NOTICE OF PRIVACY PRACTICES
IOWA EYE, P.C.
1650 First Avenue NE Cedar Rapids, Iowa 52402
Effective Date: April 14, 2003
Revised Effective: September 23, 2013
As Required by the Privacy Regulations Created as a Result of the
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION
PLEASE REVIEW THIS NOTICE CAREFULLY
A. OUR COMMITMENT TO YOUR PRIVACY
Our practice is dedicated to maintaining the privacy of your Protected Health Information (PHI). In conducting our business, we will create records regarding you and the treatment and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We are also required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in our practice concerning your PHI. By federal and state law, we must follow the terms of the notice of privacy practices that we
have in effect at the time. We will inform you of any unauthorized access, use or disclosure of your unencrypted confidential information in the event it is compromised no later than 60 (sixty) days after discovery of a breach.
We realize these laws are complicated, but we must provide you with the following important information:
How we may use and disclose your PHI
Your privacy rights concerning your PHI
Our obligations concerning the use and disclosure of your PHI
The terms of this notice apply to all records containing your PHI that are created or retained by our practice. We reserve the right to revise or amend this Notice of Privacy Practices. Any revision or amendment to this notice will be effective for all of your records that our practice has created or maintained in the past, and for any of your records that we may create or maintain in the future. Our practice will post a copy of our current Notice in our office in a visible location at all times, and you may request a copy of our most current Notice at any time. In addition, our Notice of Privacy Practices will be posted on our website.
B. WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION (PHI) IN THE FOLLOWING WAYS:
1. Treatment: Our practice may use your PHI to treat you. For example, we may ask you to have laboratory tests (such as a blood test), and we may use the results to help us reach a diagnosis. We might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when we order a prescription for you. Many of the people who work for our practice – including but not limited to, our physicians and technicians – may use or disclose your PHI in order to treat you or to assist others in your treatment. Additionally, we may disclose your PHI to others who may assist in your care, such as your spouse, children or parents. Finally, we may also disclose your PHI to other health care providers for purposes related to your treatment. We will disclose
any mental health information, including psychotherapy notes, AIDS or HIV- related information, or drug treatment information, that we may have about you only with written authorization as required by Iowa law, HIPAA and other federal regulations.
During the course of your treatment, we may refer you to other health care providers such as independent laboratories with which you may not have direct patient contact. These providers are called “indirect treatment providers”. “Indirect treatment providers” are required to comply with the privacy requirements of state and federal laws and keep your medical information confidential.
2. Payment: Our practice may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. For example, we may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits), and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment.
We also may use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, such as family members. Also, we may use your PHI to bill you directly for service and items. We may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.
3. Health Care Operations: Our practice may use and disclose your PHI to operate our business. Examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations.
4. Appointment Reminders: Unless you object in advance, our practice may use and disclose your PHI to contact you and remind you of an appointment or that you are due to receive periodic care from the Practice. This contact may be by phone, in writing or otherwise, and may involve leaving a message on an answering machine that could (potentially) be received or intercepted by others.
5. Treatment Options: Our practice may use and disclose your PHI to inform you of potential treatment options or alternatives. However, we will not use or disclose medical information to market other products and services, either ours or those of third parties, without your authorization.
6. Health-Related Benefits and Services: Our practice may use and disclose your PHI to inform you of health-related benefits or services that may be of interest to you.
7. Release of Information to Family/Friends: Our practice may release your PHI to a friend or family member that is involved in your care, or who assists in taking care of you. For example, we may give medical information, including prescription information or information concerning your appointments to friends who are involved in your care. We may also give such information to someone who helps pay for your care. In addition, we may disclose medical information about you to any entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
8. Disclosures Required by Law: Our practice will use and disclose your
PHI when we are required to do so by federal, state or local laws.
C. USE AND DISCLOSURE OF YOUR PHI IN CERTAIN SPECIAL CIRCUMSTANCES.
The following categories describe unique scenarios in which we may use or disclose your Protected Health Information:
1. To Business Associates: The Iowa Eye Center from time to time will hire consultants called “Business Associates”, who render services to us. We may disclose your medical information to such Business Associates without your consent or authorization. Business Associates are required to maintain and comply with the privacy requirement of state and federal law and keep your medical information confidential. Examples of “Business Associates” are computer software vendors who assist us in maintaining and processing medical information, and IT engineers who assist us in maintaining our computer
2. Public Health Risks: Our practice may disclose your PHI to public health authorities that are authorized by law to collect information for the purposes of:
maintaining vital records, such an births and deaths
reporting child abuse or neglect
preventing or controlling disease, injury or disability
notifying a person regarding potential exposure to a communicable disease
notifying a person regarding a potential risk for spreading or contracting a disease or condition
reporting reactions to drugs or problems with products or devices
notifying individuals if a product or device they may be using has been recalled
notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient (including domestic violence): however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information
notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance.
3. Health Oversight Activities: Our practice may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative, and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
4. Lawsuits and Similar Proceedings: Our practice may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena, or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
5. Law Enforcement: We may release PHI if asked to do so by a law enforcement official:
regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement
concerning a death we believe has resulted from criminal conduct
Regarding actual or suspected criminal conduct at our office
In response to a warrant, summons, court order, subpoena or similar legal process
To identify/locate a suspect, material witness, fugitive or missing person
In an emergency, to report a crime, (including the location or victim(s) of the crime), or the description, identity or location of the
6. Deceased Patients: Our practice may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their jobs.
7. Organ and Tissue Donations: Our practice may release your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation banks, as necessary to facilitate organ or tissue donation and transplantation if you are an organ donor.
8. Research: From time to time we participate in research studies with entities such as drug companies. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. Before we use or disclose medical information for research, the project will have been approved through a research approval process required by federal law. We may disclose medical
information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs as permitted by federal law. As a general rule, we will ask for your specific permission if the researcher will have access to your name, address or other information that reveals who you are. We will also comply with all other requirement under federal law to seek your written authorization to disclose protected health information in connection with research studies.
9. Serious Threats to Health or Safety: Our practice may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
10. Military: Our practice may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities.
11. Nation Security: Our practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the President, other officials or foreign heads of state, or to conduct investigations.
12. Inmates: Our practice may disclose your PHI to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary: (a) for the institution to provide health care services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety or other individuals.
13. Workers’ Compensation: We may release medical information about you for workers’ compensation or similar programs without consent or authorization. These programs provide benefits for work-related injuries or illnesses. For example, if you are injured on the job, we may release information regarding that specific injury.
D. YOUR RIGHTS REGARDING YOUR PHI
You have the following rights regarding the PHI that we maintain about you:
1. Confidential Communication: You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work. In order to request a type of confidential communication, you must make a written request to: Attn: Practice Manager, Iowa Eye, P.C.,1650 First Avenue NE, Cedar Rapids, IA 52402, specifying the requested method of contact, or the location where you wish to be contacted.
Our practice will accommodate reasonable requests. You do not need to give a reason for your request.
2. Requesting Restrictions: You have the right to request a restriction in our use or disclosure of your PHI for treatment, payment or healthcare operations. Additionally, you have the right to request that we restrict
our disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such a family members and friends. For example, you may request that your spouse or child who is involved in your care not receive certain information about your condition. We are not required to agree to your requests in their entirety in advance unless the disclosure is to a health plan or other payer for purposes of carrying out payment or healthcare operations, unless required by law and you have paid for the services yourself. For all other requests, if we do agree, we are bound by our agreement except where otherwise required by law, in emergencies, or when the information is necessary
to treat you. In order to request a restriction in our use or disclosure of your PHI, you must make your request in writing to: Attn: Practice Manager, Iowa Eye, P.C., 1650 First Avenue NE, Cedar Rapids, IA 52402. Your request must describe in a clear and concise fashion:
(a) the information you wish restricted
(b) whether you are requesting to limit our practice’s use, disclosure or both; and
(c) to whom you want the limits to apply
3. Inspections and Copies: You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, but not including psychotherapy notes. For any medical information maintained in your electronic medical record your written request may include a request to provide a copy in electronic form. We will provide the information to you in the form and format you requested, assuming it is readily producible. If we cannot readily produce the record in the format you request, we will produce it in another readable electronic form. In addition, we
will transmit information from your electronic medical record directly to a person or entity of your choosing if the request is made in writing and you sign an authorization. You must submit your request in writing to : Attn: Practice
Administrator, Iowa Eye, P.C., 1650 First Avenue NE, Cedar Rapids, IA
52402 (319-362-3937) in order to inspect and/or obtain a copy of your PHI. Our practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. Another licensed health care professional chosen by us will conduct the review. The person conducting the review will not be the person
who denied your request. We will comply with the outcome of the review.
4. Amendment: You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by our practice. To request an amendment, your request must be made in writing and submitted to: Attn: Practice Manager, Iowa Eye, P.C., 1650 First Avenue NE, Cedar Rapids, IA 52402. You must provide us with a reason that supports your request for amendment. Our
practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you ask us to amend information that is in our opinion: (a) accurate and complete; (b) not
part of the PHI kept by or for the practice; (c) not part of the PHI which you
would be permitted to inspect and copy; or (d) not created by our practice, unless the individual or entity that created the information is not available to amend the information.
5. Accounting of Disclosures: All of our patients have the right to request an “accounting of disclosures”. An “accounting of disclosures” is a list of
certain non-routine disclosures our practice has made of your PHI for non- treatment, non-payment or non-operations purposes. Use of your PHI as a part of the routine patient care in our practice will not be part of the accounting unless disclosed from the electronic records. In order to obtain an accounting of disclosures, you must submit your request in writing to: Attn: Practice Manager, Iowa Eye, P.C., 1650 First Avenue NE, Cedar Rapids, IA 52402. All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure for paper records and three (3) years for treatment records from the electronic record. The first list you request within a 12-month period is free of charge, but our practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
6. Right to a Paper Copy of this Notice: You are entitled to receive a paper copy of our Notice of Privacy Practices. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this notice contact the Medical Records Department 319-362-3937.
7. Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint with our practice contact : Attn: Practice Manager, Iowa Eye, P.C., 1650 First Avenue NE, Cedar Rapids, IA 52402. All complaints must be submitted in writing. You will not be penalized for filing a complaint.
8. Right to Provide an Authorization for Other Uses and Disclosures: Our practice will obtain your written authorization for uses and disclosures that are not identified by this notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please note, we are required to retain records of your care. You understand that we are
unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.
If you have any questions regarding this notice or our health information privacy policies, please contact:
Attn: Practice Manager
Iowa Eye, P.C.
1650 First Avenue NE Cedar Rapids, IA 52402