Notice of Privacy Practices Effective Date of this Notice: November 14, 2019
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
- OUR COMMITMENT TO YOUR PRIVACY
This notice applies to all practices doing business under QualDerm Management and includes all affiliated practices.
We are dedicated to maintaining the privacy of your protected health information (PHI). In conducting our business, we will create records regarding you and the treatment and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We also are required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in our practice concerning your PHI. By federal and state law, we must follow the terms of the Notice of Privacy Practices that we have in effect at the time your care or treatment was provided. We are also required to notify you if your information has been compromised.
This Notice of Privacy Practices describes how we may use and disclose your PHI to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI. PHI is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health condition and related health care services. This notice applies to all of the records of your care and billing for care that are created or maintained by us.
The terms of this notice apply to all records containing your PHI that are created or retained by us. We reserve the right to revise or amend this Notice of Privacy Practices. Any revision or amendment to this notice will be effective for all of your records that we have created or maintained in the past, and for any of your records that we may create or maintain in the future. We will post a copy of our current notice in our offices in a visible location at all times. You may view a copy of our most current notice at any time by accessing our website: https://www.qualderm.com/
- WE MAY USE AND DISCLOSE YOUR PHI IN THE FOLLOWING WAYS:
The following categories describe the different ways in which we may use and disclose your PHI.
- We may use your PHI to treat you. For example, we may ask you to have laboratory tests (such as blood or urine tests), and we may use the results to help us reach a diagnosis. We might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when we order a prescription for you. Many of the people who work for our practice, including but not limited to, our doctors and nurses may use or disclose your PHI in order to treat you or to assist others in your treatment. Finally, we may also disclose your PHI to other health care providers for purposes related to your treatment.
- We may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. For example, we may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits), and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment. We also may use and disclose your PHI to obtain payment from third parties that may be responsible for payment for your care, such as family members. Also, we may use your PHI to bill you directly for services and items. We may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.
- Health Care Operations. We may use and disclose your PHI to operate our business. For example, we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations. We may disclose your PHI to medical school students, residents or fellows that see patients at our office. We may also call you by name in the waiting room when your physician is ready to see you. We will share your PHI with third-party “business associates” that perform various activities (e.g., billing, computer services) for the practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your PHI, we will have a written contract that contains terms that will protect the privacy of your PHI.
- Appointment Reminders. We may use and disclose your PHI to contact you and remind you of an appointment. We will leave a message for you at any telephone number you give us stating the time of the appointment and the name of the person with whom you have the appointment unless we have agreed in writing to your written request to handle appointment reminders differently.
- Treatment Options. We may use and disclose your PHI to inform you of potential treatment options or alternatives.
- Health-Related Benefits and Services. We may use and disclose your PHI to inform you of health-related benefits or services that may be of interest to you. We may use or disclose your PHI, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. We do not “sell” your PHI to other individuals or companies.
- Release of Information to Family/Friends. We may disclose your PHI to a friend or family member that is involved in your care, or who assists in taking care of you. Only information that is relevant to their role in your care will be
- We may use and disclose your PHI for research purposes in certain research studies, but only when they meet all federal and state requirements to protect your privacy, such as using de-identified data when possible. You may also be contacted to participate in a research study.
- We may use or disclose your PHI in an emergency treatment situation. If this happens, we will try to obtain your authorization as soon as reasonably practicable after the delivery of treatment. If we are required by law to treat you and have attempted to obtain your authorization but are unable to do so, we may still use or disclose your PHI to treat you.
- Communication Barriers. We may use and disclose your PHI if your physician or another physician in the practice attempts to obtain consent from you but is unable to do so due to substantial communication barriers, and the physician determines, using professional judgment, that you intend to consent to use or disclosure under the circumstances.
- USE AND DISCLOSURE OF YOUR PHI IN CERTAIN SPECIAL CIRCUMSTANCES REQUIRED BY LAW
We will use and disclose your PHI when we are required to do so by federal, state or local law.
- USE AND DISCLOSURE OF YOUR PHI IN CERTAIN SPECIAL CIRCUMSTANCES PERMITTED BY LAW
The following categories describe unique scenarios in which we may use or disclose your identifiable health information:
- Public Health Risks. We may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:
- Maintaining vital records, such as births and deaths
- Reporting child abuse or neglect
- Preventing or controlling disease, injury or disability
- Notifying a person regarding potential exposure to a communicable disease
- Notifying a person regarding a potential risk for spreading or contracting a disease or condition
- Reporting reactions to drugs or problems with products or devices
- Notifying individuals if a product or device they may be using has been recalled
- Notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information.
- Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative, and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
- Lawsuits and Similar Proceedings. We may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena, or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
- Law Enforcement. We may release PHI if asked to do so by a law enforcement official:
- Regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement
- Concerning a death we believe has resulted from criminal conduct
- Regarding criminal conduct at our offices
- In response to a warrant, summons, court order, subpoena or similar legal process
- To identify/locate a suspect, material witness, fugitive or missing person
- In an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator)
- Deceased Patients. We may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their jobs. We may disclose deceased individuals’ PHI to non-family members, as well as family members, who were involved in the care or payment for health care of the decedent prior to death; however, any disclosure is limited to PHI relevant to such care or payment and will not be inconsistent with any prior expressed preference of the deceased individual.
- The practice may use and disclose your PHI for research purposes in certain limited circumstances. We will obtain your written authorization to use your PHI for research purposes except when an Institutional Review Board or Privacy Board has given approval to waive your authorization.
- Serious Threats to Health or Safety. The practice may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
- We may disclose your PHI if you are a member of U.S. or foreign military forces and if required by the appropriate authorities.
- National Security. The practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We may also disclose your PHI to federal officials in order to protect the President, other officials or foreign heads of state, or to conduct investigations.
- The practice may disclose your PHI to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary: (a) for the institution to provide health care services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety of other individuals.
- YOUR RIGHTS REGARDING YOUR PHI
You have the following rights regarding the PHI that we maintain about you:
- Confidential Communications. You have the right to request that we communicate with you about your health and related issues in a particular manner or at a certain location. For example, you may ask that we contact you at home, rather than work. To request a type of confidential communication please contact the Privacy Officer at (615) 250-6727. You will need to specify the requested method of contact, or the location where you wish to be contacted. You do not need to give a reason for your request. We may ask you to put your request in writing. We will accommodate reasonable requests.
- Requesting Restrictions. You have the right to request a restriction in our use or disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. We are not required to agree to your request; except in the event that you request we restrict information from your health plan for a service or product that was paid for out-of-pocket. In other circumstances, if we do agree, we are bound by our agreement except when otherwise required by law, in emergencies, or when the information is necessary to treat you. Please contact the Privacy Officer at (615) 250-6727 for assistance in completing your request.
- Inspection and Copies. You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records. Please submit your request at the location where you received services.
- You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by or for our practice. To request an amendment, please contact the Privacy Officer at (615) 250-6727. You must provide us with a reason that supports your request for amendment. We may deny your request if you ask us to amend information that is in our opinion: (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by our practice, unless the individual or entity that created the information is not available to amend the information.
- Accounting of Disclosures. All of our patients have the right to request an “accounting of disclosures,” which is a list of certain non-routine disclosures our practice has made of your PHI. To receive an accounting of disclosures, contact the Privacy Officer at (615) 250-6727. All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure and may not include dates before April 14, 2003. The first list you request within a 12-month period is free of charge, but we may charge you for additional lists within the same 12-month period. We will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
- Right to a Paper Copy of This Notice. You are entitled to receive a paper copy of our Notice of Privacy Practices. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this notice, contact the Privacy Officer at (615) 250-6727.
- Right to File a Complaint. If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint, contact the Privacy Officer at (615) 250-6727. You will not be penalized for filing a complaint.
- Right to Provide an Authorization for Other Uses and Disclosures. We will obtain your written authorization for uses and disclosures that are not identified by this notice or permitted by applicable law. We will not use, disclose, or otherwise sell your PHI for marketing purposes without your written authorization. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please submit your revocation at the same location where you submitted your original authorization.
- Right to Notification of a Security Breach. We are obligated to notify you in the event that we experience a security breach, such as a computer system hack, that results in an unauthorized disclosure of your PHI. This obligation also extends to any business associates with whom we contract, such as a third-party billing provider, that may experience a security breach that results in an unauthorized disclosure of your PHI.