HIPAA: Privacy, Security, & Breach Notification Policy
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND
DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are required by law to maintain the privacy of protected health information (PHI), to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. We must follow the privacy practices that are described in this Notice while it is in effect. This Notice takes effect _07/31/2015_, and will remain in effect until we replace it.
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law, and to make new Notice provisions effective for all protected health information that we maintain. When we make a significant change in our privacy practices, we will change this Notice and post the new Notice clearly and prominently at our practice location, and we will provide copies of the new Notice upon request.
You may request a copy of our Notice at any time. For more information about our privacy practices or for additional copies of this Notice, please contact us using the information listed at the end of this Notice.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU
We may use and disclose your personal health information for different purposes, including treatment, payment, and health care operations. For each of these categories, we have provided a description and an example. Some information, such as HIV-related information, genetic information, alcohol and/or substance abuse records, and mental health records may be entitled to special confidentiality protections under applicable state or federal law. We will abide by these special protections as they pertain to applicable cases involving these types of records.
Treatment. We may use and disclose your health information for your treatment. For example, we may disclose your health information to a specialist providing treatment to you.
Payment. We may use and disclose your health information to obtain reimbursement for the treatment and services you receive from us or another entity involved with your care. Payment activities include billing, collections, claims management, and determinations of eligibility and coverage to obtain payment from you, an insurance company, or another third party. For example, we may send claims to your dental health plan containing certain health information.
Healthcare Operations. We may use and disclose your health information in connection with our healthcare operations. For example, healthcare operations include quality assessment and improvement activities, conducting training programs, and licensing activities.
Individuals Involved in Your Care or Payment for Your Care. We may disclose your health information to your family or friends or any other individual identified by you when they are involved in your care or in the payment for your care. Additionally, we may disclose information about you to a patient representative. If a person has the authority by law to make health care decisions for you, we will treat that patient representative the same way we would treat you with respect to your health information.
Disaster Relief. We may use or disclose your health information to assist in disaster relief efforts.
Required by Law. We may use or disclose your health information when we are required to do so by law.
Public Health Activities. We may disclose your health information for public health activities, including disclosures to:
o Prevent or control disease, injury or disability;
o Report child abuse or neglect;
o Report reactions to medications or problems with products or devices;
o Notify a person of a recall, repair, or replacement of products or devices;
o Notify a person who may have been exposed to a disease or condition; or
o Notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence.
National Security. We may disclose to military authorities, the health information of Armed Forces personnel under certain circumstances. We may disclose to authorize federal officials health information required for lawful intelligence, counterintelligence, and other national security activities. We may disclose to correctional institution or a law enforcement official having lawful custody of the protected health information of an inmate or patient.
Secretary of HHS. We will disclose your health information to the Secretary of the U.S. Department of Health and Human Services when required to investigate or determine compliance with HIPAA.
Worker’s Compensation. We may disclose your PHI to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
Law Enforcement. We may disclose your PHI for law enforcement purposes as permitted by HIPAA, as required by law, or in response to a subpoena or court order.
Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to tell you about the request or to obtain an order protecting the information requested.
Research. We may disclose your PHI to researchers when their research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
Coroners, Medical Examiners, and Funeral Directors. We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Fundraising. We may contact you to provide you with information about our sponsored activities, including fundraising programs, as permitted by applicable law. If you do not wish to receive such information from us, you may opt out of receiving the communications.
Other Uses and Disclosures of Protected Health Information (PHI)
Your authorization is required, with a few exceptions, for disclosure of psychotherapy notes, use or disclosure of PHI for marketing, and for the sale of PHI. We will also obtain your written authorization before using or disclosing your PHI for purposes other than those provided for in this Notice (or as otherwise permitted or required by law). You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
Your Health Information Rights
Access. You have the right to look at or get copies of your health information, with limited exceptions. You must make the request in writing. You may obtain a form to request access by using the contact information listed at the end of this Notice. You may also request access by sending us a letter to the address at the end of this Notice. If you request information that we maintain on paper, we may provide photocopies. If you request information that we maintain electronically, you have the right to an electronic copy. We will use the form and format you request if readily producible. We will charge you a reasonable cost-based fee for the cost of supplies and labor of copying, and for postage if you want copies mailed to you. Contact us using the information listed at the end of this Notice for an explanation of our fee structure.
If you are denied a request for access, you have the right to have the denial reviewed in accordance with the requirements of applicable law.
Disclosure Accounting. With the exception of certain disclosures, you have the right to receive an accounting of disclosures of your health information in accordance with applicable laws and regulations. To request an accounting of disclosures of your health information, you must submit your request in writing to the Privacy Official. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to the additional requests.
Right to Request a Restriction. You have the right to request additional restrictions on our use or disclosure of your PHI by submitting a written request to the Privacy Official. Your written request must include (1) what information you want to limit, (2) whether you want to limit our use, disclosure or both, and (3) to whom you want the limits to apply. We are not required to agree to your request except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, and the information pertains solely to a health care item or service for which you, or a person on your behalf (other than the health plan), has paid our practice in full.
Alternative Communication. You have the right to request that we communicate with you about your health information by alternative means or at alternative locations. You must make your request in writing. Your request must specify the alternative means or location, and provide satisfactory explanation of how payments will be handled under the alternative means or location you request. We will accommodate all reasonable requests. However, if we are unable to contact you using the ways or locations you have requested we may contact you using the information we have.
Amendment. You have the right to request that we amend your health information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request under certain circumstances. If we agree to your request, we will amend your record(s) and notify you of such. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it and explain your rights.
Right to Notification of a Breach. You will receive notifications of breaches of your unsecured protected health information as required by law.
Electronic Notice. You may receive a paper copy of this Notice upon request, even if you have agreed to receive this Notice electronically on our Web site or by electronic mail (e-mail).
Questions and Complaints
If you want more information about our privacy practices or have questions or concerns, please contact us.
If you are concerned that we may have violated your privacy rights, or if you disagree with a decision we made about access to your health information or in response to a request you made to amend or restrict the use or disclosure of your health information or to have us communicate with you by alternative means or at alternative locations, you may complain to us using the contact information listed at the end of this Notice. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request.
We support your right to the privacy of your health information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
Our Privacy Official: Office Manager
E-mail: [email protected]
Address: 501 Main Street South Stewartville, MN 55976