HIPAA NOTICE OF PRIVACY PRACTICES
During your treatment at CA Solay Healthcare Group, PC (the “Practice”), doctors, nurses, and other caregivers may gather information about your medical history and your current health.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (Notice) describes how we may use and disclose your protected health information (PHI) to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI. PHI is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or mental health or condition and related health care services.
PERMITTED USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
There are certain circumstances under which we may use or disclose your PHI without first obtaining your written authorization. Accordingly, except where prohibited by federal or state laws that require special privacy protections, we may use and disclose your PHI without your written authorization for the following purposes:
Treatment: We may use and disclose your PHI to provide, coordinate, or manage your treatment and any related health care services you receive from us. This includes coordination or management of your health care with a third party. For example, we will disclose your PHI, as necessary, to a home UVB device distributor in order to coordinate the shipment of a medical device to you. We will also share your PHI with another health care provider with whom we need to consult with respect to your care, such as your referring physician or a physician to whom you are referred.
Payment: We may use and disclose your PHI to obtain reimbursement from you or your health insurance plan, or another third party payor, for the services and procedures we render to you. For example, the Practice may need to provide your health plan information about services you received from us so that your health plan will pay us for those services. We may also disclose to your health plan the services you are going to receive to determine whether your plan will cover the treatment.
Health Care Operations: We may use or disclose, as needed, your PHI for our operations, to improve your care, and to contact you when necessary. For example, we may use or disclose your PHI for our business planning and development operations, including improvement in our methods of operations or quality assessment activities, and general administrative functions. We may also use your PHI in our overall compliance planning, employee review activities, and arranging for legal or auditing functions.
Appointment Reminders and Other Messages: We may use or disclose your PHI in order to contact you to provide appointment reminders, inform you of a cancellation, or in an emergency. To do so, we may call your home or other phone number you have provided to us, which may include leaving a message on your voicemail or with the individual answering the phone.
Treatment Alternatives; Health-Related Benefits and Services: We may use your PHI to tell you about a health-related product or service that we provide. For example, we may communicate with you about a product or service related to a treatment you are receiving; to coordinate your care and treatment; or to recommend alternative treatment, health care providers, or alternate settings where you can receive health care. If we receive any financial remuneration from a third party for these communications, your written authorization is required.
Required by Law: We may use or disclose your PHI when the use or disclosure is required by law.
Public Health Activities: We may use or disclose your PHI for public health activities, including: prevention or control of disease, injury or disability; reporting child abuse or neglect; maintaining vital records, such as births and deaths; notifying a person regarding potential exposure to a communicable disease; notifying a person regarding a potential risk for spreading or contracting a disease or condition; notifying an appropriate government agency about the abuse or neglect of an adult individual (including domestic violence); or to the federal Food and Drug Administration to report adverse events with medications track regulated products, report product recalls, defects or replacements.
Abuse, Neglect, and Domestic Violence: If we reasonably believe you are a victim of abuse, neglect or domestic violence, to the extent the law requires, your PHI may be disclosed to an agency authorized by law to receive such reports.
Health Oversight Activities: We may disclose your PHI to a health oversight agency to perform oversight activities authorized by law or for appropriate oversight of our clinics, providers, or services such as through audits, investigations, inspections, and licensure activities.
Judicial and Administrative Proceedings: We may disclose your PHI in the course of any judicial or administrative proceeding. For example, we may disclose your PHI in response to a court or administrative order, or in response to a discovery request, subpoena, or other lawful process.
Law Enforcement: We may disclose your PHI to: report certain types of wounds or other physical injuries; a law enforcement official to identify or locate a suspect, fugitive, material witness or missing person; provide certain information about the victim of a crime; about a death due to criminal conduct; about criminal conduct at one of our clinics; and in emergency circumstances, to report a crime, the location of a crime, to identify the victim of a crime, or the identify, description or location of the person who committed the crime.
Coroners, Medical Examiners and Funeral Directors: We may disclose your PHI to facilitate the duties of coroners, medical examiners and funeral directors.
To Avert a Serious Threat to Health or Safety: We may disclose your PHI to reduce or prevent a serious threat to your health and safety or the health and safety of the public or another person.
Military and Veterans: If you are a member of the armed forces, we may disclose your PHI to an appropriate military command authority to assure proper execution of a military mission.
National Security and Intelligence Activities: We may disclose your PHI to federal officials for intelligence and national security activities authorized by law; to protect the President, other officials or foreign heads of state; or to conduct an investigation.
Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the correctional institution or a law enforcement official, as necessary for the institution to provide you with health care, protect your health and safety or the health and safety of others, or for the safety and security of the correctional institution.
Workers’ Compensation: We may disclose your PHI for workers’ compensation or similar programs in order for you to obtain benefits for work-related injuries or illness.
USES AND DISCLOSURES SUBJECT TO YOUR AGREEMENT OR OBJECTION
You will have the opportunity to agree or object before we make any of the following disclosures of your PHI unless you are unable to communicate with us, in which case we will rely on our professional judgment to determine whether the disclosure is in your best interest:
Disclosure to Others Involved in Your Care: We may disclose your PHI to a family member, relative, close friend, or another individual identified by you, only to the extent the PHI is relevant to that individual’s involvement with your care or payment for your health care.
Notification: We may also use or disclose your PHI to notify or assist in notifying a family member, personal representative, or any other individual responsible for your care, of your location or general condition.
Disaster Relief: We may disclose your PHI to a public or private entity authorized by law to assist in disaster relief efforts for the purpose of notifying or assisting in notifying a family member, a personal representative or another individual of your location and general condition.
USES AND DISCLOSURES SUBJECT TO YOUR WRITTEN AUTHORIZATION
Other uses and disclosures not described in this notice or otherwise permitted by law will be made only with your written authorization. We will not use or disclose your PHI for marketing purposes or sell your PHI to any third party, without your written authorization.
If you provide us with written authorization to use or disclose your PHI, you may revoke your authorization, in writing, at any time. Upon receipt of your written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken actions related to use or disclosure of your PHI in reliance on your authorization. Further, we will be unable to undo any disclosures that we have already made pursuant to your authorization.
YOUR RIGHTS REGARDING PHI
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), you have certain rights regarding the use and disclosure of your PHI, as follows:
Right to a Copy of Your Medical Record: You have a right to access, inspect, and copy your medical record and any other health information we have about you. We will provide a copy or a summary of your health information within thirty (30) days following your request. We may charge a reasonable, cost-based fee for the information.
Amend your Medical Record: You have a right to request an amendment to your medical record. We may deny any request for amendment of your PHI if the information was not created by us, is not part of the designated record set maintained by us, is not part of the information to which you have a right to access, or we have determined is already accurate and complete. If we deny your request for an amendment, we will provide a written denial with the reasons for the denial. We will respond to your amendment request in a timely fashion, in accordance with applicable law.
Accounting of Disclosures: You have a right to receive an accounting of all disclosures we make to other persons or entities, except for disclosures made for purposes of treatment, payment, and health care operations; disclosures made pursuant to your written authorization; disclosures incidental to another permissible use or disclosure; and otherwise as allowed by law. We will provide one accounting of disclosures per year for free, but will charge a reasonable, cost-based fee if you ask for another accounting within twelve (12) months.
Request Restrictions on Certain Uses and Disclosures: You may request that we restrict the uses and disclosures of your PHI for treatment, payment and operations, or restrictions involving your care or payment related to that care. We are not required to agree to the restriction; however, if we agree, we will comply with it, except with respect to emergencies, disclosure of the information to you, or if we are otherwise required by law to make a full disclosure without restriction. You may also request a restriction on the disclosure of your PHI to a health plan for purpose of payment or health care operations, if you paid for the services in cash, out-of-pocket, in full.
Request Confidential Communications: You have the right to request receipt of confidential communications of your medical information by an alternative means or at an alternative location. If you require such an accommodation, you will be charged a fee for the accommodation and will be required to specify the alternative address or method of contact and how payment will be handled.
Breach Notification: You have the right to receive notification from us if there is a breach of your unsecured PHI.
Paper Copy: You have the right to receive a paper copy of this notice, if the notice was initially provided to you electronically, and to take a copy with you if you wish.
OUR DUTIES AND RESPONSIBILITIES
We have the following duties with respect to the maintenance, use and disclosure of your medical records:
We are required by law to maintain the privacy and security of the PHI in your medical records.
We are required to abide by the duties and privacy practices described in this Notice currently in effect and to provide you with a copy of this Notice. We will attempt in good faith to obtain your signed acknowledgement that you received this Notice.
We reserve the right to change the terms of this Notice at any time, making the new provisions effective for all PHI and medical records we have and continue to maintain. All changes in this Notice will be prominently displayed and available at our office and on our website.
COMPLAINTS
You may file a written complaint with us or with the Secretary of Health and Human Services (HHS) if you believe your privacy rights with respect to your PHI have been violated. All complaints must be in writing and, in the case of a complaint to us, must be addressed to the Practice Manager at the electronic address listed below. If we cannot resolve your complaint, you may file a complaint to the person designated by the Secretary of HHS, by sending a letter to 200 Independence Avenue, S.W., Washington D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints. We will not retaliate against you for filing a complaint.
CONTACT PERSON
All questions concerning this Notice, or requests made pursuant to it, should be addressed to:
CA Solay Healthcare, P.C.
ATTN: Shawn Thomas
Email: shawn.thomas@solayhealth.com
EFFECTIVE DATE
This Notice is effective April 17, 2023, and applies to all PHI contained in your medical records maintained by us.