NOTICE OF PRIVACY PRACTICES

It is the policy of this medical practice that our employees comply with our Notice of Privacy Practices, which is consistent with HIPAA and California law.

Our Notice of Privacy Practices is provided to all our patients at the first patient encounter if possible. It is also posted in our waiting room area, and copies are available for distribution at our reception desk.

How This Medical Practice May Use or Disclose Health Information

This medical practice collects medical and related identifiable patient information (such as billing information, claims information, referral and health plan information) and stores it in a chart, in administrative or billing files and on a computer. This information is considered “protected health information” under the HIPAA Privacy Rule. The law permits us to use or disclose health information for the following purposes without the patient's written authorization:

1. Treatment - We use medical information to provide medical care. We disclose medical information to our employees and others who are involved in providing the care our patients need. For example, we may share medical information with other physicians or other health care providers who will provide services which we do not provide. Or we may share this information with a pharmacist who needs it to dispense a prescription, or a laboratory that performs a test. We may also disclose medical information to members of patients' families or others who can help them when they are sick or injured.

2. Payment - We use and disclose medical information to obtain payment for the services we provide. For example, we give health plans the information they require before they will pay us. We may also disclose information to other health providers to assist them in obtaining payment for services they have provided to our patients.

3. Health Care Operations - We may use and disclose medical information to operate this medical practice. For example, we may use and disclose this information to review and improve the quality of care we provide, or the competence and qualifications of our professional staff. Or we may use and disclose this information to get health plans to authorize services or referrals. We may also use and disclose this information as necessary for medical reviews, legal services and audits, including fraud and abuse detection and compliance programs and business planning and management. We may also share medical information with our "business associates," such as our billing service, that perform administrative services for us. We have a written contract with each of these business associates that contains terms requiring them to protect the confidentiality of this medical information. Although federal law does not protect health information which is disclosed to someone other than another healthcare provider, health plan or healthcare clearinghouse, under California law all recipients of health care information are prohibited from re-disclosing it except as specifically required or permitted by law. We may also share health information with other health care providers, health care clearinghouses or health plans that have a relationship with one of our patients, when they request this information to help them with their quality assessment and improvement activities, their efforts to improve health or reduce health care costs, their review of competence, qualifications and performance of health care professionals, their training programs, their accreditation, certification or licensing activities, or their health care fraud and abuse detection and compliance efforts. From time to time, we may share health information with our professional liability carrier for our defense or their ongoing quality review of our medical practice. We may also share medical information with all other health care providers, health care clearinghouses and health plans who participate in the organized health care arrangements in which we participate for any health care operations activities of these organized health care arrangements. Our Privacy Official, maintains a current list of the arrangements, which include among others all relevant hospitals, IPAS, and health plans in which this medical practice participates.

4. Appointment Reminders - We may use and disclose medical information to contact and remind our patients about appointments.

5. Sign-in sheet - We may use and disclose medical information about our patients by having them sign in when they arrive at our office. We may also call out their names when we are ready to see them.

6. Notification and communication with family - We may disclose our patient's health information to notify or assist in notifying family members, personal representatives or other persons responsible for their care about their location, general condition or in the event of death. In the event of a disaster, we may disclose information to a relief organization so that they may coordinate these notification efforts. We may also disclose information to someone who is involved with our patient's care or helps pay for care. If our patient is able and available to agree or object, we will give the patient the opportunity to object prior to making these disclosures, although we may disclose this information in a disaster even over the patient's objection if we believe it is necessary to respond to the emergency circumstances. If our patient is unable or unavailable to agree or object, our health professionals will use their best judgment in communication with the patient's family and others.

7. Cast Room - We may disclose the patient's medical information in the cast room in our office as it is a medical room with several patients receiving care at one time. We will do our best to protect the patient's medical information to the best of our ability.

8. Marketing - We may contact our patients to give them information about products or services related to their treatment, case management or care coordination, or to direct or recommend other treatments or health-related benefits and services that may be of interest to them, or to provide them with small gifts. We may also encourage them to purchase a product or service we offer when we see them. We will not otherwise use or disclose our patient's medical information for marketing purposes without their written authorization.

9. Required by law - As required by law, we will use and disclose our patient's health information, but we will limit our use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will further comply with the requirements set forth below concerning those activities.

10. Public Health - We may, and are sometimes required by law, to disclose our patient's health information to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child, elder or dependent adult abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure. When we report suspected elder or dependent adult abuse or domestic violence, we will inform our patients or their personal representatives promptly unless in our best professional judgment, we believe the notification would place a patient at risk of serious harm or would require informing a personal representative we believe is responsible for the abuse or harm.

11. Health oversight activities - We may, and are sometimes required by law, to disclose our patients' health information to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by federal and California law.

12. Judicial and administrative proceedings - We may, and are sometimes required by law, to disclose our patients' health information in the course of any administrative or judicial proceeding to the extent expressly authorized by a court or administrative order. We may also disclose information about our patients in response to a subpoena, discovery request or other lawful process if reasonable efforts have been made to notify them of the request and they have not objected, or if their objections have been resolved by a court or administrative order.

13. Law enforcement - We may, and are sometimes required by law, to disclose our patients' health information to a law enforcement official for purposes such as identifying or locating a suspect, fugitive, material witness or missing person, complying with a court order, warrant, grand jury subpoena and other law enforcement purposes.

14. Coroners - We may, and are often required by law, to disclose our patients' health information to coroners in connection with their investigation of deaths.

15. Organ or tissue donation - We may disclose our patients' health information to organizations involved in procuring, banking or transplanting organs and tissues.

16. Public safety - We may, and are sometimes required by law, to disclose our patients' health information to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.

17. Specialized government functions - We may disclose our patients' health information for military or national security purposes or to correctional institutions or law enforcement officers that have the patient in their lawful custody.

18. Workers' compensation - We may disclose our patients' health information as necessary to comply with workers' compensation laws. For example, to the extent our patients' care is covered by workers' compensation, we will make periodic reports to their employers about their conditions. We are also required by law to report cases of occupational injury or occupational illness to the employer or workers' compensation insurer.

19. Other disclosures specified in our Notice of Privacy Practices - We may disclose our patients' health information as otherwise described in our Notice of Privacy Practices.

When This Medical Practice May Not Use or
Disclose Health Information

Except as described in our Notice of Privacy Practices, this medical practice will not use or disclose health information which identifies individual patients without their written authorization. If a patient authorizes this medical information for another purpose, the patient may revoke the authorization in writing at any time.

Our Patients' Health Information Rights

1. Right to Request Special Privacy Protections - Our patients have the right to request restrictions on certain uses and disclosures of their health information, by a written request specifying what information they want to limit and what limitations on our use or disclosure of that information they wish to have imposed. We reserve the right to accept or reject these requests, and will notify each patient of our decision.

2. Right to Request Confidential Communications Our patients have the right to request that they receive their health information in a specific way or at a specific location. For example, they may ask that we send information to a particular e-mail account or to their work address. We will comply with all reasonable requests submitted in writing which specify how or where they wish to receive these communications.

3. Right to Inspect and Copy - Our patients have the right to inspect and copy their health information, with limited exceptions. To access their medical information, they must submit a written request detailing what information they want access to and whether they want to inspect it or get a copy of it. We will respond to every written request within the time period required by California and federal law. We may deny their request under limited circumstances. If we deny their request to access their child's records or the records of an incapacitated adult they are representing because we believe allowing access would be reasonably likely to cause substantial harm to the patient, they will have a right to appeal our decision. If we deny our patient's request to access his or her psychotherapy notes, the patient will have the right to have them transferred to another mental health professional.

4. Right to Amend or Supplement - Our patients have a right to request that we amend their health information that they believe is incorrect or incomplete. Our patients must make a request to amend in writing, and include the reasons they believe the information is inaccurate or incomplete. We are not required to change their health information, and if we refuse, we will provide them with information about this medical practice's denial and how they can disagree with the denial. We may deny their request if we do not have the information, if we did not create the information (unless the person or entity that created the information is no longer available to make the amendment), if they would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. Our patients also have the right to request that we add to their record a statement of up to 250 words concerning any statement or item they believe to be incomplete or incorrect.

5. Right to an Accounting of Disclosures - Our patients have a right to receive an accounting of disclosures of their health information made by this medical practice, except that this medical practice does not to have to account for the disclosures provided to them or pursuant to their written authorization, or as described in paragraphs I (treatment), II (payments), III (health care operations), VI (notification and communication with family), and XVI (specialized government functions) above, or disclosures for purposes of research or public health which exclude direct patient identifiers, or which are incident to a use or disclosure otherwise permitted or authorized by law, or the disclosures to a health oversight agency or law enforcement official to the extent this medical practice has received notice from that agency or official that providing this accounting would be reasonably likely to impede their activities.

6. Right to a Paper Copy of Notice of Privacy Practices - Our patients have a right to a paper copy of this Notice of Privacy Practices, even if they have previously requested its receipt by e-mail.

Assigning Privacy and Security Responsibilities

Our Privacy Official is Jeffrey D. Gross, M.D. The Privacy Official maintains a current list of all employees that have specific HIPAA responsibilities.

Minimum Necessary Use and
Disclosure of Protected Health Information

It is the policy of this medical practice that for all routine and recurring uses and disclosures of PHI (except for uses or disclosures made 1) for treatment purposes, 2) to or as authorized by the patient or 3) as required by law for HIPAA compliance such uses and disclosures of protected health information) must be limited to the minimum amount of information needed to accomplish the purpose of the use or disclosure. It is also the policy of this medical practice that non-routine uses and disclosures will be handled pursuant to established criteria. It is also the policy of this organization that all requests for protected health information (except as specified above) must be limited to the minimum amount of information be verified before such access is granted.

Verification of Identity

It is the policy of this medical practice that the identity of all persons who request access to protected health information be verified before such access is granted.

SafeguardsThis medical practice uses appropriate and reasonable administrative, technical and physical safeguards for all health information. Each member of our workforce has an obligation to protect this information. This includes keeping doors properly locked, keeping computer passwords secret and speaking softly when discussing medical information with an individual. Each employee must immediately correct any safeguard breach. For example, charts should not be left exposed in areas that patients pass by, repair personnel should always be accompanied through the office and fax transmissions picked up frequently from the fax machine.

Mitigation

This medical practice mitigates the effects of any authorized use of disclosure of protected health information to the extent possible.

Complaints

Complaints about our Notice of Privacy Practices or how this medical practice handles health information should be directed to our Privacy Official.

The medical practice investigates and resolves all complaints relating to the protection of health information.

No Retaliation or Intimidation

It is the policy of this medical practice that no employee or contractor may engage in any intimidating or retaliatory acts against persons who file complaints or otherwise exercise their rights under HIPAA regulations. It is also the policy of this organization that no employee or contractor may condition treatment, payment, enrollment or eligibility for benefits on the provision of an authorization to disclose protected health information except as expressly authorized under the regulations.

Special Circumstances

Psychotherapy Notes - It is the policy to require an authorization for any use or disclosure of psychotherapy notes, as defined in the HIPAA regulations, except for treatment, payment or health care operations as follows:

  • Use by originator for treatment;
  • Use for training physicians or other mental health professionals as authorized by the regulations;
  • Use or disclosure in defense of a legal action brought by the individual whose records are in issue;
  • Use or disclosures as required by law or as authorized by law or as authorized by law to enable health oversight agencies to oversee the originator of the psychotherapy notes.

Deceased individuals - It is the policy of this medical practice that privacy protections extend to information concerning deceased individuals.

Training and Awareness of
Changes in Our Privacy Practices

It is the policy of this medical practice that we will train our employees should any of our policies or procedures related to the HIPAA Privacy and Security Rule materially change. This training will be provided within a reasonable time.

It is the policy of this medical practice to remain current in our compliance program with HIPAA regulations.

Sanctions

It is the policy of this medical practice that employees will face discipline if they intentionally or unintentionally violate any of these policies or any procedures related to the fulfillment of these policies. Such sanctions will be recorded in the employees personnel file.

Cooperation with Privacy Oversight Authorities

It is the policy of this medical practice that oversight agencies such as the Office for Civil Rights of the Department of Health and Human Services be given full support and cooperation in their efforts to ensure the protection of health information within this organization. It is also the policy of this organization that all personnel must cooperate fully with all privacy compliance reviews and investigations.

It is the policy of this medical practice that an employee will not suffer any retaliation for participating in these investigations or for opposing any activity which I believe in good faith violates the HIPAA Privacy Rules.

Copyright © 2010 Jeffrey D. Gross, MD | Last Update: June 16, 2010 | Disclaimer