Committed to Protecting Your Health Information
We understand that health information about you and your health care is personal. We are committed to maintaining the privacy of your medical records. We will create a record of the care and services you receive from us. We take these actions to ensure that you receive high-quality treatment and abide by any applicable laws and regulations. Regardless of how the health information was supplied to us—by another physician or through our documentation—all records were created or received by this policy. The purposes for which we may use or disclose your health information are described below. The privacy and security provisions of the Health Insurance Portability and Accountability Act (“HIPAA”) require us to:
Ensure the privacy of any identifiable health information
Make available this notice of our legal duties and privacy practices concerning health information about you
Follow the terms of the notice that is currently in effect
The HIPAA Privacy Rule establishes national standards to protect individuals' medical records and other individually identifiable health information (collectively defined as “protected health information”) and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization. The Rule also gives individuals rights over their protected health information, including rights to examine and obtain a copy of their health records, to direct a covered entity to transmit to a third party an electronic copy of their protected health information in an electronic health record, and to request corrections. The Privacy Rule is located at 45 CFR Part 160 and Subparts A and E of Part 164.
Basic Principles of the Privacy Rule
A HIPAA-compliant Authorization must contain specific information required by the Privacy Rules. A covered entity must provide individuals (or their personal representatives) with access to their own PHI (unless there are permitted grounds for denial), and must provide an accounting of the disclosures of their PHI to others, upon their request. The Privacy Rule supersedes State law, but State laws which provide greater privacy protections or which give individuals greater access to their own PHI remain in effect. The following categories describe different ways that we may use or disclose health information about you. Unless otherwise noted each of these uses and disclosures may be made without your consent or authorization. For each category of use or disclosure, we will explain what we mean and give some examples. Not every use or disclosure in a category will be listed. However, unless we ask for a separate authorization, all of the ways we are permitted to use and disclose information will fall within one of the categories.
For Treatment: We may use health information about you to provide you with health care treatment and services. We may disclose health information about you to doctors, nurses, technicians, health students, volunteers, or other personnel who are involved in taking care of you. They may work at our offices, at a hospital if you are hospitalized under our supervision, or at another doctor’s office, lab, pharmacy, or other health care facility to which we may refer you for consultation, to take x-rays, to perform lab tests, to have prescriptions filled, or for other treatment purposes. For example, a medical provider treating you may need to know if you have a history of abnormal pap results. We may provide that information to a physician treating you at another institution.
For Payment: We may use and disclose health information about you so that the treatment and services you receive from us may be billed to and payment collected from you, an insurance company, a state Medicaid agency, or a third party. For example, we may need to give your health insurance plan information about your office visit so your health plan will pay us or reimburse you for the visit. Alternatively, we may need to give your health information to the state Medicaid agency so that we may be reimbursed for providing services to you. In some instances, we may need to tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
E-mail: We may include certain health information in e-mails that we send to you if you have signed an e-mail permission form. However, please do not send any e-mails to us even in response to those we have sent you. Instead, we encourage you to communicate with our health centers by phone, via patient portal or in person.
As Required by Law: We will use and disclose health information about you when required to do so by federal, state, or local law. The Privacy Rule protects all “protected health information” (PHI), including individually identifiable health or mental health information held or transmitted by a covered entity in any format, including electronic, paper, or oral statements. A major purpose of the Privacy Rule is to define and limit the circumstances under which an individual's PHI may be used or disclosed by covered entities. Generally, a covered entity may not use or disclose PHI to others, except:
as the Privacy Rule permits or requires
as authorized by the person (or personal representative) who is the subject of the health information
Your Right Regarding Healthcare Information About You
You have the following rights regarding the health information we maintain about you:
Right to Inspect and Copy: You have certain rights to inspect and copy health information that may be used to make decisions about your care. Usually, this includes health and billing records.
Right to Amend: If you feel that the health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as we keep the information. We may deny your request for an amendment if it is not made on the form provided by us and does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
Was not created by us (unless the person or entity that created the information is no longer available to make the amendment)
Is not part of the health information kept by or for our practice
Is not part of the information which you would be permitted to inspect and copy
Isaccurate and complete
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for health information we already have about you as well as any information we receive in the future. We will post a copy of the current Notice in our facility and on our website. The Notice contains the effective date on the first page. If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services.