THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, HOW YOU CAN GET ACCESS TO THIS INFORMATION, YOUR RIGHTS CONCERNING YOUR HEALTH INFORMATION AND OUR RESPONSIBILITIES TO PROTECT YOUR HEALTH INFORMATION.
PLEASE REVIEW THIS DOCUMENT CAREFULLY.
State and Federal laws require us to maintain the privacy of your health information and to inform you about our privacy practices by providing you with this Notice. We are required to abide by the terms of this Notice of Privacy Practices. This Notice is effective as of April 1, 2014 and will remain in effect until it is amended or replaced by us.
We reserve the right to change our privacy practices provided law permits the changes. Before we make a significant change, this Notice will be amended to reflect the changes and we will make the new Notice available upon request. We reserve the right to make any changes in our privacy practices and the new terms of our Notice effective for all health information maintained, created and/or received by us before the date changes were made.
You may request a copy of our Privacy Notice at any time by contacting our Privacy Officer. Information on contacting us can be found at the beginning and end of this Notice.
We will keep your health information confidential, using it only for the following purposes
While we are providing you with administrative access to health care services, we may share your protected health information (PHI) including electronic protected health information (ePHI) with other health care providers, business associates and their subcontractors or individuals who are involved in your treatment, billing, administrative support or data analysis. These business associates and subcontractors through signed contracts are required by Federal law to protect your health information. We have established “minimum necessary” or “need to know” standards that limit various staff members’ access to your health information according to their primary job functions. Everyone on our staff is required to sign a confidentiality statement.
We may use and disclose your health information to seek payment for services we provide to you. This disclosure involves our business office staff and may include insurance organizations, collections or other third parties that may be responsible for such costs, such as family members.
We may disclose and/or share protected health information (PHI) including electronic disclosure with other health care professionals who provide treatment and/or service to you. These professionals will have a privacy and confidentiality policy like this one. Health information about you may also be disclosed to your family, friends and/or other persons you choose to involve in your care, only if you agree that we may do so. Uses and disclosures not described in this notice will be made only with your signed authorization.
Right to an Accounting of Disclosures:
You have the right to request an “accounting of disclosures” of your protected information if the disclosure was made for purposes other than providing services, payment, and or business operations. In light of the increasing use of Electronic Medical Record technology (EMR), the HITECH Act allows you the right to request a copy of your health information in electronic form if we store your information electronically. If for some reason we aren’t capable of an electronic format, a readable hardcopy will be provided. To request this list or accounting of disclosures, you must submit your request in writing to our Privacy Officer. We may charge for copying and/or the staff time, including the time required to locate and copy your health information. Please contact our Privacy Officer for an explanation of our fee structure.
Right to Request Restriction of PHI:
Effective March 26, 2013, The Omnibus Rule restricts provider’s refusal of an individual’s request not to disclose PHI.
We may use or disclose your health information to notify or assist in the notification of a family member or anyone responsible for your care, in case of any emergency involving your care, your location, your general condition or death. If at all possible, we will provide you with an opportunity to object to this use or disclosure. Under emergency conditions or if you are incapacitated, we will use our professional judgment to disclose only that information directly relevant to your care.
We will use and disclose your health information to keep our practice operable. Examples of personnel who may have access to this information include, but are not limited to, our care coordination staff, medical records, insurance operations, health care clearinghouses, portable diagnostic providers, physicians contracted with EZaccessMD and other individuals performing similar activities.
Required by Law:
We may use or disclose your health information when we are required to do so by law. (Court or administrative orders, subpoena, discovery request or other lawful process.)
We will use and disclose your information when requested by national security, intelligence and other State and Federal officials
and/or if you are an inmate or otherwise under the custody of law enforcement.
The health information of Armed Forces personnel may be disclosed to military authorities under certain circumstances if the information is required for lawful intelligence, counterintelligence or other national security activities, we may disclose it to authorized federal officials.
Abuse or Neglect:
We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, or domestic violence or the possible victim of other crimes. This information will be disclosed only to the extent necessary to prevent a serious threat to your health or safety or that of others.
Public Health Responsibilities:
We may disclose your health care information to report problems with products, reactions to medications, product recalls, disease/infection exposure and to prevent and control disease, injury and/or disability.
Marketing Health-Related Services:
We will not use your health information for marketing purposes unless we have your written authorization to do so. Effective March 26, 2013, we are required to obtain an authorization for marketing purposes if communication about a product or service is provided and we receive financial remuneration (getting paid in exchange for making the communication). No authorization is required if communication is made face-to-face or for promotional gifts.
We may use certain information (name, address, telephone number or e-mail information, age, date of birth, gender, health insurance status, dates of service, department of service information, treating physician information or outcome information) to contact you for the purpose of raising money and you will have the right to opt out of receiving such communications with each solicitation. Effective March 26, 2013, PHI that requires a written patient authorization prior to fundraising communication include diagnosis, nature of services and treatment. If you have elected to opt out, we are prohibited from making fundraising communication under the HIPAA Privacy Rule.
Sale of PHI:
We are prohibited to disclose PHI without an authorization if it constitutes remuneration (getting paid in exchange for the PHI). “Sale of PHI” does not include disclosures for public health, certain research purposes, treatment and payment, and for any other purpose permitted by the Privacy Rule, where the only remuneration received is “a reasonable cost-based fee” to cover the cost to prepare and transmit the PHI for such purpose or a fee otherwise expressly permitted by law. Corporate transactions (i.e., sale, transfer, merger, consolidation) are also excluded from the definition of “sale.”
We may use your health records to remind you of recommended services, treatment or scheduled appointments.
Upon request, you have the right to obtain the information of all parties involved in your care (and that of an individual or whom you are a legal guardian). EZaccessMD will provide the contact information of the agency who rendered care to you at the time of interest. Medical records requests and releases must be handled through the medical service provider. No medical exam information shall be stored at EZaccessMD.
You have the right to amend your healthcare information, if you feel it is inaccurate or incomplete. Your request must be in writing and must include an explanation of why the information should be amended. Under certain circumstances, your request may be denied.
Breach Notification Requirements:
It is presumed that any acquisition, access, use or disclosure of PHI not permitted under HIPAA regulations is a breach. We are required to complete a risk assessment, and if necessary, inform HHS and take any other steps required by law. You will be notified of the situation and any steps you should take to protect yourself against harm due to the breach.
QUESTIONS AND COMPLAINTS
You have the right to file a complaint with us if you feel we have not complied with our Privacy Policies. Your complaint should be directed to our Privacy Officer. If you feel we may have violated your privacy rights, or if you disagree with a decision, we made regarding your access to your health information, you can complain to us in writing. Request a Complaint Form from our Privacy Officer. We support your right to the privacy of your information and will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.