This practice is obligated to comply with current and future regulations and guidelines of the Health Insurance Portability and Accountability Act (HIPAA). In fulfilling our obligations, the following guidelines are established for our performance as it relates to the patients’ Protected Health Information (PHI), and the patient’s rights.
Uses and Disclosures
Our Practice must provide patients with a description and example of the uses and disclosures that the Practice is permitted to make for the purpose of treatment, payment, and health care services. Patient Charts are respectfully documented.
Our Practice must secure the patient’s or responsible party’s concern for the use of the PHI for the purpose of treatment, which includes the direct provision of treatment as well as the coordination and management of health and related services.
Our practice must secure the patient’s or responsible party’s consent for the use and disclosure of PHI to obtain payment for services performed.
Health Care Operations
Our Practice will use and disclose the minimum necessary authorized PHI in the business management of the practice.
Requirements by Law
Our Practice will use and disclose authorized PHI only to the extent required by law.
Public Health and Protection Activities
Our Practice will use and disclose the minimum necessary amount of PHI only to the extent as required by law.
Public Health And Protection Activities
Our Practice will use and disclose the minimum necessary of the amount of PHI to appropriate public health authorities and legal agencies, including entities that are responsible for preventing or controlling disease, injury, child/custodial abuse and neglect, abuse/neglect/domestic violence, or death of a deceased person.
Our Practice will use and disclose authorized PHI as may be legally mandated in the compliance process of activities as audits, judicial or administrative proceedings, law enforcement, compliance with laws related to workers’ compensation programs, or U.S. Department of Health and Human Services’ determination of our practice’s compliance with HIPPA privacy regulations.
Our Practice will use and disclose authorized PHI as may be required for military and veterans activities, national security and intelligence activities, or correctional institution or law enforcement activities.
Our Practice will use and disclose authorized PHI as may be required to prevent or reduce serious and imminent threat to the health or safety of a person, the public, or other specific circumstances.
Except as may be specifically directed by the patient, our Practice will use and disclose the patient’s name and general terms of condition in the maintenance of a directory of patients in the office.
Friend, Family and Personal Representatives
Our Practice will use and disclose authorized PHI as may be directly relevant to the authorized involvement of a family member, other relative, a close personal friend, or someone identified by the patient. The authorized involvement may be relative to the patient’s general condition, treatment, payment for services, location, or death. The involvement may be further expanded without the patients’ authorization in related cases of emergency where the practice must exercise professional judgment to evaluate whether the use and disclosure of PHI is in the patient’s best interest.
Our Practice will use and disclose authorized PHI to a business associate or allow the business to create or receive your PHI on our behalf only if the business associate has agreed in writing to appropriately safeguard the information.
Our Practice will use and disclose authorized PHI when contacting the patient or authorized individual to confirm appointments or provide information about the treatment or related services.
Our Practice will obtain the patient’s written authorization if the Practice would like to use the patient’s PHI for marketing purposes. The patient will have the right to revoke any marketing authorization in writing.
Patient’s Rights to Records
Our Practice extends the right to patients to obtain copies of their PHI that is maintained by our Practice. A written request must be submitted by the patient to the Privacy Practice Director. Our Practice will act within 30 days to provide copies. If additional time is required due to accessibility of the records, the patient will be informed in writing that up to an additional 60 days may be required to access the records. If further time is required, the Practice will inform the patient in writing and establish a reasonable projected timetable for providing the records.
Denial of Patient Access to Records
Our Practice can deny the patient access to all or part of the patients’ PHI by informing the patient in writing within 30 days of their request of the denial and the reason for the denial. The Doctor can deny the patient access to PHI is within his professional judgment, it is determined that access to the PHI could potentially endanger the life or safety of the patient or another person; or the PHI references another person and that providing access to the PHI could potentially endanger the life or safety of another person. If the patient’s access to records is denied, the patient can appeal the decision to the Practice’s Privacy Director who will review the request and respond to the patient in writing within thirty days.
Restriction of Access
The patient can request of our Practice to restrict the use and disclosure of the PHI, although the Practice is not obligated to comply.
Accounting of Disclosures
The patient can request of our Practice an accounting of disclosures of the patient’s PHI that have been made by our Practice since April 14, 2003. The written accounting of disclosures will include the date of disclosure, the name of the entity or person who received the PHI, and the content of the PHI.
Right to Amendment of PHI
The Patient can request of our Practice to amend the PHI. The practice can deny such a request if the Practice Privacy Director determines that the Practice was not responsible for the PHI creation, the PHI section is not accessible to the Patient, or the PHI is correct and accurate. Amendment requests must be submitted in writing to the Practice Privacy Director. If the Practice denies amendment, the Practice will inform the patient within sixty (60) days of the reason for denial. The patient may submit a statement of disagreement, which will become part of the patient’s PHI and future information for disclosure. The Practice may prepare a rebuttal to the patient’s statement of disagreement and include it in the patient’s PHI. The Practice’s rebuttal will be provided to the patient.
Practice Privacy Director
The Doctor is the designated Privacy Practice Director, and the responsibilities of the Practice Privacy Director may be delegated to individual staff members as circumstances determine to be appropriate.