information that we keep;
- You would not be permitted to inspect and copy; and/or
- Is accurate and complete.
- Right to an Accounting of Disclosures:You have the right to request an “accounting of disclosures.” This is a list of the disclosures we made of medical information about you for purposes other than treatment, payment, health care operations, when specifically authorized by you and a limited number of special circumstances involving national security, correctional institutions and law enforcement. To obtain this list, you must submit your request in writing to our office. Your request should indicate the form/format you would like the list (electronic or paper).
- Right to Request Restrictions:You have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for it, like a family member or friend.
We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment or we are required by law to use or disclose the information.
We are required to agree to your request if you pay for treatment, services, supplies and prescriptions in full, “out of pocket” and you request the information not be communicated to your health plan for payment or health care operations purposes. There may be instances where we are required by law to release this information. To request restrictions, you may complete and submit the Request for Restriction on Use/Disclosure of Medical Information to our office.
- Right to a Paper Copy of This Notice:You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you agreed to receive it electronically, you are still entitled to a paper copy. You may also find a copy of this Notice on our website.
Changes to This Notice
We reserve the right to change this notice and to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will inform you of any significant changes to this Notice. This may be through a sign prominently posted at our locations, a notice posted on our website, or other means of communication.
Breach of Protected Health Information
We will inform you in a timely manner if there is a breach of your unsecured health information.
If you believe your privacy rights have been violated, you may file a complaint with our office or with the Secretary of the Department of Health and Human Services. You will not be penalized for filing a complaint.
It is our practice to retain information about non-healthcare related requests for your health care information for a period of six years.
In complying with the Privacy Standard, we have appointed a Privacy Officer, trained our Privacy Officer and the staff in the law, and implemented policies to protect your PHI. We have instituted privacy and security processes to guard and protect your IIHI. This office is taking and continues to monitor and improve steps for the protection of your information and to remain in compliance with the law.