THIS NOTICE DESCRIBES HOW YOUR PROTECTED HEALTH INFORMATION MAY BE USED AND DISCLOSED. PLEASE REVIEW IT CAREFULLY.
OUR LEGAL DUTY:
Carolina Eyecare Physicians is required to comply with all applicable federal and state laws to maintain the privacy of your Protected Health Information (‘PHI’). PHI is defined as “any individually identifiable health information that relates to any physical or mental health or that can otherwise be used to identify the individual”.
Carolina Eyecare Physicians is also required to provide you with this notice about our privacy practices, our legal obligations, and your rights concerning your PHI. This notice is effective September 23, 2013, and is subject to any amendments enacted by the governing statutes. Periodic amendments may also be made in order to clarify certain language of the applicable laws and statutes. Due to the Health Information Technology for Economic and Clinical Health (HITECH) Act under the American Recovery and Reinvest Act (ARRA) of 2009, the HIPAA Privacy Rules have evolved and took final form with the release of the Omnibus Privacy Final Rules issued in January of 2013.
You may request a copy of this notice (or any subsequent revision of this notice) at any time. For more information about our privacy practices, or for additional copies of this notice, please contact us using the information listed at the end of this notice.
Carolina Eyecare Physicians may use and disclose your PHI to (1) facilitate your medical treatment, (2) obtain payment from your health insurance company for medical services, and (3) industry standard health care operations. Such use and disclosure of your PHI is considered under HIPAA as “permissible use”. Any and all “permissible use” of your PHI will be made within “minimum necessary” limitations, and only to facilitate specific activity directly relative to treatment, payment and / or operations.
Following are examples of permissible use of your PHI.
Treatment: Carolina Eyecare Physicians may use and disclose your PHI to provide, coordinate, or manage your health care and any related services as recommended by your medical provider. This includes the coordination or management of your health care with a third party or other physicians who may currently be involved with your medical care or whom it may be determined by your medical condition to be required with your medical care for the purposes of diagnosis and treatment (i.e. specialist, laboratory, hospital, or other facility).
Payment: Carolina Eyecare Physicians may use and disclose your PHI to obtain payment for your health care services. This may include providing copies of the pertinent medical record to your health insurance plan in order to determine eligibility and benefits, obtain pre-authorization on your behalf for recommended medical services, review of medical services provided to you to confirm medical necessity, and other health plan utilization review activities. For example, obtaining approval for a hospital admission may require that your relevant PHI be disclosed to the health plan to obtain approval for the hospital admission.
Health Care Operations: Carolina Eyecare Physicians may use and disclose your PHI in order to facilitate industry standard business and operational activities. These activities include, but are not limited to, daily clinic operations relative to scheduling, appointment reminders, assembly and maintenance of your medical record, and inter-departmental coordination of your medical care. For example, we may use a sign-in sheet at the registration desk where you will be asked to sign your name, call you by name in the waiting room when your doctor is ready to see you, or contact you by telephone or mail to ensure necessary continuum of care or other related activities.
Carolina Eyecare Physicians may share your PHI with third party “business associates” that perform certain activities (i.e. billing, transcription services) for the company. Whenever an arrangement between our office and a business associates involves “permissible use” of your PHI, your PHI is protected by a Business Associate Agreement that contains terms that will protect your PHI.
Uses and Disclosures Based On Your Written Authorization: Any other uses and disclosures of your PHI will be made only with your written authorization, unless otherwise permitted or required by law as described below.
You may give us written authorization to use your PHI or to disclose it to anyone for any purpose. Your written authorization may be revoked in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. Without your written authorization, we will not disclose your health care information except as described in this notice.
Health information that has been properly de-identified is not protected by the HIPAA Privacy Rule, and may be used for research and other statistical purposes.
Others Involved in Your Health Care: Unless you object, we may disclose to a member of your family, a relative, a close friend, or any other person you identify as an emergency contact, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose PHI to notify or assist in notifying a family member, personal representative, or any other person that is responsible for your care of your location, general condition, or death.
Marketing: We may use your PHI to contact you with information about treatment alternatives that may be of benefit or interest to you. We may disclose your PHI to a business associate to assist us in these activities. Unless the information is provided to you by a general newsletter or in person or is for products or services of nominal value, you may opt out of receiving further such information by telling us using the contact information listed at the end of this notice.
Research; Death; Organ Donation: Your (de-identified) PHI may be used or disclosed for research purposes in limited circumstances. Your PHI may be disclosed to a coroner, protected health examiner, funeral director, or organ procurement organization under specific circumstances.
Public Health and Safety: Your PHI may be disclosed to the extent necessary to avert a serious and imminent threat to your personal health or safety, or the public health or safety of others. Your PHI may be disclosed to a government health agency authorized to oversee the health care system or government programs or its contractors, and to public health authorities for public health purposes.
Health Oversight: Your PHI may be disclosed to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
Abuse or Neglect: Your PHI may be disclosed to a public health authority that is authorized by law to receive reports of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration: Your PHI may be disclosed to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations; to track products to enable product recalls; to make repairs or replacements; or to conduct post marketing surveillance, as required.
Criminal Activity: Consistent with applicable state and federal laws, your PHI may be disclosed, if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public. We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.
Required by Law: Your PHI may be disclosed when we are required to do so by law. For example, we must disclose your PHI to the U.S Department of Health and Human Services upon request for purposes of determining whether we are in compliance with privacy laws. We may disclose your PHI when authorized by Workers’ Compensation or other similar laws.
Process and Proceedings: Your PHI may be disclosed to legally authorized law enforcement officials in response to a court or administrative order, subpoena, discovery request or other lawful process, under certain circumstances. CEP may disclose PHI of an inmate or other person in lawful custody to a law enforcement official or correctional institution under certain circumstances. We may disclose PHI where necessary to assist law enforcement officials to capture an individual who has admitted to participation in a crime or who has escaped from lawful custody.
Access: You have the right to review or obtain copies of your PHI, with limited exceptions. You must make a request in writing to the primary practice location where you have most recently received medical services. You may also request access by sending us a letter to the address at the end of this notice. You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.
Accounting for Disclosures: You have the right to receive a list of instances in which we or our business associates used or disclosed your PHI for purposes other than treatment, payment, health care operations and certain other activities after April 14, 2003. After April 14, 2003, the accounting will be provided for the past six (6) years. We will provide you with the date on which we made the disclosure, the name of the person or entity to which we disclosed your PHI, a description of the PHI we disclosed, the reason for the disclosure, and certain other information. If you request this list more than once in a 12-month period, we may charge you a reasonable, cost- based fee for responding to these additional requests.
Restriction Requests: You have the right to request that we place additional restrictions on the use or disclosure of your PHI. We are not required to agree to these additional restrictions, but if we do, we will abide by our agreement (except in an emergency or as required by law). Any agreement we may make on such a request for additional restrictions must be in writing signed by a person authorized to make such an agreement on our behalf. We will not be bound unless our agreement is so memorialized in writing.
Confidential Communication: You have the right to request that we communicate with you in confidence about your PHI by alternative means or to an alternative location. You must make your request in writing. We must accommodate your request if it (1) is reasonable, (2) specifies the alternative means or locations, and (3) continues to permit CEP to bill and collect payment for medical services rendered to you in good faith.
Amendment: You have the right to request that we amend your PHI. Your request must be in writing, and it must explain why the information should be amended. We may deny your request if we did not create the information you want amended or for certain other reasons. If we deny your request, we will provide you a written explanation. If we comply with your request, we will make reasonable efforts to inform others, including people or entities you name, of the amendment and to include the changes in any future disclosures of the information.
Electronic Notice: If you receive this notice on our website or by electronic mail (e-mail), you are entitled to receive this notice in written form. Please contact us using the information listed at the end of this notice to obtain the notice in written form.
Ask us to limit what we use or share: You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care. If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
Breaches: You will be notified immediately if we receive information that there has been a breach involving your PHI.
Website Privacy: Any personal information you provide us with via our website, including your e-mail address, will never be sold or shared with any third party without your express permission. If you provide us with any personal contact information in order to receive anything from us, we may collect and store that personal data. We do not automatically collect your personal e-mail address simply because you visit our site. In some instances, we may partner with a third party to provide services such as newsletters, surveys to improve our services, health or company updates, and in such case, we may need to provide your contact information to said third parties. This information, however, will only be provided to these third party partners specifically for these communications, and the third party will not use your information for any other reason. While we may track the volume of visitors on specific pages of our website and download information from specific pages, these numbers are used in aggregate and without any personal information. This demographic information may be shared with our partners, but it is not linked to any personal information that can identify you or any visitor to our site.
If you want more information about our privacy practices or if you have questions or concerns, please contact Carolina Eyecare Physicians HIPAA Privacy Officer indicated below.
If you believe that we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI or in response to a request you made, please submit your concerns in writing to the Carolina Eyecare Physicians HIPAA Privacy Officer indicated below. You also may submit your concerns to the U.S Department of Health and Human Services upon request.
We support your right to protect the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S Department of Health and Human Services.
HIPAA Privacy Officer: Jessica Hondal
Telephone: (843) 725-0064