The Department of Health and Human Services, Office of Civil Rights, under the Public Law 104-191, (The Health Insurance Portability and Accountability Act of 1996) (HIPAA), mandates that we issue this new revised Privacy Notice to our patients. This notice to our patients meets all current requirements as it relates to Standards for Privacy of Individually Identifiable Health Information IIHI); affecting our patients. You are urged to read this notice.
Our Privacy Notice informs you of our use and disclosure of your Protected Health Information (PHI), defined as: “any information, whether oral or recorded in any form or medium, that is created or received by a covered entity, that relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual that identifies the individual or, with respect to which there is reasonable basis to believe that the information can be used to identify the individual.”
Our office will use or disclose your PHI for purposes of treatment, payment and other healthcare operations. It is our policy to control access to your PHI to only those who have a need to know; and even in cases where access is permitted; we exercise a “minimum necessary information” restriction to that access.
An Authorization differs from a Privacy Notice in that it is very specific with respect to the information allowed to be disclosed or used, the entity to which the information may be disclosed, the intent for which it may be disclosed, and the time frame of the authorization and used only for one specific request for information. In the event of a non-healthcare related request for personal health information this office will insist that the requestor have you complete an Authorization Form.
You, as our patient, may restrict the use or disclosure of an Authorization at any time and all use and disclosure and administration of related healthcare services will be revised accordingly, with the exception of matters already in process as a result of prior use of your PHI. To revoke an Authorization you must provide this office with a written request with your signature and date and provide instructions regarding the existing Authorization or consent. Any revocation will not apply to information already used or disclosed. If you had a “personal representative” initiate as Authorization you may revoke that authorization at any time.
You may request to examine your healthcare information, may request copies of your information, and may request amendments to your information. The physician or principal will exercise professional judgment with regard to requests for amendments and by law may reject the request. If we agree with the request to amend the information, we will abide by the changes.
In limited circumstances, The Privacy Standard permits, but does not require, covered entities to continue certain existing disclosures of health information without individual authorization for specific public responsibilities. These permitted disclosures include: identification of the body of a deceased person, or to assist in determining the cause of death; public health needs; research, generally limited to when a waiver of authorization is independently approved by a privacy board or Institutional Review Board; oversight of the health care system; judicial and administrative proceedings; limited law enforcement activities; and activities related to national defense and security.
There are specific state laws that require the disclosure of health care information related to communicable diseases like Hepatitis C, and AIDS. Where the state laws are more stringent than HIPAA Privacy Standard, the state laws will prevail.
All of these disclosures could occur previously under former laws and regulations however; The Privacy Standard establishes new safeguards and limits. If there is no other law requiring that your information be disclosed, we will use our professional judgments to decide whether to disclose any information, reflecting our own policies and ethical principals.
On occasion we may furnish your PHI to a third party. This could be an insurance company for the purpose of payment or another health care provider for further treatment or additional services. Although we will institute a “chain of trust” contract with our business associates’, we cannot absolutely guarantee that they will not use or disclose your PHI in such a way that is not permitted by the HIPAA Privacy Standard.
It is our practice to retain information about non-healthcare related requests for your health care information for a period of six years.
The law requires us to obtain your signature on this Privacy Notice to indicate only that you have received it. It is the law that your rights are communicated in this manner.
In complying with the Privacy Standard, we have appointed a Privacy Officer, trained our Privacy Officer and the staff in the law, and implemented policies to protect your PHI. We have instituted privacy and security processes to guard and protect your IIHI. This office is taking and continues to monitor and improve steps for the protection of your information and to remain in compliant with the law.