This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or conditions and related health care services.
A. Uses and Disclosures of Protected Health Information
We may use or disclose your health information to third parties including, but not limited to, your insurance company and your other health care providers for treatment, payment or operational purposes without your written authorization, as allowed under law.
Treatment: We will use and disclose your health information to provide, coordinate or manage your health care and any related treatment. This includes the coordination or management of your health care with a third party that already has obtained your permission to have access to your health information. For example, we would disclose your health information, as necessary, to your primary care physician. We also may disclose health information to other specialist physicians who may be treating you.
Payment: Your health information will be used, as needed, to obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we provide for you, determining your eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity and undertaking utilization review activities.
Health Care Operations: We may use or disclose, as needed, your health information in order to support the business activities of our practice. These activities include, but are not limited to, quality assessment activities, employee review activities, licensing, and conducting or arranging for other business activities. For example, we may disclose your health information to an insurer or accreditation agency which performs chart audits. In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name. We may use or disclose your health information, as necessary, to contact you to remind you of your scheduled appointment.
We will share your health information with third party “business associates” that perform various activities for our practice (e.g., computer consulting company, law firm or other consultants). Whenever an arrangement between our office and a business associate involves the use or disclosure of your health information, we will have a written contract that contains terms that will protect the privacy of your health information.
We may use or disclose your health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. You may contact our HIPAA Privacy and Security Officer to request that these materials not be sent to you.
B. Uses and Disclosures of Protected Health Information Based upon Your Written Authorization
Other uses and disclosures of your health information will be made only with your written authorization, unless otherwise permitted or required by law as described below. You may revoke your authorization at any time, in writing, except to the extent that we have taken an action in reliance on the use or disclosure indicated in the authorization.
The following uses and disclosures will be made only with your authorization:
- Uses and disclosures for marketing purposes;
- Uses and disclosures that constitute the sale of your PHI;
- Most uses and disclosures of psychotherapy notes; and
- Other uses and disclosures not described in the notice
C. Other Permitted and Required Uses and Disclosures That May Be Made with Your Permission or Opportunity to Object
Others Involved in Your Health Care: If you agree, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based upon our professional judgment.
Information to your family members: Unless prior preference is expressed to us, a deceased patient’s health information may be disclosed to a distributee, executor or administrator of the decedent as allowed, and in accordance with, applicable law.
Immunization Disclosure to Schools: Upon your agreement, which may be oral or in writing, we may disclose proof of immunization to a school where a state or other law requires the school to have such information prior to admitting the student.
D. Other Permitted and Required Uses and Disclosures that may be Made without your Consent or Authorization
Required by Law: We may use or disclose your health information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law.
Public Health: We may disclose your health information for public health activities to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability. We also may disclose your health information, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
Communicable Diseases: We may disclose your health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health Oversight: We may disclose your health information to a governmental agency for activities authorized by law, such as audits, investigations, and inspections.
Abuse or Neglect: We may disclose your health information to a public health authority that is authorized by law to receive reports of abuse or neglect. In addition, we may disclose your health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information.
Product Monitoring and Recalls: We may disclose your health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, and biologic product deviations; to track products; to enable product recalls; to make repairs or replacements, or in connection with post-marketing surveillance, as required by law.
Research: We may use and disclose your health information as permitted by law for research. This is subject to your authorization and/or oversight by an approved Institutional Review Board (IRB), committees charged with protecting the privacy rights and safety of human subject research.
Legal Proceedings: We may disclose your health information in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in certain conditions in response to a subpoena, discovery request or other lawful process.
Law Enforcement: We may also disclose health information, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes included (1) legal processes (e.g., court order, subpoena, warrant etc.); (2) limited information requests for identification and location purposes; (3) pertaining to victims of a crime, under certain circumstances, where we are unable to obtain the individual’s agreement; (4) suspicion that death has occurred as a result of criminal conduct, (5) in the event of a crime that occurs on the premises of one of our facilities; and (6) in a medical emergency, to report a crime or location of the crime and/or victims.
Decedents: Health information may be disclosed to funeral directors or coroners to enable them to carry out their lawful duties. The Privacy Rules do not apply to the health information of a person who has been deceased for more than 50 years.
Organ/Tissue Donation: Your health information may be used or disclosed for cadaver organ, eye or tissue donation purposes.
Criminal Activity: We may disclose your health information if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety or a person or the public. We also may disclose health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Military Activity and National Security: When the appropriate conditions apply, we may use or disclose health information of individuals who are Armed Forces personnel for authorized military purposes, as required by law.
Workers’ Compensation: Your health information may be disclosed by us as authorized to comply with workers’ compensation laws and other similar legally-established programs.
Inmates/Law Enforcement Custody: We may disclose your health information to the institution or law enforcement official, if you are an inmate of a correctional facility.
Required Uses and Disclosures: Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of the federal privacy regulations.
In most circumstances, your physician is not required to agree to a restriction that you may request. If we do agree to accept your requested restriction, we will comply with your request. You may request a restriction of sharing PHI with your health plan, only if payment is made out-of-pocket, in full.
You may complain to us or to the Secretary of Health and Human Services if you believe your privacy rights have been violated.
By notifying our Chief Compliance and Privacy Officer of your complaint at: (800) 450-3816; via email: firstname.lastname@example.org; or by mail at:
Essen Health Care
Attn: Chief Compliance and Privacy Officer
2626 Halperin Avenue
Bronx, NY 10461
You may also file a complaint with the Department of Health and Human Services via email at: email@example.com or by mail at:
Regional Manager Office for Civil Rights
U.S. Department of Health and Human Services
Jacob Javitz Federal Building
26 Federal Plaza, Suite 3312
New York, NY 10278