Notice of Privacy Practices for Radiology Regional Center (the “Provider”)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This notice is effective on September 23, 2013.
This Notice describes the privacy policies of the Provider, and applies to the physicians, health care professionals, employees, staff and other personnel who provide services at the Provider. The people and organizations to which this notice applies (referred to as “we,” “our,” and “us”) have agreed to abide by the terms of this notice. We may share your information with each other for purposes of treatment, and as necessary for payment and operations activities as described below.
This notice applies to any information in our possession that would allow someone to identify you and learn something about your health. It is intended to describe the policies that protect medical information relating to your past, present and future medical conditions, health care treatment and payment for that treatment (called “Protected Health Information” or “PHI”). It does not apply to information that that could not reasonably be used to identify you.
OUR LEGAL DUTIES
• We are required by law to maintain the privacy of your health information.
• We are required to provide this notice of our privacy practices to anyone who asks for it.
• We are required to abide by the terms of this notice until we officially adopt a new notice.
HOW WE MAY USE OR DISCLOSE YOUR HEALTH INFORMATION
We may use your PHI, or disclose your PHI to others, for a number of different reasons. This notice describes the categories of reasons for using or disclosing your information. For each category, we have provided a brief explanation, and in many cases have provided examples. The examples given do not include all of the specific ways we may use or disclose your PHI. However, any time we use or disclose your information in administration of the Plans, it will be for one of the categories of listed below.
Treatment. We will use your health information to provide you with medical care and services. This means that our employees and staff and others who work under our direct control may read your health information to learn about your medical condition and use it to make decisions about your care. For instance, a medical assistant may read your medical chart in order to care for you properly. We will also give your information to others who need it in order to provide you with medical treatment or services. For instance, we may send your doctor the results of laboratory tests or x-rays we perform.
Payment. We will use your health information, and disclose it to others, as necessary to obtain payment for the services we provide to you. For instance, an employee in our business office may use your health information to prepare a bill. And we may send that bill, and any health information it contains, to your insurance company. We may also disclose some of your health information to companies with whom we contract for payment-related services. We may give information about you to a health plan that pays for your benefits. We will not use or disclose more information for payment purposes than is necessary.
Health Care Operations. We may use your health information for activities that are necessary to operate this organization. This includes reading your health information to review the performance of our Staff. We may also use your information and the information of other patients to plan what services we need to provide, expand, or reduce. For example, we may disclose your health information to a company that assists us with quality assurance. We may disclose your health information as necessary to others who we contract with to provide administrative services. This includes our lawyers, auditors, accreditation services, and consultants, for instance.
To Business Associates. The Provider may hire third parties that may need your PHI to perform certain services on behalf of the Provider. These third parties are “Business Associates” of the Provider. Business Associates must protect any PHI they receive from, or create and maintain on behalf of, the Provider.
Family and Friends. We may disclose your health information to a member of your family or to someone else who is involved in your medical care or payment for care. We may notify family or friends if you are in the hospital, and tell them your general condition. In the event of a disaster, we may provide information about you to a disaster relief organization so they can notify your family of your condition and location. We will not disclose your information to family or friends if you object. We may also disclose to your personal representatives who have authority to act on your behalf (for example, to parents of minors or to someone with a power of attorney).
Public Health Oversight. We may disclose your health information to a public health oversight agency for oversight activities authorized by law. This includes uses or disclosures in civil, administrative or criminal investigations; licensure or disciplinary actions (for example, to investigate complaints against health care providers); inspections; and other activities necessary for appropriate oversight of government programs (for example, to investigate Medicaid fraud).
To Report Abuse. We may disclose your health information when the information relates to a victim of abuse, neglect or domestic violence. We will make this report only in accordance with laws that require or allow such reporting, or with your permission.
Legal Requirement to Disclose Information. We will disclose your information when we are required by law to do so. This includes reporting information to government agencies that have the legal responsibility to monitor the health care system. For instance, we may be required to disclose your health information, and the information of others, if we are audited by Medicare or Medicaid.
Law Enforcement. We may disclose your health information for law enforcement purposes. This includes providing information to help locate a suspect, fugitive, material witness or missing person, or in connection with suspected criminal activity. We must also disclose your health information to a federal agency investigating our compliance with federal privacy regulations.
For Lawsuits and Disputes. We may disclose PHI in response to an order of a court or administrative agency, but only to the extent expressly authorized in the order. We may also disclose PHI in response to a subpoena, a lawsuit discovery request, or other lawful process, but only if we have received adequate assurances that the information to be disclosed will be protected.
Specialized Purposes. We may disclose your health information for a number of other specialized purposes. We will only disclose as much information as is necessary for the purpose. For instance, we may disclose your information to coroners, medical examiners and funeral directors; to organ procurement organizations (for organ, eye, or tissue donation); or for national security and intelligence purposes. We may disclose the health information of members of the armed forces as authorized by military command authorities. We also may disclose health information about an inmate to a correctional institution or to law enforcement officials to provide the inmate with health care, to protect the health and safety of the inmate and others, and for the safety, administration, and maintenance of the correctional institution. We may also disclose your health information to your employer for purposes of workers’ compensation and work site safety laws (OSHA, for instance). We may disclose PHI to organizations engaged in emergency and disaster relief efforts.
To Avert a Serious Threat. We may disclose your health information if we decide that the disclosure is necessary to prevent serious harm to the public or to an individual. The disclosure will only be made to someone who is able to prevent or reduce the threat.
Research. We may disclose your health information in connection with medical research projects if allowed under federal and state laws and rules. The Provider may disclose PHI for use in a limited data set for purposes of research, public health or health care operations, but only if a data use agreement has been signed.
Information to Patients. We may use your health information to provide you with additional information. This may include sending you appointment reminders. This may also include giving you information about treatment options or other health-related services that we provide.
Authorization. We will ask for your written authorization if we plan to use or disclose your health information for reasons not covered in this notice, including but not limited to uses and disclosures relating to psychotherapy notes, marketing activities, and any sale of your PHI. If you authorize us to use or disclose your health information, you have the right to revoke the authorization at any time. If you want to revoke an authorization, send a written notice to the Privacy Official listed at the end of this notice. You may not revoke an authorization to the extent that we have already given out your information or taken other action in reliance on the authorization. If the authorization is to permit disclosure of your information to an insurance company, as a condition of obtaining coverage, other laws may allow the insurer to continue to use your information to contest claims or your coverage, even after you have revoked the authorization.
Request Restrictions. You have the right to ask us to restrict how we use or disclose your health information. You must make this request in writing. We will consider your request, but we are not required to agree. If we do agree, we will comply with the request unless the information is needed to provide you with emergency treatment. We cannot agree to restrict disclosures that are required by law.
Right to Request Restrictions for Self-Pay Procedures. You have a right to request that we not disclose PHI to health plans because you paid for services or items out of pocket and in full. However, you should be aware that if you choose to use a medical expense reimbursement/flexible spending account (FSA) or a health savings account (HSA) to pay for the health care items or services that you wish to have restricted, those plans will still require you to provide the necessary substantiation of the expenses in order to receive reimbursement.
Confidential Communication. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may ask that we contact you only at home or only by mail. If you want us to communicate with you in a special way, you will need to give us details about how to contact you, including a valid alternative address. You also will need to give us information as to how payment will be handled. We may ask you to explain how disclosure of all or part of your health information could put you in danger. We will honor reasonable requests. However, if we are unable to contact you using the requested ways or locations, we may contact you using any information we have.
Access to and Copies of Health Information. You have a right to access certain PHI that we have in our records, which is limited to the medical and billing records, and any other information about you that is used in whole or part to make decisions about you (the “Designated Record Set”). To the extent PHI in your Designated Record Set is maintained electronically, you have a right to request an electronic copy of those records. We may require a reasonable, cost-based fee for copying, mailing, and transmitting the records, and the cost of any specific media you request, to the extent allowed by state and federal law.
To ask to inspect your records, or to receive a copy, send a written request to the Privacy Official listed at the end of this notice. Your request should specifically list the information you want copied. We will respond to your request within a reasonable time, but generally no later than 30 days. If we cannot respond to your request within 30 days, an additional 30 days is allowed if we provide you with a written statement of the reason(s) for the delay and the date by which access will be provided. We may deny you access to certain information, such as if we believe it may endanger you or someone else, in which case we will also explain how you may appeal the decision.
Amend Health Information. You have the right to request us to amend health information about you in your Designated Record Set which you believe is not correct, or not complete. You must make this request in writing, and give us the reason you believe the information is not correct or complete. We will respond to your request in writing within 30 days. We may deny your request if we did not create the information, if it is not part of the records we use to make decisions about you, the information is something you would not be permitted to inspect or copy, or if it is complete and accurate.
Accounting of Disclosures. You have a right to receive an accounting of certain disclosures of your PHI to others. This accounting will list the times we have given your health information to others. The list will include dates of the disclosures, the names of the people or organizations to whom the information was disclosed, a description of the information, and the reason. We will provide the first list of disclosures you request at no charge. We may charge you for any additional lists you request during the following 12 months. You must request this list in writing. You must tell us the time period you want the list to cover, which may not exceed the most recent six years. Disclosures for the following reasons will not be included on the list: disclosures for treatment, payment, or health care operations; disclosures incident to a permitted use or disclosure; disclosures as part of a limited data set; disclosures to your family members, other relatives, or friends who are involved in your care or who otherwise need to be notified of your location, general condition, or death; disclosures for national security purposes; certain disclosures to correctional or law enforcement personnel; disclosures that you have authorized; and disclosures made directly to you or your representatives.
Right to Notification of Breach of Unsecured PHI. We will comply with the requirements of HIPAA and its implementing regulations to provide notification to affected individuals, HHS, and the media (when required) if we or a business associate discover a breach of unsecured PHI.
State Rights More Stringent Than HIPAA. In certain instances, protections afforded under applicable state law may be more stringent than those provided by HIPAA and are therefore not preempted. For instance, certain records pertaining to substance abuse records are subject to more stringent protections pursuant to Section 397.501(7) F.S., and certain mental health records are protected under Section 394.4615(2) F.S. Disclosures of such records (i.e., if subpoenaed, typically require consent of the patient or a court order).
Paper Copy of this Privacy Notice. You have a right to receive a paper copy of this notice. If you have received this notice electronically, you may receive a paper copy by contacting the privacy official listed at the end of this notice.
Complaints. You have a right to complain if you think your privacy has been violated. We encourage you to contact our Privacy Official if you have a complaint, or question how your PHI is being used or disclosed. You may also file a complaint with the Secretary of the Department of Health and Human Services. We will not retaliate against you for filing a complaint.
OUR RIGHT TO CHANGE THIS NOTICE.
We reserve the right to change our privacy practices, as described in this notice, at any time. We reserve the right to apply these changes to any health information which we already have, as well as to health information we receive in the future. Before we make any change in the privacy practices described in this notice, we will write a new notice that includes the change. We will post the new notice in our office, and make copies available upon request. The new notice will include an effective date. A copy of the latest version of this notice will also be maintained on our website.
CONTACT THE PRIVACY OFFICER FOR MORE INFORMATION
If you have any questions regarding this Notice or if you wish to exercise any of your rights described in this Notice, you may contact the Privacy Official at:
HIPAA Privacy Official
Radiology Regional Center
3660 Broadway, Fort Myers, FL 33901