THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE READ IT CAREFULLY.
The Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) is a Federal program that requests that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper, or orally are kept properly confidential. This Act gives you, the patient, the right to understand and control how your personal health information (“PHI”) is used. HIPAA provides penalties for covered entities that misuse personal health information. As required by HIPAA, we prepared this explanation of how we are to maintain the privacy of your health information and how we may disclose your personal information.
HOW SUSONG DERMATOLOGY MAY USE AND DISCLOSE YOUR HEALTH INFORMATION
Without specific written authorization, we are permitted to use and disclose your health care records for the purposes of treatment, payment, health care operations, and when required or permitted by law.
- Treatment means providing, coordinating, or managing health care and related services by one or more health care providers. Examples of this would include referring you to a primary care physician, specialist, or healthcare facility.
- Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collection activities, and utilization review. An example of this would include sending your insurance company a bill for your visit and/or verifying coverage prior to a surgery.
- Health Care Operations include business aspects of running our practice, such as conducting quality assessments and improving activities, auditing functions, cost management analysis and customer service. An example of this would be patient surveys to evaluate our performance.
- Legal Actions, Requirement/Law Enforcement/Government Activities: We may disclose your PHI in the course of legal proceedings; in response to a subpoena, discovery request or other legal process; to law enforcement officials, such as in response to a warrant or subpoena, or for certain government activities, such as national security and intelligence. We may also disclose your PHI when authorized to do so by workers compensation laws. Your PHI may also be disclosed when required by law and/or government regulators. For example, we must disclose your PHI upon request to the U.S. Department of Health and Human Services regarding a possible breach of federal privacy laws.
- Health Oversight: We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies include government agencies that oversee the health care system, government benefit programs such as Medicare or Medicaid, SCRBHO or its successor, other government programs regulating health care and civil rights laws.
- Public Health and Safety: We may disclose your PHI to federal, state, or local authorities, or other entities charged with preventing or controlling disease, injury, or disability for public health activities. These activities may include the following: disclosures to report reactions to medications or other products to the U.S. Food and Drug Administration or other authorized entity; disclosures to notify individuals of recalls, exposure to a disease or risk for contracting or spreading a disease or condition.
- Coroners, Medical Examiners/Organ Donation: We may disclose PHI, under certain conditions, to coroners, funeral directors, and medical examiners and if applicable to organizations regarding organ donation.
- Research: In most cases, we will ask your permission before using or sharing your health information for research purposes; however, there may be certain situations where we may disclose your PHI to researchers if certain steps are taken to protect your privacy.
- Contacting You: We may use and disclose health information to reach you about appointments and other health related matters. We may contact you by mail, telephone, or email. For example, we may leave voice messages at the telephone number you provide us with, and we may respond to your email address.
- De-Identified Health Information: We may use or disclose health information if we have de-identified the information, which can be done by an expert determination or by removing certain identifiers.
AUTHORIZATIONS FOR OTHER USES AND DISCLOSURES
As described above, we will use your health information and disclose it for treatment, payment, health care operations, and when required or permitted by law. We will not use or disclose your health information for other reasons without your written authorization. For example, most uses and disclosures of psychotherapy notes, uses and disclosures of health information for certain marketing purposes, and disclosures that constitute a sale of health information require your written authorization. These kinds of uses and disclosures of your health information will be made only with your written authorization. You may revoke the authorization in writing at any time, but we cannot take back any uses or disclosures of your health information already made with your authorization.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
The following is a summary of your rights regarding your protected health information (PHI):
- Right of Access of PHI: You have the right to inspect and obtain a copy of your PHI unless your provider believes that disclosure of that information could harm you. Requests must be made in writing and reasonably describe the information you would like to inspect or copy. We can charge a reasonable cost-based fee for paper or electronic copies as set by state or federal law.
- Right to Amend: You have the right to request that we amend the PHI we have about you. Requests to amend must be in writing and must include a reason for the amendment. We may deny your request under certain circumstances. If we do, we will send you a written notice describing the reason for our denial and your right to submit a written statement disagreeing with our decision.
- Right to Request Restrictions: You have the right to request restrictions on certain uses and disclosures of PHI, including those related to disclosures of family members, other relatives, close personal friends, or any other person identified by you. We will consider such requests but, in certain circumstances, we may be required by law to disclose the information. Restriction Requests must be made in writing, dated, and signed.
- Right to Limit Disclosures to Health Plans: You have the right to request that we not disclose information about care you received at Susong Dermatology to a health plan if you have paid out of-pocket for that care. Upon such a request, we will not disclose the information, unless for treatment purposes or if disclosure is required by law.
- Right to an Accounting of Disclosure: You have the right to request an account of PHI disclosures in the last 6 years. The accounting would not include disclosures for treatment, payment, health care operations and certain other disclosures exempted by law. Your request for an accounting of disclosures must be in writing, signed, and dated.
- Right to Confidential Communications: You have a right to request that we communicate with you about your health care information in a certain way or at a specific address. Requests must be made in writing, signed, and dated.
- Right to a Copy of this Notice: You have a right to request a paper copy of this Notice of Privacy Practices.
CHANGES TO THIS NOTICE OF PRIVACY PRACTICES
We may change the terms of this Notice of Privacy at any time and make the new Notice effective for all PHI that we maintain—whether created or received before or after the effective date of the new Privacy Notice. The effective date of this notice is September 2020.
WHO TO CONTACT FOR QUESTIONS, COMPLAINTS, OR COPIES OF PRIVACY NOTICE
If you would like more information or a paper copy of the Privacy Notice, please contact our Practice Manager or visit our website at www.susongderm.com. If you believe your privacy rights have been violated, you have a right to complain by calling our Privacy Officer at 423-870-3376 or writing to: Susong Dermatology, 2051 Hamill Road, Suite 301, Hixson, TN 37343.