This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
This practice uses and discloses health information about you for treatment, to obtain payment for treatment, for administrative purposes, and to evaluate the quality of care that you receive. This notice describes our privacy practices. You can request a copy of this notice at any time. For more information about this notice or our privacy practices and policies, please contact Misty Birch (contact information listed below).
Protection of Protected Health Information (PHI)
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), this practice is required by law to maintain privacy of health information that identifies you, called Protected Health Information (PHI), and to provide you with notice of our legal duties and privacy practices regarding PHI. This practice is committed to the protection of your PHI and will make reasonable efforts to ensure confidentiality of your PHI, as required by statute and regulation. We take this commitment seriously and will work with you to comply with your right to receive certain information under HIPAA.
Treatment, Payment, Health Care Operations
We are permitted to use and disclose your medical information to those involved in your treatment. For example, the physician in this practice is a specialist. When we provide treatment, we may request that your primary care physician share your medical information with us. Also, we may provide your primary care physician information about your particular condition so that he or she can appropriately treat you for other medical conditions, if any.
We are permitted to use and disclose your medical information to bill and collect payment for the services provide to you. For example, we may complete a claim form to obtain payment from your insurer or HMO. The form will contain medical information, such as a description of the medical service provided to you, that your insurer or HMO needs to approve payment to us.
Health Care Operations
We are permitted to use or disclose your medical information for the purposes of health care operations, which are activities that support this practice and ensure that quality care is delivered. For example, we may engage the services of a professional to aid this practice in its compliance programs. This person will review billing and medical files to ensure we maintain our compliance with regulations and the law.
Disclosures That Can Be Made Without Your Authorization
There are situations in which we are permitted by law to disclose or use your medical information without your written authorization or an opportunity to object. In other situations we will ask for your written authorization before using or disclosing any identifiable health information about you. If you choose to sign an authorization to disclose information, you can later revoke that authorization, in writing, to stop future uses and disclosures. However, any revocation will not apply to disclosures or uses already made or taken in reliance on that authorization.
Public Health, Abuse or Neglect, and Health Oversight
We may disclose your medical information for public health activities. Public health activities are mandated by federal, state, or local government for the collection of information about disease, vital statistics (like births and death), or injury by a public health authority. We may disclose medical information, if authorized by law, to a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition. We may disclose your medical information to report reactions to medications, problems with products, or to notify people of recalls of products they may be using.
We may also disclose medical information to a public agency authorized to receive reports of child abuse or neglect. Texas law requires physicians to report child abuse or neglect. Regulations also permit the disclosure of information to report abuse or neglect of elders or the disabled.
We may disclose your medical information to a health oversight agency for those activities authorized by law. Examples of these activities are audits, investigations, licensure applications
and inspections which are all government activities undertaken to monitor the health care delivery system and compliance with other laws, such as civil rights laws.
Legal Proceedings and Law Enforcement
We may disclose your medical information in the course of judicial or administrative proceedings in response to an order of the court (or the administrative decision-maker) or other appropriate legal process. Certain requirements must be met before the information is disclosed.
If asked by a law enforcement official, we may disclose your medical information under limited circumstances provided that the information:
ß Is released pursuant to legal process, such as a warrant or subpoena;
ß Pertains to a victim of crime and you are incapacitated;
ß Pertains to a person who has died under circumstances that may be related to criminal conduct;
ß Is about a victim of crime and we are unable to obtain the person’s agreement;
ß Is released because of a crime that has occurred on these premises; or
ß Is released to locate a fugitive, missing person, or suspect.
We may also release information if we believe the disclosure is necessary to prevent or lessen an imminent threat to the health or safety of a person.
We may disclose your medical information as required by the Texas workers’ compensation law.
If you are an inmate or under the custody of law enforcement, we may release your medical information to the correctional institution or law enforcement official. This release is permitted to allow the institution to provide you with medical care, to protect your health or the health and safety of others, or for the safety and security of the institution.
Military, National Security and Intelligence Activities, Protection of the President
We may disclose your medical information for specialized governmental functions such as separation or discharge from military service, requests as necessary by appropriate military command officers (if you are in the military), authorized national security and intelligence activities, as well as authorized activities for the provision of protective services for the President of the United States, other authorized government officials, or foreign heads of state.
Research, Organ Donation, Coroners, Medical Examiners, and Funeral Directors
When a research project and its privacy protections have been approved by an Institutional Review Board or privacy board, we may release medical information to researchers for research purposes. We may release medical information to organ procurement organizations for the purpose of facilitating organ, eye, or tissue donation if you are a donor. Also, we may release your medical information to a coroner or medical examiner to identify a deceased or a cause of death. Further, we may release your medical information to a funeral director where such a disclosure is necessary for the director to carry out his duties.
We are permitted to disclose your PHI to certain business associates to perform certain functions or services to our practice. For example, we are permitted to use another company to perform collection services for our practice. All of our business associates are required to maintain the privacy and confidentiality of your PHI. In addition, at the request of your healthcare providers or health plan, we may disclose PHI to their business associates for purpose of performing certain business functions or health care services on their behalf. For instance, we may disclose PHI to a business associate of Medicare for purposes of medical necessity review and audit.
Required by Law
We may release your medical information where the disclosure is required by law.
Other Uses and Disclosures of PHI
For purposes not described above, including uses and disclosures of PHI for marketing purposes and disclosures that would constitute a sale of PHI, this practice will ask for patient authorization before using or disclosing PHI. If you signed an authorization form, you may revoke it, in writing, at any time, except to the extent that action has been taken in reliance on the authorization.
This practice is required to provide patient notification if it discovers a breach of unsecured PHI unless there is demonstration, based on risk assessment, that there is a low probability that the PHI has been compromised. You will be notified without reasonable delay and no later than 60 days after the discovery of the breach. Such notification will include information about what happened and what can be done to mitigate any harm.
Your Rights Under Federal Privacy Regulations
The United States Department of Health and Human Services created regulations intended to protect patient privacy as required by the Health Insurance Portability and Accountability Act (HIPAA). Those regulations create several privileges that patients may exercise. We will not retaliate against a patient that exercises their HIPAA rights.
You may request that we restrict or limit how your protected health information is used or disclosed for treatment, payment, or healthcare operations. We do NOT have to agree to this restriction unless the requested restriction involves a disclosure that is not required by law to a health plan for payment or health care operations purposes and not for treatment, and you have paid for the service in full out of pocket. If we do agree to a restriction, we will comply with your request except under emergency circumstances.
To request a restriction, submit the following in writing: (a) The information to be restricted, (b) what kind of restriction you are requesting (i.e. on the use of information, disclosure of information or both), and (c) to whom the limits apply. Please send the request to the address and person listed below.
You may also request that we limit disclosure to family members, other relatives, or close personal friends that may or may not be involved in your care.
Receiving Confidential Communications by Alternative Means
You may request that we send communications of protected health information by alternative means or to an alternative location. This request must be made in writing to the person listed below. We are required to accommodate only reasonable requests. Please specify in your correspondence exactly how you want us to communicate with you and, if you are directing us to send it to a particular place, the contact/address information.
Inspection and Copies of Protected Health Information
You may inspect and/or copy health information that is within the designated record set, which is information that is used to make decisions about your care. Texas law requires that requests for copies be made in writing, and we ask that requests for inspection of your health information also be made in writing. Please send your request to the person listed below.
We can refuse to provide some of the information you ask to inspect or ask to be copied if the information:
ß Includes psychotherapy notes.
ß Includes the identity of a person who provided information if it was obtained under a promiseof confidentiality.
ß Is subject to the Clinical Laboratory Improvements Amendments of 1988.
ß Has been compiled in anticipation of litigation.
We can refuse to provide access to or copies of some information for other reasons, provided that we provide a review of our decision on your request. Another licensed health care provider who was not involved in the prior decision to deny access will make any such review.
Texas House Bill 300 (Texas Medical Records Privacy Law) requires that we provide copies or a narrative within 15 business days of your written request. We will inform you when the records are ready or if we believe access should be limited. If we deny access, we will inform you in writing.
HIPAA and Texas House Bill 300 (Texas Medical Records Privacy Law) requires that we provide you an electronic copy of the requested record if we are using an electronic health records system that is capable of creating electronic records. You may request it in another form.
HIPAA permits us to charge a reasonable cost based fee. The Texas State Board of Medical Examiners (TSBME) has set limits on fees for copies of medical records that under some circumstances may be lower than the charges permitted by HIPAA. In any event, the lower of the fee permitted by HIPAA or the fee permitted by the TSBME will be charged.
Amendment of Medical Information
You may request an amendment of your medical information in the designated record set. Any such request must be made in writing to the person listed below. We will respond within 60 days of your request. We may refuse to allow an amendment if the information:
ß Wasn’t created by this practice or the physicians here in this practice.
ß Is not part of the Designated Record Set.
ß Is not available for inspection because of an appropriate denial.
ß If the information is accurate and complete.
Even if we refuse to allow an amendment you are permitted to include a patient statement about the information at issue in your medical record. If we refuse to allow an amendment we will inform you in writing. If we approve the amendment, we will inform you in writing, allow the amendment to be made and tell others that we know have the incorrect information.
Accounting of Certain Disclosures
The HIPAA privacy regulations permit you to request, and us to provide, an accounting of disclosures that are other than for treatment, payment, health care operations, or made via an authorization signed by you or your representative. Please submit any request for an accounting in writing to the person listed below. Your first accounting of disclosures (within a 12 month period) will be free. For additional requests within that period we are permitted to charge for the cost of providing the list. If there is a charge we will notify you, and you may choose to withdraw or modify your request before any costs are incurred.
Appointment Reminders, Treatment Alternatives, and Other Health-related Benefits
We may contact you by telephone, mail, email, or fax to provide appointment reminders, information about treatment alternatives, or other health-related benefits and services that may be of interest to you.
If you are concerned that your privacy rights have been violated, you may contact the person listed below. You may also send a written complaint to the United States Department of Health and Human Services. We will not retaliate against you for filing a complaint with the government or us. The contact information for the United States Department of Health and Human Services is:
U.S. Department of Health and Human Services
7500 Security Blvd., C5-24-04
Baltimore, MD 21244
Our Promise to You
We are required by law and regulation to protect the privacy of your medical information, to provide you with this notice of our privacy practices with respect to protected health information, and to abide by the terms of the notice of privacy practices in effect.
Questions and Contact Person for Requests
If you have any questions or want to make a request pursuant to the rights described above, please contact:
P. O. Box 100
Paris, TX 75461-0100
This notice is effective on the following date: April 14, 2003
Last Modified: March 1, 2013
We may change our policies and this notice at any time and have those revised policies apply to all the protected health information we maintain. If or when we change our notice, we will post the new notice in the office where it can be seen.