Notice of Privacy Practices
Effective: January 1, 2022
I. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or conditions and related health care services.
We are required to abide by the terms of this Notice of Privacy Practices. We may change the terms of this Notice at any time. Any revised Notice of Privacy Practices would be effective for all protected health information that we maintain at that time. Upon your request, we will provide you with any revised Notice of Privacy Practices by calling the office and requesting that a revised copy be sent to you in the mail. A copy of the current Notice of Privacy Practices will be prominently displayed in our office at all times and posted on our website at cirrushealthservices.com
II. USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
A. Uses and Disclosures of Protected Health Information
We may use or disclose your health information to third parties including, but not limited to, your insurance company and your other health care providers for treatment, payment or operational purposes without your written authorization, as allowed under law.
Treatment: We will use and disclose your health information to provide, coordinate or manage your health care and any related treatment. This includes the coordination or management of your health care with a third party that already has obtained your permission to have access to your health information. For example, we would disclose your health information, as necessary, to your primary care physician. We also may disclose health information to other specialist physicians who may be treating you.
Payment: Your health information will be used, as needed, to obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we provide for you, determining your eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity and undertaking utilization review activities.
Health Care Operations: We may use or disclose, as needed, your health information in order to support the business activities of our practice. These activities include, but are not limited to, quality assessment activities, employee review activities, licensing, and conducting or arranging for other business activities. For example, we may disclose your health information to an insurer or accreditation agency which performs chart audits. In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name. We may use or disclose your health information, as necessary, to contact you to remind you of your scheduled appointment.
We will share your health information with third party “business associates” that perform various activities for our practice (e.g., computer consulting company, law firm or other consultants). Whenever an arrangement between our office and a business associate involves the use or disclosure of your health information, we will have a written contract that contains terms that will protect the privacy of your health information.
We may use or disclose your health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. You may contact our HIPAA Privacy and Security Officer to request that these materials not be sent to you.
B. Uses and Disclosures of Protected Health Information Based upon Your Written Authorization
Other uses and disclosures of your health information will be made only with your written authorization, unless otherwise permitted or required by law as described below. You may revoke your authorization at any time, in writing, except to the extent that we have taken an action in reliance on the use or disclosure indicated in the authorization.
The following uses and disclosures will be made only with your authorization:
- Uses and disclosures for marketing purposes;
- Uses and disclosures that constitute the sale of your PHI;
- Most uses and disclosures of psychotherapy notes; and
- Other uses and disclosures not described in the notice
C. Other Permitted and Required Uses and Disclosures That May Be Made with Your Permission or Opportunity to Object
Others Involved in Your Health Care: If you agree, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based upon our professional judgment.
Information to your family members: Unless prior preference is expressed to us, a deceased patient’s health information may be disclosed to a distributee, executor or administrator of the decedent as allowed, and in accordance with, applicable law.
Immunization Disclosure to Schools: Upon your agreement, which may be oral or in writing, we may disclose proof of immunization to a school where a state or other law requires the school to have such information prior to admitting the student.
D. Other Permitted and Required Uses and Disclosures that may be Made without your Consent or Authorization
Required by Law: We may use or disclose your health information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law.
Public Health: We may disclose your health information for public health activities to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability. We also may disclose your health information, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
Communicable Diseases: We may disclose your health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health Oversight: We may disclose your health information to a governmental agency for activities authorized by law, such as audits, investigations, and inspections.
Abuse or Neglect: We may disclose your health information to a public health authority that is authorized by law to receive reports of abuse or neglect. In addition, we may disclose your health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information.
Product Monitoring and Recalls: We may disclose your health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, and biologic product deviations; to track products; to enable product recalls; to make repairs or replacements, or in connection with post-marketing surveillance, as required by law.
Research: We may use and disclose your health information as permitted by law for research. This is subject to your authorization and/or oversight by an approved Institutional Review Board (IRB), committees charged with protecting the privacy rights and safety of human subject research.
Legal Proceedings: We may disclose your health information in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in certain conditions in response to a subpoena, discovery request or other lawful process.
Law Enforcement: We may also disclose health information, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes included (1) legal processes (e.g., court order, subpoena, warrant etc.); (2) limited information requests for identification and location purposes; (3) pertaining to victims of a crime, under certain circumstances, where we are unable to obtain the individual’s agreement; (4) suspicion that death has occurred as a result of criminal conduct, (5) in the event of a crime that occurs on the premises of one of our facilities; and (6) in a medical emergency, to report a crime or location of the crime and/or victims.
Decedents: Health information may be disclosed to funeral directors or coroners to enable them to carry out their lawful duties. The Privacy Rules do not apply to the health information of a person who has been deceased for more than 50 years.
Organ/Tissue Donation: Your health information may be used or disclosed for cadaver organ, eye or tissue donation purposes.
Criminal Activity: We may disclose your health information if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety or a person or the public. We also may disclose health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Military Activity and National Security: When the appropriate conditions apply, we may use or disclose health information of individuals who are Armed Forces personnel for authorized military purposes, as required by law.
Workers’ Compensation: Your health information may be disclosed by us as authorized to comply with workers’ compensation laws and other similar legally-established programs.
Inmates/Law Enforcement Custody: We may disclose your health information to the institution or law enforcement official, if you are an inmate of a correctional facility.
Required Uses and Disclosures: Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of the federal privacy regulations.
III. YOUR RIGHTS
You have the right to request a restriction of your protected health information. This means you may ask us not to use or disclose any part of your health information for the purposes of treatment, payment or health care operations. Your request must be made in writing, and state what information you want to restrict; whether you want to limit our use, disclosure or both; and to whom the restriction applies.
In most circumstances, your physician is not required to agree to a restriction that you may request. If we do agree to accept your requested restriction, we will comply with your request. You may request a restriction of sharing PHI with your health plan, only if payment is made out-of-pocket, in full.
You have the right to receive confidential communications from us. For example, you may ask us to contact you by mail, rather than by phone at home. We will accommodate reasonable requests. Your request must in writing, how or where you wish to be contacted. Accommodations may be made on the condition that you tell us how payment, if any, will be handled and specify an alternative address or other method of contact.
You have the right to inspect and copy your protected health information. This means you have the right of access to inspect and obtain a copy of your health information maintained in the medical record for as long as we are in possession of it, except for: psychotherapy notes; and information gathered in anticipation of, or for use in, a civil, criminal or administrative action or proceeding. We may charge you our standard fee for the costs of copying, mailing or other supplies we use to fulfill your request.
You may have the right to have your physician amend your protected health information. This means you may request an amendment of your health information maintained in the medical record. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information. You have the right to receive a list of specific information regarding disclosures other than for treatment, payment and/or healthcare operations that within the last six (6) years of the date of your request. To request this list or an accounting of disclosures, you must submit a request in writing. The first accounting provided within a 12-month period will be free; for further requests, we may charge you our costs.
You have the right to receive a copy of this notice electronically and/or a paper copy upon request.
You have the right to receive notice in the event of a breach of your unsecured protected health information. This means that you will receive notice if a breach of your health information is discovered with our reasonable delay and no later than 60 days after we discover the breach.
IV. COMPLAINTS
You may complain to us or to the Secretary of Health and Human Services if you believe your privacy rights have been violated.
By notifying our Chief Compliance and Privacy Officer of your complaint at: 3476100088; via email: ipatel@cirrushs.com; or by mail at:
Cirrus Health Services
Attn: Chief Compliance and Privacy Officer
266-19 Union Turnpike
You may also file a complaint with the Department of Health and Human Services via email at: ocrmail@hhs.gov or by mail at:
Regional Manager Office for Civil Rights
U.S. Department of Health and Human Services
Jacob Javitz Federal Building
26 Federal Plaza, Suite 3312
New York, NY 10278