NOTICE OF DEL NEGRO & SENFT EYE ASSOCIATES, P.C.’S PRIVACY PRACTICES
Effective Date: September 23, 2013
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Federal and state law provides you with certain basic rights and protections in connection with the health information maintained about you. Del Negro & Senft Eye Associates, P.C. (the “Practice” or “We”) is required by law to maintain the privacy of your health information and to provide you with notice of its legal duties and privacy practices with respect to your health information. This Notice summarizes your rights and the Practice’s duties with respect to your health information. It also describes how the members of the Practice’s workforce (including, without limitation: (i) employees; (ii) contractors; (iii) volunteers; and (iv) other persons or entities providing services on the Practice’s premises) may use and disclose your health information. It describes the complaint process for you to follow if you believe your privacy rights have been violated. If you have any questions about this Notice or your rights relating to your health information, please contact the Practice’s Privacy Officer. The Privacy Officer’s contact information is set forth at the end of this Notice. The Practice is required to abide by the terms of the Notice currently in effect as may be modified by applicable law or as otherwise agreed to by you and the Practice.
II. Your Rights Regarding Health Information About You. You have the following rights regarding health information We maintain about you:
A. Right to Inspect and Copy.
You have the right to inspect and copy your health information that is contained in a Designated Record Set as defined under the “HIPAA Privacy Rules” set forth at 45 C.F.R. §164.501 and means the medical and billing records about you that We maintain or records used to make decisions about you. A “Designated Record Set” is maintained for as long as the Practice retains such information. To inspect and copy your health information, you must submit your request in writing to the Practice’s Privacy Officer. If you request a copy of your health information, We may charge a fee for the costs of copying, mailing and other supplies associated with your request as permitted by applicable law. We may deny all or part of your request to inspect and copy your health information in certain very limited circumstances including: (i) psychotherapy notes; (ii) information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding; (iii) health information maintained by the Practice that is: (A) subject to the Clinical Laboratory Improvements Amendments of 1988, 42 U.S.CA. 263a, to the extent the provision of access to you would be prohibited by law; or (B) exempt from the Clinical Laboratory Improvements Amendments of 1988, pursuant to 42 C.F.R. 493.3(a)(2); (iv) your health information that is contained in records that is subject to additional privacy protections under the Privacy Act, 5 U.S.C.A. 552a, may be denied, if the denial of access would meet the requirements of applicable law; or (v) if your health information was obtained from someone other than a health care provider under a promise of confidentiality and the access requested would be reasonably likely to reveal the source of the information.
Any denials shall be made in writing, containing a statement concerning your rights and the process for filing a complaint with the Practice and/or to the Secretary of the Department of Health and Human Services. If you are denied access to your health information, you may, under certain circumstances, request that such denial be reviewed.
B. Right to Amend.
If you feel that any of the information We have about you is incorrect or incomplete, you may ask the Practice to amend such information. You have the right to request an amendment for as long as the information is kept by or for the Practice. To request an amendment, your request must be made in writing and submitted to the Privacy Officer. In addition, you must provide a reason that supports the requested amendment. We may deny your request for an amendment if it is not in writing or does not include a reason to support the requested amendment. In addition, We may deny your request if you ask the Practice to amend information that:
Was not created by the Practice, unless you provide a reasonable basis to demonstrate that the person or entity that created the information is no longer available to make the amendment;
Is not part of the health information kept by or for the Practice;
Is not part of the information which you would be permitted to inspect and copy; or
Is accurate and complete.
If We deny the requested amendment, you have the right to submit a written statement disagreeing with the denial or, alternatively, you may request that the Practice provide your request for amendment and the denial with any future disclosures of the information.
C. Right to an Accounting of Disclosures.
You have the right to receive an accounting of certain disclosures of your health information made by the Practice in the six years prior to the date on which the accounting is requested, starting from April 14, 2003 (the effective date of the HIPAA Privacy Rules). Such right to accounting, however, does not extend to disclosures made to you, pursuant to an authorization, incident to a use or disclosure otherwise permitted or required, for treatment, payment and health care operations, to family members or friends involved in your care, for notification purposes, for national security or intelligence purposes, to correctional institutions or law enforcement officials in custodial situations, or as part of a limited data set in accordance with applicable law.
To request an accounting of disclosures to which you are entitled, you must submit your request in writing to the Practice’s Privacy Officer. Your request must state a time period that may not be longer than six years. The first list you request within any consecutive 12-month period will be free. For additional lists, We may charge you for the costs associated with providing the list. If We intend to charge a fee, We will notify you of the estimated cost involved and will give you an opportunity to withdraw or modify your request before any costs are incurred.
D. Right to Request Restrictions.
You have the right to request restrictions or limitations on the health information We use or disclose about you for treatment, payment or health care operations.
Although the Practice is not required to agree to your request regarding restrictions of your health information for treatment, payment or healthcare operations (except as provided below), if We do agree, We will comply with your request unless the information is needed to provide you emergency treatment. In addition, restrictions agreed to by the Practice are not effective to prevent uses or disclosures permitted or required below. Your request for restrictions should be made in writing to the Practice’s Privacy Officer. In your written request, you should identify: (i) what information you want to limit; (ii) whether you want to limit the Practice’s use, disclosure or both; and (iii) to whom you want the limits to apply (for example, disclosures to your spouse, relative, etc.).
However, the Practice must agree to your request to restrict disclosure of health information about you to a health plan if: (A) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (B) the health information pertains solely to a health care item or service for which you or person (other than the health plan) on your behalf, has paid the Practice in full.
E. Right to Request Confidential Communications.
You have the right to request that We communicate with you about health matters by alternative means or at alternative locations. For example, you can ask that We only contact you at work or by mail. Any such request must be made in writing to the Privacy Officer and must specify how or where you wish to be contacted. We will not ask you the reason for your request and will accommodate all reasonable requests.
F. Right to Receive a Copy of This Notice.
You have the right to receive a paper copy of this Notice. You may ask the Practice to give you a copy of this Notice at any time.
G. Right to an Electronic Copy of Electronic Medical Records.
If your health information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. We will make every effort to provide access to your health information in the form or format you request, if it is readily producible in such form or format. If your health information is not readily producible in the form or format you request your record will be provided in either the Practice’s standard electronic format or if you do not want this form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record.
H. Right to Get Notice of a Breach.
You have the right to be notified upon a breach of any of your unsecured health information.
III. Use and Disclosure of Your Health Information
A. Uses and Disclosures of Health Information That Do Not Require Your Authorization.
Following are examples of the types of uses and disclosures of your health information that the Practice is permitted or required by law to make without your authorization.
- Treatment: To provide you with health treatment or services, We may need to use or disclose information about you to doctors, counselors, nurses, technicians, health students or other Practice personnel who are involved in your treatment. For example, We may need to discuss your treatment with a doctor, nurse, technician or other person involved in your care. We may also disclose health information about you to non-Practice health care providers who may be involved in your health care including, but not limited to physicians, hospitals, and nursing homes. We may also use and disclose your health information in connection with joint activities with other providers involved with your care as part of any accountable care organization (“ACO”).
- Payment: We may use and disclose your health information for the Practice to bill for services provided by the Practice for the treatment that you received at the Practice. For example, We may use or disclose your health information to your insurance company so that your insurance company can pay the Practice or reimburse you for the service provided to you by the Practice. We may also ask your insurance company for prior authorization for a service to determine whether the insurance company will cover it. In addition, the Practice may use and disclose your health and insurance information to other healthcare providers directly involved in your care or who have or will provide health care services to you so that such providers and entities may bill your insurance company, seek prior authorization, or take other actions to obtain payment for services provided to you.
- Health Care Operations: We may use and disclose health information about you for the Practice’s internal operations. These include uses and disclosures that are necessary to run the Practice and make sure that the Practice’s patients receive quality care. For example, We may use or disclose health information about you to evaluate the Practice’s staff’s performance in providing services for you as may be limited by applicable state and federal law. We may also disclose your health information in the course of the maintenance, maintenance, and use of the Practice’s electronic health information system. We may also use and disclose your health information in connection with joint activities with other providers involved with your care as part of any accountable care organization (“ACO”).
- Business Associates: We may disclose your health information to the Practice’s business associates who perform functions on the Practice’s behalf or provide us with services if your health information is necessary for those functions or services. For example, We may use another company to do the Practice’s billing, or to provide transcription or consulting services for the Practice. All of the Practice’s business associates are obligated, under contract with us, to protect the privacy and ensure the security of your health information.
- Required By Law: We may use or disclose your health information to the extent that law requires the use or disclosure. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law.
- Public Health: We may disclose your health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information for the purpose of preventing or controlling disease, injury or disability (e.g., and without limitation, reporting of disease, injury, vital events such as birth or death, conduct of public health surveillance or investigations or public health interventions). We may also use or disclose your health information, if directed by the public health authority, to an official of a foreign government agency that is collaborating with the public health authority.
- Food and Drug Administration: We may disclose your health information to a person/company subject to the jurisdiction of the U.S. Food and Drug Administration (FDA) with respect to an FDA-regulated product or activity for which that person/company has responsibility, for the purpose of the activities related to the quality, safety or effectiveness of such product or activity. Such purposes include to collect or report adverse events, product defects or problems, or biologic product deviations; to track FDA-regulated products; to enable product recalls, repairs or replacement, or look back (including locating and notifying individuals who have received such products); or to conduct post marketing surveillance.
- Communicable Diseases: We may disclose your health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
- Abuse or Neglect: We may disclose your health information to a public health authority that is authorized by law to receive reports of abuse or neglect. We may disclose your health information if We believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
- Health Oversight: We may disclose health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
- Judicial and Administrative Proceedings: We may disclose your health information in the course of a judicial or administrative proceeding in response to an order of a court or administrative tribunal. We may also disclose your health information in response to a subpoena, discovery request, or other lawful process and in accordance with applicable law.
- Law Enforcement: We may also disclose health information, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include: (i) legal processes and as otherwise required by law; (ii) limited information requests for identification and location purposes; (iii) pertaining to victims of a crime; (iv) suspicion that death has occurred as a result of criminal conduct; (v) in the event that a crime occurs on the premises of the Practice; and (vi) a health emergency (not on the Practice’s premises) and it is likely that a crime has occurred.
- Coroners, Funeral Directors, and Organ Donation: We may disclose health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose health information to a funeral director, consistent with applicable law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. Information may be used or disclosed to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of cadaverous organs, eyes, or tissue for the purpose of facilitating organ, eye or tissue donation and transplantation.
- Serious Threat to Health or Safety: Consistent with applicable federal and state laws, We may disclose your health information, if We believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose health information if it is necessary for law enforcement authorities to identify or apprehend an individual because of a statement by the individual admitting participation in a violent crime that the Practice reasonably believes may have caused serious physical harm to the victim or where it appears from all the circumstances that the individual has escaped from a correctional institution or from lawful custody.
- Military Activity, National Security and Specialized Governmental Functions: When the appropriate conditions apply, We may use or disclose health information of individuals who are Armed Forces personnel: (i) for activities deemed necessary by appropriate military command authorities to assure proper execution of the military mission if permitted by applicable law; (ii) for the purpose of a determination by the Department of Veteran Affairs of your eligibility for benefits; or (iii) to foreign military authority if you are a member of that foreign military services as permitted by applicable law. We may also disclose your health information to authorized federal officials for conducting national security and intelligence activities including the provision of protective services to the President or others legally authorized to have access or receive disclosures of your health information.
- Workers Compensation: Your health information may be disclosed by the Practice as authorized to comply with workers’ compensation laws and other similar legally established programs and/or as may be required by your workers compensation insurance coverage.
- Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, We may release health information about you to the correctional institution or law enforcement official. This release would be necessary: (i) for the institution to provide you with health care; (ii) to protect your health and safety or the health and safety of others; or (iii) for the safety and security of the correctional institution.
- Research: We may use and disclose your health information for research purposes, but We will only do that if the research has been specially approved by an authorized institutional review board or a privacy board that has reviewed the research proposal and has set up protocols to ensure the privacy of your health information. Even without that special approval, We may permit researchers to look at your health information to help them prepare for research, for example, to allow them to identify patients who may be included in their research project, as long as they do not remove, or take a copy of, any health information. We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research. However, We will only disclose the limited data set if We enter into a data use agreement with the recipient who must agree to: (i) use the data set only for the purposes for which it was provided; (ii) ensure the confidentiality and security of the data, and (iii) not identify the information or use it to contact any individual.
- Data Breach Notification Purposes: We may use or disclose your health information to provide legally required notices of unauthorized access to or disclosure of your health information.
- Required Uses and Disclosures: Under the law, We must make disclosures to the Secretary of the Department of Health and Human Services to investigate or determine the Practice’s compliance with the requirements of applicable law and regulations.
B. Uses and Disclosures of Health Information Permitted without Authorization but with an Opportunity for You to Object.
We may use or disclose your health information for any of the purposes described in this section unless you affirmatively object to or otherwise restrict a particular release. Please direct any written objections or restrictions to the Practice’s Privacy Officer.
- Appointment Reminders: We may use and disclose health information to contact you as a reminder that you have an appointment for treatment or health care at the Practice including, but not limited to sending postcards to the address you listed as your home address.
- Test and Results and Other Health Information: In order to communicate with you regarding your health care, We may leave messages on your answering machine or with family or friends who may answer your phone with test results and other health information.
- Treatment Alternatives: We may use and disclose health information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
- Health-Related Benefits and Services: We may use and disclose health information to tell you about health-related benefits or services that may be of interest to you.
- Individuals Involved in Your Care or Payment for your Care: We may release health information about you to any person We determine in the Practice’s reasonable discretion, to be involved in your care and/or payment. In addition, We may disclose health information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
C. Uses and Disclosures of Health Information That Require Your Authorization.
All other uses and disclosures of your health information not covered by the preceding categories will be made only with your written authorization. Such uses and disclosures include:
- Release of psychotherapy notes, if any, are contained in your designated record set. However, We may use or disclose your psychotherapy notes for the following:
(i) To carry out the following treatment, payment, or health care operations: (A) Use by the originator of the psychotherapy notes for treatment; (B) Use or disclosure by the Practice for its own training programs in which students, trainees, or practitioners in mental health learn under supervision to practice or improve their skills in group, joint, family, or individual counseling; or (C) Use or disclosure by the Practice to defend itself in a legal action or other proceeding brought by the individual; and
(ii) a use or disclosure that is required by or permitted by the HIPAA Privacy Rules.
- Marketing unless the marketing is either: (a) a face-to-face communication made by the Practice to you; or (b) a promotional gift of nominal value provided by the Practice or as otherwise permitted under the HIPAA Privacy Rules.
- Sale of your health information if the Practice sells any or all of your health information.
- Other uses or disclosures not permitted or required as set forth in this Notice.
- You may revoke such an authorization at any time, in writing, except to the extent that the Practice or any other person or entity has already taken an action in reliance on your previous authorization.
IV. Changes to This Notice
The Practice reserves the right to change, modify or otherwise revise this Notice at any time. In addition, the Practice reserves the right to make the revised or changed Notice effective for the health information We already have about you as well as any information We receive in the future. We will post a copy of the current Notice in the Practice’s office(s). The Notice will contain on the first page, in the top right-hand corner, the effective date. In addition, the Practice shall make a copy of the revised Notice available to you during the next time that you visit the Practice’s office(s) or when We provide services to you.
If you believe your privacy rights have been violated, you may file a complaint with the Practice or with the Secretary of the Department of Health and Human Services. To file a complaint with the Practice, contact the Practice’s Privacy Officer. All complaints must be submitted in writing. You will not be penalized for filing a complaint. Neither the Practice nor any of its personnel shall retaliate against you for filing such a complaint.
VI. Legal Duties – General
Consistent with the above, the Practice is required by law to maintain the privacy of protected health information, to provide individuals with notice of its legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information.
VII. Contact Information
Questions, comments and requests regarding the matters described in this Notice should be directed to Practice’s Privacy Officer.