HIPAA Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information
This HIPAA Notice of Privacy Practices (the “Notice”) contains important information regarding your medical information. You also have the right to receive a paper copy of this Notice and may ask us to give you a copy of this Notice at any time. If you received this Notice electronically, you are entitled to a paper copy of this Notice. If you have any questions about this Notice please contact the person listed in Part 8, below.
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) imposes numerous requirements regarding how certain individually identifiable health information may be used and disclosed. This Notice describes how we may use and disclose your protected health information for treatment, payment, or health care operations and for other purposes that are permitted or required by law. This Notice also describes your rights to access and control your protected health information. “Protected Health Information” (“PHI”) is information that is maintained or transmitted by us, which may identify you and that relates to your past, present, or future physical or mental health or condition and related health care services. When we retain your confidential medical information on our computer system, it is called “Electronic Protected Health Information” (“ePHI”).
We understand that medical information about you and your health is personal. We are committed to protecting medical information about you and will use it to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request of it.
1. Uses and Disclosures
There are a number of situations where we may use or disclose to other persons or entities your confidential medical information. This Notice applies to all PHI and ePHI related to your care that we have created or received. It also applies to any personal or general information we receive from patients, including information contained on driver’s licenses. Certain uses and disclosures will require you to sign an Acknowledgement that you received our Notice of Privacy Practices, including treatment, payment and health care operations. Except as discussed under 1.A. and 1.B. below, any use or disclosure of your protected health information requires you to sign an Authorization. Certain disclosures required by law or under emergency circumstances, may be made without your Acknowledgement or Authorization as discussed under 1.B. In each case, we will use or disclose the minimum amount of information necessary from your medical records to accomplish the intended purpose of the disclosure.
1.A. Uses and Disclosures Relating to Treatment, Payment or Health Care Operations
We will attempt in good faith to obtain your signed Acknowledgement that you received this Notice to use and disclose your confidential medical information for treatment, payment and health care operations as discussed further below; however, written authorization is not required for these purposes.
Treatment: When and as appropriate, we will use your medical information to make decisions about the provision, coordination or management of your health care, including diagnosing your condition and determining the appropriate treatment for that condition. It may also be necessary to share your medical information with another health care provider whom we need to consult with respect to your care.
Payment: We may need to use or disclose information in your medical record to obtain reimbursement from you or your health insurance plan, or another insurer for our services rendered to you. This may also include determinations of eligibility or coverage under the appropriate health plan, pre-certification and pre-authorization of services or review of services for purposes of reimbursement. This information may also be used for billing, claims management and collection purposes together with related health care data processing through our system.
Operations: Your medical records may be used in our business planning and development operations, including improvement in our methods of operation, and general administrative functions. We may also use the information in our overall compliance planning, medical review activities, quality assurance, and arranging for legal and auditing functions. All disclosures of your PHI will be limited to the minimum necessary or that which is contained in a limited data set.
For example, Advice of Appointment and Services:
We may, from time to time, contact you to provide appointment reminders or information about treatment alternatives or other health related benefits and services that may interest you. The following appointment reminders may be used: a) postcard mailed to you at your address provided by you; and b) telephoning your home and leaving a message on your answering machine or with the individual answering the phone.
1.B. Other Uses and Disclosures That Do Not Require Your Consent
There are certain circumstances under which we may use or disclose your medical information without first obtaining your Acknowledgement or Authorization. Those circumstances generally involve public health and oversight activities, law enforcement activities, judicial and administrative proceedings and in the event of death. Specifically, we are required to report to certain agencies information concerning certain communicable diseases, sexually transmitted diseases and HIV/AIDS status. We are also required to report instances of suspected or documented abuse, neglect or domestic violence. We are required to report to appropriate agencies and law enforcement officials information that you or another person are in immediate threat of danger to your health or safety as a result of violent activity. We must also provide medical record information when ordered by a court of law to do so.
1.C. Other Permitted Uses and Disclosures that Require Your Consent
Except as outlined in Sections 1B and 1C, your medical information will not be used or disclosed to any other person or entity without your written Authorization. In particular, except to the extent disclosure has been made to governmental entities required by law to maintain the confidentiality of the information, information will not be further disclosed to any other person or entity with respect to information concerning mental health treatment, drug and alcohol abuse, HIV/AIDS, or sexually transmitted diseases which may be contained in your medical records without your specific written consent and authorization. We likewise will not disclose your medical record information to an employer for purposes of making employment decisions, to a liability insurer or attorney as a result of injuries sustained in an automobile accident, or to educational authorities, without your written authorization. Your medical information will not be disclosed for marketing purposes or sold to any third party without your authorization.
If you provide us with permission to use or disclose information about you, you may revoke that permission, in writing, at any time. You understand that we are unable to “take back” any disclosures that we have already made with your permission and that we are required to keep any records of the care that we provided to you.
2. Your Rights Regarding Medical Information About You
You have certain rights with respect to your medical information, as follows:
- You may request that we restrict the uses and disclosures of your medical information for treatment, payment and operations, or restrictions involving your care or payment related to that care. We are not required to agree to the restriction; however, if we agree, we will comply with it, except with respect to emergencies, disclosure of the information to you, or if we are otherwise required by law to make a full disclosure without restriction.
- You may also request a restriction on disclosure of protected health information to a health plan for purpose of payment or health care operations if you paid for the services out of your own pocket, in full. This does not apply to services that are covered by insurance. You are required to pay cash, in full, for the services before the restriction applies.
- With respect to ePHI, we agree to give you your ePHI in the form and format requested by you, if it is readily producible in that form or format. If it is not readily producible in the form or format requested, we will give you a readable hard copy form. Any directive given to us by you to transmit ePHI must be done in writing by you, signed and clearly identify the designated person and location to send the ePHI. We will provide you access to your PHI or ePHI within thirty (30) days from the date of request.
- You have the right to request receipt of confidential communications of your medical information by an alternative means or at an alternative location. If you require such an accommodation, you will be charged a fee for the accommodation and will be required to specify the alternative address or method of contact and how payment will be handled.
- You have the right to inspect, copy and request amendment to your medical records. Access to your medical records will not include psychotherapy notes contained in them, or information compiled in anticipation of or for use in a civil, criminal or administrative action or proceeding or for which your access is otherwise restricted by law. We will charge a reasonable fee for providing a copy of your medical records, or a summary of those records, at your request, which includes the cost of copying, postage, or preparation of an explanation or summary of the information.
- We may deny any request for amendment of your PHI or ePHI if such request is not made in writing or does not include a reason to support the request. We may also deny a request for amendment if the information was not created by us (unless the originator of the information is no longer available to make the amendment); is not part of the designated record set maintained by us; is not part of the information to which you have a right of access; or is already accurate and complete, as determined by us. If we deny your request for an amendment, we will give you a written denial including the reasons for the denial and the right to submit a written statement disagreeing with the denial.
- All requests for inspection, copying and/or amending information in your medical records must be made in writing and be addressed to “Privacy Officer” at our address. We will respond to your request in a timely fashion.
- You have a right to receive an accounting of all disclosures we make to other persons or entities of your medical information. Generally, you may receive an accounting of disclosures if the disclosure is required by law, made in connection with public health activities, or in similar situations except for disclosures required for treatment, payment and health care operations, disclosures that require an Authorization, disclosures incidental to another permissible use or disclosure, and otherwise as allowed by law. We will not charge you for the first accounting in any 12-month period; however, we will charge you a reasonable fee for each subsequent request for an accounting within the same 12-month period.
- You have the right to obtain a paper copy of this notice if the notice was initially provided to you electronically, and to take one home with you if you wish.
- All requests related to your rights herein must be made in writing and addressed to “Privacy Officer” at the address noted below.
- You have the right to receive notification from us if any breach of your unsecured protected health information occurs.
3. Our Duties
We have the following duties with respect to the maintenance, use and disclosure of your medical records:
- We are required by law to maintain the privacy of the protected health information in your medical records and to provide you with this Notice of its legal duties and privacy practices with respect to that information.
- We are required to abide by the terms of this Notice currently in effect, and will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
- We reserve the right to change the terms of this Notice at any time, making the new provisions effective for all health information and medical records we have and continue to maintain. All changes in this Notice will be prominently displayed and available at our office.
4. Breach Notification
We understand that medical information about you and your health is personal and we are committed to protecting your medical information. Furthermore, we will notify you following the discovery of any “breach” of your unsecured protected health information as defined in the Health Information Technology for Economic and Clinical Health Act of 2009 and its implementing regulations (“HITECH Act”) (the “Notice of Breach”). Your Notice of Breach will be in writing and provided via first-class mail, or alternatively, by e-mail if you have previously agreed to receive such notices electronically. Your Notice of Breach shall be provided without unreasonable delay and in no case later than sixty (60) days following the discovery of a breach and shall include, to the extent possible:
- A description of the breach.
- A description of the types of information that were involved in the breach.
- The steps you should take to protect yourself from potential harm.
- A brief description of what we are doing to investigate the breach, mitigate the harm, and prevent further breaches.
- Our relevant contact information.
Additionally, for any substitute Notice of Breach provided via web posting or major print or broadcast media, the Notice of Breach shall include a toll-free number for you to contact us to determine if your protected health information was involved in the breach.
You may file a written complaint to us or to the Secretary of Health and Human Services if you believe your privacy rights with respect to your PHI and/or ePHI have been violated. All complaints must be in writing and must be addressed to the Privacy Officer (in the case of a complaint to us) or to the person designated by the U.S. Department of Health and Human Services if we cannot resolve your concerns. You will not be penalized for filing a complaint. More information is available about complaints online at the government’s website: http://www.hhs.gov/ocr/hipaa
OR mailing address: U.S. Department of Health and Human Services, 200 Independence Avenue S. W., Washington, DC 20201.
6. Changes to this Notice
We may change the terms of this Notice at any time. If we do, the new terms and policies will be effective for all of the medical information we already have about you as well as any information we receive in the future. We will send you a copy of the revised notice.
7. Effective Date
This Notice is effective 9/2017 and revised 12/2019.
All correspondence relating to the contents of this Notice should be addressed to either of the following:
- Direct Mail to Privacy Officer, at the following address: 2035 Corte Del Nogal Carlsbad, CA. 92011
- E-mail: firstname.lastname@example.org
NOTICE OF NONDISCRIMINATION & ACCESSIBILITY REQUIREMENTS:
- English: PRN complies with applicable Federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex.
- Spanish: PRN cumple con las leyes federales de derechos civiles aplicables y no discrimina por motivos de raza, color, nacionalidad, edad, discapacidad o sexo.