Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
I. OUR COMMITMENT TO PROTECTING HEALTH INFORMATION
As a health care provider, SouthEastern Pathology, P.C. is regulated by the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). The HIPAA Privacy Rule requires that we protect the privacy of health information that identifies a patient, or where there is a reasonable basis to believe the information can be used to identify a patient. This information is called “protected health information” or “PHI”. This Notice describes your rights as our patient and our obligations regarding the use and disclosure of PHI. We are required by law to:
- Maintain the privacy of PHI about you;
- Upon your request, give you this Notice of our legal duties and privacy practices with respect to PHI; and
- Comply with the terms of our Notice of Privacy Practices that is currently in effect.
Although generally we can only share PHI with a patient’s authorization, there are occasions when we may and must share PHI without patient authorization. There are also occasions when patients have the opportunity to object to the sharing of their PHI. This Notice of Privacy Practices (“Notice”) summarizes these circumstances and also provides information about the minimum necessary standard and your rights as a patient.
We reserve the right to make changes to this Notice and such changes may affect your PHI. If and when this Notice is changed, we will post the updated Notice in a prominent location in our office. We will also provide you with a copy of the revised Notice upon your request made to our Privacy Officer. For our Privacy Officer’s contact information, please see Section VI. of this Notice.
II. HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
The following categories describe the different ways we may use and disclose PHI for treatment, payment, or health care operations. Use of PHI must be limited to the minimum necessary for the intended purpose of the use. The examples included in each category do not list every type of use or disclosure that may fall within that category.
Treatment: We may use and disclose your PHI to provide, coordinate or manage your healthcare and related services. We may consult with other health care providers regarding your treatment and coordinate and manage your health care with others. For example, we may use and disclose PHI with your other health care providers when you need specialty testing such as immunoflourescence stains, flow cytometry, consultation, or other health care services requiring your specimen to be sent to another health care provider.
Payment: We may use and disclose PHI so that we can bill and collect payment for the treatment and services provided to you. Before providing services, we may share details with your health plan concerning the ordered service. For example, we may:
- ask for verification of eligibility from your health plan;
- use and disclose PHI to find out if your health plan will cover the cost of the services we provide;
- use and disclose PHI for billing, claims management, and collection activities;
- disclose PHI to insurance companies providing you with additional coverage; and/or
- disclose limited PHI to consumer reporting agencies relating to collection of payments owed to us.
We may also disclose PHI to another health care provider or to a company or health plan required to comply with the HIPAA Privacy Rule for the payment activities of that health care provider, company, or health plan. For example, we may allow a health insurance company to review PHI for the insurance company’s activities to determine the insurance benefits to be paid for your care.
Health Care Operations: We may use and disclose PHI in performing business activities known as health care operations. Health care operations include doing things that allow us to improve the quality of care we provide and to reduce health care costs. We may use and disclose your PHI when we are engaged in the following health care operations:
- Reviewing and improving the quality, efficiency and cost of care provided to patients and the health care providers who order services on behalf of patients.
- Providing training programs for students, trainees, health care providers, or non-health care professionals (for example, billing personnel) to help them practice or improve.
- Cooperating with outside organizations that evaluate, certify, or license health care providers or staff.
- Cooperating with various people who review our activities. For example, PHI may be seen by doctors reviewing the services provided to you, and by accountants, lawyers, and others who assist us in complying with the law and managing our business.
- Assisting us in making plans for our practice’s future operations.
- Resolving grievances with our practice.
- Reviewing our activities and using or disclosing PHI in the event that we sell our practice to someone else or combine with another practice.
- Business management and general administrative activities of our practice, including planning, development, cost-management, or complying with the HIPAA Privacy rule and other legal requirements.
- Creating “de-identified” information that is not identifiable to any individual.
If another health care provider, company, or health plan that is required to comply with the HIPAA Privacy Rule has or once had a relationship with you, we may disclose your PHI for certain health care operations of that health care provider or company.
We may also disclose PHI for the health care operations of an “organized health care arrangement” in which we participate. An example is the joint care provided by a physician, hospital, surgical center or other health care facility (such as the health department) and our doctors who provide services for patients at one of those facilities.
We may disclose your PHI to your family member if that person is identified as the insured person on your health insurance.
Communication from our office: We may contact you to discuss your account (for example, we may call if we receive returned mail, or if we need to confirm your insurance status, or other issues related to your care).
Uses and Disclosures for Which You Have the Opportunity to Agree or Object
We may use and disclose your PHI in some situations where you have the opportunity to agree or object to certain uses and disclosures of your PHI. If you are present and able to consent or object, then we may only use or disclose PHI if you do not object. If you do not object, then we may make these types of uses and disclosures of PHI. If you are incapacitated, there is an emergency situation, or you are not available, we generally may make such uses and disclosures, if in the exercise of our professional judgment, the use or disclosure is determined to be in your best interests.
Facility Directories: It is a common practice in many health care facilities to maintain a directory of patient contact information. We may rely on an individual’s informal permission to list in its facility directory the individual’s name, general condition, religious affiliation, and location in the provider’s facility. We may then disclose the individual’s condition and location in the facility to anyone asking for the individual by name, and also may disclose religious affiliation to clergy. Members of the clergy are not required to ask for the individual by name when inquiring about patient religious affiliation.
For Notification and Other Purposes: We also may rely on your informal permission to disclose toyou’re your family, relatives, or friends, or to other persons whom you identify, PHI directly relevant to that person’s involvement in your care or payment for care. This provision, for example, allows a pharmacist to dispense filled prescriptions to a person acting on behalf of the patient. Similarly, we may rely on your informal permission to use or disclose your PHI for the purpose of notifying (including identifying or locating) family members, personal representatives, or others responsible for your care of your location, general condition, or death. In addition, PHI may be disclosed for notification purposes to public or private entities authorized by law or charter to assist in disaster relief efforts.
We may use and disclose your PHI in the following circumstances without your authorization or opportunity to agree or object, provided that we comply with certain conditions that may apply.
Required by Law: We may use and disclose PHI as required by federal, state, or local law. Any disclosure complies with the law and is limited to the requirements of the law.
Public Health Activities: few may use or disclose PHI to public health authorities or other authorized person to carry out certain activities related to public health, including the following activities:
- To prevent or control disease, injury, or disability;
- To report disease, injury, birth, or death;
- To report child abuse or neglect;
- To report reactions to medications or treatment;
- To locate and notify persons of recall of products they may have used;
- To notify a person who may have been exposed to a communicable disease in order to control who may be at risk of contracting or spreading the disease; or
- To report to your employer, under limited circumstances, information related primarily to workplace injuries or illness, or workplace medical surveillance.
Health Oversight Activities: We may disclose PHI to a health oversight agency for oversight activities including, for example, audits, investigations, inspections, licensure and disciplinary activities and other activities conducted by health oversight agencies to monitor the health care system, government health care programs, and compliance with certain laws.
Lawsuits and Other Legal Proceedings: We may use or disclose PHI when required by a court or administrative tribunal order. We may also disclose PHI in response to subpoenas, discovery requests, or other required legal process when efforts have been made to advise you of the request or to obtain an order protecting the information requested.
Law Enforcement: Under certain conditions, we may disclose PHI to law enforcement officials for the following purposes where the disclosure is:
- Required by law;
- In response to a court order, warrant, subpoena, summons, administrative agency request, or other authorized process;
- About a suspected crime committed at our office;
- In response to a medical emergency.
Coroners, Medical Examiners, Funeral Directors: We may disclose PHI to a coroner or medical examiner to identify a deceased person and determine the cause of death. In addition, we may disclose PHI to funeral directors, as authorized by law, so that they may carry out their jobs.
Organ and Tissue Donation: If you are an organ donor, we may use or disclose PHI to organizations that procure, locate, and transplant organs in our role as pathologist.
Research: We may use and disclose your PHI for research purposes under certain limited circumstances. We must obtain a written authorization to use and disclose your PHI for research purposes except in situations where a research project meets specific, detailed criteria established by the HIPAA Privacy Rule to ensure the privacy of PHI.
To Avert a Serious Threat to Health of Safety: We may use or disclose your PHI in limited circumstances when necessary to prevent a threat to the health or safety of a person or to the public. This disclosure can only be made to the person or persons who are able to prevent the threat.
Specialized Government Functions: Under certain circumstances we may disclose PHI:
- For certain military and veteran activities, including determination of eligibility for veterans for benefits and where deemed necessary by military command authorities;
- For national security and intelligence activities;
- To help provide protective services for the president and others;
- For the health or safety of inmates and other at correctional institutions or other law enforcement custodial situations for the general safety and health related to corrections facilities.
Disclosures required by HIPAA Privacy Rule: We are required to disclose PHI to the Secretary of the United Stated Department of Health and Human Services when required by the Secretary to review our compliance with the HIPAA Privacy Rule. We are also required in certain cases to disclose PHI to you upon your request to access PHI or for an accounting of certain disclosures of your PHI (those requests are described in Section III of this Notice).
Workers’ Compensation: We may disclose PHI as authorized by workers’ compensation laws or other similar programs that provide benefits for work-related injuries or illness.
All other uses and disclosures of your PHI will only be made with your written authorization. If you have authorized us to use or disclose your PHI, you may revoke your authorization at any time, except to the extent we have taken action based on the authorization.
NOTE: Incidental Uses and Disclosures – The Privacy Rule does not require that every risk of an incidental use or disclosure of PHI be eliminated. A use or disclosure of this information that occurs as a result of, or as “incident to,” an otherwise permitted use or disclosure is permitted as long as we have adopted reasonable safeguards as required by the Privacy Rule, and the information being shared was limited to the “minimum necessary,” as required by the Privacy Rule.
III. YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
Under federal law, you have the following rights regarding your PHI:
Right to Request Restrictions: You have the right to request additional restrictions on the PHI that we may use for treatment, payment and health care operations. You may also request additional restrictions on our disclosure of PHI to certain individuals involved in your care that otherwise are permitted by the Privacy Rule. We are not required to agree to your request. If we do agree to your request, we are required to comply with our agreement except in certain cases, including where the information is needed to treat you in the case of an emergency. However, except as otherwise required by law, we must agree to the requested restriction if the disclosure is to a health plan for payment or health care operations purposes (and not for treatment) and you pay for the item or service out of pocket in full. To request restrictions, you must make your request in writing to our Privacy Official. In your request, please include (1) the information you want to restrict; (2) how you want to restrict the information (for example, restricting use to this office, only restricting disclosure to persons outside this office, or restricting both); and (3) to whom you want those restrictions to apply.
Right to Receive Confidential Communications: You have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. For example, you may request that we contact you at home, rather than at work. You must make your request in writing to our Privacy Official. You must specify how you would like to be contacted (for example, by regular mail to your post office box and not your home). We are required to accommodate reasonable requests.
Right to Inspect and Copy: You have the right to request the opportunity to inspect and receive a copy of your PHI in certain records that we maintain. This includes your medical and billing records but does not include psychotherapy notes or information gathered or prepared for a civil, criminal, or administrative proceeding. We may deny your request to inspect and copy PHI only in limited circumstances. To inspect and copy PHI please contact our Privacy Official. If we maintain your PHI in electronic format, you have the right to receive a copy of PHI in electronic format. If you request a copy of your PHI, we may charge you a reasonable fee for the copying, postage, labor and supplies used in meeting your request.
Right to Amend: You have the right to request that we amend your PHI as long as such information is kept by or for our office. To make this type of request you must submit your request in writing to our Privacy Officer. You must also give us a reason for your request. We may deny your request in certain cases, including if it is not in writing or if you do not give us a reason for the request.
Right to Receive an Accounting of Disclosures: You have the right to request an “accounting” of instances where we have disclosed your PHI for reasons other than treatment, payment, and health care operations. Beginning January 1, 2014, you may request a list of all instances where we have disclosed your health information. If you wish to make such a request, please contact our Privacy Officer identified on the last page of this Notice. The first list that you request in a 12-month period will be free, but we may charge you for our reasonable costs of providing additional lists in the same 12-month period. We will tell you about these costs, and you may choose to cancel your request at any time before costs are incurred.
Right to a Paper Copy of this Notice: You have a right to receive a paper copy of this Notice at any time. You are entitled to a paper copy of this Notice even if you have previously agreed to receive this Notice electronically.
IV. OUR LEGAL DUTY
We are also required by law to notify you no later than 60 days after the discovery of a breach if your unsecured PHI has been, or we reasonably believe it to have been accessed, acquired, or disclosed as a result of the breach. A notification for this purpose will be sent to you by first-class mail, or, if you prefer, it may be sent to you by electronic mail. This preference may be requested by contacting the person listed below.
If you believe your privacy rights have been violated, you may file a complaint with us or the Secretary of the United States Department of Health and Human Services. To file a complaint with our office, please contact our Privacy Officer at the address and phone number listed below. You will not be penalized in any way for filing a complaint.
VI. PRIVACY OFFICIAL CONTACT INFORMATION
You may contact our Privacy Officer at the following address and phone number:
ATTN: Privacy Official
311 W 8th ST NE
Rome GA 30165-2723
This notice was first published and becomes effective April 14, 2003. Revision date: March 15, 2015.