The terms of these Privacy Practices apply to our health centers, our clinics, our physicians, and the other licensed professionals seeing and treating patients at each of our service locations. A complete list of our service locations is available upon request. All of the members of our integrated health care arrangement will share personal health information of patients as necessary to carry out treatment, receive payment, and health care operations as permitted by law. Our Duties
We are required by law to maintain the privacy of your Protected Health Information (“PHI”). PHI consists of individually identifiable health information, which may include demographic information we collect from you or create or receive by another health care provider, a health plan, your employer, or a health care clearinghouse, and that relates to: (1) your past, present or future physical or mental health or condition; (2) the provision of health care to you; or (3) the past, present or future payment for the provision of health care to you.
We must provide you with notice of our legal duties and privacy practices with respect to PHI. We are required to abide by the terms of our Notice of Privacy Practices currently in effect. However, we reserve the right to change our privacy practices in regard to PHI and make new privacy policies effective for all PHI that we maintain. You may receive a copy of any revised notices at any service location and we will post our Notice of Privacy Practices on our website.
HIPAA privacy regulations give us the right to use and disclose your PHI without your consent to carry out (i) treatment, (ii) payment, and (iii) health care operations. Here are some examples of how we intend to use of your PHI in regard to your treatment, payment, and health care operations.Treatment.
In connection with treatment, we will, for example, use and disclose your PHI to provide, coordinate, or manage your health care and any related services. We will disclose your PHI to other providers who may be treating you. Additionally, we may disclose your PHI to another provider who has been requested to be involved in your care.Payment.
We will use your PHI to obtain payment for our services, including sending claims to your insurer or to a federal program, such as Medicare, that pays for your treatment and sending you a bill for any amounts due which your insurer does not pay. We may also employ Business Associates, such as a billing company or collection agency to help us bill and collect. The PHI will include items such as description of your condition(s), our treatment, your diagnosis, supplies and drugs we used, etc.Health Care Operations.
We will use your PHI to support our business activities, such as allowing our auditors, consultants, or attorneys access to your PHI to audit our claims to determine if we billed you accurately for the services we provided to you, or to evaluate our staff to see if they properly cared for you, or to send information about you to third party Business Associates so they may perform some of our business operations.
We may call you to remind you of an appointment. We may call your residence, office, or any other number we have on file. We may leave a message if you are not in, and we may state the name of our clinic, the date and time of the appointment, and the address at which the appointment is to be kept. We may also mail you a notice of your appointment to any address we have on file.As Required by Law.
We may use and disclose your PHI when required to by federal, state, or local law. For example, we may receive a subpoena for which we are required by law to provide copies of your medical file.To Avert a Serious Threat to Public Health or Safety.
We may use and disclose your PHI to public health authorities permitted to collect or receive the information for the purpose of controlling disease, injury, or disability. If directed by that health authority, we may also disclose your health information to a foreign government agency that is collaborating with the public health authority.Workers Compensation.
We may use and disclose your PHI for workers compensation or similar programs that provide benefits for work-related injuries or illness.Inmates.
If you are an inmate, we may use and disclose your PHI to a correctional institution or law enforcement official only if you are an inmate of that correctional institution or under the custody of the law enforcement official. This information would be necessary for the institution to provide you with health care; to protect the health and safety of others; or for the safety and security of the correctional institution.Other Services and/or Fundraising.
We may use your PHI to contact you with information about treatment alternatives or other health-related benefits and services that, in our opinion, may be of interest to you. We may use your PHI to contact you in an effort to raise funds for our operations, however, you have the right to opt out of receiving any fundraising communications by sending a letter to our Privacy Officer in writing at the address at which you are treated.
Others Involved in Your Care.
We may provide relevant portions of your PHI to a family member, a relative, a close friend, or any other person you identify as being involved in your medical care or payment for care. In an emergency or when you are not capable of agreeing or objecting to these disclosures, we may disclose PHI as we determine is in your best interest, but will tell you about it after the emergency, and give you the opportunity to object to future disclosures to family and friends.
There are certain uses and disclosures of your PHI that require your written authorization. For example, most uses and disclosures of psychotherapy notes (where appropriate), uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI require your signed authorization. Also, any use or disclosure of your PHI not described in this Notice requires your signed authorization.
If you sign an authorization allowing us to use or disclose your PHI outside of the uses and disclosures made in this Notice, you may revoke that authorization by advising us in writing with a letter addressed to Privacy Officer, at the address where we treat you. Your revocation will become effective as soon as we are reasonably able to enter it into our records, which is typically within 5 business days after we receive the letter. Your revocation will not affect our prior reliance on your authorization prior to the effective date of revocation.
You have the right to require us to restrict any disclosure of your PHI to a health plan regarding an item or service for which you (or someone on your behalf – other than a health plan) paid out-of-pocket to us the entire amount due for the health care item or service which we provided and billed to you. You must make such a request in writing to us, with a letter addressed to Privacy Officer at the address where you receive your treatment. If you make such a request, we are required to honor it.
In the event of an unauthorized or improper use or disclosure of your PHI (i.e., a “breach”), you have the right to receive, and we will notify you of the circumstances surrounding, the breach, what we have done to investigate and mitigate it, and how to best protect yourself in our opinion.
Request an Amendment.
You have the right to request that we amend your medical information if you feel that it is incomplete or inaccurate. You must make this request in writing to our Privacy Officer, stating what information is incomplete or inaccurate and the reasoning that supports your request. We are permitted to deny your request if it is not in writing or does not include a reason that we believe supports the request. We may also deny your request if the information was not created by us, or the person who created it is no longer available to make the amendment.Request Restrictions.
You have the right to request a restriction of how we use or disclose your medical information for treatment, payment, or health care operations. For example, you could request that we not disclose information about a prior treatment to a family member or friend who may be involved in your care or payment for care. Your request must be made in writing to the Privacy Officer addressed to the address at which you receive care. We are not required to agree to your request. If we do agree, we will comply with your request except for emergency treatment.Inspect and Copy.
You have the right to inspect and copy the PHI we maintain about you in our designated record set for as long as we maintain that information. This designated record set includes your medical and billing records, as well as any other records we use for making decisions about you. We may charge you a fee for the costs of copying, mailing, or other supplies used in fulfilling your request. If you wish to inspect or copy your medical information, you must submit your request in writing to our Privacy Officer. We will have 30 days to respond to your request for information that we maintain at our facility. If the information is stored off-site, we are allowed up to 60 days to respond but must inform you of this delay. You have the right to access your own e-health record in an electronic format if we maintain your records in an electronic format, and to direct us to send the e-health records directly to a third party. We may only charge for labor costs under electronic transfers of e-health records.An Accounting of Disclosures.
You have the right to request a list of the disclosures of your health information we have made that were not for treatment, payment, or health care operations. Your request must be in writing and must state the time period for the requested information. You may not request information for any dates prior to April 14, 2003, nor for a period of time greater than six years (our legal obligation to retain information). Your first request for a list of disclosures within a 12-month period will be free. If you request an additional list within 12-months of the first request, we may charge you a fee for the costs of providing the subsequent list. We will notify you of such costs and afford you the opportunity to withdraw your request before any costs are incurred.Request Confidential Communications.
You have the right to request how we communicate with you to preserve your privacy. For example, you may request that we call you only at your work number, or by mail at a special address or postal box. Your request must be made in writing and must specify how or where we are to contact you. We will accommodate all reasonable requests; however, we will not accommodate a request that we perceive is an attempt to avoid receiving notice of a bill for the payment of our services.Request Removal of Your Personal Health Information From The Patient Portal.
You have the right to request your personal health information be removed from the Patient Portal. You may do this in two ways:
File a Complaint.
If you believe we have violated your medical information privacy rights, you have the right to file a complaint with us or directly to the Secretary of the United States Department of Health and Human Services: U.S. Department of Health & Human Services, 200 Independence Avenue, S.W. Washington, D.C. 20201, Phone: (202) 619-0257, Toll Free: (877) 696-6775. To file a complaint with us, you must make it in writing within 180 days of the suspected violation. Provide as much detail as you can about the suspected violation and submit it in writing to our Privacy Officer. No patient will be retaliated against for making a complaint.A Paper Copy of This Notice.
You have the right to receive a paper copy of this notice upon request. You may obtain a copy by submitting your request in writing to our Privacy Officer.
You may contact our Privacy Officer in writing via email at firstname.lastname@example.org or by phone at 317-805-4108.
The effective date of this revised Notice of Privacy Practices is December 19, 2015.