When you receive healthcare services from us, we will obtain access to your medical information (i.e., your health history). We are committed to maintaining the privacy of your health information and we have implemented numerous procedures to ensure that we do so. For purposes of this Notice “us” “we” and “our” refers to the Allied Digestive Health and its Affiliated Practices and “you” or “your” refers to our patients (or their legal representatives as determined by us in accordance with state informed consent law).
The Federal Health Insurance Portability & Accountability Act of 2013, HIPAA Omnibus Rule, (formally HIPAA 1996 & HI TECH of 2004) (“HIPAA”) require us to maintain the confidentiality of all your healthcare records and other identifiable patient health information (“PHI”) used by or disclosed to us in any form, whether electronic, on paper, or spoken. HIPAA is a Federal Law that gives you significant rights to understand and control how your health information is used. Federal HIPAA Omnibus Rule and state law provide penalties for covered entities, business associates, and their subcontractors and records owners, respectively that misuse or improperly disclose PHI.
Starting April 14, 2003, HIPAA requires us to provide you with the Notice of Privacy Practices (“NOPP”) we are required to follow when you first come into our office for health-care services or view our website. If you have any questions about this Notice, please ask to speak to our HIPAA Privacy Officer whose contact information is at the end of this Notice.
Our doctors, clinical staff, employees, Business Associates (outside contractors we hire), their subcontractors and other involved parties follow the policies and procedures set forth in this Notice. If at this facility, your primary caretaker/doctor is unavailable to assist you (i.e., illness, on-call coverage, vacation, etc.), we may provide you with the name of another healthcare provider outside our practice for you to consult with. If we do so, that provider will follow the policies and procedures set forth in this Notice or those established for his or her practice, so long as they substantially conform to those for our practice.
We are required by law to:
- Make sure that medical information that identifies you is kept private;
- Give you this notice of our legal duties and privacy practices with respect to your medical information;
- Follow the terms of the notice that is currently in effect; and
- Notify individuals, either known or reasonably believed to be affected, following a breach of unsecured protected health information.
OUR RULES ON HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
Under the law, we must have your signature on a written, dated Consent Form and/or an Authorization Form of Acknowledgement of this Notice, before we will use or disclose your PHI for certain purposes as detailed in the rules below.
Documentation – You will be asked to sign an Authorization / Acknowledgement form when you receive this NOPP in our offices. If you did not sign such a form or need a copy of the one you signed, please contact our Privacy Officer. You may take back or revoke your consent or authorization at any time (unless we already have acted based on it) by submitting our Revocation Form in writing to the Privacy Officer at our address listed above. Your revocation will take effect when we actually receive it. We cannot give it retroactive effect, so it will not affect any use or disclosure that occurred in our reliance on your Consent or Authorization prior to revocation (i.e., if after we provide services to you, you revoke your authorization/acknowledgement in order to prevent us billing or collecting for those services, your revocation will have no effect because we relied on your authorization/ acknowledgement to provide services before you revoked it).
General Rule – If you do not sign our authorization/acknowledgement form or if you revoke it, as a general rule (subject to exceptions described below under “Healthcare Treatment, Payment and Operations Rule” and “Special Rules”), we cannot in any manner use or disclose to anyone (excluding you), but including payers and Business Associates your PHI or any other information in your medical record. By law, we are unable to submit claims to payers under assignment of benefits without your signature on our authorization/acknowledgement form. You will however be able to restrict disclosures to your insurance carrier for services for which you wish to pay “out of pocket” under the new Omnibus Rule. We will not condition treatment on you signing an authorization/acknowledgement, but we may be forced to decline you as a new patient or discontinue you as an active patient if you choose not to sign the authorization/acknowledgement or revoke it.
Healthcare Treatment, Payment and Operations Rule
With your signed consent, we may use or disclose your PHI in order:
- To provide you with or coordinate healthcare treatment and services. For example, we may review your health history form to form a diagnosis and treatment plan, consult with other doctors about your care, delegate tasks to ancillary staff, call in prescriptions to your pharmacy, disclose needed information to your family or others so they may assist you with home care, arrange appointments with other healthcare providers, schedule lab work for you, etc.
- To bill or collect payment from you, an insurance company, a managed-care organization, a health benefits plan or another third party. For example, we may need to verify your insurance coverage, submit your PHI on claim forms in order to get reimbursed for our services, obtain pre-treatment estimates or prior authorizations from your health plan or provide your x-rays because your health plan requires them for payment; Remember, you will be able to restrict disclosures to your insurance carrier for services for which you wish to pay “out of pocket” under this new Omnibus Rule.
- To run the operations of our office, assess the quality of care our patients receive and provide you with customer service. For example, to improve efficiency and reduce costs associated with missed appointments, we may contact you by telephone, mail or otherwise remind you of scheduled appointments, we may leave messages with whomever answers your telephone to contact us (but we will not give out detailed PHI), we may call you by name from the waiting room, we may ask you to put your name on a sign-in sheet, (we will cover your name just after checking you in), we may tell you about or recommend health-related products and complementary or alternative treatments that may interest you, we may review your PHI to evaluate our staff’s performance, or our Privacy Officer may review your records to assist you with complaints. If you prefer that we not contact you with appointment reminders or information about treatment alternatives or health-related products and services, please notify us in writing at our address listed above and we will not use or disclose your PHI for these purposes.
- Individuals Involved in Your Care or Payment for Your Care. We may release medical information about you to a friend or family member who is involved in your medical care. We may also give information to someone who helps pay for your care. To family members, friends and others, but only if you are present and verbally give permission. We give you an opportunity to object and if you do not, we reasonably assume, based on our professional judgment and the surrounding circumstances, that you do not object (i.e., you bring someone with you into the operatory or exam room during treatment or into the conference area when we are discussing your PHI); we reasonably infer that it is in your best interest (i.e., to allow someone to pick up your records because they knew you were our patient and you asked them in writing with your signature to do so); or it is an emergency situation involving you or another person (i.e., your minor child or ward) and, respectively, you cannot consent to your care because you are incapable of doing so or you cannot consent to the other person’s care because, after a reasonable attempt, we have been unable to locate you. In these emergency situations we may, based on our professional judgment and the surrounding circumstances, determine that disclosure is in the best interests of you or the other person, in which case we will disclose PHI, but only as it pertains to the care being provided and we will notify you of the disclosure as soon as possible after the care is completed.
- Research. Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information to balance research needs with patients’ needs for privacy of their medical information. Before we use or disclose medical information for research, the project will be approved through this process. However, we may disclose medical information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the medical information they review does not leave the Practice or Facility. When required by law, we will ask for your specific written authorization if the researcher will have access to your name, address or other information that reveals who you are or will be involved in your care at the Practice or Facility.
- As Required By Law. We will disclose medical information about you when required to do so by federal, state or local law.
- To Avert a Serious Threat to Health or Safety. We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
- While we are not required that we provide the above notice regarding Appointment Reminders, Treatment Information or Health Benefits, but we are including these as a courtesy so you understand our business practices with regard to your PHI.
- Appointment Reminders. We may use and disclose medical information to contact you to remind you that you have an appointment for treatment or medical care.
- Treatment Alternatives. We may use and disclose medical information to tell you about possible treatment options that may be of interest to you.
- Health-Related Benefits and Services. We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.
- Health Insurance plans that underwrite cannot use or disclose genetic information for underwriting purposes (this excludes certain long-term care plans).
- Health plans that post their NOPPs on their web sites must post Rule changes on their sites by the effective date of the Rule, as well as notify you by US Mail by the Omnibus Rules effective date. Plans that do not post their NOPPs on their Web sites must provide you information about Rule changes within 60 days of these federal revisions.
- Psychotherapy Notes maintained by a healthcare provider, must state in their NOPPs that they can allow “use and disclosure” of such notes only with your written authorization.
Special Rules
Notwithstanding anything else contained in this Notice, only in accordance with applicable HIPAA Omnibus Rule, and under strictly limited circumstances, we may use or disclose your PHI without your permission, consent or authorization for the following purposes:
- New Jersey State Law. Special privacy protections apply to HIV-related information, alcohol and substance abuse information, mental health information and genetic information. Some parts of this general Notice of Privacy Practices may not apply to these types of information. If your treatment involves this information, you will be provided an explanation of how the information will be protected. For further information, please contact the Privacy Officer.
- Organ and Tissue Donation. If you are an organ or tissue donor, we may release medical information about you to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank.
- Military and Veterans. If you are a member of the armed forces of the United States or another country, we may release medical information about you as required by military command authorities.
- Workers’ Compensation. We may release medical information about you for workers’ compensation or similar programs. When required under federal, state or local law
- Public Health Risks. We may disclose to authorize public health or government officials medical information about you for public health activities. These activities generally include the following:
- to a person subject to the jurisdiction of the Food and Drug Administration (FDA) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or service;
- to prevent or control disease, injury or disability; to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
- to report disease or injury;
- to report births and deaths;
- to report suspected abuse, neglect or exploitation of children, disabled adults or the elderly, or domestic violence child abuse or neglect;
- to report reactions to medications and food or problems with products; adverse reactions to anesthesia, ineffective or dangerous medications or products
- to notify people of recalls or replacements of products they may be using;
- to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
- Health Oversight Activities. We may disclose medical information about you to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections and licensure, i.e., civil rights laws, fraud and abuse, licensure or permitting, government programs)
- Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request or other legal demand by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
- Law Enforcement. We may release medical information about you if asked to do so by a law enforcement official:
- in response to a court order, subpoena, warrant, summons or similar process;
- to identify or locate a suspect, fugitive, material witness or missing person;
- about the victim of a crime if, under certain circumstances, we are unable to obtain the person’s agreement;
- about a death we believe may be the result of criminal conduct;
- about criminal conduct at the Practice or Facility or by healthcare providers affiliated with the Practice or Facility;
- in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime; and
- to authorized federal officials so they may provide protection for the President and other authorized persons or conduct special investigations.
- Coroners, Medical Examiners and Funeral Directors. We may release medical information about you to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information to funeral directors so they can carry out their duties.
- National Security and Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law, i.e., Veterans Affairs, U.S. military command, other government authorities or foreign military authorities may require us to release PHI about you.
- To a School. We may disclose information to a school, about an individual who is a student or prospective student of the school, if:
- The protected health information that is disclosed is limited to proof of immunization;
- The school is required by State or other law to have such proof of immunization prior to admitting the individual; and
- The covered entity obtains and documents the agreement to the disclosure from either:
- A parent, guardian, or other person acting in loco parentis of the individual, if the individual is an un-emancipated minor; or
- The individual, if the individual is an adult or emancipated minor.
- De-identified information. To create a collection of information that is “de-identified”, i.e., it does not personally identify you by name, distinguishing marks or otherwise and no longer can be connected to you).
- Other Uses and Disclosures. Other uses and disclosures not described in this Notice will be made only with your written authorization, and you may revoke such authorization provided under this section at any time, provided that the revocation is in writing.
Minimum Necessary Rule
Our staff will not use or access your PHI unless it is necessary to do their jobs, i.e., doctors uninvolved in your care will not access your PHI; ancillary clinical staff caring for you will not access your billing information; billing staff will not access your PHI except as needed to complete the claim form for the latest visit; janitorial staff will not access your PHI. All of our team members are trained in HIPAA Privacy rules and sign strict Confidentiality Contracts with regards to protecting and keeping private your PHI as well as our Business Associates and their Subcontractors. Know that your PHI is protected several layers deep with regards to our business relations. Also, we disclose to others outside our staff, only as much of your PHI as is necessary to accomplish the recipient’s lawful purposes. Still in certain cases, we may use and disclose the entire contents of your medical record:
- To you and your legal representatives as stated above, and anyone else you list on a Consent or Authorization to receive a copy of your records
- To healthcare providers for treatment purposes, i.e., making diagnosis and treatment decisions or agreeing with prior recommendations in the medical record
- To the U.S. Department of Health and Human Services , i.e., in connection with a HIPAA complaint
- To others as required under federal or state law
- To our privacy officer and others as necessary to resolve your complaint or accomplish your request under HIPAA, i.e., clerks who copy records need access to your entire medical record
In accordance with HIPAA law, we presume that requests for disclosure of PHI from another Covered Entity, as defined in HIPAA, are for the minimum necessary amount of PHI to accomplish the requestor’s purpose.
Our Privacy Officer will individually review unusual or non-recurring requests for PHI to determine the minimum necessary amount of PHI and disclose only that. For non-routine requests or disclosures, our Privacy Officer will make a minimum necessary determination based on, but not limited to, the following factors:
- The amount of information being disclosed
- The number of individuals or entities to whom the information is being disclosed
- The importance of the use or disclosure
- The likelihood of further disclosure
- Whether the same result could be achieved with de-identified information
- The technology available to protect confidentiality of the information
- The cost to implement administrative, technical and security procedures to protect confidentiality
If we believe that a request from others for disclosure of your entire medical record is unnecessary, we will ask the requestor to document why this is needed, retain that documentation and make it available to you upon request.
Incidental Disclosure Rule
We will take reasonable administrative, technical and security safeguards to ensure the privacy of your PHI when we use or disclose it (i.e., we shred all paper containing PHI, require employees to speak with privacy precautions when discussing PHI with you, we use computer passwords and change them periodically (i.e., when an employee leaves us), we use firewall and router protection to the federal standard, we back up our PHI data off-site and encrypted to federal standard, we do not allow unauthorized access to areas where PHI is stored or filed and/or we have any unsupervised business associates sign Business Associate Confidentiality Agreements).
However, in the event that there is a breach in protecting your PHI, we will follow Federal Guidelines to first evaluate the breach situation. Then, we will document the situation, retain copies of the situation on file, and report all breaches (other than low probability as prescribed by the HIPAA Rule) to the US Department of Health and Human Services at:
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
We will also make proper notification to you and any other parties of significance as required by HIPAA Law.
Business Associate Rule
Business Associates are defined as: an entity, (non-employee) that in the course of their work will directly / indirectly use, transmit, view, transport, hear, interpret, process or offer PHI for this Facility.
Business Associates and other third parties (if any) that receive your PHI from us will be prohibited from re-disclosing it unless required to do so by law or you give prior express written consent to the re-disclosure. Nothing in our Business Associate agreement will allow our Business Associate to violate this re-disclosure prohibition. Under HIPAA, Business Associates will sign a strict confidentiality agreement binding them to keep your PHI protected and report any compromise of such information to us, you and the United States Department of Health and Human Services, as well as other required entities. Our Business Associates will also follow HIPAA and will be required to have any of their Subcontractors that may directly or indirectly have contact with your PHI, sign Confidentiality Agreements that adhere to the same standard.
Super-Confidential Information Rule
If we have PHI about you regarding communicable diseases, disease testing, alcohol or substance abuse diagnosis and treatment, or psychotherapy and mental health records (super-confidential information under the law), we will not disclose it under the General or Healthcare Treatment, Payment and Operations Rules (see above) without your first signing and properly completing our Consent form (i.e., you specifically must initial the type of super-confidential information we are allowed to disclose). If you do not specifically authorize disclosure by initialing the super-confidential information, we will not disclose it unless authorized under the Special Rules (see above) (i.e., we are required by law to disclose it). If we disclose super-confidential information (either because you have initialed the consent form or the Special Rules authorizing us to do so), we will comply with state and federal law that requires us to warn the recipient in writing that re-disclosure is prohibited.
Changes to Privacy Policies Rule
We reserve the right to change our privacy practices, by changing the terms of this Notice, at any time as authorized by law. The changes will be effective immediately upon us making them. They will apply to all PHI we create or receive in the future, as well as to all PHI created or received by us in the past, i.e., to PHI about you that we had before the changes took effect. If we make changes, we will post the changed Notice, along with its effective date, in our office and on our website. Also, upon request, you will be given a copy of our current Notice.
Authorization Rule
We will not use or disclose your PHI for any purpose or to any person other than as stated in the rules above without your signature on our specifically worded, written Authorization/Acknowledgement Form (not a Consent or an Acknowledgement). If we need your Authorization, we must obtain it via a specific Authorization Form, which may be separate from any Authorization/Acknowledgement we may have obtained from you. We will not condition your treatment here on whether or not you sign the Authorization.
Marketing and Fund Raising Rules
- Limitations on the disclosure of PHI regarding Remuneration
The disclosure or sale of your PHI without authorization is prohibited. HIPAA, this would exclude disclosures for public health purposes, for treatment / payment for healthcare, for the sale, transfer, merger, or consolidation of all or part of this facility and for related due diligence, to any of our Business Associates, in connection with the business associate’s performance of activities for this facility, to a patient or beneficiary upon request, and as required by law. In addition, the disclosure of your PHI for research purposes or for any other purpose permitted by HIPAA will not be considered a prohibited disclosure if the only reimbursement received is “a reasonable, cost-based fee” to cover the cost to prepare and transmit your PHI which would be expressly permitted by law. Notably, under HIPAA, an authorization to disclose PHI must state that the disclosure will result in remuneration to the Covered Entity. - Limitation on the Use of PHI for Paid Marketing
We will, in accordance with Federal and State Laws, obtain your written authorization to use or disclose your PHI for marketing purposes, i.e.,: to use your photo in ads but not for activities that constitute treatment or healthcare operations. To clarify, Marketing is defined by HIPAA as “a communication about a product or service that encourages recipients . . . to purchase or use the product or service.” Under HIPAA, we will obtain a written authorization from you prior to recommending you to an alternative therapist, or non-associated Healthcare Covered Entity.Under HIPAA we will obtain your written authorization prior to using your PHI or making any treatment or healthcare recommendations, should financial remuneration for making the communication be involved from a third party whose product or service we might promote (i.e.,: businesses offering this facility incentives to promote their products or services to you). This will also apply to our Business Associate who may receive such remuneration for making a treatment or healthcare recommendations to you. All such recommendations will be limited without your expressed written permission.We must clarify to you that financial remuneration does not include “as in-kind payments” and payments for a purpose to implement a disease management program. Any promotional gifts of nominal value are not subject to the authorization requirement, and we will abide by the set terms of the law to accept or reject these.
The only exclusion to this would include: “refill reminders”, so long as the remuneration for making such a communication is “reasonably related to our cost” for making such a communication. In accordance with law, this facility and our Business Associates will only ever seek reimbursement from you for permissible costs that include: labor, supplies, and postage. Please note that “generic equivalents” , “adherence to take medication as directed” and “self-administered drug or delivery system communications” are all considered to be “refill reminders.”
Face-to-face marketing communications, such as sharing with you, a written product brochure or pamphlet, is permissible under current HIPAA Law.
Flexibility on the Use of PHI for Fundraising
Under the HIPAA Omnibus Rule use of PHI is more flexible and does not require your authorization should we choose to include you in any fund raising efforts attempted at this facility? However, we will offer the opportunity for you to “opt out” of receiving future fundraising communications. Simply let us know that you want to “opt out” of such situations. There will be a statement on your HIPAA Patient Acknowledgement Form where you can choose to “opt out”. Our commitment to care and treat you will in no way effect your decision to participate or not participate in our fund raising efforts.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
If you got this Notice via our website, you have the right to get, at any time, a paper copy by asking our Privacy Officer. Also, you have the following additional rights regarding PHI we maintain about you:
To Inspect and Copy
You have the right to see and get a copy of your PHI including, but not limited to, medical and billing records by submitting a written request to our Privacy Officer. Original records will not leave the premises, will be available for inspection only during our regular business hours, and only if our Privacy Officer is present at all times. You may ask us to give you the copies in a format other than photocopies, and we will do so unless we determine that it is impractical, or ask us to prepare a summary in lieu of the copies. We may charge you a fee not to exceed state law to recover our costs (including postage, supplies, and staff time as applicable, but excluding staff time for search and retrieval) to duplicate or summarize your PHI. We will not condition release of the copies on summary of payment of your outstanding balance for professional services if you have one. We will comply with Federal Law to provide your PHI in an electronic format within the 30 days, to Federal specification, when you provide us with proper written request. Paper copies will also be made available. We will respond to requests in a timely manner, without delay for legal review, or, in less than thirty days if submitted in writing, and in ten business days or less if malpractice litigation or pre-suit production is involved. We may deny your request in certain limited circumstances, i.e., we do not have the PHI, it came from a confidential source, etc. If we deny your request, you may ask for a review of that decision. If required by law, we will select a licensed health-care professional, other than the person who denied your request initially, to review the denial and we will follow his or her decision. If we select a licensed healthcare professional who is not affiliated with us, we will ensure a Business Associate Agreement is executed that prevents re-disclosure of your PHI without your consent by that outside professional.
To Request Amendment / Correction
If another doctor involved in your care tells us in writing to change your PHI, we will do so as expeditiously as possible upon receipt of the changes and will send you written confirmation that we have made the changes. If you think PHI we have about you is incorrect, or that something important is missing from your records, you may ask us to amend or correct it, if we have it, by submitting a “Request for Amendment/Correction” form to the Privacy Officer explaining what needs to be amended or corrected and the reason. We will act on your request within 30 days from receipt but we may extend our response time, within the 30-day period, no more than once and by no more than 30 days, or as per Federal Law allowances, in which case we will notify you in writing why and when we will be able to respond. If we grant your request, we will let you know within five business days, make the changes by noting, not deleting, what is incorrect or incomplete and adding to it the changed language, and send the changes within 5 business days to persons you ask us to and persons we know may rely on incorrect or incomplete PHI to your detriment or already have.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- is not part of the medical information kept by or for the Practice or Facility;
- is not part of the information that you would be permitted to inspect and copy; or
- was compiled for use in litigation,
- is accurate and complete.
If we deny your request, we will in writing within 5 business days tell you why and how to file a complaint with us if you disagree. We may submit a written rebuttal to your complaint and give you a copy of it and you may ask us to disclose your initial request and our denial when we make future disclosure of PHI pertaining to your request. In addition, you may complain to the Privacy Officer and to the U.S. Department of Health and Human Services.
To an Accounting of Disclosures
You may ask us for a list of those who got your PHI from us by submitting a “Request for Accounting of Disclosures” form to the Privacy Officer. The list will not cover some disclosures, i.e., PHI given to you, given to your legal representative, given to others for treatment, payment or health-care-operations purposes. Your request must state in what form you want the list, i.e., paper or electronically and the time period you want us to cover, which may be up to but not more than the last six years, excluding dates before April 14, 2003. If you ask us for this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee to respond, in which case we will tell you the cost before we incur it and let you choose if you want to withdraw or modify your request to avoid the cost.
To Request Restrictions
You may ask us to limit how your PHI is used and disclosed in addition to our rules as set forth in this Notice by submitting a written “Request for Restrictions on Use, Disclosure” form to the Privacy Officer. For example, you may not want us to disclose your surgery to family members or friends involved in paying for our services or providing your home care. If we agree to these additional limitations, we will follow them except in an emergency where we will not have time to check for limitations.
Also, in some circumstances we may be unable to grant your request, such as when we are required by law to use or disclose your PHI in a manner that you want restricted, you signed an Authorization Form that allows us to use or disclose your PHI in the manner you want restricted or in an emergency. We are not able to terminate or refuse your request for restrictions to disclosures to health plans if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the information pertains solely to a health care item or service for which you, or person other than the health plan on your behalf, has paid us in full.
Except when you cannot restrict PHI disclosure mentioned above, you may revoke an Authorization Form as well as the Restriction at any time by submitting the request in writing to the Privacy Officer. If we terminate the restriction, we will notify you of the termination.
Please note that we may continue to use or disclose that information to the extent we have relied on your authorization. Also, please note that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of the care that we provided to you.
To Request Alternative Communications
You may ask us to communicate with you in a different way or at a different location by submitting a written “Request for Alternative Communication” Form to the Privacy Officer. We will not ask you why and we will accommodate all reasonable requests (which may include: to send appointment reminders in closed envelopes rather than by postcards, to send your PHI to a post office box instead of your home address, to communicate with you at a telephone number other than your home number). You must tell us the alternative means or location you want us to use and explain to our satisfaction how payment to us will be made if we communicate with you as you request.
Faxing Rule
When you request us to fax or your PHI, we may agree to do so, but only after having our Privacy Officer or treating doctor review that request. For this communication, our Privacy Officer will confirm that the fax number is correct before sending the message and ensure that the intended recipient has sole access to the fax machine before sending the message; confirm receipt, locate our fax machine in a secure location so unauthorized access and viewing is prevented; use a fax cover sheet so the PHI is not the first page to print out because unauthorized persons may view the top page.
Practice Transition Rule
If we sell our practice, our patient records, including but not limited to your PHI, may be disclosed and physical custody may be transferred to the purchasing healthcare provider, but only in accordance with the law. The healthcare provider who is the new records owner will be solely responsible for ensuring privacy of your PHI after the transfer and you agree that we will have no responsibility for, or duty associated with, transferred records. If all the owners of our practice die, our patient records, including but not limited to your PHI, must be transferred to another healthcare provider within 90 days to comply with the law. Before we transfer records in either of these two situations, our Privacy Officer will obtain a Business Associate Agreement from the purchaser and review your PHI for super-confidential information defined above, which will not be transferred without your express written authorization as indicated by your initials on our Consent form.
Inactive Patient Records
We will retain your records for seven years from your last treatment or examination, at which point you will become an inactive patient in our practice and we may destroy your records at that time. The records of inactive minor patients will not be destroyed before the child’s eighteenth birthday. We will do so only in accordance with the law (i.e., in a confidential manner, with a Business Associate Agreement prohibiting re-disclosure if necessary).
Collections
If we use or disclose your PHI for collections purposes, we will do so only in accordance with the law.
Right to a Paper Copy of This Notice.
You have the right to a paper copy of this Notice at your first treatment encounter at the Practice or Facility. You may get an additional copy of this Notice at any time by contacting the Privacy Office. This contact information is listed on the last page of this Notice.
Changes to This Notice
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for medical information about you we already have as well as any information we receive in the future. We will post copies of the current Notice at the Practice or Facility. The Notice will contain on the first page, in the bottom right-hand comer, the effective date. In addition, each time you register at the Practice or Facility for treatment or healthcare services, we will provide available copies of the current Notice. Any revisions to our Notice will also be posted on our website.
TO COMPLAIN, OBTAIN FORMS OR GET MORE INFORMATION
We will follow our rules as set forth in this Notice. If you want more information or if you believe your privacy rights have been violated, i.e., you disagree with a decision of ours about inspection/copying, amendment/correction, accounting of disclosures, restrictions or alternative communications, we want to make it right. We never will penalize you for filing a complaint. To do so, please file a formal, written complaint within 180 days with:
The U.S. Department of Health & Human Services
Office of Civil Rights
200 Independence Ave., S.W.
Washington, DC 20201
877.696.6775
Or, submit a written Complaint form to the Privacy Officer at the following address. You may get your “HIPAA Complaint” form by calling our Privacy Officer, as well:
Beverly Coleman, Chief Human Resources Officer, Privacy Officer
Allied Digestive Health
Monmouth Corporate Park 1
187 Highway 36, #230
West Long Branch, New Jersey 07764
Officer Telephone: 732-222-3805, ext., 1551
Fax: 732-229-2060
E-mail Address: bcoleman@allieddigestivehealth.com
These privacy practices are in accordance with the original HIPAA enforcement effective April 14, 2003, and undated to Omnibus Rule effective March 26, 2013 and will remain in effect until we replace them as specified by Federal and/or State Law.
Eff: January 22, 2020