ERIE RETINAL SURGERY, INC.
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Generally speaking, your Protected Health Information is information about you that either identifies you or can be used to identify you and relates to your past, present or future physical or mental health or condition, the provision of health care to you, or payment for health care provided to you. Your medical and billing records at our practice are examples of information that usually will be regarded as your Protected Health Information.
Erie Retinal Surgery is required by law to maintain the privacy of your Protected Health Information, to provide you with notice of our legal duties and privacy practices with respect to your Protected Health Care Information and to notify you following a breach of your unsecured Protected Health Information. We are required to abide by the terms of our Notice of Privacy Practices that currently is in effect. This notice replaces all prior notices and applies to all Protected Health Information that we maintain.
- USES AND DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION
- We may disclose your health information to other physicians or health care providers who are involved in your care. For example, if you are being treated for Diabetic Retinopathy, we may disclose your health information to your primary care physician, the laboratory where you have testing or a specialist involved in your care. Reasons for such a disclosure may be to give them medical information they need to appropriately treat your condition, to coordinate your care or to schedule necessary testing.
- During an office visit, practice physicians and other staff involved in your care may review your medical record and share and discuss your medical information.
- We may share and discuss your medical information with an outside home health agency, hospital or other health care facility where we are admitting or treating you.
- We may use a patient sign-in sheet in the waiting area that is accessible to all patients.
- We may call patients in the waiting room by name when it is time for them to go to an examining room
- We may contact you to provide appointment reminders through an outside service.
- We may use and disclose necessary health information in order to bill and collect payment for the treatment that we have provided to you. For example, we may provide certain portions of your health information to your health insurance company in order to submit claims. To do this, we need to provide your health information to the billing company that handles our health insurance claims.
- We may provide supplemental information to your health insurer so they can obtain reimbursement from another health plan under a coordination of benefits clause in your subscriber agreement.
- Sharing your demographic information (for example, your address) with other health care providers who seek this information to obtain payment for services.
- Mailing you bills with our practice name and return address through an outside service.
- Provision of a bill to a family member or other person designated as responsible for payment for services rendered to you.
- Providing medical records and other documentation to your health insurer to support medical necessity of a health service.
- Allowing your health insurer access to your medical record for a medical necessity or quality review audit.
- Providing information to a collection agency or our attorney for purposes of securing payment of a delinquent account.
- Health Care Operations
- We may use and disclose your Protected Health Information for our health care operation purposes as well as certain health care operation purposes of other health care providers and health plans which may include:
- Quality assessment and improvement activities
- Population based activities relating to improving health or reducing health care costs
- Reviewing competence, qualifications or performance of health care professionals
- Conducting training programs for medical and other students
- Accreditation, certification, licensing and credentialing activities
- Health care fraud and abuse detection and compliance programs
- Conducting other medical review, legal services, auditing functions
- Business planning and development activities such as conducting cost management and planning related analyses
- Sharing information regarding patients with entities that are interested in purchasing our practice and turning over patient records to entities that have purchased our practice
- Other business management and general administrative activities, such as compliance with federal privacy rule and resolution of patient grievances
- If our medical group chooses to participate in a community health education program, we may use your information to contact you. If you do not wish to participate please contact the Privacy Officer.
Uses and Disclosures for Other Purposes
We may use and disclose your Protected Health Information for other purposes. This section describes those purposes by category. Not every potential use or disclosure in a category will be listed. Some examples fall into more than one category, not just the category under which they are listed.
- Individuals involved in care or payment for care: We may disclose your Protected Health Information to someone involved in your care or payment for your care such as a spouse, family member or close friend that you have designated.
- Notification purposes: We may use and disclose your Protected Health Information to notify, or assist in notification of a family member, personal representative or other person responsible for your care regarding your location, general condition or death. If you are hospitalized we may notify a family member of the name and address of the hospital and your general condition. We may disclose your Protected Health Information to a disaster relief entity so that it can notify a family member or personal representative involved in your care regarding your location, general condition or death.
- Required by law: We may use and disclose Protected Health Information when required by federal, state or local law. We may disclose Protected Health Information to comply with mandatory reporting requirements involving child abuse, disease prevention and control, vaccine related injuries, driving impairments, and medical device related deaths and serious injuries, gunshot and other injuries by a deadly weapon or criminal act.
- Other public health activities: We may use and disclose Protected Health Information for public health activities including communicable disease reporting, child abuse and neglect reports, FDA-related reports and disclosure for example adverse event reports, public health warnings to third parties at risk of a communicable disease or condition, OSHA requirements for workplace surveillance and injury reports.
- Victims of abuse, neglect, or domestic violence: We may use and disclose Protected Health Information for purposes of reporting of abuse, neglect or domestic violence in addition to child abuse, for example, reports of elder abuse to the Department of Aging or abuse of a nursing home patient to the Department of Public Welfare.
- Health oversight activities: We may use and disclose Protected Health Information for purposes of health oversight activities authorized by law. These could include audits, inspections, investigations, licensure actions and legal proceedings. For example, we may comply with a Drug Enforcement Agency inspection of patient records.
- Judicial and administrative proceedings: We may use and disclose Protected Health Information in judicial and administrative proceedings in response to a court order or subpoena, discovery request or other lawful process.
- Law enforcement purposes. We may use and disclose Protected Health Information for certain law enforcement purposes including legal processes (search warrant), legal requirement (reporting gunshot wounds), response to request for information about a crime victim, reporting of a death suspected from criminal activity, provide information regarding a crime on the premises, report information related to commission of a crime obtained while providing medical care
- Coroners and medical examiners: We may use and disclose Protected Health Information for purposes of providing information to a coroner or medical examiner for purpose of identifying a deceased patient, determining a cause of death or facilitating their performance of other duties required by law.
- Funeral directors: We may use and disclose Protected Health Information for purposes of providing information to funeral directors as necessary to carry out their duties.
- Organ and tissue donation: For purposes of facilitating organ, eye and tissue donation and transplantation, we may use and disclose Protected Health Information to entities engaged in a procurement, banking or transplantation of cadaveric organs, eyes or tissue.
- Threat to public safety: We may use and disclose Protected Health Information for purposes involving a threat to public safety including protection of a third party from harm and identification and apprehension of a criminal.
- Specialized government functions: We may use and disclose Protected Health Information for purposes involving specialized government functions including; military and veterans activities, national security and intelligence, protective services for the President and others, medical suitability determinations for the Department of State, correctional institutions and other law enforcement custodial situations.
- Workers’ compensation and similar programs: We may use and disclose Protected Health Information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or similar programs established by law that provide benefits for work-related injuries without regard to fault.
- Business Associates: Our “Business Associates” are entities that provide services to our practice and that require access to Protected Health Information of our patients in order to provide those services. A Business Associate of our practice may receive, maintain, or transmit Protected Health Information while performing a function on our behalf. To protect your Protected Health Information, we require Business Associates to enter into written agreements that they will appropriately safeguard the Protected Health Information they require to provide the services they have agreed to provide.
- Creation of de-identified information: We may use Protected Health Information about you in the process of de-identifying the information. For example, we may use your Protected Health Information in the process of removing those aspects which could identify you so that the information can be disclosed for research purposes. When your information has been de-identified in this way, having had all information removed that could reasonably identify that the information is yours, we may disclose this information without your authorization as it is no longer considered Protected Health Information.
- Incidental disclosures: We may disclose Protected Health Information as by-product of an otherwise permitted use or disclosure. For example, other patients may overhear your name being called in the waiting room.
Uses and disclosures with authorization
For all other purposes that do not fall under a category listed under the above section, we must obtain your written authorization to use or disclose your Protected Health Information. In addition, we are required to obtain your authorization to use and disclose your Protected Health Information for most marketing purposes.
Your authorization can be revoked at any time. However, we
are not able to retract uses and disclosures made with your
authorization prior to the effective date of the revocation.
- Further Restriction on Use or Disclosure
You have a right to request that we restrict a use and disclosure of your Protected Health Information which we are otherwise permitted to make, for treatment, payment, or health care operations, to someone who is involved in your care or payment for your care, or for notification purposes.
We are not required to agree to a request for such a restriction, with one exception involving self-pay services. We must agree to a request not to disclose your Protected Health Information to a health plan for payment or health care operations purposes if the information pertains solely to a health care item or service for which we have been paid in full by you or someone other than the health plan and the disclosure is not otherwise required by law.
To request a further restriction as outlined in this section, you must submit a written request to our privacy officer. The request must tell us (a) what information you want restricted (b) how you want the information restricted (c) to whom you want the restriction to apply
- Confidential Communication
You have a right to request that we communicate your Protected Health Information to you by a certain means or at a certain location. For example, you might request that we only contact you by mail or at work. We will accommodate requests for confidential communications as long as they are reasonable.
To make a request for confidential communications, you must submit a written request to our privacy officer. The request must tell us how or where you want to be contacted, in addition if another individual or entity is responsible for payment the request must explain how payment will be handled.
- Accounting of Disclosures
You have a right to obtain upon request, an “accounting” of certain disclosures of your Protected Health Information. This right is subject to limitations. This list would not include any disclosures made for national security purposes, disclosures to corrections or law enforcement authorities or disclosures made prior to April 14, 2003. You may not request an accounting for more than a six (6) year period. In addition, in some circumstances we may charge you for providing the accounting. To request an accounting you must submit a written request to our privacy officer. The request should designate the applicable time period.
- Inspection and Copying
You have a right to inspect and obtain a copy of your Protected Health Information that we maintain in a designated record set. Generally this includes your medical and billing records. This right is subject to limitations. In certain cases we may deny your request. We also may impose charges for the cost involved in providing copies, such as labor, supplies and postage as permitted by Pennsylvania State Law. If your records are maintained electronically, you have the right to specify that the records you requested be provided in electronic form. We will accommodate your request for a specific electronic form or format as long as we are able to readily produce a copy in the
requested form or format. If we cannot do so, we will work with you to reach agreement on an alternative readable electronic form. If you request a copy of your information electronically on a moveable electronic media (such as CD or USB drive) we may charge you for the cost of the media.
To exercise your right of access to your Protected Health Information, you must submit a signed authorization to our privacy officer. The request must (a) describe the health information to which access is requested, (b) state how you want to access the information such as inspection, pick-up of copy, mailing of copy (c) specify any requested form or format, such as paper copy or an electronic means and (d) include the mailing address if applicable.
You may also request that your Protected Health Information be directly transmitted to another person or entity. To exercise this right, you must submit a signed authorization to our privacy officer. The request must be in writing, signed by you and clearly identify both the designated person or entity and where the information should be sent.
- Right to Amendment
You have a right to request that we amend Protected Health Information that we maintain about you in a designated record set if you feel the information is incorrect or incomplete. This right is subject to limitations. In certain cases, we may deny your request for an amendment. To request an amendment, you must provide a written request on our request form (available at reception desk). The request must specify each change that you want and provide a reason to support each requested change. We will respond within 60 days of receiving your request. If we approve your request, we will make the change to your health information, tell you when we have done so and inform others that need to know about the change. If your request was denied, our written denial will state the reasons that your request was denied and explain your right to file a written statement of disagreement with the denial.
- Copy of Privacy Notice
You have a right to receive upon request, a copy of our Notice of Privacy Practices. Copies are available in our office reception area or on our website www.Erieretina.com. Requests for special accommodation regarding the notice should be directed to our privacy officer.
- Notification of Breach
You have a right to receive timely written notice of a breach of your unsecured Protected Health Information, up to 60 days from discovery. A description of the types of unsecured Protected Health Information that were involved in the breach (such as whether full name, social security number, date of birth, home address, diagnosis or other types of information involved) will be disclosed to those patients involved in such a breach of unsecured Protected Health Information.
- Changes to This Notice
We reserve the right to change this notice at any time. We further reserve the right to make any changes effective for all Protected Health Information that we or our Business Associate’s maintain, including information that we or our Business Associates created or received prior to the effective date of the change.
We will post a copy of our current notice in the waiting room for the practice. Patients also may access the current notice at our web site at www.Erieretina.com.
If you believe we have violated your privacy rights, you may submit a complaint to our privacy officer, Diane Starr or Darlene Chojnacki, Office Manager. A complaint form is available at the front desk. You may also submit a complaint to the Office of Civil Rights at US Department of Health and Human Services Hotline (800) 368-1019, Fax (215) 861-4431, TDD (215) 861-4440. You will not be retaliated against for filing a complaint.
Legal Effect of this Notice
This notice is not intended to create contractual or other rights independent of those created in the federal privacy rule.