HIPAA Notice of Privacy Practices for U.S. Residents
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. THE PRIVACY OF YOUR MEDICAL INFORMATION IS IMPORTANT TO US.1
OUR LEGAL DUTY
We are required by the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended from time to time (collectively, “HIPAA”) to maintain the privacy of your health information. [Our policy is to encrypt our electronic files containing your health information so as to protect the information from those who should not have access to it. If, however, for some reason we experience a breach of your unencrypted health information, we will notify you of the breach.]2 We are also required to provide you with this Notice of Privacy Practices (“Notice”) which describes our privacy practices and legal duties, as well as your rights concerning your health information. We must follow the privacy practices described in this Notice while it is in effect. We will not use or share your health information other than as described in this Notice, unless you notify us in writing at the address provided below. This Notice takes effect [DATE]3, and will remain in effect until we replace it.
We may change our privacy practices, and/or this Notice, from time to time. If we make any material revisions to this Notice, we will provide you with a copy of the revised Notice [by mail or email]4. The revised Notice will specify the date on which such revised Notice becomes effective. The revised Notice will apply to all of your health information from and after the revised date. [The revised Notice will also be available on our web site.] For more information about our privacy practices, or for additional copies of this Notice, please contact us using the information listed at the end of this Notice.
USES AND DISCLOSURES OF HEALTH INFORMATION WITHOUT WRITTEN AUTHORIZATION
A. Uses and Disclosures for Treatment, Payment, and Health Care Operations
We must disclose your health information to you, as described in this Notice. We also use your health information and share it with others, in electronic or other format, to help treat your condition, coordinate payment for that treatment, and run our business operations. The following are examples of situations where we do not need your written authorization to use your health information or share it with others:
Treatment: We may use your health information to provide treatment to you. We disclose your health information to our employees and others who are involved in providing the care you need. We may disclose your health information to a physician or other health care provider providing treatment to you. We may also share your health information with a pharmacist in order to provide you with a prescription or with a laboratory that performs test or fabricates dental prostheses or orthodontic appliances.5
Payment: We may use and disclose your health information to obtain payment for services we provide to you, unless you request that we restrict such disclosure to your health plan when you have paid out-of-pocket and in full for services rendered.6
Health Care Operations: We may use and disclose your health information in connection with our health care operations, including quality assessment and improvement activities, review of the competence or qualifications of health care professionals, evaluation of practitioner and provider performance, training programs, accreditation, certification, and licensing and credentialing activities.
Disclosures to Your Family or Friends Involved in Your Care: Unless you object, we may disclose your health information to a family member, friend, or other person identified by you as being involved in your treatment or payment for your health care. If you are not present to agree or object, we may exercise our professional judgment to determine whether the disclosure is in your best interest, and will limit such disclosures to information necessary to help with your treatment or with payment for your health care. We may also notify a family member, personal representative, or another person responsible for your care about your location or general condition. We will also use our professional judgment and our experience with common practice to make reasonable inferences of your best interest in allowing a person to pick up filled prescriptions, medical supplies, x-rays, or other similar forms of health information.
Business Associates: We may disclose your health information to a “business associate” that needs the information in order to perform a function or service for our business operations. We will do so only if the business associate signs an agreement to protect the privacy of your health information. For example, we may share your health information with a billing company that helps us to obtain payment from your insurance company.
Appointment Reminders, Treatment Alternatives and Health-Related Benefits and Services: We may use and disclose your health information to provide you with appointment reminders (such as voicemails, postcards, letters, e-mails or other similar mobile device communications). We may also use your health information in order to recommend possible treatment alternatives or health-related benefits and services, such as disease awareness or case management that may be of interest to you.
Patient-Related Communications: We may use or disclose your health information to provide patient-related communications such as intraoral photography, “no cavity club” for children, and telephoned-in prescriptions.
B. Uses and Disclosures for the Public Need
We may use your health information and share it with others in order to comply with the law or meet important public needs described below.
Required by Law: We may use or disclose your health information when we are required by law to do so.
Public Health Activities: We may disclose your health information to authorized public health officials so they may carry out their public health activities. For example, we may share your health information with government officials that are responsible for controlling disease, injury, or disability.
Health Oversight Activities: We may release your health information to government agencies authorized to conduct audits, investigations, and inspections, as well as civil, administrative or criminal investigations, proceedings, or actions. This includes those agencies that monitor programs such as Medicaid.
Abuse or Neglect: We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, or domestic violence or the possible victim of other crimes.
Product Monitoring, Repair and Recall: We may disclose your health information to a person or company that is regulated by the Food and Drug Administration for the purpose of: (1) reporting or tracking product defects or problems; (2) repairing, replacing, or recalling defective or dangerous products; or (3) monitoring the performance of a product after it has been approved for use by the general public. We may also disclose your health information to report adverse reactions to medications.
Lawsuits and Disputes: We may disclose your health information if we are ordered to do so by a court or administrative tribunal that is handling a lawsuit or other dispute. We may also disclose your health information in response to a subpoena, discovery request, or other lawful request by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain a court order protecting the information from further disclosure.
Law Enforcement: We may disclose your health information to law enforcement officials for certain reasons including to comply with court orders or laws that we are required to follow, and to assist law enforcement officers with identifying or locating a suspect, fugitive, witness, missing person or victims of a crime.
To Avert a Serious and Imminent Threat to Health or Safety: We may disclose your health information to the extent necessary to avert a serious and imminent threat to your health or safety or the health or safety of others. If we do, we will only share your information with someone able to help prevent the threat.
Workers’ Compensation: We may disclose your health information to the extent necessary to comply with workers’ compensation or other programs established by law that provide benefits for work-related injuries or illness without regard to fraud.
National Security: We may disclose to authorized federal officials health information required for lawful intelligence, counterintelligence, and other national security activities. We may also disclose to military authorities the health information of Armed Forces personnel under certain circumstances. If you are an inmate or you are detained by a law enforcement officer, we may disclose your health information to the prison officers or law enforcement officers if necessary to provide you with health care, or to maintain safety, security and good order at the place where you are confined.
Coroners, Medical Examiners and Funeral Directors: In the unfortunate event of your death, we may disclose your health information to a coroner or medical examiner. This may be necessary, for example, to determine the cause of death. We may also release this information to funeral directors as necessary to carry out their duties, and to organizations that procure or store organs, eyes or other tissues so that these organizations may investigate whether donation or transplantation is possible under the law.
Research: We can use or share you information for health research.
C. Completely De-Identified and Partially De-Identified Health Information
We may use and disclose your health information if we have removed any information that has the potential to identify you so that the health information is “completely de-identified.” We may also use and disclose “partially de-identified” health information about you for public health and research purposes, or for business operations, if the person who will receive the information signs an agreement to protect the privacy of the information as required by federal and state law. Partially de-identified health information will not contain any information that would directly identify you (such as your name, street address, social security number, phone number, fax number, electronic mail address, website address, or license number).
REQUIREMENT FOR WRITTEN AUTHORIZATION
We may use your health information for treatment, payment, health care operations or other purposes described in this Notice. You may also give us written authorization to use your health information or to disclose it to anyone for any purpose. We cannot use or disclose your health information for any reason except those described in this Notice unless you give us written authorization to do so. For example, we require your written authorization for uses and disclosures of health information for marketing purposes, and disclosures that constitute a sale of your health information. Marketing is a communication about a product or service that encourages recipients of the communication to purchase or use the product or service. You may obtain a form to revoke your authorization by using the contact information listed at the end of this Notice. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect.
YOUR RIGHTS TO ACCESS AND CONTROL YOUR HEALTH INFORMATION
Access: You have the right to inspect or obtain copies of your health information, with limited exceptions. If we maintain your health information in electronic format, you have the right to obtain a copy of your health information in the form and format you request if the information is readily producible in that format, or, if not, a mutually agreeable alternative format. You also have the right to direct us to send a copy of your health information to a third party you clearly designate. We may charge you a reasonable, cost-based fee to cover copy costs and postage. If you request a copy of your electronic health information, we will not charge you any more than our labor costs in preparing the materials. You must make a request in writing to obtain access to your health information. You may obtain a form to request access by using the contact information listed at the end of this Notice. We will allow for visual inspection of your records within 10 days of receipt of your written request. If you would like a copy of your medical record in electronic form, we will respond within 10 days of receipt of your written request. If you would like a copy of your medical record in another form, we will respond within 21 days of receipt of your written request.7 If we need additional time to respond, we will let you know as soon as possible. If you are denied access to your health information, you are entitled to a review by a healthcare professional, designated by us, who was not involved in the decision to deny access. If access is ultimately denied, you will be entitled to a written explanation of the reasons for the denial. Should we deny you access to your records in New York, you may also appeal our decision to a medical record access review committee appointed by the Commissioner of the New York State Department of Health.8
Disclosure Accounting: You have the right to receive a list of instances in which we or our business associates disclosed your health information over the last 6 years or such shorter time as you may specify. That accounting will not include certain disclosures, in accordance with federal law, including disclosures made for the purposes of treatment, payment, or health care operations. You may obtain a form to request a disclosure accounting by using the contact information listed at the end of this Notice. We will ordinarily respond to your request within 60 days. If we need additional time to respond, we will let you know as soon as possible. You will receive one disclosure accounting annually free of charge, but we may charge you a reasonable, cost-based fee for additional accountings within the same twelve-month period.
Restrictions: You have the right to request that we place additional restrictions on our use or disclosure of your health information. If we agree to do so, we will put these restrictions in place except in an emergency situation or as required by law. We do not need to agree to the restriction unless (i) the disclosure is for the purpose of carrying our payment or health care operations and is not otherwise required by law, and (ii) the health information relates only to a health care item or service that you or someone on your behalf has paid for out of pocket and in full. You have the right to revoke the restriction at any time. You may obtain a form to request additional restrictions by using the contact information at the end of this Notice.
Alternative Communication: You have the right to request that we communicate with you about your health information by alternative means or to alternative locations. You may obtain a form to request additional alternative communications by using the contact information at the end of this Notice. Your request must specify how or where you wish to be contacted, and provide a satisfactory explanation regarding how payments will be handled if we communicate with you through the alternative means or location you request.
Amendment of Health Information: If you believe we have health information about you that is incorrect or incomplete, you may request in writing an amendment to your health information. You may obtain a form to request an amendment by using the contact information at the end of this Notice. Your request must explain why the information should be amended. We will ordinarily respond to your request within 60 days. If we need additional time to respond, we will let you know as soon as possible. If we did not create your health information, if your health information is not part of our records, or if your health information is already accurate and complete, we can deny your request and notify you of our decision in writing. You can submit a statement that you disagree with our decision, which we can rebut. You have the right to request that your original request, our denial, your statement of disagreement, and our rebuttal be included in future disclosures of your health information.
Notification of Breach of Unsecured Health Information: We are required by law to maintain the privacy of your health information, and to provide you with this Notice containing our legal duties and privacy practices with respect to your protected health information. Our policy is to encrypt our electronic files containing your health information so as to protect the information from those who should not have access to it. If, however, for some reason we experience a breach of your unencrypted health information, we will notify you of the breach.
Paper Notice: You have the right at any time to obtain a paper copy of this Notice, even if you receive this Notice electronically. You may make such a request by writing to the address provided at the end of this Notice.
Choose Someone to Act for You: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situation described below, notify us using the contact information listed below.
In these cases, you have both the right and the choice to tell us to:
Share information with your family, close friends, or others involved in your care
Share information in a disaster relief situation
Include your name in a hospital directory
If you are not able to tell us your preference, for example, if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health and safety.
In the case of fundraising, we may contact you for fundraising efforts, but you can tell us not to contact you again.
OTHER SPECIFIC STATE LAW REQUIREMENTS
Some states provide even greater rights, including more favorable access and amendment rights, as well as protection for particularly sensitive information. Special privacy protections apply to sensitive health information including AIDS/HIV-related information, alcohol and substance abuse treatment information, mental health information, and genetic information. Some parts of this Notice may not apply to these types of information. Uses and disclosures of this information will only be made with your express written authorization in accordance with applicable law.
If you have any questions about this Notice, you may contact our Corporate Compliance Officer at 217-540-5100, or write us at:
Corporate Compliance Officer
1200 Network Centre, Suite 2
Effingham, Illinois 62401 (217) 540-5100
If you are concerned that we may have violated your privacy rights or have any other complaints, you may complain to us using the contact information above. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request. If you choose to file a complaint, we will not retaliate or take action against you for your complaint.