Notice of Privacy Practices
Effective Date of Last Revision: January 1, 2003
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
A federal regulation known as the “HIPPA Privacy Rule,” requires that we provide detailed notice in writing of our privacy practices. We know that this Notice is long. The HIPPA Privacy Rule requires us to address many specific things in this notice.
I. OUR COMMITMENT TO PROTECTING HEALTH
INFORMATION ABOUT YOU
In this notice, we describe the ways that we may use and disclose health information about our patients. The HIPPA Privacy Rule requires that we protect the privacy of the health information that identifies a patient, or where there is a reasonable basis to believe the information is called “protected health information” or “PHI”. The Notice describes your rights as our patient and our obligations regarding the use and disclosure of PHI. We are requires by law to:
- Maintain the privacy PHI about you;
- Give you this Notice of our legal duties and privacy practices with respect to PHI; and,
- Comply with the terms of our Notice of Privacy Practices that is currently in effect.
We reserve the right to make changes to this Notice and to make such changes effective for all PHI we may already have about you. If and when this Notice is changed, we will post a copy with a revised Notice upon your request made to our Privacy Official.
II. HOW WE MAY USE AND DISCLOSE PROTECTED HEALTH INFORMATION ABOUT YOU
USES AND DISCLOSURES FOR TREATMENT, PAYMENT AND HEALTH CARE OPERATIONS
The following categories describe the different ways we may use and disclose PHI for treatment, payment and health care operations. The examples included with each category do not list every type of use or disclosure that may fall within that category. Treatment: We may use and disclose PHI about you to provide, coordinate or manage your health care and related services. We may consult with other health care providers regarding your treatment and coordinate and manage your health care with others. For example, we may use and disclose PHI when you need a prescription, lab work, an x-ray, or other health care services. In addition, we may use and disclose PHI about you when referring you to another health care provider. For example, if you are referred to another provider, we may disclose PHI to your new physician regarding whether you are allergic to any medications. We may also disclose PHI about you for the treatment activities of another health care provider. For example, we may send a report about your care from us to a physician that we refer you to so that the other physician may treat you. Payment: We may use and disclose PHI so that we can bill and collect payment for the treatment and services provided to you. Before providing treatment or services, we may share details with you health plan concerning the services you are scheduled to receive. Foe example, we may ask for payment approval from your health plan before we provide services. We may use and disclose PHI to find out if your health plan will cover the cost of care and services we provide. We may use and disclose PHI to confirm you are receiving the appropriate amount of care to obtain payment for services. We may use and disclose PHI for billing, claims management, and collection activities. We may disclose PHI to insurance companies providing you with additional coverage. We may disclose limited PHI to consumer reporting agencies relating to the collection of payments owed to us. We may also disclose PHI to another health care provider or to a company required to comply with the HIPPA Privacy Rule for the payment activities of that health care provider, company, or health plan. For example, we may allow a health insurance company to review PHI for the insurance company’s activities to determine the insurance benefits to be paid for your care. Health Care Operations: We may use and disclose PHI in performing business activities which are called health care operations. Health care operations include doing things that allow us to improve the quality of care we provide and to reduce health care costs. We may use and disclose PHI about you in the following health care operations:
- Reviewing and improving the quality, efficiency and cost of care that we provide to our patients. For example, we may use PHI about you to develop ways to assist our physicians and staff in deciding how we can improve the treatment ewe provided to others.
- Improving health care and lowering costs for groups of people who have similar health problems and helping to manage and coordinate the care for these groups of people. We may use PHI to identify groups of people with similar heath problems to give them information, for instance, about treatment alternatives, and educational classes.
- Reviewing and evaluating the skills, qualifications, and performance of health care providers taking care of you and our other patients.
- Providing training programs for students, trainees, health care providers, or non-health care professional (for example, billing personnel) to help them practice and improve their skills.
- Cooperating with outside organizations that assess the quality of the care that we provide.
- Cooperating with outside organizations that evaluate, certify, or license health care providers or staff in a particular field or specialty. For example, we may use of disclose PHI so that one of our nurses may become certified as having expertise in a specific field of nursing.
- Cooperating with various people who review our activities. For example, PHI may be seen by doctors reviewing the services provided to you, and by accountants, lawyers, and others who assist us in complying with the law and managing our business.
- Assisting us in making plans for our practice’s future operations.
- Resolving grievances within our practice.
- Reviewing our activities and using or disclosing PHI in the event that we sell our practice to someone else or combine with another practice.
- Business planning and development, such as cost management analyses.
- Business management and general administrative activities of our practice, including managing our activities related to complying with the HIPPA Privacy Rule and other legal requirements.
- Creating “de-identified” information that us not identifiable to any individual.
If another health care provider, company, or health plan that is required to comply with the HIPPA Privacy Rule has once had a relationship with you, we may disclose PHI about you for certain health care operations of the health care provider or company. For example, such health care operations may include: reviewing and improving the quality, efficiency and the cost of the care provided to you; reviewing and evaluating the skills, qualifications, and performance of health care providers, or non health care professionals; cooperating with outside organizations that evaluate, certify, or license health care providers or staff in a particular field of specialty; and assisting with legal compliance activities of that health care provider or company. We may also disclose PHI for the health care operations of an “organized health care arrangement” in which we participate. An example of the “organized health care arrangement” is the joint care provided by a hospital and the doctors who see patients at the hospital.
Communication from our Office: We may contact you remind you of appointment and to provide you with information about treatment alternatives or other heath related benefits and services that may be of interest to you.
OTHER USES AND DISCLOSURES WE CAN MAKE WITHOUT YOUR
WRITTEN AUTHORIZATION
Uses and Disclosures for which you have the Opportunity to Agree or Object
We may use and disclose PHI about you in some situations where you have the opportunity to agree or object to certain uses and disclosures of PHI about you. If you do not object, then we may make these types of uses and disclosures of PHI.
Individuals Involved in your Care of Payment for your Care: We may disclose PHI about you to your family member, close friend, or any other person identified by you if that information is directly relevant to the person’s involvement in your care of payment for your care. If you are present and able to consent or object, then we may only use or disclose PHI if you do not object after you have been informed of your opportunity to object. If you are not present or you are unable to consent or object, we may exercise professional judgment in determining whether the use or disclosure of OHI is in your best interest. Foe example, if you are brought into this office and are unable to communicate normally with you physician for some reason, we may find it is your best interest to give your prescription and other medical supplied to the friend or relative who brought you in for treatment. We may also use and disclose PHI to notify such persons of your locations, general condition, or death. We may coordinate with disaster relief agencies to make this type of notification. We may also use professional judgment and our experience with common practice to make reasonable decisions about your best interest in allowing a person to act on your behalf to pick up filled prescriptions, medical supplies, x-rays, or other things that contain PHI about you.
OTHER USES AND DISCLOSURES WE CAN MAKE WITHOUT YOUR
WRITTEN AUTHORIZATION OR OPPORTUNITY TO AGREE OF OBJECT
We may use and disclose PHI about you in the following circumstances without your authorization or opportunity to agree or object, provided that we comply with certain conditions that may apply.
Required by Law: We may use and disclose PHI as required by federal, state or local law. Any disclosure complies with the law and is limited to the requirements of the law.
Public Health Activities: We may use or disclose PHI to public health authorities or other authorized persons to carry out certain activities related to public health including the following activities:
- To prevent or control disease, injury, or disability;
- To report disease, injury, birth, or death;
- To report child abuse of neglect;
- To report reactions to medications or problems with products or devices regulated by the FDA or other activities related to qualify, safely, or effectiveness of FDA-regulated products;
- To locate and notify persons of recalls of products they may be using;
- To notify a person who may have been exposed to a communicable diseases in order to control who may have be at risk of contracting or spreading that disease; or
- To report to your employer, under limited circumstances, information related primarily to work place injuries, or workplace medical surveillance.
Abuse, Neglect, or Domestic Violence: We may disclose PHI in certain cases to proper government authorities if we reasonably believe that a patient has been a victim of domestic violence, abuse, or neglect.
Health Oversight Activities: We may disclose PHI to a health oversight agency for oversight activities including, for example, audits, investigation, inspections, licensure and disciplinary activities and other activities conducted by health oversight agencies to monitor the health the health care system, government health care programs, and compliance certain laws.
Lawsuits and Other Legal Proceedings: We may use or disclose PHI when required by a court or administrative tribunal order. We may also disclose PHI in response to subpoenas, discovery requests, or other required legal process when efforts have been made to advise you of the request or to obtain an order protecting the information requested.
Law Enforcement: Under certain conditions, we may disclose PHI to law enforcement.
Coroners, Medical Examiners, Funeral Directors: We may disclose PHI to a coroner or medical examiner to identify a deceased person and determine the cause of death. In addition, we may disclose PHI to funeral directors, as authorized by law, so that they can carry out their jobs.
Organ and Tissue Donation: If you are an organ donor, we may use PHO to organizations that help procure, locate and transplant organs in order to facilitate and organ, eye, or tissue donation and transplantation.
Research: We may use and disclose PHI about you for research purposes under certain limited circumstances. We must obtain written authorization to use and disclose PHI about you for research purposes except in situation where a research project meets specific, details criteria established by the HIPPA Privacy Rule to ensure the privacy of PHI.
To Avert a Serious Threat to Health or Safety: We may use or disclose PHI about you in limited circumstances when necessary to prevent a threat to the health or safely of a person or to the public. This disclosure can only be made to a person who is about to prevent the threat.
Specialized Government Functions:
Under certain circumstance we may disclose PHI:
- For certain military and veteran activities, including determination of eligibility for veterans for veterans benefits and where deemed necessary by military command authorities.
- For national security and intelligence activities.
- To help protect service for the president and others.
Disclosures Required by HIPPA Privacy Rule: We are required to disclose PHI to the Secretary of the United States Department of Health and Human Services when requested by the Secretary to review our compliance with the HIPPA Privacy Rule. We are also required in certain cases to disclose PHI to you upon request to access PHI or for an accounting of certain disclosures of PHI about you.
OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION REQUIRE YOUR AUTHORIZATION
Workers Compensation: We may disclose PHI as authorized by workers compensation laws or other similar programs that provide benefits for work-related injuries or illness.
OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION REQUIRE YOUR AUTHORIZATION
All other uses and disclosures of Phi about you will only be made with your written authorization. If you have authorized us to use or disclose PHI about you, you may revoke your authorization at any time, except to the extent we have taken action based on the authorization.
III. YOUR RIGHTS REGARDING PROTECTED HEALTH INFORMATION ABOUT YOU
Under federal law, you have the following rights regarding PHI:
Right to Request Restrictions: You have the right to request additional restrictions on the PHI that we may use for treatment, payment and other health care operations. You may also request additional restrictions on our disclosure of PHI to certain individuals involved in your care that otherwise are permitted by the Privacy Rule. We are not required to agree to your request. To request restrictions, you must make your request in writing to our Privacy Official. In your request, please include (1) the information that you want to restrict, (2) how you want to restrict the information, (3) to whom these restrictions apply.
Right to Receive Confidential Communications: You have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. We are required to accommodate reasonable requests.
Right to Inspect and Copy: You have the right to request the opportunity to inspect and receive a copy of PHI about you in certain records we maintain. This includes your medical and billing records but does not include psychotherapy notes or information gathered or prepared for a civil, criminal, or administrative proceeding. We may deny your request to inspect and copy your PHI only in limited circumstances. You may charge you a reasonable fee for copying, postage, labor and supplies used in meeting your request.
Right to Amend: You have the right to request that we amend PHI about you as long as such information is kept in our office. To make this type of request you must submit your request in writing to our Privacy Official.
Right to Receive an Accounting of Disclosures: You have the right to request an “accounting” of certain disclosures that we have made of PHI about you. This is a list of disclosures made by us during a specified period of up to six years other than disclosures made for treatment, payment, and health care operations; for use in or related to a facility directory; to family members or friends in your care; to you directly and disclosures made before April 14, 2003.
Right to a Paper Copy of this Notice: You have the right to receive a paper copy of this Notice at any time. You are entitled to a paper copy of this Notice even if you have previously agreed to this Notice electronically.
To obtain a paper copy of this notice, please contact our Privacy Official listed below.
IV. COMPLAINTS
If you believe your privacy rights have been violated, you may file a complaint with us or the Secretary of the United States Department of Health and Human Services. To file a complaint with our office, please contact our Privacy Official at the address and phone number listed below. We will not retaliate or take action against you for filing a complaint.
V. Questions
If you have any questions about this Notice, please contact our Privacy Official.
VI. PRIVACY OFFICIAL CONTACT INFORMATION
You may contact our Privacy Official at the following address and phone Number:
Joyce Stone
Office Manager
1209 Lakeside Drive
Brandon, FL 33510
813/661-3662
813-661-0515, fax
This notice was published and first became effective on January 1, 2003.
WELLNESS WORKS
HIPPA Policy and Procedure
Effective January 1, 2003
Effective January 1, 2003, WELLNESS WORKS has become HIPPA compliant per new federal regulations. The new regulation is called the Notice of Privacy Practices. With this new compliance issue, WELLNESS WORKS is required to develop a policy and procedural guideline for employees to follow.
I. Patient Privacy Documents
All WELLNESS WORKS patients are required to complete and sign a Patient Registration form prior to seeing a provider on their first office visit, or on the first returning office visit per calendar year. The Patient Registration form has the required documentation necessary per federal regulations authorizing WELLNESS WORKS to release medical information to the Health Care Financing Administration and its agents or any other party entitled to patient medical records regarding illnesses, accidents or treatments.
All WELLNESS WORKS patients are provided a copy of the HIPPA privacy policy and are required to sign an acknowledgement form. The Notice of Privacy Practices is displayed in all patient accessible areas and copies are available to patients at all times.
All WELLNESS WORKS patients are required to sign an updated,
HIPPA compliant Authorization for Release of Information. All medical information released is required to have a specific description of the documents being released. A copy of the patient or guardians identification, (ie; driver’s license) is required to compare for authentication purposes.
WELLNESS WORKS has established required privacy policies and procedural use and disclosures of patient information. Procedures for patient’s rights have been established.
II. Policy Official
WELLNESS WORKS has identified the security official as
Joyce Stone. The official is responsible for all HIPPA policy updates and changes. The policy official is responsible for complaints relating to violations regarding proper use and disclosure of medical information.
WELLNESS WORKS does not threaten, coerce or discriminate against individuals filing a compliant of privacy violations.
III. Physical Safeguards
WELLNESS WORKS has a policy in place for the security of all patient records.
All work spaces are maintained so that information of patient records and medical reports are not visible to unauthorized persons. All clinical work areas are not visible by unauthorized persons. All other areas are regulated so that all precautions are taken to guard the disclosure of personal information. All medical records and reports are turned from general view; computer monitors for scheduling purposes are unable to be viewed by any unauthorized persons. All financial and billing information is discussed away from other patients or visitors.
All visitors/contractors are escorted through the facility. At no time is a visitor allowed access to clinical areas unescorted.
A data back up system is in use to protect the integrity of personal information. All computer systems are protected by “Jazz Drive” and have protection from unauthorized users. All programs are password protected.
All medical records are safeguarded by file cabinet locks at the close of business each day. At no time are medical records left at work stations.
IV. Medical Records
WELLNESS WORKS stores all patient medical records are for six years. After six years, records are destroyed. All patient account information, (ie: explanation of benefits, billing statements, etc.) is stored for six years as well. All confidential patient information is stored on premises at WELLNESS WORKS. All destruction of records or continued maintenance methods is described in a separate policy.
At no time are patients records removed from the facility.
V. Termination of Employee Procedures
WELLNESS WORKS has developed a policy and procedure for all employees terminated. All terminated employees are required to return any keys or identification indicating affiliations with the facility. All passwords are revoked by the security official to insure that all sensitive patient information in not accessed.
VI. Contracts
All WELLNESS WORKS contracts and agreements have been renegotiated to implement the Privacy Rule and convert to HIPPA requirements.
The HIPPA federal regulation requires any provider who submits claims electronically to be HIPPA compliant. At this time, WELLNESS WORKS is compliant utilizing an electronic billing system through Medical Manager software. The requirement of compliance for electronic billing is October 2003. At that time, additional HIPPA software will be in use.
|
