Notice of Privacy Practices
Effective date: January 1, 2018
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Generally speaking, your protected health information is information about you that either identifies you or can be used to identify you and relates to your past, present or future physical or mental health or condition, the provision of health care to you, or payment for health care provided to you. Your medical and billing records at our practice are examples of information that usually will be regarded as your protected health information.
The Centers for Advanced Urology, LLC, d/b/a MidLantic Urology (“MidLantic Urology”), together with its subsidiaries and affiliates, (hereinafter referred to as “we” or “us”) have agreed to abide by the terms of this notice with respect to protected health information as part of our participation in an organized healthcare arrangement. We are required by law to maintain the privacy of your protected health information, to provide you with notice of our legal duties and privacy practices with respect to your protected health care information, and to notify you following a breach of your unsecured protected health information. We are required to abide by the terms of our Notice of Privacy Practices that currently is in effect. This notice replaces all prior notices and applies to all protected health information that we maintain.
If you have any questions regarding this notice, you may contact our privacy officer at:
Nancy G. Burch CPC, CPCO 850-720-1029
I. USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION
A. Treatment, payment, and health care operations
We may use and disclose your protected health information for treatment, payment, and health care operation purposes. This section generally describes the types of uses and disclosures that fall into those categories and includes examples of those uses and disclosures. Not every potential use or disclosure for treatment, payment, and health care operations purposes is listed.
We may use and disclose your protected health information to help us with your treatment. We may also release your protected health information to help other health care providers treat you. Treatment includes the provision, coordination, or management of health care services to you by one or more health care providers. Some examples of treatment uses and disclosures include:
- During an office visit, practice physicians and other staff involved your care may review your medical record and share and discuss your medical information with each other.
- We may share and discuss your medical information with an outside physician to whom we have referred you for care.
- We may share and discuss your medical information with an outside physician with whom we are consulting regarding you.
- We may share and discuss your medical information with an outside laboratory, radiology center, or other health care facility where we have referred you for testing.
- We may share and discuss your medical information with an outside home health agency, durable medical equipment agency, or other health care provider to whom we have referred you for health care services and products.
- We may share and discuss your medical information with a hospital or other health care facility where we are admitting or treating you.
- We may share and discuss your medical information with another health care provider who seeks this information for the purpose of treating you.
- We may use a patient sign-in sheet in the waiting area that is accessible to all patients.
- We may page patients in the waiting room when it is time for them to go to an examining room.
- We may contact you to provide appointment reminders.
We may use and disclose your protected health information for our payment purposes, as well as the payment purposes of other health care providers and health plans. Payment uses and disclosures include activities conducted to obtain payment for the care provided to you or so that you can obtain reimbursement for that care. Some examples of payment uses and disclosures include:
- Sharing information with your health insurer to determine whether you are eligible for coverage or whether proposed treatment is a covered service.
- Submission of a claim to your health insurer.
- Providing supplemental information to your health insurer so that your health insurer can obtain reimbursement from another health plan under a coordination of benefits clause in your subscriber agreement.
- Sharing your demographic information (for example, your address) with other health care providers who seek this information to obtain payment for health care services provided to you.
- Mailing you bills in envelopes with our practice name and return address.
- Provision of a bill to a family member or other person designated as responsible for payment for services rendered to you.
- Providing medical records and other documentation to your health insurer to support the medical necessity of a health service.
- Allowing your health insurer access to your medical record for a medical necessity or quality review audit.
- Providing consumer reporting agencies with credit information (your name and address, date of birth, Social Security number, payment history, account number, and our name and address).
- Providing information to a collection agency or our attorney for purposes of securing payment of a delinquent account.
- Disclosing information in a legal action for purposes of securing payment of a delinquent account.
3. Health care operations
We may use and disclose your protected health information for our health care operation purposes as well as certain health care operation purposes of other health care providers and health plans. Some examples of health care operation purposes include:
- Quality assessment and improvement activities.
- Population based activities relating to improving health or reducing health care costs.
- Reviewing the competence, qualifications, or performance of health care professionals.
- Conducting training programs for medical and other students.
- Accreditation, certification, licensing, and credentialing activities.
- Health care fraud and abuse detection and compliance programs.
- Conducting other medical review, legal services, and auditing functions.
- Business planning and development activities, such as conducting cost management and planning related analyses.
- Sharing information regarding patients with entities that are interested in purchasing our practice and turning over patient records to entities that have purchased our practice.
- Other business management and general administrative activities, such as compliance with the federal privacy rule and resolution of patient grievances.
We may contact you to solicit funds for our practice. With any fundraising communication, you will be given the opportunity to opt-out of future solicitations.
B. Uses and disclosures for other purposes
We may use and disclose your protected health information for other purposes. This section generally describes those purposes by category. Each category includes one or more examples. Not every potential use or disclosure in a category will be listed. Some examples fall into more than one category – not just the category under which they are listed.
1. Individuals involved in care or payment for care
We may disclose your protected health information to someone involved in your care or payment for your care, such as a spouse, a family member, or close friend. For example, if you have surgery, we may discuss your physical limitations with a family member assisting in your post-operative care.
2. Notification purposes
We may use and disclose your protected health information to notify, or to assist in the notification of, a family member, a personal representative, or another person responsible for your care regarding your location, general condition, or death. For example, if you are hospitalized, we may notify a family member of the name and address of the hospital and your general condition. In addition, we may disclose your protected health information to a disaster relief entity, such as the American Red Cross, so that it can notify a family member, a personal representative, or another person involved in your care regarding your location, general condition, or death.
3. Required by law
We may use and disclose protected health information when required by federal, state, or local law. For example, we may disclose protected health information to comply with mandatory reporting requirements involving births and deaths, child abuse, disease prevention and control, vaccine-related injuries, medical device-related deaths and serious injuries, gunshot and other injuries by a deadly weapon or criminal act, driving impairments, and blood alcohol testing.
4. Other public health activities
We may use and disclose protected health information for public health activities, including:
- Public health reporting, for example, communicable disease reports.
- Child abuse and neglect reports.
- FDA-related reports and disclosures, for example, adverse event reports.
- Public health warnings to third parties at risk of a communicable disease or condition.
- OSHA requirements for workplace surveillance and injury reports.
5. Victims of abuse, neglect, or domestic violence
We may use and disclose protected health information for purposes of reporting of abuse, neglect, or domestic violence in addition to child abuse, for example, reports of elder abuse to the Department of Aging or abuse of a nursing home patient to the Department of Human Services.
6. Health oversight activities
We may use and disclose protected health information for purposes of health oversight activities authorized by law. These activities could include audits, inspections, investigations, licensure actions, and legal proceedings. For example, we may comply with a Drug Enforcement Agency inspection of patient records.
7. Judicial and administrative proceedings
We may use and disclose protected health information disclosures in judicial and administrative proceedings in response to a court order or subpoena, discovery request or other lawful process. For example, we may comply with a court order to testify in a case at which your medical condition is at issue.
8. Law enforcement purposes
We may use and disclose protected health information for certain law enforcement purposes including to:
- Comply with a legal process, for example, a search warrant.
- Comply with a legal requirement, for example, mandatory reporting of gun-shot wounds.
- Respond to a request for information for identification/location purposes.
- Respond to a request for information about a crime victim.
- Report a death suspected to have resulted from criminal activity.
- Provide information regarding a crime on the premises.
- Report information related to the commission of a crime obtained while providing emergency medical care.
9. Coroners and medical examiners
We may use and disclose protected health information for purposes of providing information to a coroner or medical examiner for the purpose of identifying a deceased patient, determining a cause of death, or facilitating their performance of other duties required by law.
10. Funeral directors
We may use and disclose protected health information for purposes of providing information to funeral directors as necessary to carry out their duties.
11. Organ and tissue donation
For purposes of facilitating organ, eye, and tissue donation and transplantation, we may use and disclose protected health information to entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue.
12. Threat to public safety
We may use and disclose protected health information for purposes involving a threat to public safety, including protection of a third party from harm and identification and apprehension of a criminal. For example, in certain circumstances, we are required by law to disclose information to protect someone from imminent serious harm.
13. Specialized government functions
We may use and disclose protected health information for purposes involving specialized government functions including:
- Military and veterans activities.
- National security and intelligence.
- Protective services for the President and others.
- Medical suitability determinations for the Department of State.
- Correctional institutions and other law enforcement custodial situations.
14. Workers’ compensation and similar programs
We may use and disclose protected health information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or similar programs established by law that provide benefits for work-related injuries or illness without regard to fault. For example, this would include
submitting a claim for payment to your employer’s workers’ compensation carrier if we treat you for a work injury.
15. Business associates
Our “Business Associates” are entities that provide services to our practice and that require access to protected health information of our patients in order to provide those services. A business associate of our practice may create, receive, maintain, or transmit protected health information while performing a function on our behalf. For example, we may share with our billing company information regarding your care so that the company can file health insurance claims and bill you or another responsible party. In addition, we may share protected health information with a business associate who needs this information to provide a service for us. For example, our attorneys may need access to protected information to provide legal services to us. Our business associates may use and disclose your protected health information consistent with this notice and as otherwise permitted by law. To protect your protected health information, we require business associates to enter into written agreements that they will appropriately safeguard the protected health information they require to provide the services they have agreed to provide.
16. Creation of de-identified information
We may use protected health information about you in the process of de-identifying the information. For example, we may use your protected health information in the process of removing those aspects which could identify you so that the information can be disclosed for research purposes. When your information has been de-identified in this way, having had all information removed that could reasonably identify that the information is yours, we may disclose this information without your authorization as it is no longer considered protected health information.
17. Incidental disclosures
We may disclose protected health information as by-product of an otherwise permitted use or disclosure. For example, other patients may overhear your name being paged in the waiting room.
18. Health Information Organization Networks
We participate with one or more secure health information organization networks (each, an “HIO”), including an HIO called “HealthShare Exchange of Southeastern Pennsylvania, Inc., (“HSX”), which makes it possible for MidLantic Urology to share your protected health information electronically through a secure connected network. MidLantic Urology may share or disclose your Health Information to HSX and other secure HIOs, including HIOs contracted with the Commonwealth of Pennsylvania, and even HIOs in other states. Other health care providers, including physicians, hospitals and other health care facilities, that are also connected to the same HIO network as MidLantic Urology can access your protected health information for treatment, payment and other authorized purposes, to the extent permitted by law.
You have the right to “opt-out” or decline to participate in having MidLantic Urology share your protected health information through networked HIOs. If you choose to opt-out of data-sharing through HIOs, MidLantic Urology will no longer share your protected health information through an HIO network, however it will not prevent how your information otherwise is typically accessed and released to authorized individuals in accordance with the law, including being transmitted through other secure mechanisms (i.e., by fax or an equivalent technology).
C. Uses and disclosures with authorization
For all other purposes that do not fall under a category listed under sections I.A and I.B, we must obtain your written authorization to use or disclose your protected health information.
In addition, we are required to obtain your authorization:
- for most uses and disclosures of psychotherapy notes,
- to use and disclose your protected health information for most marketing purposes,
- to sell your protected health information
Your authorization can be revoked at any time. However, we are not able to retract uses and disclosures made with your authorization prior to the effective date of the revocation.
II. PATIENT RIGHTS
A. Further restriction on use or disclosure
You have a right to request that we restrict a use and disclosure of your protected health information, which we are otherwise permitted to make, for treatment, payment, or health care operations, to someone who is involved in your care or payment for your care, or for notification purposes.
We are not required to agree to a request for such a restriction, with one exception involving self-pay services. We must agree to a request not to disclose your protected health information to a health plan for payment or health care operations purposes if the information pertains solely to a health care item or service for which we have been paid in full by you or someone other than the health plan and the disclosure is not otherwise required by law.
To request a further restriction as outlined in this section, you must submit a written request to our privacy officer. The request must tell us: (a) what information you want restricted; (b) how you want the information restricted; and (c) to whom you want the restriction to apply.
B. Confidential communication
You have a right to request that we communicate your protected health information to you by a certain means or at a certain location. For example, you might request that we only contact you by mail or at work. We will accommodate requests for confidential communications as long as they are reasonable.
To make a request for confidential communications, you must submit a written request to our privacy officer. The request must tell us how or where you want to be contacted. In addition, if another individual or entity is responsible for payment, the request must explain how payment will be handled.
C. Accounting of disclosures
You have a right to obtain, upon request, an “accounting” of certain disclosures of your protected health information. This right is subject to limitations, such as how far back the accounting must cover and the scope of the covered disclosures. In addition, in some circumstances we may charge you for providing the accounting. To request an accounting, you must submit a written request to our privacy officer. The request should designate the applicable time period
D. Inspection and copying
You have a right to inspect and obtain a copy of your protected health information that we maintain in a designated record set. Generally, this includes your medical and billing records. This right is subject to limitations. In certain cases, we may deny your request. We also may impose charges for the cost involved in providing copies, such as labor, supplies, and postage, as permitted by law. If your records are maintained electronically, you have the right to specify that the records you requested be provided in electronic form. We will accommodate your request for a specific electronic form or format as long as we are able to readily produce a copy in the requested form or format. If we cannot do so, we will work with you to reach agreement on an alternative readable electronic form. If you request a copy of your information electronically on a moveable electronic media (such as a CD or USB drive) we may charge you for the cost of that media. .
To exercise your right of access to your protected health information, you must submit a written request to our privacy officer. The request must: (a) describe the health information to which access is requested; (b) state how you want to access the information, such as inspection, pick-up of copy, mailing of copy; (c) specify any requested form or format, such as paper copy or an electronic means; and (d) include the mailing address, if applicable.
You may also request that your protected health information be directly transmitted to another person or entity. To exercise this right, you must submit a request to our privacy officer. The request must: (a) be in writing and signed by you; and (b) clearly identify both the designated person or entity and where the information should be sent.
E. Right to amendment
You have a right to request that we amend protected health information that we maintain about you in a designated record set if the information is incorrect or incomplete. This right is subject to limitations. In certain cases, we may deny your request for an amendment. To request an amendment, you must submit a written request to our privacy officer. The request must specify each change that you want and provide a reason to support each requested change.
F. Copy of privacy notice
You have a right to receive, upon request, a copy of our Notice of Privacy Practices. Copies are available in our office reception area, on our website, or by contacting our privacy officer. Requests for special accommodation regarding the notice should be directed to our privacy officer.
G. Notification of breach
You have a right to receive timely written notice of a breach of your unsecured protected health information
III. CHANGES TO THIS NOTICE
We reserve the right to change this notice at any time. We further reserve the right to make any change effective for all protected health information that we or our business associate’s maintain, including information that we or our business associates created or received prior to the effective date of the change.
We will post a copy of our current notice in the waiting room for the practice. At any time, patients may review the current notice by contacting our privacy officer. Patients also may access the current notice at our web site at www.MidLanticurology.com
If you believe that we have violated your privacy rights, you may submit a complaint to our privacy officer who may be contacted at:
Nancy G. Burch CPC, CPCO
You may also submit a complaint to the Office of Civil Rights at:
Office of Civil Rights
US Department of Health and Human Services 150 S. Independence Mall West, Suite 371 Public Ledger Building
Philadelphia, PA 19106-9111
Hotline: (800) 368-1019
Fax: (215) 861-4431
TDD: (215) 861-4440
You will not be retaliated against for filing a complaint.
V. LEGAL EFFECT OF THIS NOTICE
This notice is not intended to create contractual or other rights independent of those created in the federal privacy rule.