How Our Efforts to Comply with HIPAA Regulations Affects You
The Health Insurance Portability and Accessibility Act of 1996 (HIPAA) requires those of us who manage and control confidential patient information to be accountable for its use and disclosure.
Although HIPAA was originally passed as law in 1996, its effective deadline dates are now upon us. In April 2003, all activities involving confidential patient information (referred to as Protected Health Information) will be under the scrutiny of law, and under the jurisdiction of the Department of Justice, Health and Human Services Department.
In order to be proactive in our efforts toward compliance, Mordcai Blau, M.D. has adopted methods and processes that must now be followed for each patient.
Every patient (or authorized representative) must authorize the use and disclosure of their protected health information, without exception. If you are a third party, or attorney seeking medical records; you will be required to show proof of such authorization. Additionally, information contained in medical records must only be used or disclosed for specific, and clearly stated purposes. For example: This office will no longer accept requests for an “entire” medical chart/record. You must state the specific information you want, to whom the information is to be disclosed, and the purpose for the use or disclosure of protected health information.
These requirements are non-negotiable, and our staff has no authority to circumvent our policies, so please do not ask them to try. If you have questions regarding this matter please contact our Office Manager, Maryann Mulenforth at 914-428-4700 or email your question to firstname.lastname@example.org.
The office of Mordcai Blau, M.D. has forms that will assist you in providing us with the necessary information. Just ask us, and we will be happy to assist you.
Thanks for your cooperation.
Mordcai Blau, M.D.
12 Greenridge Ave.
White Plains, New York 10605
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. If you have any questions about this Notice please contact our Office Manager, Maryann Mulenforth.
This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected Health Information” is information about you, including demographic information, that may identify you and that relates to your past, present and future physical or mental health or condition and related health care services.
We are required to abide by the terms of this Notice of Privacy Practices. We may change the terms of our notice, at any time. The new notice will be effective for all protected health information that we maintain at the time. Upon your request, we will provide you with any revised Notice of Privacy Practices. You may obtain a current copy of our Notice of Privacy Practices by visiting our website www.cosmetic-md.com or by calling our office and requesting one be sent in the mail to you, or by asking for a new copy at your next appointment.
- Uses and Disclosures of Protected Health Information
Uses and Disclosures of Protected Health Information Based Upon Your Written ConsentYou will be asked by your physician to sign a consent form. Once you have consented to use and disclosure of your protected health information for treatment, payment and health care operations by signing the consent form, your physician will use or disclose your protected health information as described in this Section 1. Your protected health information may be used and disclosed by your physician, our office staff and others outside our office that are involved in your care and treatment for the purpose of providing health care services to you. Your protected health information may also be used and disclosed to pay your health care bills and to support the operation of the physician’s practice.
Following are examples of the types of uses and disclosures of your protected health care information that the physician’s office is permitted to make once you have signed our consent form. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by our office once you have provided consent.
Treatment: We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party that has already obtained your permission to have access to your protected health information. For example, we would disclose your protected health information, as necessary, to a home health agency that provides care for you. We will also disclose protected health information to other physicians who may be treating you when we have the necessary permission from you to disclose your protected health information. For example, your protected health information may be provided to a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose and treat you.
In addition, we may disclose your protected health information from time-to-time to another physician or health care provider (e.g., a specialist or laboratory) who, at the request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment to your physician.
Payment: Your protected health information will be used, as needed to obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we recommend for you as such; making a determination of eligibility or coverage for insurance benefits; reviewing services provided to you for medical necessity, and undertaking utilization review activities. For example, obtaining approval for a hospital stay may require that your relevant protected health information be disclosed to the health plan to obtain approval for the hospital admission.
Healthcare Operations: We may use or disclose, as-needed, your protected health information in order to support the business activities of your physician’s practice. The activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, marketing and fundraising activities, and conducting or arranging for other business activities.
For example, we may disclose your protected health information to medical school students that see patients in our office. In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician. We may also call you by name in the waiting room when your physician is ready to see you. We may use or disclose your protected health information, as necessary, to contact you and remind you of your appointment.
We will share your protected health information with third party “business associates” that perform various activities (e.g., billing, transcriptions services) for the practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your protected health information, we will have a written contract that contains the terms that will protect the privacy of your protected health information.
We may use or disclose your protected health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may also use and disclose your protected health information for other marketing activities. For example, your name and address may be used to send you a newsletter about our practice and the services we offer. We may also send you information about products or services that we believe may be beneficial to you. You may contact our Privacy Contact and request that these materials not be sent to you.
We may use or disclose your demographic information and the dates that you received treatment from your physician, as necessary, in order to contact you for fundraising activities supported by our office. If you do not what to receive these materials, please contact our Privacy Contact to request that these fundraising materials not be sent to you.
Uses and Disclosures of Protected Health Information Based upon You Written Authorization
Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described below. You may revoke this authorization, at any time, in writing, except to the extent that your physician or the physician’s practice has taken action in reliance on the use or disclosure in the authorization.
Other Permitted and Required Uses and Disclosures That May Be Made With Your Consent, Authorization or Opportunity to Object
We may use and disclose your protected health information in the following instances. You have the opportunity to agree or object to the use or disclosure of all or part of your protected health information. If you are not present or able to agree or object to the use or disclosure of the protected health information, then your physician may, using professional judgment, determine whether disclosure is in your best interest. In this case, only the protected information that is relevant to your health care will be disclosed.
Facility Directories: Unless you object, we will use and disclose in our facility directory your name, the location at which you are receiving care, your condition (in general terms), and your religious affiliation. All of this information, except religious affiliation, will be disclosed to people that ask for you by name. Members of the clergy will be told your religious affiliation.
Others Involved in Your Healthcare: Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, general condition or death. Finally, we may use or disclose your protected health information to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.
Emergencies: We may use or disclose your protected health information in an emergency treatment situation. If this happens, your physician shall try to obtain your consent as soon as reasonably practicable after the delivery of treatment. If your physician or another physician in the practice is required by law to treat you and the physician has attempted to obtain your consent but is unable to obtain your consent, he or she may still your or disclose your protected health information to treat you.
Communication Barriers: We may use and disclose your protected health information if you physician or another physician in the practice attempts to obtain consent from you but is unable to do so due to substantial communication barriers and the physician determines, using professional judgment, that you intend to consent to use or disclosure under the circumstances.
Other Permitted and Required Uses and Disclosures That May Be Made Without Your Consent, Authorization or Opportunity to Object
We may use or disclose your protected health information in the following situations without your consent or authorization. These situations include:
Required By Law: We may use or disclose your protected health information to the extent that law requires the use or disclosure. The use or disclosure will be made in compliance with the law and will be limited to relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.
Public Health: We may disclose your protected health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability. We may also disclose your protected health information, if directed by the public authority, to foreign government agency that is collaborating with the public health authority.
Communicable Diseases: We may disclose your protected health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health Oversight: We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the healthcare system, government benefit programs, other government regulatory programs and civil rights laws.
Abuse or Neglect: We may disclose your protected health information to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food And Drug Administration: We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products; to enable product recalls; to make repairs or replacements, or to conduct post marketing surveillance, as required.
Legal Proceedings: We may disclose protected health information in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent disclosure is expressly authorized), in certain conditions in response to a subpoena, discovery request or other lawful process.
Law Enforcement: We may also disclose protected health information, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include (1) legal processes and otherwise required by law, (2) limited information requests for identification and local purposes, (3) pertaining to victims of a crime, (4) suspicion that death has occurred as a result of criminal conduct, (5) in the event that a crime occurs on the premises of the practice, and (6) medical emergency (not on the practice premises) and it is likely that a crime has occurred.
Coroners, Funeral Directors and Organ Donation: We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. Protected health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes.
Research: We may disclose your protected health information to researchers when an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information has approved their research.
Criminal Activity: Consistent with applicable federal and state laws, we may disclose your protected health information, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Military Activity and National Security: When the appropriate conditions apply, we may use or disclose protected health information of individuals who are armed forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits, or (3) to foreign military authority if you are member of that foreign military services. We may also disclose your protected health information to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
Workers’ Compensation: We may disclose your protected health information as authorized to comply with workers’ compensation laws and other similar legally established programs.
Inmates: We may use or disclose your protected health information if you are an inmate of a correctional facility and your physician created or received your protected health information in the course of providing care to you.
Required Uses and Disclosures: Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500 et. seq.
- Your RightsThe following is a statement of your rights with respect to your protected health information and a brief description of how you may exercise these rights.
You have the right to inspect and copy your protected health information. This means you may inspect and obtain a copy of protected health information about you that is contained in a designated record set for as long as we maintain the protected health information. A “designated record set” contains medical and billing records and any other records that your physician and the practice uses for makings decisions about you.
Under federal law, however, you may not inspect or copy the following records; psychotherapy notes; information compiled in reasonable anticipation of, or use in a civil, criminal, or administrative action or proceeding, and protected health information that is subject to law that prohibits access to protected health information. Depending on the circumstances, a decision to deny access may be reviewed at your request. Please contact our Privacy Contact if you have questions about access to your medical records.
You have the right to request a restriction of your protected health information. This means you may ask us not to use or disclose any part of your protected health information for the purposes of treatment, payment or healthcare operations. You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply.
Your physician is not required to agree to a restriction that you may request. If the physician believes it is in your best interest to permit use and disclosure of your protected health information, your protected health information will not be restricted. If your physician does agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment. With this in mind, please discuss any restriction you wish to request with your physician or our Privacy Contact. You may request a restriction by submitting a written, notarized document stating the specific elements of your protected health information you wish not to be used or disclosed. This document should be delivered to our Privacy Contact, or your physician, or by registered mail. Your request is subject to review by your physician and acceptance of the document does not imply your physicians’ acceptance of the requested restriction.
You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable requests. We may also condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact. We will not request an explanation from you as the basis for the request. Please make this request in writing to our Privacy Contact.
You may have the right to have your physician amend your protected health information. This means you may request an amendment of protected health information about you in a designated record set for as long as we maintain this information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us as we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Please contact our Privacy Contact if you have questions about amending your medical record.
You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information. This right applies to disclosures for purposes other than treatment, payment or healthcare operations as described in this Notice of Privacy Practices. It excludes disclosures we may have made to you, for a facility directory, to family members or friends involved in you care, or for notification purposes. You have the right to receive specific information regarding these disclosures that occurred after April 14, 2003. You may request a shorter time frame. The right to receive this information is subject to certain exceptions, restrictions and limitations.
You have the right to obtain a paper copy of this Notice from us, upon request even if you have agreed to accept this notice electronically.
- ComplaintsYou may complain to us or to the Secretary of Health and Human Services if you believe your privacy rights have been violated by us. You may file a complaint with us by notifying our Privacy Contact of your complaint. We will not retaliate against you for filing a complaint.
You may contact our Office Manager at 914-428-4700 for further information about the complaint process.