HIPPA INFORMATION
What Patient Information is Protected?
The federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs the use and disclosure of individually identifiable health information, referred to as Protected Health Information or PHI, by health care providers. PHI includes a patient’s physical or mental health condition, the nature and extent of health care provided to such patient, and payment-related information with respect to health care provided to the patient. A patient’s name, date of birth, address, and social security number as PHI. By contrast, PHI does not include health information that neither identifies, nor provides a reasonable basis to identify, an individual.
How Do We Use and Disclose Your PHI?
We may use and disclose your PHI, without your prior authorization, in the course of our treatment, payment and health care activities. Such activities include the following:
- Treatment. We typically will keep a written and/or electronic record of the specific health care treatment services (including surgical procedures, post-operative recovery and rehab, physical therapy and instructions for home exercise) that we provide to you. This record may also include information concerning your treatment and test results, response to rehab and therapy, medications, diagnosis and any recommended additional treatment or procedures. We may disclose such treatment-related PHI about you, without your prior authorization, to health care professionals and other members of our staff, as well as to outside labs and pharmacies, to the extent needed to ensure safe, appropriate and quality care for you. For example, we may disclose, without your prior authorization, some portion of your PHI to a pharmacy or to a physician (who may be at a separate practice or on staff at a hospital) for purposes of consulting on the best course of treatment for you.
- Payment. We may disclose your PHI, without your prior authorization, to your insurance company or other health plan company for the purpose of obtaining payment or reimbursement for services we have provided to you or to assist your insurance company or other health plan company determine your eligibility for coverage or benefits. In addition, to ensure that our bills to you are accurate, we keep track of the treatment, services and supplies we have provided to you.
- Health care operations. We may use your PHI, without your prior authorization, for our internal health care operations, including assessing the quality of our treatment and other services, training and evaluating our staff, engaging in short-term and long-term planning for our practice, and improving our customer service.
Additional Disclosures of PHI Required By Law
We may also use and disclose your PHI, without your prior authorization, in the following circumstances:
- To comply with a federal, state or local law that requires such disclosure.
- To comply with an order issued by a tribunal in a judicial or administrative proceeding.
- To assist a public health authority that is authorized by law to collect such information for preventing, responding to or controlling disease, injury or other harm to public health.
- To assist a public health authority or equipment manufacturer assess the performance of medical devices.
- To notify government authorities authorized to receive reports of abuse, neglect or domestic violence.
- To report information to governmental health oversight agencies engaged in audits or investigations of the health care system and government benefit programs.
- To provide information to law enforcement officials for certain law enforcement purposes.
- To help prevent serious threat to the health or safety of a person or the public.
- To assist coroners, funeral directors or medical examiners identify a deceased person, determine the cause of death and perform other functions authorized by law.
- To facilitate organ or tissue donation and transplantation.
- To inform workers’ compensation carriers or your employer if you are injured at work.
All other disclosures of your PHI not otherwise identified in this Privacy Policy may be permitted only with your written authorization. In addition, note that you are free to revoke your authorization at any time, but such revocation will not have retroactive effect.
Minimizing the Disclosure of Your PHI
We follow the “minimum necessary” principle of HIPAA. That is, to the extent the use and disclosure of your PHI is authorized in one of the circumstances listed above, we will make reasonable efforts to use and disclose only the minimum amount of PHI that is needed to accomplish the intended purpose of the use or disclosure.
Our Responsibilities Concerning Your PHI
We are required by law to:
- Maintain the privacy and confidentiality of your PHI.
- Comply with this Privacy Policy and with our legal obligation to protect your privacy.
- Obtain your written authorization before disclosing your PHI, except in the circumstances listed in this Privacy Policy in which such authorization is not required.
- Provide you with a copy of this Privacy Policy.
- Notify you of changes to this Privacy Policy.
- Provide you a way to address a complaint you may have regarding violation of your privacy (see below).
- Ensure that all of our employees, volunteers and staff receive training regarding the requirements of this Privacy Policy, as necessary and appropriate for them to carry out their functions.
- Have and apply appropriate sanctions against an employee, volunteer or staff member who violates this Privacy Policy.
What Are Your Rights Under This Privacy Policy?
Under this Privacy Policy and applicable law, you have the right to:
- Inspect and copy records containing your PHI, except in certain limited situations (for example, if a health care professional determines access to PHI could cause harm to you or another individual).
- Request that we amend your PHI if you have reason to believe our records are inaccurate or incomplete.
- Receive an accounting of disclosures of your PHI that we may have made during the prior six years of your request, although such accounting is not required for disclosures we have made for treatment, payment or health care operations or for certain other purposes.
- Decline authorization for us to disclose your PHI, except in those situations where such authorization is not required as noted above.
- Obtain a copy of this Privacy Policy.
- Be protected against the unauthorized disclosure of your PHI in a manner that is contrary to law or this Privacy Policy.
- Submit a complaint to this office or to the HHS regarding potential violations of your privacy.
- Request that we communicate with you regarding your PHI using only a certain telephone number, mailing address or email address.
- Request that we limit which family members or other individuals with which we communicate regarding your PHI.
What If I Have a Complaint Regarding My PHI or Privacy Rights?
If you feel that your privacy rights have been violated or that we have not complied with this Privacy Policy, you may submit a complaint to us and/or to the U.S. Department of Health and Human Services (HHS). We will not retaliate against you for exercising this right in good faith to submit a complaint or for exercising any right you have under this Privacy Policy or applicable law.
To submit a complaint with us or to receive more information regarding your privacy rights, you should contact us by phone at the main number provided or by email at [email protected].
To file a complaint with the Dept. of HHS, write to Secretary of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20001 or call 1-877-696-6775 or file online at https://www.hhs.gov/hipaa/filing-a-complaint/complaint-process/index.html