NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
- 1. Introduction. Each of Allergy & Asthma Care, P.C. and Allergy & Asthma Care, P.A. is required by both federal and state law to limit the manner in which it uses or discloses information about a patient or a patient’s health information. In addition, we are required to notify you of our legal obligations with respect to our privacy practices concerning your protected health information and to abide by the notice then in effect. This notice is intended to describe both the obligations of this practice with respect to information that it has about you and your rights with respect to that information. References to the “practice” in this notice refer to whichever of the entities involved in the practice is applicable to your care or has protected health information about you, and the entities comprising the practice may share information with each other for the purposes described in this notice. Our employees and agents and the other health care professionals providing services to you in our office are subject to this notice.
- 2. What is Protected Health Information? Health information is broadly defined as any information, whether oral or recorded in any form or medium that is created or received by this practice whether the information relates to your past, present or future physical or mental health or condition, the provision of healthcare to you, or the past, present or future payment for the provision of healthcare to you. Individually identifiable healthcare information is information that includes health information and also includes demographic information collected from you that identifies you or which reasonably can be used to identify you. This is generally referred to throughout this notice as protected health information or “PHI.” The practice is required by law to maintain the privacy of your PHI and to provide you with this privacy notice setting forth our legal duties with respect to your PHI. This practice is required to abide by the terms of its privacy notice in effect from time to time.
- 3. Uses and Disclosures of Your PHI. If you are an existing patient, you have already signed a consent. If you are a new patient, you will be asked to sign a consent. The consent will allow the practice to use and disclose your PHI for your treatment, to obtain payment for the services we render to you and to assist us in our healthcare operations.
(a) Treatment. We may use or disclose your PHI for your treatment. For example:
- Our medical records personnel may review your chart to ensure that all lab and other tests results have been properly placed in your chart prior to your visit.
- Our nurses or physicians may communicate with laboratory or other testing facilities to review test results prior to your visit.
- Doctors in this office may discuss your case among themselves or may review your medical treatment with referring physicians or physicians to whom they have referred you for care.
- Personnel in this office may discuss your medical information with a hospital or other healthcare facility where you are being admitted or being treated or we may discuss this information with another healthcare provider who is treating you at such a facility.
- This practice may use a sign in sheet in the waiting area which other patients may see.
- This practice may announce the names of patients in the waiting area, and other people in that area may hear your name.
- This practice may leave voice messages on your home answering machine or send postcard or other appointment reminders.
- This practice may disclose health information to a pharmacy when we order a prescription for you.
- This practice may send you information about treatment alternatives or other health-related benefits and services that may be of interest to you.
- Other types of treatment uses or disclosures may be made even if not listed above.
(b) Payment. We may use and disclose your PHI in order to obtain payment for the services we render to you. For example:
- This practice may submit your PHI to your insurance company in order to receive reimbursement for services rendered to you.
- This practice may submit your PHI to an electronic data interchange company in order to codify information for submission to a third party payor.
- To facilitate reimbursement, this practice may provide supplemental information to your health insurance company in order to verify the medical necessity of the care that you have obtained.
- We may submit information to your health insurer in order to coordinate benefits with other health insurance or public benefits that may be available to you.
- This practice may provide consumer reporting agencies with credit information regarding your payment history.
- This practice may provide information to collection agencies or our attorneys for purposes of obtaining payment of delinquent accounts.
- Your PHI may be disclosed in a legal action for purposes of securing payment of delinquent accounts.
- Other types of payment uses and disclosures may be made even if not listed above.
(c) Healthcare Operations. We may use and disclose your PHI for the healthcare operations of this practice. For example:
- Peer review.
- Quality assessment activities.
- Medical education and training activities.
- Disease management programs.
- Accreditation and certification activities.
- Business planning and development activities.
- Financial planning projections.
- Monitoring for compliance and other legal matters.
- General business matters.
- Other types of uses and disclosures may be made for healthcare operations even if not listed above.
(d) Other Health Care Providers. We may also disclose your PHI to other health care providers when such PHI is required for them to treat you, receive payment for services you receive at our site, or conduct certain health care operations
- 4. Other Uses and Disclosures of PHI. In addition to payment, treatment and healthcare operations, subject to certain limitations, we may use your PHI for other purposes. The list below sets forth some examples of uses and disclosures of PHI for other purposes. Within each category are examples of such uses or disclosures, but the examples are not intended to be inclusive of all purposes for which your PHI may be used or disclosed in each particular category. There may also be overlap among the various categories.
- Disclosures to Federal or State Agencies. This practice will continue to make required disclosures to federal and state agencies, such as the Social Security Administration or state agencies for applications for federal or state benefits for care or payment for care.
- Individuals Involved in Your Care. We may disclose your PHI to someone involved in your care or payment for your care, such as a spouse, family member or close friend or a person responsible for your care, such as a nurse or home healthcare worker. We may also discuss your care with your personal representative or someone who has your healthcare power of attorney.
- Required by Law. This practice may use or disclose PHI when required by federal, state or local law to comply with mandatory reporting requirements, such as those involving births, deaths, child abuse, disease prevention and control, driving impairment, vaccine-related injuries, medical device-related deaths, gunshot wounds and other similar incidences that we are required to report.
- Workers’ Compensation Insurers. We may disclose your PHI to workers’ compensation insurers, state administrators, employers and other persons or entities involved in the workers’ compensation system and similar proceedings.
- Your Legal Matters. This practice may use or disclose your PHI in response to court or administrative proceedings if you are involved in a lawsuit or a similar matter. We may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in a dispute, but only if we have received satisfactory assurances that the party seeking your PHI has made a good faith effort to inform you of the request to provide you with an opportunity to object.
- Public Health and Safety Matters. We may use or disclose your PHI for public health activities, including reporting communicable diseases, child abuse and neglect reports, FDA-related reports and disclosures, public health warnings to third parties regarding risk of communicable diseases or conditions, reports regarding victims of abuse, neglect or domestic violence, reports of elder abuse to the applicable governmental authority, reports of abuse of a nursing home patient to the applicable governmental authority, reports to health oversight entities such as a drug enforcement agency, reports to prevent or lessen a serious threat to safety, or compliance with judicial and administrative proceedings.
- Law Enforcement Matters. This practice may disclose your PHI for law enforcement purposes, such as compliance with legal process, search warrants, identification of crime victims, reports of death suspected to have resulted from criminal activities, information regarding crimes, emergencies, reports regarding identification of deceased patients, cause of death, providing information to funeral directors necessary to carry out their operations, information relating to threats to public safety, or specific government functions such as military and veterans activities, national security and intelligence and similar law enforcement matters.
- Organ and Tissue Donation. We may use your PHI in order to facilitate organ, eye, and tissue donation and transplantation, including to those entities engaged in procuring and banking of such items.
- 5. Business Associates. The practice may engage certain persons to perform certain of our practice functions on our behalf and we may disclose certain health information to these persons. For example, we may share certain PHI with our billing company or computer consultant in order to facilitate our healthcare operations or payment for services provided in connection with your care. In this connection, we will require our business associates to enter into an agreement to keep your PHI confidential and to abide by the terms set forth in this privacy notice.
- 6. Incidental Disclosure. Certain disclosures may occur incidentally. For example, conversations regarding your medical care may be overheard by other persons or patients in the office or someone may view your name on the sign-in sheet in the waiting area. Our practice will use its best efforts to limit these disclosures, but the efficient delivery of medical care in our office setting will not permit incidental disclosures to be totally eliminated.
- 7. Research. We may use your health information for research purposes if we have de-identified the information so that the information provided could not reasonably be associated with you. Our personnel may use your PHI in the process of de-identifying your PHI for this purpose. For all other types of research, we will usually ask for your authorization before using your PHI for research purposes. However, we may use and disclose your PHI without authorization if the applicable institutional review board that oversees research involving human subjects has waived the authorization requirement.
- 8. Fundraising Activities. We may use information about you to contact you in an effort to raise money for the practice and its operations. We may disclose information to a foundation related to the practice so that the foundation may contact you about raising money for the practice. We only would release contact information, such as your name, address and phone number and the dates you received treatment or services at the practice. If you do not want the practice to contact you for fundraising efforts, you must notify us in writing and you will be given the opportunity to “Opt-Out” of these communications.
- 9. Authorizations. For all uses and disclosures that are not of the general types permitted pursuant to the terms of this privacy notice, we will obtain your written authorization to use or disclose your PHI. In addition, the law ofPennsylvania orNew Jersey, as applicable, may require your written authorization in certain circumstances. If your records are governed by Pennsylvania law, we will also obtain your authorization to the extent required by applicable law, prior to disclosing any mental health records or any HIV-related diagnosis and treatment information or drug and alcohol treatment records about you; there are certain purposes, however, for which such information may or must be disclosed without your authorization. If your records are governed by New Jersey law, we will also obtain your authorization to the extent required by applicable law, prior to disclosing your genetic information, or any HIV/AIDS, venereal disease, tuberculosis or substance abuse-related information about you; there are certain purposes, however, for which such information may or must be disclosed without your authorization. Any time after you have given us an authorization, you may revoke it, except to the extent that we have already relied on the authorization you have provided.
- 10. Your Privacy Rights. You have certain rights described below with respect to your PHI. The following will describe each of these rights and how you may exercise them:
(a) Restrictions on Use. You have the right to request restrictions on uses or disclosures of your PHI to carry out treatment, payment and healthcare operations, but this practice is not required to agree to such requested restrictions except for disclosures of your PHI to a health plan, including Medicare, for payment or health care operation purposes if you have paid for the service or items out of your own pocket in full prior to any anticipated disclosure. To request a restriction, you must submit a written request to our privacy officer. The request must state (i) what information you want restricted and (ii) to whom the restriction should apply.
(b) Confidential Communications. You have a right to request that this practice communicate your PHI to you by reasonable alternative means or alternative locations. For example, you have the right to request that we contact you only at work or only by mail. To make such a request, you must (i) make your request in writing, (ii) the request must specify the alternative address or other method of payment, if applicable, and (iii) information as to how payment will be handled if the request would vary the way in which the practice routinely handles payment issues. We are not required to agree to requests for confidential communications that are unreasonable. We will not ask you for an explanation of why you are requesting alternative means of communication.
(c) Right of Access. You have the right of access to inspect and obtain a copy of your PHI in the medical and billing records that we maintain about you and records that we use to make decisions about your care in the applicable written or electronic format. This right may be subject to certain limitations, and we may impose upon you reasonable charges associated with the copying or labor costs associated with copying and sending via electronic format. To exercise your rights of access, (i) you must submit a written request to our privacy officer, (ii) the request must state how you want to retrieve the information, such as by mail, pick up, secure e-mail address, etc., (iii) the request must include the mailing address or e-mail address, as applicable, and (iv) the request must be accompanied by the applicable copying charge. Access to your PHI may be temporarily suspended where you are participating in a research study that includes treatment and your consent to participate in the research provides for denial of access during the research. In these circumstances, your right of access will be reinstated upon completion of the research.
(d) Amendment of PHI. You have the right to request that we amend your medical and billing record that we maintain about you and records that we use to make decisions about your care. We have the right to deny your request (i) if we did not create the record (unless you provide us a reasonable basis to believe that the originator of the PHI is no longer available to act on the request), (ii) the information requested to be amended is not part of your records, (iii) the information would not otherwise be subject to a right of access, or (iv) the information is accurate and complete. Requests to amend your PHI must be made in writing and must set forth the reason why you believe the amendment is warranted or appropriate. Within sixty days of your written request for an amendment of your PHI, we will either (i) implement the amendment and notify you in writing of this and take reasonable efforts to inform others who may have received the PHI about the amendment, or (ii) notify you in writing of the reasons why we are either unable to implement the requested amendment (including a statement of your rights in connection with the denial) or inform you of our need for an additional thirty days within which to make a determination and the reasons for such an extension.
(e) Accounting of Disclosures of PHI. You have the right to receive an accounting of disclosures of your PHI made by this practice for a period of six years prior to the date of your request in written format or three years prior to the date of your request for electronic formatted records (but only for disclosures on or after April 14, 2003). The accounting of written records will not include disclosures for payment, treatment and healthcare operations as described in Section 3 of this notice, disclosures to you, disclosures incident to other uses or disclosures that are permitted without your prior authorization, disclosures pursuant to your authorization, disclosures to persons involved in your care, disclosures for national security purposes, to correctional institutions or law enforcement officials, or when your PHI is de-identified and used for research purposes. Electronic format records of PHI shall include disclosures for the treatment, payment, and healthcare operations. The first accounting you request within a 12-month period is free of charge, but our practice may charge you for additional accountings within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
(f) Right to Receive Notice of a Breach. We are required to notify you by first class mail or by email (if you have indicated a preference to receive information by email), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of the breach. “Unsecured Protected Health Information” is information that is not secured through the use of a technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the Protected Health Information unusable, unreadable, and undecipherable to unauthorized users. The notice is required to include the following information:
- a brief description of the breach, including the date of the breach and the date of its discovery, if known;
- a description of the type of Unsecured Protected Health Information involved in the breach;
- steps you should take to protect yourself from potential harm resulting from the breach;
- a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches;
- contact information, including a toll-free telephone number, e-mail address, Web site or postal address to permit you to ask questions or obtain additional Information.
In the event the breach involves 10 or more patients whose contact information is out of date we will post a notice of the breach on the home page of our website or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary. We also are required to submit an annual report to the Secretary of a breach that involved less than 500 patients during the year and will maintain a written log of breaches involving less than 500 patients.
(g) Right to Receive a Paper Copy. You have a right to receive a paper copy of this Notice of Privacy Practices. To obtain a copy, you may request one from the front desk at any office visit or you may contact our Privacy Officer.
- 11. Privacy Officer. Our Privacy Officer may be contacted during our regular business hours at 215-947-6690 or you may write to the Privacy Officer at the following address:
Allergy & Asthma Care, P.C.
1650 Huntingdon Pike
Meadowbrook, PA 19046
Attention: Privacy officer
Allergy & Asthma Care, P.A.
213 N. Haddon Avenue
Haddonfield, NJ 08033
Attention: Privacy officer
- 12. Complaints. If you believe that your privacy rights have been violated, you may submit a complaint to our practice or to the Secretary of Health and Human Services. To file a complaint with the practice you may contact our Privacy Officer, whose contact information is set forth directly above. You may also visit www.hhs.gov/ocr for further information. The practice will not retaliate against you for filing a complaint.
- 13. Changes to this Notice. We reserve the right to change the terms of this privacy notice and to make new provisions effective for all PHI that we maintain, including PHI that we maintain at the time of the change. If we change our policies, we will post our revised privacy notice in our waiting room and make copies available to all patients upon request. Patients may also receive a copy of our privacy policies at any time by contacting our Privacy Officer or by accessing our website at http://aacallergy.com/.
- 15. Effective Date. The effective date of this notice is April 14, 2003, as amended September 23, 2013.