NOTICE OF PRIVACY PRACTICES for Elba M. Pacheco, M.D., LLC
Center for Eye & Laser Surgery and Adoro Medical Spa
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED,
HOW YOU CAN GET ACCESS TO THIS INFORMATION, YOUR RIGHTS CONCERNING YOUR HEALTH INFORMATION AND OUR RESPONSIBILITIES TO PROTECT YOUR HEALTH INFORMATION.
PLEASE REVIEW IT CAREFULLY.
State and Federal laws require us to maintain the privacy of your health information and to inform you about our privacy practices by providing you with this Notice. We are required to abide by the terms of this Notice of Privacy Practices. This Notice will take effect on August 28, 2015 and will remain in effect until it is amended or replaced by us.
We reserve the right to change our privacy practices provided law permits the changes. Before we make a significant change, this Notice will be amended to reflect the changes and we will make the new Notice available upon request. We reserve the right to make any changes in our privacy practices and the new terms of our Notice effective for all health information maintained, created and/or received by us before the date changes were made.
You may request a copy of our Privacy Notice at any time by contacting our Privacy Officer, Kim Collins. Information on contacting us can be found at the end of this Notice.
We will keep your health information confidential, using it only for the following purposes:
Treatment: While we are providing you with health care services, we may share your protected health information (PHI) including electronic protected health information (ePHI) with other health care providers, business associates and their subcontractors or individuals who are involved in your treatment, billing, administrative support or data analysis. These business associates and subcontractors through signed contracts are required by Federal law to protect your health information. We have established “minimum necessary” or “need to know” standards that limit various staff members’ access to your health information according to their primary job functions. Everyone on our staff is required to sign a confidentiality statement.
Payment: We may use and disclose your health information to seek payment for services we provide to you. This disclosure involves our business office staff and may include insurance organizations, collections or other third parties that may be responsible for such costs, such as family members.
Disclosure: We may disclose and/or share protected health information (PHI) including electronic disclosure with other health care professionals who provide treatment and/or service to you. These professionals will have a privacy and confidentiality policy like this one. Health information about you may also be disclosed to your family, friends and/or other persons you choose to involve in your care, only if you agree that we may do so. As of March 26, 2013 immunization records for students may be released without an authorization (as long as the PHI disclosed is limited to proof of immunization). If an individual is deceased you may disclose PHI to a family member or individual involved in care or payment prior to death. Psychotherapy notes will not be used or disclosed without your written authorization. Genetic Information Nondiscrimination Act (GINA) prohibits health plans from using or disclosing genetic information for underwriting purposes. Uses and disclosures not described in this notice will be made only with your signed authorization.
Right to an Accounting of Disclosures: You have the right to request an “accounting of disclosures” of your protected information if the disclosure was made for purposes other than providing services, payment, and or business operations. In light of the increasing use of Electronic Medical Record technology (EMR), the HITECH Act allows you the right to request a copy of your health information in electronic form if we store your information electronically. Disclosures can be made available for a period of 6 years prior to your request and for electronic health information 3 years prior to the date on which the accounting is requested. If for some reason we aren’t capable of an electronic format, a readable hardcopy will be provided. To request this list or accounting of disclosures, you must submit your request in writing to our Privacy Officer. Lists, if requested, will be $_____for each page and the staff time charged will be $_____per hour including the time required to locate and copy your health information. Please contact our Privacy Officer for an explanation of our fee structure. (as of August 28, 2015, this office does not use an EMR)
Right to Request Restriction of PHI: If you pay in full out of pocket for your treatment, you can instruct us not to share information about your treatment with your health plan; if the request is not required by law. Effective March 26, 2013, The Omnibus Rule restricts provider’s refusal of an individual’s request not to disclose PHI.
Non-routine Disclosures: You have the right to receive a list of non-routine disclosures we have made of your health care information. You can request non-routine disclosures going back 6 years starting on April 14, 2003.
Emergencies: We may use or disclose your health information to notify, or assist in the notification of a family member or anyone responsible for your care, in case of any emergency involving your care, your location, your general condition or death. If at all possible we will provide you with an opportunity to object to this use or disclosure. Under emergency conditions or if you are incapacitated we will use our professional judgment to disclose only that information directly relevant to your care. We will also use our professional judgment to make reasonable inferences of your best interest by allowing someone to pick up filled prescriptions, x-rays or other similar forms of health information and/or supplies unless you have advised us otherwise.
Healthcare Operations: We will use and disclose your health information to keep our practice operable. Examples of personnel who may have access to this information include, but are not limited to, our medical records staff, insurance operations, health care clearinghouses and individuals performing similar activities.
Required by Law: We may use or disclose your health information when we are required to do so by law. (Court or administrative orders, subpoena, discovery request or other lawful process.)
We will use and disclose your information when requested by national security, intelligence and other State and Federal officials and/or if you are an inmate or otherwise under the custody of law enforcement.
National Security: The health information of Armed Forces personnel may be disclosed to military authorities under certain circumstances. If the information is required for lawful intelligence, counterintelligence or other national security activities, we may disclose it to authorized federal officials.
Abuse or Neglect: We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, or domestic violence or the possible victim of other crimes. This information will be disclosed only to the extent necessary to prevent a serious threat to your health or safety or that of others.
Public Health Responsibilities: We will disclose your health care information to report problems with products, reactions to medications, product recalls, disease/infection exposure and to prevent and control disease, injury and/or disability.
Marketing Health-Related Services: We will not use your health information for marketing purposes unless we have your written authorization to do so. Effective March 26, 2013, we are required to obtain an authorization for marketing purposes if communication about a product or service is provided and we receive financial remuneration (getting paid in exchange for making the communication). No authorization is required if communication is made face-to-face or for promotional gifts.
Fundraising: We may use certain information (name, address, telephone number or e-mail information, age, date of birth, gender, health insurance status, dates of service, department of service information, treating physician information or outcome information) to contact you for the purpose of raising money and you will have the right to opt out of receiving such communications with each solicitation. Effective March 26, 2013, PHI that requires a written patient authorization prior to fundraising communication include: diagnosis, nature of services and treatment. If you have elected to opt out we are prohibited from making fundraising communication under the HIPAA Privacy Rule.
Sale of PHI: We are prohibited to disclose PHI without an authorization if it constitutes remuneration (getting paid in exchange for the PHI). “Sale of PHI” does not include disclosures for public health, certain research purposes, treatment and payment, and for any other purpose permitted by the Privacy Rule, where the only remuneration received is “a reasonable cost-based fee” to cover the cost to prepare and transmit the PHI for such purpose or a fee otherwise expressly permitted by law. Corporate transactions (i.e., sale, transfer, merger, consolidation) are also excluded from the definition of “sale.”
Appointment Reminders: We may use your health records to remind you of recommended services, treatment or scheduled appointments.
Access: Upon written request, you have the right to inspect and get copies of your health information (and that of an individual for whom you are a legal guardian.) We will provide access to health information in a form / format requested by you. There will be some limited exceptions. If you wish to examine your health information, you will need to complete and submit an appropriate request form. Contact our Privacy Officer for a copy of the request form. You may also request access by sending us a letter to the address at the end of this Notice. Once approved, an appointment can be made to review your records. Copies, if requested, will be $ .76 for each page. If you want the copies mailed to you, shipping/handling will also be charged, per Maryland law. Access to your health information in electronic form if (readily producible) may be obtained with your request. If for some reason we aren’t capable of an electronic format, a readable hardcopy will be provided. If you prefer a summary or an explanation of your health information, we will provide it for a fee. Please contact our Privacy Officer for an explanation of our fee structure. (as of August 28, 2015, this office does not use an EMR)
Amendment: You have the right to amend your healthcare information, if you feel it is inaccurate or incomplete. Your request must be in writing and must include an explanation of why the information should be amended. Under certain circumstances, your request may be denied.
Breach Notification Requirements: It is presumed that any acquisition, access, use or disclosure of PHI not permitted under HIPAA regulations is a breach. We are required to complete a risk assessment, and if necessary, inform HHS and take any other steps required by law. You will be notified of the situation and any steps you should take to protect yourself against harm due to the breach.
QUESTIONS AND COMPLAINTS
You have the right to file a complaint with us if you feel we have not complied with our Privacy Policies. Your complaint should be directed to our Privacy Officer. If you feel we may have violated your privacy rights, or if you disagree with a decision we made regarding your access to your health information, you can complain to us in writing. Request a Complaint Form from our Privacy Officer. We support your right to the privacy of your information and will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services. HOW TO CONTACT US:
Practice Name: Elba M. Pacheco, M.D., LLC Privacy Officer: Kim T. Collins
Telephone: 410-647-0123 Fax: 410-647 0126
Address: 692A Ritchie Highway, Suite 2B, Severna Park, MD 21146