HIPAA is fairly standard, but this notice explains it in detail.
HIPAA NOTICE OF PRIVACY PRACTICES & HIPAA ACKNOWLEDGEMENT
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This is your Notice of Privacy Practices from Kathryn (Kat) Powers L.Ac. The Notice refers to Kathryn (Kat) Powers L.Ac. by using the terms “us”, “we,” or “our.”
This notice is an attempt at paraphrasing HIPAA law as written in 1996, which is standard in health care settings. We attempt to limit “marketing” to greetings and promotions intended to re-establish contact, from which you may opt-out at any time.
Kathryn (Kat) Powers L.Ac. keeps electronic health records (EHR) and applies reasonable safeguards to protect your Personal Health Information and privacy and has implemented the minimum necessary standard with regard to sharing your Personal Health Information. The minimum necessary standard limits how much protected health information is used, disclosed, and requested for certain purposes, and also reasonably limit who within the clinic has access to protected health information, and under what conditions, based on job responsibilities and the nature of the business.
We are required by law to maintain the privacy of Personal Health Information. We are required to provide this Notice of Privacy Practices to you by the privacy regulations issued under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Health Information Technology for Economic and Clinical Health Act of 2009 (“HITECH”), and the California Confidentiality of Medical Information Act (CMIA).
This notice describes how we protect the Personal Health Information we have about you that relates to your medical information or Personal Health Information. Personal Health Information is medical and other information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services. (The HIPAA law uses the term “Protected Health Information” where we use “Personal Health Information.”)
This Notice of Privacy Practices describes how we may use and disclose to others your Personal Health Information to carry out payment or healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control of your Personal Health Information.
We are required to abide by the terms of this Notice of Privacy Practices. We may change the terms of our notice at any time. The new notice will be effective for all Personal Health Information that we maintain at that time. This notice may also be revised if there is a material change to the uses or disclosures of Personal Health Information, your rights, our legal duties, or other privacy practices stated in this notice.
Within 60 days of a material revision to this notice we will make available a copy of the revised notice at your place of treatment. Additionally, we will provide you with any revised Notice of Privacy Practices if you request that a revised copy be provided to you.
How We May Use and Disclose Personal Health Information About You
The common reasons for which we may use and disclose your Personal Health Information are to process and review your requests for coverage and payments for benefits or in connection with other health related benefits or services in which you may be interested. The following describes these and other uses and disclosures and includes some examples.
For Treatment: We may use and disclose Personal Health Information to treat you. We will use and disclose your Personal health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with another provider. For example, we would disclose your Personal health information, as necessary, to a home health agency that provides care to you. We will also disclose Personal health information to other physicians who may be treating you. For example, your Personal health information may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you. In addition, we may disclose your Personal health information from time-to-time to another physician or health care provider (e.g., a specialist or laboratory) who, at the request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment to your physician. Additionally, we may disclose your Personal Health Information to others who may assist in your care, such as your physician, therapists or medical equipment suppliers.
For Payment: We may use or disclose information for billing, claims management, collection activities, and obtaining payment under a contract for reinsurance and related healthcare data processing. For example, we may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits), and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment. We may also use and disclose your Personal Health Information to obtain payment from third parties that may be responsible for such costs, such as family members. Also, we may use your Personal Health Information to bill you directly for services and items.
For Healthcare Operation: We may use or disclose, as needed, your Personal Health Information in order to support the business activities of your physician’s practice. These activities include, but are not limited to, quality assessment activities, employee review activities, training of staff, technicians, nurses, and other healthcare workers for teaching purposes, licensing, fundraising activities, and conducting or arranging for other business activities.
We will share your Personal Health Information with third party “business associates” that perform various activities (for example, billing or transcription services) for our practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your Personal Health Information, we will have a written contract that contains terms that will protect the privacy of your Personal Health Information.
We may also use or disclose Personal Health Information to conduct or arrange for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs.
We may also use or disclose Personal Health Information for business planning and development, such as conducting cost-management and planning-related analyses related to managing and operating an entity. We may also use and disclose Personal Health Information for the business management and general administrative activities of our practice (to the extent that such activities relate to functions that are covered under the federal HIPAA privacy laws.)
For Treatment Alternatives: We may use and disclose Personal Health Information to tell you about or to recommend possible treatment options or alternatives that may be of interest to you. You may request that these materials not be sent to you.
For Appointment Reminders: We may contact you to remind you about your appointment for services.
For Fundraising Activities: We may use or disclose your demographic information and the dates that you received treatment from your physician, as necessary, in order to contact you for fundraising activities supported by our office. If you do not want to receive these materials you may request that these fundraising materials not be sent to you.
For Health-related Benefits and Services: We may use and disclose Personal Health Information to tell you about health-related benefits and services that may be of interest to you.
As Required By Law: We will share your medical information when required to do so by federal, state or local law.
Other Purposes For Which The Law Allows Us To Use Or Disclose Medical Information Without Your Written Authorization:
Required By Law: We may use or disclose your Personal health information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, if required by law, of any such uses or disclosures.
Public Health: We may disclose your Personal health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. For example, a disclosure may be made for the purpose of preventing or controlling disease, injury or disability.
Communicable Diseases: We may disclose your Personal health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health Oversight: We may disclose Personal health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
Abuse or Neglect: We may disclose your Personal health information to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your Personal health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration: We may disclose your Personal health information to a person or company required by the Food and Drug Administration for the purpose of quality, safety, or effectiveness of FDA-regulated products or activities including, to report adverse events, product defects or problems, biologic product deviations, to track products; to enable product recalls; to make repairs or replacements, or to conduct post marketing surveillance, as required.
Legal Proceedings: We may disclose Personal health information in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), or in certain conditions in response to a subpoena, discovery request or other lawful process.
Law Enforcement: We may also disclose Personal health information, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include (1) legal processes and otherwise required by law, (2) limited information requests for identification and location purposes, (3) pertaining to victims of a crime, (4) suspicion that death has occurred as a result of criminal conduct, (5) in the event that a crime occurs on the premises where we are practicing, and (6) medical emergency where it is likely that a crime has occurred.
Coroners, Funeral Directors, and Organ Donation: We may disclose Personal health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose Personal health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. Personal health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes.
Research: We may disclose your Personal health information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your Personal health information.
Criminal Activity: Consistent with applicable federal and state laws, we may disclose your Personal health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose Personal health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Military Activity and National Security: When the appropriate conditions apply, we may use or disclose Personal health information of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits, or (3) to foreign military authority if you are a member of that foreign military services. We may also disclose your Personal health information to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
Workers’ Compensation: We may disclose your Personal health information as authorized to comply with workers’ compensation laws and other similar legally-established programs.
Inmates: We may use or disclose your Personal health information if you are an inmate of a correctional facility and your physician created or received your Personal health information in the course of providing care to you.
Your Rights Regarding Personal Health Information We Maintain About You and How You May Exercise These Rights. You have the following rights with respect to your Personal Health Information that we maintain:
You Have The Right To Inspect And Copy Your Personal Health Information. This means you may inspect and obtain a copy of Personal health information about you for so long as we maintain the Personal Health Information within 7 days after receiving your written request. If your records are maintained in an electronic format (Electronic Health Records) you may obtain your medical record electronically. You may obtain your medical record that contains medical and billing records and any other records that your physician and the practice uses for making decisions about you. As permitted by federal or state law, we may charge you a reasonable copy fee for a copy of your records. If the copies provided are in an electronic form, we can only charge you for our labor costs.
You Have The Right To Request A Restriction Of Your Personal Health Information. This means you may ask us not to use or disclose any part of your personal health information for the purposes of treatment, payment or health care operations. You may also request that any part of your personal health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply.
Your physician is not required to agree to a restriction that you may request. If your physician does agree to the requested restriction, we may not use or disclose your personal health information in violation of that restriction unless it is needed to provide emergency treatment. With this in mind, please discuss any restriction you wish to request with your physician.
You have the right to request if you pay in cash in full (out of pocket) for your treatment, you can instruct us not to share information about your treatment with your health plan.
You Have The Right To Request To Receive Confidential Communications From Us By Alternative Means Or At An Alternative Location. We will accommodate reasonable requests. We may also condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact. We will not request an explanation from you as to the basis for the request.
You May Have The Right To Have Your Physician Amend Your Personal Health Information. This means you may request an amendment of personal health information about you in a designated record set for so long as we maintain this information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
You Have The Right To Receive An Accounting Of Certain Disclosures We Have Made, If Any, Of Your Personal Health Information. This right applies to disclosures for purposes other than treatment, payment or health care operations as described in this Notice of Privacy Practices. It excludes disclosures we may have made to you if you authorized us to make the disclosure, for a facility directory, to family members or friends involved in your care, or for notification purposes, for national security or intelligence, to law enforcement (as provided in the privacy rule) or correctional facilities, as part of a limited data set disclosure. The right to receive this information is subject to certain exceptions, restrictions and limitations.
You Have The Right To Obtain A Paper Copy Of This Notice From Us, Upon Request, Even If You Have Agreed To Accept This Notice Electronically.
You Have The Right To Ask For A Copy Of Your Electronic Medical Record In An Electronic Form.
You Have The Right To Receive Confidential Communications Of Personal Health Information. We will accommodate any reasonable request you might make to receive communications of Personal Health Information from us by alternative means or at alternative locations, if you clearly inform us in writing that the disclosure of all or part of that Personal Health Information could endanger you.
You Have The Right To Be Notified Of A Data Breach. We will keep your medical information private and secure as required by law. If any of your medical information which is acquired, accessed, used or disclosed in a manner that is not permitted by law we will notify you within 60 days following the discovery of a breach. If there has been any unauthorized acquisition, access, use, or disclosure of personal health information (PHI) unless it can be proved that the likelihood that the PHI has been compromised is low.
You Have The Right To Opt Out Of Fundraising Communications From Us And We Cannot Sell Your Health Information Without Your Permission.
Your Authorization: Certain uses of your medical data, such as use of patient information in marketing, require prior disclosure and your authorization. Uses and disclosures not described in this notice will be made only with your authorization. If you give your permission to use or share your Personal Health Information, you may cancel that permission, in writing, at any time. If you cancel your permission, we will no longer use or share your medical information for the reasons covered by your written permission. We cannot take back any disclosures we have already made with your permission. We are required to keep records of the care that we provided to you.
Effective Date. This notice was published and becomes effective on January 15, 2019.
Please Direct Questions to the Privacy Officer: Kathryn (Kat) Powers L.Ac.