THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are required by law to maintain the privacy of your Protected Health Information (“PHI”).
PHI is personal information about you, including demographic information that we collect from you, that may be used to identify you and relates to your past, present and future physician or mental health or condition, including treatment and payment for the provision of healthcare.
This Notice explains our legal duties and privacy practice with regard to your PHI. We are required by federal law to provide you with a copy of this Notice and to abide by terms of this Notice. Accordingly, we will ask you to sign a statement acknowledging that we have provided you with a copy of the Notice. If you have elected to receive a copy electronically, you still have the right to obtain a paper copy upon request.
We reserve the right change the terms of this Notice at any time. The change may be retroactive and cover PHI that we received or created prior to the revision. If we do change the Notice, a copy of the new Notice will be posted in the waiting room and on our website, if any. We will provide you with a copy of the revised Notice upon your request.
1. PATIENT RIGHTS
You have six rights as a patient of Advanced Heart and Vascular Institute of Hunterdon
- The right to consider and sign an authorization for a non-authorized use. The law only allows us to use or disclose your PHI in certain circumstances, as explained more fully below. If we need to make a use or disclosure that does not fall into one of these exceptions-including the disclosure of immunization records to school or results of work physicals to employers-we will ask you to sign an authorization. If we do not have a valid authorization on file specifically authorizing the proposed use or disclosure, then we will not make that use or disclosure. You may revoke an authorization at any time in writing, but the revocations will not apply to uses or disclosures we have already made in reliance on your original authorization.
- The right to access your PHI. You have a right to access and receive a copy, summary or explanation of your PHI. If you want to exercise the right, please ask one of our employees for a Request to Access Medical Records form. You will need to complete this form and submit it to us. This right does not extend to psychotherapy notes, information complied in reasonable anticipation of legal action and confidential information relating to certain lab tests. We have the right to deny you access, but you will be notified of the reason for denial and be given the right to have the denial reviewed under certain circumstances.
- The right to request restrictions on certain uses and disclosures. You may request restrictions of uses or disclosures of your PHI when it is used to carry out your treatment, obtain payment for your treatment or perform healthcare operations of your practice. You must request the restrictions before we have used or disclosed the relevant information. We are not required to agree to the restrictions, and we have the right to decide not to accept the restrictions and not to treat you.
- The right to receive confidential communications. You may request that we make confidential communications to you by an alternative means or at an alternative location. The request must be in writing, but we will not ask for an explanation from you. We will accommodate reasonable requests, but we may condition the accommodation on information as to how payment, if any, will be handled and specification of an alternative address or other method of contact.
- The right to amend PHI. You have the right to ask us to amend your PHI. If you want to exercise this right, please ask one of our employees for a Request for Amendment of Medical Records form. You will need to complete this form, provide a reason for the request and submit it to us. We have the right to deny your request for amendment, if we determine that our record was not created by us, is not maintained by us, would not be available for access, or is inaccurate and incomplete. Your records will not be changed or deleted as a result of our granting your request, but the amendment will be attached to your record and its existence noted in your record as necessary. (Note: use of this procedure is not necessary for routine changes to our demographic information, such as address, phone number etc.).
- The right to receive an accounting. You have the right to receive an accounting of our uses and disclosures of your PHI. If you want to exercise this right, please ask one of our employees for a Request of Accounting form. You will need to complete this form and submit it to us. The accounting does not have to list disclosures made (i) to carry out treatment payment and healthcare operations: (ii) to our; (iii) pursuant to an authorization: (iv) for national security or intelligence purposes: (v) to correctional institutions or law enforcement personnel or (vi) that occurred prior to April 14, 2003. (Note: compliance with this right is time-consuming, and so we reserve the right to charge you a fee if you request more than one accounting in a twelve-month period.)
II. USES AND DISCLOSUSRES
We intend to limit the disclosure of your PHI to that necessary for Treatment, Payment and Operations:
- Treatment refers to specific sharing and use of your PHI relating to your direct care by our employees, including consulting other professionals and the use of disease management programs. For example, we will disclose your PHI to another health care professional or a testing facility to which you have been referred for care of for assistance with treatment.
- Payment refers to specific sharing and sue of your PHI for purposes of obtaining payment for our treatment of you, including billing and collection activities, related data processing and disclosure to consumer reporting agencies. For example, your PHI will be disclosed on forms we submit to your insurance to receive payment.
- Operations refers to specific sharing and use of your PHI necessary for our administrative and technical operations, within the limitations imposed for professional ethics. Permissible activities would include, but are not limited to, accounting or legal activities, quality assessment, employee review, student training and other business activities. For example, we might need to disclose your PHI to a medical student as part of the educational process.
We will not permit the following disclosures without your written authorization, and your refusal to provide such authorization will not affect our duty to treat you:
- To your employer, except where necessary for provision of care or payment purpose (for example, if your employer is self-insured)
- Disclosures outside our office, unless for treatment, payment or operations.
- For research purposes, unless certain safeguards are taken. We may make disclosures in certain situations as required by law, even without your written authorization. These situations include, but are not limited to:
- If all identifying information is removed so your identity cannot be ascertained from the information disclosed, i.e., on a completely anonymous basis
- When required by law, for example, public health reporting purposes or to a person who may be affected by a communicable disease.
- To your employer, if we are providing care to you at your employer’s request to evaluate a work-related illness or injury, or medical surveillance of your workplace.
- Pursuant to a warrant or court order. For health oversight purposes as authorized by law, for example, an investigation of our practice for purposes unrelated to you treatment.
- To a public health authority as required by law, including those designated to receive notification of abuse or neglect.
- To the U.S. Food and Drug Administration in the event of an adverse event.
- To law enforcement for certain purposes.
- Related to a judicial or administrative proceeding, including subpoenas.
- For national security and intelligence purposes, or to correctional institutions. For purposes of worker’s compensation Law (or a similar law).
- Regarding a decedent, including a funeral director.
- For military or veteran’s activities.
III. POSSIBLE RED FLAGS FOR IDENTITY THEFT OR MEDICAL IDENTITY THEFT
A “Red Flag” is defined as a pattern, practice or specific activity that could indicate identity theft. A health care provider that qualifies as a creditor that offers or maintains covered accounts must develop and implement a written “Identity Theft Prevention Program.” The purpose of this program is to “detect, prevent and mitigate identity theft in connection with new or existing covered accounts”.
Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity- such as insurance information or Social Security Number-without the victim’s knowledge or consent to obtain medical services or goods, or when someone uses the person’s identity to obtain money by falsifying claims for medical services and falsifying medical records to support those claims.
The following “Red Flags” apply to Health Care providers and their patients:
- A complaint or question from a patient based on the patient’s receipt of:
- A bill for another individual
- A bill for a product or service that the patient denies receiving.
- A bill from a health care provider that the patient never patronized.
- Records showing medical treatment that is inconsistent with a physical examination or with a medical history as reported by the patient.
- A Complaint or question from a patient about the receipt of a collection notice from a bill collector.
- A patient or insurance company report that coverage for legitimate hospital stays is denied because insurance benefits have been depleted or a lifetime cap has been reached.
- A dispute of a bill by a patient who claims to be the victim of any type of identity theft.
- A patient who has an insurance number but never produces an insurance card o other physical documentation of insurance upon checking in.
World Privacy Forum recommends requiring these patients to show a driver’s license as proof of identity for this situation (see below).
- A Notice or inquiry from an insurance fraud investigator for a private insurance company or law enforcement agency.
- A patient has filed a police report regarding identity theft.
- The Health Care provider or other relevant entity in the health care community has had a recent data breach that included the patient’s data.
Based on the items about, please note the following:
- If you feel that any of the above bullets happened to you, please contact the office immediately so we can investigate the issue swiftly and fairly.
- If you do not present a copy of your insurance card each time you come for a visit, the front desk staff may ask for our driver’s license to confirm your identification. If a driver’s license is unavailable, another form of photo identification or major credit card will be acceptable. We will not store this information in our system: it is strictly to confirm your identity at the time of check in.
IV. ORGANIZATIONAL POLICIES
To facilitate the smooth an efficient operation of our practice, we engage in certain practices and policies that you should understand. You can avoid any of the following practices by discussing our concerns with us and working out and alternative:
A notice of insurance benefits (or Explanation of Benefits) for health service never received.
- We contact our patients by telephone (which might include leaving a message on an answering machine or voice mail) or mail to provide appointment reminders or routine test results.
- We us sign-in sheets and call out names in our waiting room to manage patient flos.
- Our staff will conduct routine discussions at our front desk with patients.
- We may contact our patient by telephone or mail to provide information about treatment alternatives or other health-related benefits and services that may be of interest.
- We may use your name and address to send you a newsletter about our practice and the services we offer
- We may disclose you PHI to a member of your family or a close friend that related directly to the person’s involvement in you healthcare. You should also be aware of the following policies regarding our uses and disclosures of your PHI. You cannot avoid these uses and disclosures, but you should discuss any questions or concerns you might have with us:
- We Share PHI with third-party “business associates” that perform various functions for us (for example, billing and transcription), but we have written contracts with those entities containing terms and require the protection of your PHI.
- We will disclose your PHI to your personal representative(s), if any, unless we determine in the exercise of our professional judgment that such disclosure should not be made.
IV. QUESTIONS AND COMPLAINTS
If you have any questions about this Notice, the matters discussed herein or anything else related to our privacy, please feel free to call 908-237-3405 to speak with our practice manager.
You may complain to our practice manager or the United States of Secretary of Health and Human Services if you believe your privacy rights have been violated. To complain to the Secretary, your compliant must be in writing, name us, describe the acts or omissions believed to be in violation of your privacy rights and be filed within 180 days of when you knew or should have known that the act or omission occurred.
You can file a complaint with us by asking for a Complaint Reporting Form. We will not retaliate against you for filing a complaint. If you want further information about the complaint process, please talk to our practice administrator.