NOTICE OF PRIVACY PRACTICES SHORT FORM SUMMARY
This Notice is Effective as of: January 1, 2014
This is only a summary of our Notice of Privacy Practices. Please review the full Notice following this summary to learn how we use and disclose medical information about you and your rights concerning these uses and disclosures.
How We Use and Disclose Your Information
We will obtain your written authorization for any uses and disclosures of protected health information “PHI” not described in the Notice of Privacy Practices.
Treatment, Payment, and Health Care Operations. We may use your PHI in order to provide your medical care; to bill for our services and to collect payment from you or your insurance company; and for the general operation of our business.
Marketing, Fundraising, and Sale of PHI. We will obtain your prior written authorization before sending you certain marketing communications. We may use or disclose your demographic information in order to contact you for our fundraising activities, but you have the right to opt out of such communications. We will not sell your health information without your prior written authorization.
We may use your PHI as otherwise authorized or required by law for such purposes as:
• public health reporting and oversight activities
• judicial, administrative, or law enforcement proceedings
• complying with workers’ compensation laws
• communicating with your family or caregivers
• sending appointment reminders
You Have the Right to:
• Request certain restrictions on our use and disclosure of your PHI.
• Request communications from us by specific means or locations.
• Inspect and copy your medical record.
• Ask us to correct the information in your medical record.
• Receive an accounting of disclosures of your PHI by our practice.
• Be notified in the case of a breach of unsecured PHI.
CONTACT US
Contact our Privacy Officer with any questions, comments, or complaints or to exercise any of your rights at 808-528-5333, 1380 Lusitana Street, Suite 714, Honolulu, HI 96813
NOTICE OF PRIVACY PRACTICES
This Notice is Effective as of: January 1, 2014
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We understand the importance of privacy and confidentiality and are committed to taking the steps necessary to safeguard any medical or other individually identifiable health information that is created by or provided to us. The Privacy Rule under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) requires us to: (i) maintain the privacy of protected health information (“PHI”); (ii) provide notice of our legal duties and privacy practices with respect to protected health information; (iii) abide by the terms of our Notice of Privacy Practices currently in effect; and (iv) notify affected individuals following a breach of unsecured PHI. This Notice describes how we may use and disclose your PHI. It also outlines your rights and our legal obligations with respect to this PHI.
WHO WILL FOLLOW THIS NOTICE
This notice describes the practices of our employees and staff as well as [list additional individuals, affiliated entities, entities associated as organized health care arrangements, or any other individuals or entities that will be following this notice. Optional: If listing OHCAs add: “Organized health care arrangements (“OHCAs”) include hospitals, physician organizations, health plans, and other entities that collectively provide health care services. A listing of the OHCAs we
participate in is available from the Privacy Officer.”] This notice applies to each of these individuals, entities, sites and locations. [The notice must describe with reasonable specificity the service delivery sites, or classes of service delivery sites, for which a joint notice applies.] In addition, these individuals, entities, sites, and locations may share PHI with each other for the treatment, payment, and health care operation purposes described in this notice.
INFORMATION COLLECTED ABOUT YOU
In the ordinary course of receiving treatment and health care services from us, you will be
providing us with personal information such as:
• Your name, address, and phone number.
• Information relating to your medical history.
• Your insurance information and coverage.
• Information concerning your doctor, nurse, or other medical providers.
In addition, we will gather certain medical information about you and will create a medical record of the care provided to you. This information is stored in [a paper chart and/or electronically]. This medical record is the property of our ophthalmic practice, but the information in the medical record belongs to you.
Some information also may be provided to us by other individuals or organizations that are part of your “circle of care,” such as your primary care provider, a referring physician, your other doctors, your health plan, and your close friends or family members.
HOW WE MAY USE AND DISCLOSE INFORMATION ABOUT YOU
[If the ophthalmic practice elects to limit uses or disclosures that it is permitted to make, the practice may describe its more limited uses and disclosures provided that it may not limit (1) its right to use or disclose PHI to avoid a serious threat to the health or safety of a person or the public or (2) disclosures required by law.]
The law permits us to use and disclose personal and identifiable health information about you for the following purposes: [To the extent another state or federal law restricts the ability of the practice to use or disclose PHI as listed here, the descriptions must be amended to reflect the more stringent law.]
Treatment. We may use your PHI in order to provide your medical care. For example, we may use your medical history, such as any presence or absence of diabetes, to assess the health of your eyes. We may disclose information to others who are involved in providing your care. For example, we may share your medical information with other health care providers who will perform services that we do not (such as your primary care physician or eye subspecialists); a pharmacist who needs your medical information to dispense a prescription to you; or a laboratory that performs a test we order for you.
Payment. We may use and disclose your PHI to bill for our services and to collect payment from you or your insurance company. For example, we may need to give a payer information about your current medical condition so that it will pay us for the eye examinations or other services that we have furnished you. We may also need to inform your payer of the treatment you are going to receive in order to obtain prior approval or to determine whether the service is covered.
Health Care Operations. We may use and disclose your PHI for the general operation of our business. For example, we sometimes arrange for auditors or other consultants to review our practices, evaluate our operations, and tell us how to improve our services. Or, for example, we may use and disclose your health information to review the quality of services provided to you. [Participants in organized health care arrangements only: “We may also share medical information about you with the other health care providers, health care clearinghouses, and health plans that participate with us in OHCAs for any of the OHCAs’ health care operations.”]
Required by Law. As required by law, we will use and disclose your PHI, but we will limit our use or disclosure to the relevant requirements of the law.
Public Health. We may disclose your PHI to a public health authority authorized to collect or receive PHI for the purpose of preventing or controlling disease, injury, or disability. We may also use and disclose your PHI in order to notify persons who may have been exposed to a disease or who are at risk of contracting or spreading a disease.
Abuse or Neglect. As required or authorized by law, we may disclose PHI to a public health authority or other government authority authorized by law to receive reports of child, elder, or dependent abuse or neglect or domestic violence.
Food and Drug Administration. We may disclose PHI to a person subject to the jurisdiction of the Food and Drug Administration for the following activities: to report adverse events, product defects or problems, or biological product deviations; to track products; to enable product recalls, repairs, or replacements; or to conduct post-marketing surveillance.
Serious Threat. Consistent with applicable law, we may disclose your PHI when necessary to prevent a serious threat to the health and safety of you or others.
Health Oversight Activities. We may disclose your PHI to health oversight agencies as authorized or required by law for health oversight activities such as audits, investigations, inspections, licensure or disciplinary actions, and civil, criminal, or administrative proceedings or actions.
Judicial and Administrative Proceedings. We may disclose your PHI in the course of administrative or judicial proceedings (a) to the extent expressly authorized by order of a court or administrative tribunal or (b) in response to a subpoena, discovery request, or other lawful process that is not accompanied by a court or administrative order if reasonable efforts have been made to (i) notify you of the request and you have not objected or your objections have been resolved by a court or administrative tribunal or (ii) secure a qualified protective order.
Law Enforcement. We may disclose your PHI as required by law to assist law enforcement to identify or locate a suspect, fugitive, material witness, or missing person, or for purposes of complying with a court order, warrant, or grand jury subpoena.
Coroners and Funeral Directors. We may disclose a patient’s health information (1) to a coroner or medical examiner to identify a deceased person or determine the cause of death and (2) to funeral directors as necessary to carry out their duties.
Organ Donation. As authorized by law, we may disclose your PHI to organ procurement organizations, transplant centers, and eye or tissue banks.
Worker’s Compensation. We may disclose your PHI as necessary to comply with workers’ compensation laws. For example, to the extent your care is covered by workers’ compensation, we will make periodic reports to your employer about your condition. We are also required by law to report cases of occupational injury or occupational illness to the employer or worker’s compensation insurer.
Employers. We may disclose your PHI to your employer if we provide health care services to you at the request of your employer, and the health care services are provided either to conduct an evaluation relating to medical surveillance of the workplace or to evaluate whether you have a work-related illness or injury.
Armed Forces. If you are a member of the Armed Forces, we may disclose your PHI for activities deemed necessary by military command authorities. We also may disclose health information about foreign military personnel to their appropriate foreign military authority.
Correctional Institutions. If you are an inmate, we may release your PHI to a correctional institution where you are incarcerated or to law enforcement officials in certain situations such as where the information is necessary for your treatment, health, or safety, or the health or safety of others.
National Security. We may disclose your PHI for national security and intelligence activities and for the provision of protective services to the President of the United States and other officials or foreign heads of state.
Business Associates. We sometimes work with outside individuals and businesses that help us operate our business successfully, such as by providing billing services. We may disclose your PHI to these business associates so that they can perform the tasks that we hire them to do. We have written contracts with our business associates that require them and their subcontractors to protect the confidentiality and security of your PHI.
Notification and Communication with Family. We may disclose your PHI to notify persons responsible for your care about your location, general condition, or death. We may disclose information to public or private entities authorized to coordinate such notifications for disaster relief purposes. We may also disclose your PHI to someone who is involved with your care or helps pay for your care. Generally, we will obtain your oral agreement before using or disclosing health information in these ways. However, under certain circumstances, such as in an emergency situation, we may make these uses and disclosures without your agreement. If you are unable or unavailable to agree or object, we will use our best judgment in communicating with your family and others.
Facility Directories. We may use your PHI to maintain a directory of individuals in our facility unless you object.
Change of Ownership. In the event that this medical practice is sold or merged with another organization, your medical record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.
Research. [The practice may not use or disclose PHI for this purposes unless the Notice includes this provision.] In compliance with governing law, we may use or disclose certain information about your condition and treatment for research purposes where your written authorization is not required and an Institutional Review Board or a similar body referred to as a Privacy Board determines that your privacy interests will be adequately protected in the study. We may also use and disclose your PHI to prepare or analyze a research protocol and for other research purposes.
De-identified Information. We may create or distribute de-identified health information by removing all reference to individually identifiable information.
Marketing. We will obtain your prior written authorization before communicating with you (except face- to-face) about products or services related to your treatment or alternative treatments or therapies offered by a third party if we will receive any payment by such third party for this communication. The authorization will disclose whether we receive any compensation for any marketing activity you authorize, and we will stop any future marketing activity if you revoke that authorization.
We do not need your authorization to send you reminders or information about appointments, treatment, or medication that you are currently prescribed, even if we receive compensation from a third party for doing so, as long as the compensation only covers the costs reasonably related to making the communication.
We may communicate with you without your prior authorization:
• about government or government-sponsored public benefit programs such as Medicare or Medicaid;
• about promotional gifts of nominal value;
• and to encourage you to maintain a healthy lifestyle, get routine tests, or participate in a disease management program.
Appointment Reminders. [The practice may not use or disclose PHI for this purposes unless the Notice includes this provision.] We may use and disclose medical information to contact you as a reminder that you have an appointment or that you should schedule an appointment. [If you are not home, we may leave this information in a telephone message or a message left with the person answering the phone.]
Sale of Health Information. We will not sell your health information without your prior written authorization. The authorization will disclose that we will receive compensation for your health information if you authorize us to sell it, and we will stop any future sales of your information if you revoke that authorization.
Fundraising. [The practice may not use or disclose PHI for this purposes unless the Notice includes this provision.] We may use or disclose your demographic information in order to contact you for our fundraising activities. For example, we may use the dates that you received treatment, the department of service, your treating physician, outcome information, and health insurance status to identify individuals that may be interested in participating in fundraising activities. If you do not want to receive these materials, notify the Privacy Officer listed in this Notice and we will stop any further fundraising communications. Similarly, you should notify the Privacy Officer if you decide you want to start receiving these solicitations again.
Psychotherapy Notes. If we have received your psychotherapy notes, we will not use or disclose them without your prior written authorization except for a few exceptions as provided by law.
Immunization Records. We may disclose PHI, limited to proof of immunization, to a school about an individual who is a student or prospective student if the school is required by law to have such proof and we obtain the agreement of the parent or guardian of the unemancipated minor or, if the student is an adult or emancipated minor, that individual.
We are required to obtain written authorization from you for any uses and disclosures of PHI other than those described above. If you provide us with such permission, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose your PHI for the reasons covered by your written authorization, except to the extent we have already relied on your original permission.
INDIVIDUAL RIGHTS
To exercise any of your rights listed below, please contact our Privacy Officer in writing at the address listed below and include the details necessary for us to consider your request.
Restriction Requests. You have the right to ask for restrictions on certain uses and disclosures of PHI, including disclosure made to persons assisting with your care or payment for your care. We will consider your requests and notify you of the outcome, but are not required to accept such requests. If we do agree to a restriction, we must abide by it unless you agree in writing to remove it.
Restricted Disclosures to Health Plans. If you have paid for services “out of pocket” and in full, we will accommodate your request not disclose PHI related solely to those services to a health plan, unless we must disclose the information for treatment or as required by law.
Specific Communications. You have the right to request that you receive communications containing your PHI from us by specific means or at specific locations. For example, you may ask that we only contact you at home or by email. We will comply with all reasonable requests.
Inspect and Copy. With limited exceptions, you have the right to inspect and copy medical, billing, and other records used to make decisions about you. Within 30 days, we will provide copies in the form and format you request if it is readily producible. If not, we will provide you with an alternative form and format you find acceptable. If we maintain records electronically and you request copies in an electronic form and format that is not readily producible, we will provide copies in a readable electronic form and format that you agree to. We will send a copy to any other person you designate in writing. We may charge you a reasonable fee for the cost of copying and mailing. If we deny your request to access your child’s records or the records of an incapacitated adult you are representing because we believe allowing access would be reasonably likely to cause substantial harm to the patient, you will have a right to appeal our decision.
Amend or Supplement. If you believe that information in your records is incorrect or incomplete, you have the right to ask us to correct the existing information or add missing information within 60 days. When making a request for amendment, you must state the reason for making such request. Under certain circumstances, we may deny your request, such as when we do not have the information, the information was not created by us (unless the person or entity that created it is no longer available to make the amendment), you would not be permitted to inspect and copy the information, or the information is accurate and complete. If we deny your request we will tell you why. You may submit a written statement of your disagreement with that decision. We may then prepare a written rebuttal. All information related to any request to amend will be maintained and disclosed in conjunction with any subsequent disclosure of the disputed information.
Accounting of Disclosures. You have the right to receive an accounting of disclosures of your PHI by our practice for the six years prior to your request date. We will tell you who we shared your PHI with and why. We are not required to include in the list disclosures for your treatment, payment, our health care operations, and several other types of disclosures, such as those you authorize us to make, notifications and communications with family, and various government function and public health related disclosures. If you ask for this information from us more than once every twelve months, we may charge you a fee.
Breach Notification. In the case of a breach of unsecured PHI, you have the right to be notified, as provided by law. If you have given us a current email address, we may use it to communicate information related to the breach. In some circumstances our Business Associate may provide the notification. We may also provide notification by other methods as appropriate. [Only use email if you are certain it will not contain PHI and it will not disclose inappropriate information. For example, if your email address is “retinaldiseasedocs.com” an email sent with this address could, if intercepted, identify the patient and their condition.]
Copy of Notice. You have the right to a copy of this notice in paper form, even if you agreed to receive notice electronically. You may ask us for a copy at any time. [Optional: You may also obtain a copy of this Notice on our website.]
CHANGES TO THIS NOTICE
We reserve the right to make changes to this notice at any time. We reserve the right to make the revised notice effective for all PHI we maintain and any we may receive in the future. In the event there is a material change to this Notice, the revised notice will be posted [in our reception area] [and on our website]. In addition, you may request a copy of the revised notice at any time.
COMPLAINTS
If you feel that your privacy protections have been violated by our office, you have the right to file a complaint with the Secretary of the Department of Health and Human Services, Office of Civil Rights by sending a letter to 200 Independence Avenue, SW, Washington, DC 20201 calling (877) 696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
YOU WILL NOT BE RETALIATED AGAINST OR PENALIZED BY US FOR FILING A COMPLAINT.
CONTACT US
Sugiki Portis Yim Eye Center
Contact our Privacy Officer with any questions, comments, or complaints or to exercise any of your rights at 808-528-5333, 1380 Lusitana Street, Suite 714, Honolulu, HI 96813.