Website Privacy & Security Statement
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THAT INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.
Haro Podiatry Center (the “Practice”), in accordance with the Health Insurance Portability and Accountability Act of 1996 and regulations promulgated thereunder, commonly known as HIPAA and federal Privacy Rule, 45 CFR parts 160 and 164 (the “Privacy Rule”) and applicable state law, is committed to maintaining the privacy of your protected health information (“PHI”). PHI includes information about your health condition and the care and treatment you receive from the Practice and is often referred to as your health care or medical record. This Notice explains how your PHI may be used and disclosed to third parties. This Notice also details your rights regarding your PHI.
Your Protected Health Information
We collect protected health information from you through treatment, payment and related healthcare operations, the application and enrollment process, and/or healthcare providers or health plans, or through other means, as applicable. Your protected health information that is protected by law broadly includes any past, present and future healthcare information. Your protected health information includes any information that is created or received through oral, written or electronic communications by certain health care entities, including health care providers, such as physicians and hospitals, as well as, health insurance companies or plans. The law specifically protects health information that contains data consisting of eighteen (18) identifiers described in the HIPAA Privacy Rule including but not limited to your name, address, social security number, date of birth and others that could be used to identify you as the individual patient who is associated with that health information.
HOW THE PRACTICE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
Generally, we may not use or disclose your protected health information without your permission. Further, once your permission has been obtained, we must use or disclose your protected health information in accordance with the specific terms of that permission. The following uses and disclosures require an authorization:
(1) Most uses and disclosures of psychotherapy notes;
(2) Uses and Disclosures of protected health information for marketing purposes unless 2
(i) the communication occurs face-to-face;
(ii) consists of marketing gifts of nominal value;
(iii) is regarding a prescription refill reminder that is for a prescription currently prescribed or a generic equivalent;
(iv) is for treatment pertaining to existing condition(s) and the Practice does not receive any financial remuneration in either case or cash equivalent; and/or
(v) communication from a healthcare provider to recommend or direct alternative treatments, therapies, healthcare providers, or settings of care when the Practice does not receive any financial remuneration for making the communication; and
(3) Disclosures that constitute a sale of protected health information The following are the circumstances under which the Practice is permitted by law to use or disclose your protected health information. The Practice, in accordance with this Notice and without asking for your express consent or authorization, may use and disclose your PHI for the purposes of:
Treatment – To provide you with the health care you require, the Practice may use and disclose your PHI to those health care professionals, whether on the Practice’s staff or not, so that it may provide, coordinate, plan and manage your health care.
Examples of treatment activities include: (a) the provision, coordination, or management of health care and related services by health care providers; (b) consultation between health care providers relating to a patient; or (c) the referral of a patient for health care from one health care provider to another.
Payment – To get paid for services provided to you, the Practice may provide your PHI, directly or through a billing service, to a third party who may be responsible for your care, including insurance companies and health plans. If necessary, the Practice may use your PHI in other collection efforts with respect to all persons who may be liable to the Practice for bills related to your care.
Examples of payment activities include: (a) billing and collection activities and related data processing; (b) actions by a health plan or insurer to obtain premiums or to determine or fulfill its responsibilities for coverage and provision of benefits under its health plan or insurance agreement, determinations of eligibility or coverage, adjudication or subrogation of health benefit claims; (c) medical necessity and appropriateness of care reviews, utilization review activities; and (d) disclosure to consumer reporting agencies of information relating to collection of premiums or reimbursement. (e) the Practice may need to provide the Medicare program with information about health care services that you received from the Practice so that the Practice can be reimbursed.
Health Care Operations – To operate in accordance with applicable law and insurance requirements, and to provide quality and efficient care, the Practice may need to compile, use and disclose your PHI.
Examples of health care operations include: (a) development of clinical guidelines; (b) contacting patients with information about treatment alternatives or communications in 3 connection with case management or care coordination; (c) reviewing the qualifications of and training health care professionals; (d) underwriting and premium rating; (e) medical review, legal services, and auditing functions; and (f) general administrative activities such as customer service and data analysis.
OTHER USE & DISCLOSURES WHICH MAY BE PERMITTED OR REQUIRED BY LAW
The Practice may use or disclose your protected health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law. The Practice may also use and disclose your PHI without your consent or authorization in the following instances:
De-identified Information – The Practice may use and disclose health information that may be related to your care but does not identify you and cannot be used to identify you. The Practice will remove all 18 identifiable characteristics from your PHI prior to it being used.
Business Associate – The Practice may use and disclose PHI to one or more of its business associates if the Practice obtains satisfactory written assurance, in accordance with applicable law, that the business associate will appropriately safeguard your PHI. A business associate is an entity that assists the Practice in undertaking some essential function, such as a billing company that assists the office in submitting claims for payment to insurance companies.
Family/Friends or Personal Representative – The Practice may disclose to a family member, other relative, a close personal friend, or any other person identified by you (Personal Representative), your PHI directly relevant to such person’s involvement with your care or the payment for your care. The Practice may also use or disclose your PHI to notify or assist in the notification (including identifying or locating) a family member, a personal representative, or another person responsible for your care, of your location, general condition or death. However, in both cases, the following conditions will apply:
(i) If you are present at or prior to the use or disclosure of your PHI, the Practice may use or disclose your PHI if you agree, or if the Practice can reasonably infer from the circumstances, based on the exercise of its professional judgment, that you do not object to the use or disclosure.
(ii) If you are not present, the Practice will, in the exercise of professional judgment, determine whether the use or disclosure is in your best interests and, if so, disclose only the PHI that is directly relevant to the person’s involvement with your care.
Emergency Situations – The Practice may use and disclose PHI for the purpose of obtaining or rendering emergency treatment to you provided that the Practice attempts to obtain your consent as soon as possible: The Practice may also use and disclose PHI to a public or private entity authorized by law or by its charter to assist in disaster relief efforts, for the purpose of coordinating your care with such entities in an emergency situation.
Public Health Activities – The Practice may use and disclose PHI when required by law to provide information to a public health authority. Public health activities including, preventing or controlling disease or other injury, public health surveillance or investigations, reporting adverse events with respect to food or dietary supplements or product defects or problems to the Food and Drug Administration, medical surveillance of the workplace or to evaluate whether the individual has a work-related illness or injury in order to comply with Federal or state law.
Abuse, Neglect or Domestic Violence – The Practice may use and disclose PHI when authorized by law to provide information if it believes that the disclosure is necessary to prevent serious harm or disclosures regarding victims of abuse, neglect, or domestic violence including, reporting to social service or protective services agencies.
Health Oversight Activities – The Practice may use and disclose PHI when required by law. Health oversight activities including, audits, civil, administrative, or criminal investigations, inspections, licensure or disciplinary actions, or civil, administrative, or criminal proceedings or actions, or other activities necessary for appropriate oversight of government benefit programs.
Judicial and Administrative Proceeding – The Practice may use and disclose PHI in judicial and administrative proceedings in response to an order of a court or administrative tribunal, a warrant, subpoena, discovery request, or other lawful process.
Law Enforcement Purposes – The Practice may use and disclose PHI, when authorized, to a law enforcement official. For example, your PHI may be released for the purpose of identifying or locating a suspect, fugitive, material witness, or missing person, or reporting crimes in emergencies, reporting a death or may be the subject of a grand jury subpoena.
Coroner, Medical Examiners and Funeral Directors – The Practice may use and disclose PHI to a coroner or medical examiner for the purpose of identifying you or determining your cause of death. We may also release protected health information to funeral directors as necessary for them to carry out their duties.
Organ, Eye or Tissue Donation – The Practice may use and disclose PHI if you are an organ donor to the entity to whom you have agreed to donate your organs.
Research – The Practice may use and disclose PHI subject to applicable legal requirements if the Practice is involved in research activities.
Avert a Threat to Health or Safety – The Practice may use and disclose PHI if it believes that such disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and the disclosure is to an individual who is reasonably able to prevent or lessen the threat.
Specialized Government Functions – The Practice may use and disclose PHI when authorized by law with regard to certain military and veteran activity.
Workers’ Compensation – The Practice may use and disclose PHI if you are involved in a Workers’ Compensation claim to an individual or entity that is part of the Workers’ Compensation system. These programs provide benefits for work-related injuries or illness.
National Security and Intelligence Activities – The Practice may use and disclose PHI to authorized governmental officials with necessary intelligence information for national security activities and intelligence activities, protective services of the President and others and medical suitability determinations by entities that are components of the Department of State.
Military and Veterans – The Practice may use and disclose PHI if you are a member of the armed forces, as required by the military command authorities.
Treatment Alternatives -We may use and disclose your protected health information to manage and coordinate your healthcare and inform you of treatment alternatives that may be of interest of you. This may include telling you about treatments, services, products and/or other healthcare providers.
Advice of Appointment and Services – The Practice may, from time to time, contact you to provide appointment reminders or information about treatment alternatives or other health related benefits and services that may be of interest to you. The following appointment reminders may be used by the Practice: a) a postcard mailed to you at the address provided by you; and b) telephoning your phone number on file and leaving a message on your answering machine or with the individual answering the phone.
Inmates - If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release your protected health information to the correctional institution or law enforcement official. The release of protected health information is required: a) for the institution to provide you with health care; b) to protect your health and safety of others; and c) for the safety and security of the correctional institution.
All Other Situations, With Your Specific Authorization
Except as otherwise permitted or required, as described above, we may not use or disclose your protected health information without your written authorization. Further, we are required to use or disclose your protected health information consistent with the terms of your authorization. You may revoke your authorization, in writing, the use or disclosure of any protected health information at any time, except to the extent that we have taken action in reliance on such authorization, or, if you provided the authorization as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy.
Your Rights With Respect to Your Protected Health Information
Under HIPAA, you have certain rights with respect to your protected health information. The following is a brief overview of your rights and our duties with respect to enforcing those rights.
(a) Revoke any Authorization or consent you have given to the Practice, at any time. To request a revocation, you must submit a written request to the Practice’s Privacy Officer.
(b) Request special restrictions - on certain uses and disclosures of your PHI as authorized by law. In general, this relates to your right to request special restrictions concerning disclosures of your PHI regarding uses for treatment, payment and operational purposes under Privacy Rule, Section 164.522(a) and 6 restrictions related to disclosures to your family and other individuals involved in your care under Privacy Rule, Section 164.510(b). Except in certain instances, the Practice may not be obligated to agree to any requested restrictions. To request restrictions, you must submit a written request to the Practice’s Privacy Officer. In your written request, you must inform the Practice of what information you want to limit, whether you want to limit the Practice’s use or disclosure, or both, and to whom you want the limits to apply. If the Practice agrees to your request, the Practice will comply with your request unless the information is needed in order to provide you with emergency treatment. We will not accept a request to restrict uses or disclosures that are otherwise required by law.
(c) Right to Request Restriction on Disclosures to Health Plans for Services Paid for In Full at Time of Service – You have the right under the American Recovery and Reinvestment Act, Section 13405(a) to request the Practice to restrict disclosures of protected health information to a health plan for purposes of carrying out payment or healthcare operations if the protected health information pertains solely to a healthcare item or service for which the Practice has been paid out of pocket in full at time of service.
(d) Receive confidential communications or PHI by alternative means or at alternative locations as provided by Privacy Rule Section 164.522(b). For instance, you may request all written communications to you marked “Confidential Protected Health Information.” You must make your request in writing to the Practice’s Privacy Officer. The Practice will accommodate all reasonable requests. We may condition the provision of confidential communications on you providing us with information as to the specification of an alternative address or other method of contact. We may require that a request contain a statement that disclosure of all or a part of the information to which the request pertains could endanger you. We may not require you to provide an explanation of the basis for your request as a condition of providing communications to you on a confidential basis. We must permit you to request and must accommodate reasonable requests by you to receive communications of protected health information from us by alternative means or at alternative locations.
Inspect and copy your PHI as provided by federal law (including Privacy Rule, Section 164.524) and state law. To inspect and copy your PHI, you must submit a written request to the Practice’s Privacy Officer. The Practice can charge you a fee for the cost of copying, mailing or other supplies associated with your request. These situations are defined by State law, the Practice may deny your request, in the case of (a) psychotherapy notes, (b) information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, and (c) health information maintained by us to the extent to which the provision of access to you would be prohibited by law.
We may require written requests. We must provide you with access to your protected health information in the form or format requested by you, if it is readily producible in such form or format, or, if not, in a readable hard copy form or such other form or format. We may provide you with a summary of the protected health information requested, in lieu of providing access to 7 the protected health information or may provide an explanation of the protected health information to which access has been provided, if you agree in advance to such a summary or explanation and agree to the fees imposed for such summary or explanation. We will provide you with access as requested in a timely manner as required by State law, including arranging with you a convenient time and place to inspect or obtain copies of your protected health information or mailing a copy to you at your request. We will discuss the scope, format, and other aspects of your request for access as necessary to facilitate timely access. If you request a copy of your protected health information or agree to a summary or explanation of such information, we may charge a reasonable cost-based fee, as provided in State law for copying, postage, if you request a mailing, and the costs of preparing an explanation or summary as agreed upon in advance. We reserve the right to deny you access to and copies of certain protected health information as permitted or required by law. We will reasonably attempt to accommodate any request for protected health information by, to the extent possible, giving you access to other protected health information after excluding the information as to which we have a ground to deny access. Upon denial of a request for access or request for information, we will provide you with a written denial specifying the legal basis for denial, a statement of your rights, and a description of how you may file a complaint with us. If we do not maintain the information that is the subject of your request for access but we know where the requested information is maintained, we will inform you of where to direct your request for access.
Amend your PHI as provided by federal law (including Privacy Rule, Section 164.526) and state law. To request an amendment, you must submit a written request to the Practice’s Privacy Officer. You must provide a reason that supports your request. The Practice may deny your request if: (a) we determine that the information or record that is the subject of the request was not created by us, unless you provide a reasonable basis to believe that the originator of the information is no longer available to act on the requested amendment, (b) the information is not part of your designated record set maintained by us, (c) the information is prohibited from inspection by law, (d) the information is accurate and complete, (e) the request is not in writing or (f) if you do not provide a reason in support of your request.
If you disagree with the Practice’s denial, you will have the right to submit a written statement of disagreement. If we deny your request, we will provide you with a written denial stating the basis of the denial, your right to submit a written statement disagreeing with the denial, and a description of how you may file a complaint with us or the Secretary of the U.S. Department of Health and Human Services (“DHHS”). This denial will also include a notice that if you do not submit a statement of disagreement, you may request that we include your request for amendment and the denial with any future disclosures of your protected health information that is the subject of the requested amendment. Copies of all requests, denials, and statements of disagreement will be included in your designated record set. If we accept your request for amendment, we will make reasonable efforts to inform and provide the amendment within a reasonable time to persons identified by you as having received protected health information of yours prior to amendment and persons that we know have the protected health information that is the subject of the amendment and that may have relied, or could foreseeably rely, on such information to your detriment. All requests for amendment shall be sent to the Practice’s Privacy Officer.
Receive an accounting of disclosures of your PHI as provided by federal law (including Privacy Rule Section 164.528) and state law. You have the right to receive a written accounting of all disclosures of your protected health information that we have made within the six (6) year period immediately preceding the date on which the accounting is requested. You may request an accounting of disclosures for a period of time less than six (6) years from the date of the request. Such disclosures will include the date of each disclosure, the name and, if known, the address of the entity or person who received the information, a brief description of the information disclosed, and a brief statement of the purpose and basis of the disclosure or, in lieu of such statement, a copy of your written authorization or written request for disclosure pertaining to such information. We are not required to provide accountings of disclosures for the following purposes: (a) treatment, payment, and healthcare operations, (b) disclosures pursuant to your authorization, (c) disclosures to you, (d) for a facility directory or to persons involved in your care, (e) for national security or intelligence purposes, (f) to correctional institutions, and (g) with respect to disclosures occurring prior to 4/14/03. We reserve our right to temporarily suspend your right to receive an accounting of disclosures to health oversight agencies or law enforcement officials, as required by law. We will provide the first accounting to you in any twelve (12) month period without charge, but will impose a reasonable cost-based fee for responding to each subsequent request for accounting within that same twelve (12) month period. All requests for an accounting shall be sent to the Practice’s Privacy Officer. The request should indicate in what form you want the list (such as a paper or electronic copy). The Practice will notify you of the costs, if any and you can decide to withdraw or modify your request before any costs are incurred.
Request special authorization to allow the Practice to use and disclose your protected health information (PHI) for purposes other than those enumerated in this Notice of Privacy Practices (NPP). This request must be made in writing to the Practice’s Privacy Officer.
Receive a paper copy of this Privacy Notice from the Practice (as provided by Privacy Rule Section 164.520(b)(1)(iv)(F)) upon request to the Practice’s Privacy Officer, or from this Practice’s web site www.drharo.com.
Mail: 1005 Clifton Avenue Suite 105 Clifton,
New Jersey 07013
E-Mail: [email protected]
Phone: (973) 777-5771
The Practice is required by federal law to maintain the privacy of your PHI and to provide you with this Privacy Notice detailing the Practice’s legal duties and privacy practices with respect to your PHI.
Under the Privacy Rule, The Practice may be required by State law to grant greater access or maintain greater restrictions on the use or release of your PHI than that which is provided for under federal law.
The Practice is required to abide by the terms of this Privacy Notice.
The Practice reserves the right to change the terms of this Privacy Notice and to make the new Privacy Notice provisions effective for all of your PHI that it maintains.
The Practice will distribute any revised Privacy Notice to you prior to implementation.
The Practice will not retaliate against you for filing a complaint.