Health Insurance Portability & Accountability Act (HIPAA)
Notice of Privacy Practices
Last updated: 5/20/23
We value your safety and privacy. Understand your rights.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We understand the importance of privacy and are committed to maintaining the confidentiality of your medical information. We make a record of the medical care we provide and may receive such records from others. We use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and to enable us to meet our professional and legal obligations to operate this medical practice properly. We are required by law to maintain the privacy of protected health information and to provide individuals with notice of our legal duties and privacy practices with respect to protected health information. This notice describes how we may use and disclose your medical information. It also describes your rights and our legal obligations with respect to your medical information. If you have any questions about this Notice, please contact our Privacy Officer at the number listed above.
How this Medical Practice May Use or Disclose Your Health Information
Treatment. We may use or disclose your PHI in order to provide your medical care. For example, we disclose medical information to our employees and others within the medical practice who are involved in providing the care you need. In addition, we may share your medical information with other physicians or other health care providers who are not part of the medical practice and who will provide services to you. Or, we may share this information with a pharmacist who needs it to dispense a prescription to you, or a laboratory that performs a test.
Payment. We may use and disclose PHI to obtain payment for the services we provide. For example, we might send PHI to your insurance company if required to obtain payment for services that we provide to you.
Appointment Reminders. We will use the cell, home, work numbers and email that you provide to us in order to make or confirm your appointments. Unless you request otherwise, our staff will leave messages at these numbers with either appointment information or requests to contact us. We may also contact you to discuss your treatment, treatment alternatives or other health-related benefits or services we offer that may be of interest to you.
Health Care Operations. We may use and disclose your PHI as needed to operate this medical practice. For example, we may use and disclose this information to review and improve the quality of care we provide, or the competence and qualifications of our professional staff. We may also use and disclose this information as necessary for medical reviews, legal services and audits (including fraud and abuse detection and compliance programs) and business planning and management. Under HIPAA, we may share your PHI with our “business associates” that perform administrative or other services for us. An example of a business associate is our billing services company. We have a written contract with each of these business associates that contains terms requiring them to protect the confidentiality of your PHI.
Notification and Communication with Family. We may disclose to a family member, your personal representative or another person responsible for your care, the PHI directly relevant to that person’s involvement in your care or about your location, your general condition or death. In the event of an emergency, we may disclose information to public service organizations to facilitate your care. We may also disclose information to someone who is involved with your care or helps pay for your care. If you are able and available to agree or object, we will give you the opportunity to object prior to making these disclosures, although we may disclose this information in a disaster even over your objection if we believe it is necessary to respond to the emergency circumstances. If you are unable or unavailable to agree or object, our health professionals will use their best judgment in communication with your family and others.
Required by Law. As required by law, we will use and disclose your PHI, but we will limit our use or disclosure to the relevant requirements of the law. For example, we may use or disclose PHI when the law requires us to report abuse, neglect or domestic violence, respond to judicial or administrative proceedings, respond to law enforcement officials or report information about deceased patients.
Public Health. We may, and are sometimes required by law to disclose your health information to public health authorities for public health activities such as: preventing or controlling disease, injury or disability; reporting child, elder or dependent adult abuse or neglect; and reporting to the Food and Drug Administration problems with products and reactions to medications.
Health Oversight Activities. We may, and are sometimes required by law to disclose your health information to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by federal and state law.
Judicial and Administrative Proceedings. We may, and are sometimes required by law, to disclose your PHI in the course of an administrative or judicial proceeding to the extent expressly authorized by a court or administrative order. We may also disclose information about you in response to a subpoena, discovery request or other lawful process if reasonable efforts have been made to notify you of the request and you have not objected, or if your objections have been resolved by a court or administrative order.
Law Enforcement. To the extent authorized or required by law, we may disclose your PHI to a law enforcement official for purposes such as complying with a court order, warrant, grand jury subpoena and other law enforcement purposes. If you are an inmate of a correctional institution or under the custody of law enforcement, we may release PHI about you to the correctional institution as authorized or required by law.
Public Safety/National Security/Protective Services. We may, and are sometimes required by law, to disclose your PHI to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a reasonably foreseeable victim or victims and for other public safety purposes. Moreover, as authorized or required by law, we may disclose your PHI for national security or intelligence purposes or to authorized federal officials so they can provide protection to the President or other authorized persons or foreign heads of state.
Worker’s Compensation. We may disclose your health information as necessary to comply with worker’s compensation laws.
Minors. If you are an unemancipated minor under law, there may be circumstances in which we disclose health information about you to a parent, guardian, or other person acting in loco parentis, in accordance with our legal and ethical responsibilities.
Sale of PHI. We are prohibited from disclosing your PHI in exchange for direct or indirect remuneration unless we have obtained your prior authorization to do so.
Marketing. We must obtain your authorization before using or disclosing your PHI for marketing communications that involve financial remuneration. The authorization must disclose the fact that we are receiving financial remuneration from a third party.
With Authorization. The following uses and disclosures will be made only with your written authorization: (i) most uses and disclosures of psychotherapy notes which are separated from the rest of your medical record; (ii) most uses and disclosures of PHI for marketing purposes, including subsidized treatment communications; (iii) disclosures that constitute a sale of PHI; and (iv) other uses and disclosures not described in this Notice of Privacy Practices.
When This Medical Practice May Not Use or Disclose Your Health Information
Right to Request Special Privacy Protections. You have the right to request restrictions on certain uses and disclosures of your health information, by a written request specifying what information you want to limit, what limitations on our use or disclosure of that information you wish to have imposed and to whom the limits should apply. We reserve the right to accept or reject your request, unless you paid in full out of pocket for a healthcare item or service and you request that we do not notify your health plan that you have obtained such items or services. In that case, we must comply with your request. To the extent we have the right to accept or reject your request, we will notify you of our decision.
Right to Request Confidential Communications. You have the right to request that you receive your health information in a specific way or at a specific location. For example, you may ask that we send information to a post office box or to your work address. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications.
Right to Inspect and Copy. You have the right to inspect and copy your health information, with limited exceptions. To access your medical information, you must submit a written request detailing what information you want access to and whether you want to inspect it or get a copy of it. We will charge a reasonable fee, as allowed by law. We may deny your request under limited circumstances. In such an event, we will notify you in writing of the reason for the denial, whether you have the opportunity to have the denial reviewed and if so, the process for reviewing the denial. In most cases, there is an opportunity to review the denial. We will comply with the outcome of the review.
Right to Amend or Supplement. You have a right to request that we amend your health information that you believe is incorrect or incomplete. You must make a request to amend in writing, and include the reasons you believe the information is inaccurate or incomplete. We are not required to change your health information, and will provide you with information about this medical practice’s denial and how you can disagree with the denial. We may deny your request if we do not have the information, if we did not create the information (unless the person or entity that created the information is no longer available to make the amendment), if you would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. You also have the right to request that we add to your record a statement of up to 250 words concerning any statement or item you believe to be incomplete or incorrect.
Right to an Accounting of Disclosures. You have a right to receive an accounting of certain disclosures of your health information made by this medical practice for a period of up to six years. For example, we are not required to provide you with an accounting of disclosures made to you, for treatment purposes, made with your authorization and for certain other purposes. To obtain an accounting of disclosures, you must submit your request in writing. You are entitled to one accounting within any 12-month period. If you request a second accounting in a 12-month period, we may assess a reasonable fee.
Right to an Electronic Copy of Electronic Medical Records. If your PHI is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. We will make every effort to provide access to your PHI in the form or format you request, if it is readily producible in such form or format. If the PHI is not readily producible in the form or format you request, your record will be provided in either our standard electronic format or if you do not want this form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record.
Right to Get Notice of a Breach. You have the right to be notified upon a breach of any of your unsecured PHI.
Paper Copy. You have a right to a paper copy of this Notice of Privacy Practices. You may ask us to give you a copy of this Notice of Privacy Practices at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
Except as described in this Notice of Privacy Practices, this medical practice will not use or disclose PHI without your written authorization. If you do authorize this medical practice to use or disclose your PHI, you may revoke your authorization in writing at any time.
Your Health Information Rights
If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, contact us at firstname.lastname@example.org.
Changes to this Notice of Privacy Practices
We reserve the right to amend this Notice of Privacy Practices at any time in the future. Until such amendment is made, we are required by law to comply with this Notice of Privacy Practices. After an amendment is made, the revised Notice of Privacy Practices will apply to all protected health information that we maintain, regardless of when it was created or received. We will also post the current Notice of Privacy Practices on our website.
Complaints about this Notice of Privacy Practices or how this medical practice handles your health information should be directed to email@example.com. You will not be penalized for filing a complaint.
If you are not satisfied with the manner in which this office handles a complaint, you may submit a formal complaint to:
Department of Health and Human Services Office of Civil Rights
Hubert H. Humphrey Bldg.
200 Independence Avenue, S.W. Room 509F HHH Building Washington, DC 20201