PT Prehab Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) is a federal program that requires that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper, or orally, are kept properly confidential. This Act gives you, the patient, significant rights to understand and control how your health information is used. “HIPAA” provides penalties for covered entities that misuse personal health information.
As required by “HIPAA”, we have prepared this explanation of how we are required to maintain the privacy of your health information and how we may use and disclose your information.
Protected Health Information
Your confidential medical information is defined under federal law as “protected health information” (“PHI”) or, when maintained on our computer system, “electronic protected health information” (“ePHI”). PHI and ePHI include information related to your past, present, or future health condition, the health care provided to you, or the past, present, or future payment for your health care, and includes identifiers that do or could be used to identify you. This Notice of Privacy Practices (“Notice”) applies to all PHI and ePHI that we have created or received.
Permitted Uses and Disclosures
There are certain circumstances under which we may use or disclose your PHI without first obtaining your written authorization. Accordingly, except where prohibited by federal or state laws that require special privacy protections, we may use or disclose your PHI without your written authorization for the following purposes:
Treatment: We may use or disclose your PHI to provide and coordinate treatment and other healthcare services you receive from us. For example, we will use your PHI to make decisions about the provision, coordination, or management of your health care, including diagnosing your condition and determining the appropriate treatment for that condition. We may also share your PHI with another health care provider whom we need to consult with respect to your care, such as your referring physician.
Payment: We may use or disclose your PHI to obtain reimbursement from you or your health insurance plan, or another insurer, for services we rendered to you. We may also tell your health plan about a service you are going to receive to determine whether your plan will cover the service.
Operations: We may use or disclose your PHI for our operations, to improve your care, and to contact you when necessary. For example, we may use or disclose your PHI for our business planning and development operations, including improvement in our methods of operation, and general administrative functions. We may also use your PHI in our overall compliance planning, medical review activities, and arranging for legal and auditing functions.
Appointment Reminders and Other Messages: We may, from time to time, use or disclose your PHI in order to contact you to provide appointment reminders, inform you of a cancellation, or in an emergency. To do so, we may place a telephone call to your home or an alternate telephone number you have provided to us, which may include leaving a message on your voicemail or answering machine, or with the individual answering the phone. In most circumstances, the message we leave will be limited to a telephone number for you to call us back. Under certain circumstances, however, in order to inform you of the purpose of our call, we may leave more detailed information.
Health Care Operations: We may use or disclose, as needed, your protected health information in order to support the business activities of this office. These activities include, but are not limited to, improving quality of care, providing information about treatment alternatives or other health-related benefits and services, developing or maintaining and supporting computer systems, legal services, and conducting audits and compliance programs, including fraud, waste and abuse investigations.
Required by Law: We may use or disclose your PHI when the use or disclosure is required by law.
Public Health Activities: We may use or disclose your PHI for public health activities, including: prevention or control of disease, injury or disability; reporting child abuse or neglect; maintaining vital records, such as births and deaths; notifying a person regarding potential exposure to a communicable disease; notifying a person regarding a potential risk for spreading or contracting a disease or condition; notifying an appropriate government agency about the abuse or neglect of an adult individual (including domestic violence); or to the federal Food and Drug Administration to report adverse events with medications; track regulated products, report product recalls, defects or replacements.
Abuse, Neglect, And Domestic Violence: If we reasonably believe you are a victim of abuse, neglect or domestic violence, to the extent the law requires, your PHI may be disclosed to an agency authorized by law to receive such reports.
Health Oversight Activities: We may disclose your PHI to a health oversight agency to perform oversight activities authorized by law or for appropriate oversight of our clinics, providers, or services such as through audits, investigations, inspections, and licensure activities.
Judicial and Administrative Proceedings: We may disclose your PHI in the course of any judicial or administrative proceeding. For example, we may disclose your PHI in response to a court or administrative order, or in response to a discovery request, subpoena or other lawful process.
Law Enforcement: We may disclose your PHI to: report certain types of wounds or other physical injuries; a law enforcement official to identify or locate a suspect, fugitive, material witness or missing person; provide certain information about the victim of a crime; about a death due to criminal conduct; about criminal conduct at one of our clinics; and in emergency circumstances, to report a crime, the location of a crime, to identify the victim of a crime, or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners and Funeral Directors: We may disclose your PHI to facilitate the duties of coroners, medical examiners and funeral directors.
Research: We may use or disclose your PHI to a researcher if an institutional review board has reviewed and approved a researcher’s proposal and has established protocols to ensure the privacy of your PHI.
To Avert A Serious Threat To Health Or Safety: We may disclose your PHI to reduce or prevent a serious threat to your health and safety or the health and safety of the public or another person.
Military and Veterans: If you are a member of the armed forces, we may disclose your PHI to an appropriate military command authority to assure proper execution of a military mission.
National Security and Intelligence Activities: We may disclose your PHI to federal officials for intelligence and national security activities authorized by law; to protect the President, other officials or foreign heads of state; or to conduct an investigation.
Workers’ Compensation: We may disclose your PHI for workers’ compensation or similar programs in order for you to obtain benefits for work-related injuries or illness.
USES AND DISCLOSURES SUBJECT TO YOUR AGREEMENT OR OBJECTION
You will be given the opportunity to agree or object before we make any of the following disclosures of your PHI unless you are unable to communicate with us (because you are incapacitated or because of an emergency), in which case we will rely on our professional judgment to determine whether the disclosure is in your best interest:
Family Member, Friend or Other Persons Involved in Your Care and Treatment: We may disclose your PHI to a family member, relative, close personal friend, or any other person identified by you, only to the extent the PHI is relevant to that person’s involvement with your care or payment for your health care.
Notification: We may also use or disclose your PHI to notify or assist in notifying a family member, personal representative, or any other person responsible for your care, of your location or general condition.
Disaster Relief: We may disclose your PHI to a public or private entity authorized by law to assist in disaster relief efforts for the purpose of notifying or assisting in notifying a family member, a personal representative or another person of your location and general condition.
USES AND DISCLOSURES SUBJECT TO YOUR WRITTEN AUTHORIZATION
Other uses and disclosures of your PHI not covered by this Notice or otherwise permitted by law will be made only with your written authorization. We will not use or disclose your PHI for marketing purposes or sell your PHI to any third party without your authorization. In addition, except to the extent disclosure has been made to governmental entities required by law to maintain the confidentiality of your information, we will not further disclose to any other person or entity, your information related to mental health treatment, drug and alcohol abuse, HIV/AIDS, or sexually transmitted diseases, to the extent such information may be contained in your medical records, without your specific written consent and authorization. If you provide us with written authorization to use or disclose your PHI, you may revoke your authorization, in writing, at any time. Upon receipt of your written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken actions related to use or disclosure of your PHI in reliance on your authorization. We are unable to “take back” any disclosures that we have already made with your permission and we are required to keep any records of the care that we provided to you.
Minimum Necessary
Subject to the limited exceptions set forth in this section, any use or disclosure of, or request for, your PHI by us will be limited to only the minimum amount of your PHI necessary to accomplish the intended purpose of the use, disclosure, or request. However, this minimum necessary standard will not apply in the following situations: (1) disclosures to or requests by a healthcare provider for treatment; (2) use or disclosures made to you; (3) use or disclosures made pursuant to your written authorization; (4) disclosures made to the Secretary of the U.S. Department of Health and Human Services (“HHS”); (5) uses or disclosures that are required by law; and (6) uses or disclosures that are required for our compliance with legal regulations.
Individual Rights
You have certain rights with respect to your medical record information, as follows:
1. You may request that we restrict the uses and disclosures of your PHI for treatment, payment and operations, or restrictions involving your care or payment related to that care. We are not required to agree to the restriction; however, if we agree, we will comply with it, except with respect to emergencies, disclosure of the information to you, or if we are otherwise required by law to make a full disclosure without restriction.
2. You may also request a restriction on disclosure of PHI to a health plan for purpose of payment or health care operations if you paid for the services out of your own pocket, in full. This does not apply to services that are covered by insurance. You are required to pay cash, in full, for the services before the restriction applies.
3. You have the right to request receipt of confidential communications of your medical information by an alternative means or at an alternative location. If you require such an accommodation, you will be charged a fee for the accommodation and will be required to specify the alternative address or method of contact and how payment will be handled.
4. You have the right to access, inspect, and copy and request amendment to your medical records. We will charge a reasonable fee for providing a copy of your medical records, or a summary of those records, at your request, which includes the cost of copying, postage, or preparation of an explanation or summary of the information. With respect DMS 16070381.5 4 | P a g e to ePHI, we agree to give you your ePHI in the form and format requested by you, if it is readily producible in that form or format. If it is not readily producible in the form or format requested, we will give you a readable hard copy form. Any directive given to us by you to transmit ePHI must be done in writing by you, signed and clearly identify the designated person and location to send the ePHI. We will provide you access to your PHI or ePHI within thirty (30) days from the date the request is received.
5. You have the right to request amendment to your medical records. We may deny any request for amendment of your PHI or ePHI if the information was not created by us (unless the originator of the information is no longer available to act on your request); is not part of the designated record set maintained by us; is not part of the information to which you have a right of access; or is already accurate and complete, as determined by us. If we deny your request for an amendment, we will give you a written denial including the reasons for the denial. We will respond to your request in a timely fashion as required by applicable law.
6. You have a limited right to receive an accounting of all disclosures we make to other persons or entities of your PHI except for disclosures required for treatment, payment and health care operations, disclosures that require a written authorization, disclosures incidental to another permissible use or disclosure, and otherwise as allowed by law. We will not charge you for the first accounting in any twelve (12) month period; however, we will charge you a reasonable fee for each subsequent request for an accounting within the same twelve (12) month period.
7. You have the right to receive notification from us if any breach of your unsecured PHI occurs.
8. You have the right to obtain a paper copy of this notice if the notice was initially provided to you electronically, and to take a copy home with you if you wish.
9. All requests related to your rights herein must be made in writing and addressed to “Compliance Director” at the address noted below.
Our Duties
We have the following duties with respect to the maintenance, use and disclosure of your medical records:
1. We are required by law to maintain the privacy and security of the PHI in your medical records.
2. We are required to abide by the duties and privacy practices described in this Notice currently in effect and to provide you with a copy of this Notice. We will attempt in good faith to obtain your signed acknowledgement that you received this Notice.
3. We reserve the right to change the terms of this Notice at any time, making the new provisions effective for all PHI and medical records we have and continue to maintain. All changes in this Notice will be prominently displayed and available at our office and on our website.
FOR MORE INFORMATION OR TO REPORT A PROBLEM
If you have questions, would like additional information, or you believe your privacy rights have been violated, you may contact us by email at privacy@ptprehab.com or by telephone at 508-301-3067.
All complaints must be submitted in writing. There will be no retaliation for filing a complaint.
CHANGES TO THIS NOTICE
PT Prehab will abide by the terms of the Notice currently in effect. PT Prehab reserves the right to change the terms of its Notice and to make the new Notice provisions effective for all protected health information that it maintains. An updated version of the Notice may be obtained on our web site at www.ptprehab.com.
Effective Date:
This Notice is effective November 3, 2021 and applies to all PHI/ePHI contained in your medical records maintained by us.