Privacy Notice

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU MAY ACCESS THIS INFORMATION.  PLEASE READ IT CAREFULLY 

The Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) is a Federal program that requires that all medical records and other individually identifiable health information used or disclosed by me in any form, whether electronically, on paper, or orally be kept properly confidential. This Act gives you the right to understand and control how your personal health information (“PHI”) is used. As required by HIPAA, I have prepared this explanation of how I maintain the privacy of your health information and how I may disclose your personal information. 

I may use and disclose your medical records only for each of the following purposes: treatment, payment and health care operation. 

  • Treatment means providing, coordinating, or managing health care and related services by one or more healthcare providers. 
  • Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collections activities, and utilization review.
  • Health Care Operations include business aspects of running my practice, such as conducting quality assessments and improving activities, auditing functions, cost management analysis, and customer service. 
  • My practice may also be required or permitted to disclose your PHI for law enforcement and other legitimate reasons. In all situations, I shall do my best to assure confidentiality to the degree possible.

I may also create and distribute de-identified health information by removing all reference to individually identifiable information. I may contact you, by phone or in writing, to provide appointment reminders or information about treatment alternatives.  I do not use information for fund-raising or marketing of any type 

The following use and disclosures of PHI will only be made if I receive a written authorization from you: 

  • Most uses and disclosure of psychotherapy notes 
  • Uses and disclosure of your PHI for marketing purposes
  • Disclosures that constitute a sale of PHI under HIPAA
  • Other uses and disclosures not described in this notice. 

You may revoke such authorization in writing.  I am required to honor and abide by that written request, except to the extent that I have already taken actions relying on your prior authorization. 

You may have the following rights with respect to your PHI:  
•The right to request restrictions on certain uses and disclosures of PHI, including those related to disclosures to family members, other relatives, close personal friends, or any other person identified by you. I am, however, not required to honor a request restriction in limited circumstances, which I shall explain if you ask. If I do agree to the restriction, I must abide by it unless you agree in writing to remove it. 
•The right to reasonable requests to receive confidential communications of Protected Health Information by alternative means or at alternative locations. 
•The right to inspect and copy your PHI. 
•The right to amend your PHI. 
•The right to receive an accounting of disclosures of your PHI. 
•The right to obtain a paper copy of this notice from us upon request. 
•The right to be advised if your unprotected PHI is intentionally or unintentionally disclosed. 

If you have paid for services “out of pocket”, in full and in advance, and you request that I not disclose PHI related solely to those services to a health plan, I shall accommodate your request, except where I are required by law to make a disclosure.

This notice is effective as of October 1, 2013. It is my intention to abide by the terms of the Notice of Privacy Practices and HIPAA Regulations currently in effect. I reserve the right to change the terms of my Notice of Privacy Practice and to make the new notice provision effective for all PHI that I maintain.  You may request a written copy of the revised Notice of Privacy Practice from my office. 

You have recourse if you feel that your protections have been violated by my office. You have the right to file a formal, written complaint with the office and with the Department of Health and Human Services, Office of Civil Rights. I will not retaliate against you for filing a complaint. 

If you have questions about this notice and my privacy practices, please contact me for more information. 

HIPAA: Illustrations of Situations Requiring/Not Requiring Authorization 

October, 2013

Under the HIPAA Privacy Rule, a practice must obtain patient authorization for the following: 

  1. To disclose PHI about a patient to a third party (i.e., a life insurance underwriter)
  2. To market a product or services except if the marketing communication is face-to-face or it involves the provision of services of nominal value.
  3. To raise funds based on the disclosure of certain types of PHI for any entity other than the practice
  4. For research unless the practice has a signed waiver approved by the Institutional Review Board (IRB) for the use and disclosure of PHI or has de-identified PHI
  5. To use psychotherapy notes, unless use or disclosure is required for
  • law enforcement purposes or legal mandates, including defending the practice in a legal action or other proceeding brought by the patient
  • oversight of the provider who created the notes
  • a coroner or medical examiner
  • avoidance of a serious and imminent threat to health or safety;

Under the HIPAA Privacy Rule, a practice does not have to obtain patient authorization to disclose PHI 

  1. To a provider who has an indirect treatment relationship with the patient
  2. To a health oversight agency with respect to audits, civil, administrative, and/or criminal investigations or proceedings
  3. In response to a court order, court-ordered warrant, subpoena or summons
  4. To law enforcement for the purpose of identifying or locating a suspect, fugitive, material witness or missing person, (e.g., disclosing a deceased individual’s PHI if suspicion persists that death may have resulted from criminal conduct)
  5. To organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes or tissue for donation and transplantation
  6. As required by law for public health activities and the prevention or control of disease, injury or disability, including but not limited to communicable diseases and product defects or problems (e.g., with food and dietary supplements and product labeling issues)
  7. As required by law to social or protective services with respect to victims of abuse, neglect or domestic violence
  8. Of Armed Forces personnel for activities deemed to assure proper execution of military mission
  9. To authorized federal officials for the conduct of lawful intelligence or counter-intelligence as authorized by the National Security Act
  10. To authorized federal officials as it relates to protecting the President of the United States, to foreign heads of state or other authorized persons
  11. To the United States Department of State as it relates to obtaining security clearance, service abroad and other provisions of the Foreign Service Act
  12. To correctional institutions or law enforcement as it relates to inmates’ healthcare or the health and safety of individuals treating and transferring inmates
  13. To a person who may have been exposed to a communicable disease, if the practice is authorized by law to notify such persons in the conduct of a public health intervention or investigation
  14. To an employer, if the practice is a covered provider who is a member of the workforce of the employer or who provides healthcare to the patient at the request of the employe to conduct an evaluation relating to medical surveillance of the workplace or to evaluate whether the individual has a work-related illness or injury;
  15. To an auto insurance company or workman’s compensation when they are responsible for payment of the practice’s services.