Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you may get access to this information, please review it carefully and retain a copy for your records.
Under applicable law, Center for Family Medicine (referred to as “we,” “our,” or “CFM”) is required to protect the privacy of your individual health information (information we refer to in this notice as “Protected Health Information” or “PHI”). PHI includes all information that relates to: the past, present, or future physical or mental health of an individual; the provision of health care to an individual; and the past, present, or future payment for the provision of health care to an individual. PHI also includes genetic information including information relating to genetic testing and manifested diseases/disorders of family members such as your parents, grandparents, siblings and children as well as relatives by affinity such as your spouse, stepchildren and other relatives even if you do not share common genes. We are required to provide you with this notice regarding our policies and procedures regarding your Protected Health Information, and to abide by the terms of this notice, as it may be updated from time to time.
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
We are permitted to make certain types of uses and disclosures under applicable law for treatment, payment, and healthcare operations purposes without obtaining your authorization.
For treatment purposes, we may use and disclose your PHI for the purpose of providing, coordinating, or managing the delivery of healthcare services to you by one or more healthcare providers, including doctors, nurses, technicians, medical students or other hospital personnel who are involved in taking care of you. For example, your primary care physician may consult with us regarding your condition or treatment. We do not limit the use or disclosure of your PHI for purposes of your care or treatment. Otherwise, we limit use and disclosure of PHI to that which is reasonably necessary for a permitted purpose.
For payment purposes, we may use and disclose your PHI to obtain payment or reimbursement for providing healthcare services, such as when we request payment from your insurer, health plan, or a government benefit program.
For healthcare operations purposes, we may use and disclose your PHI internally in a number of ways, including for quality assessment and improvement, for planning and development, management and administration. Your information could be used, for example, to assist in the evaluation of the quality of services that you were provided. Healthcare operations also includes conducting training programs in which students, trainees or practitioners in areas of healthcare learn under supervision to practice or improve their skills.
- In addition, we may contact you to provide appointment reminders, care coordination, plan benefits, refill reminders, or advise you concerning the availability of generic equivalents, information about treatment alternatives or other health-related benefits and services that may be of interest to you.
- Where applicable, we may disclose your health information to your health plan sponsor. This applies to a group health plan, a health insurance issuer, or a Health Maintenance Organization (HMO) with respect to a group health plan.
- We will not sell your PHI or use or disclose your PHI for marketing purposes unless you authorize such use or disclosure. Generally, we may not disclose psychotherapy notes without your prior authorization. We may not use and disclose your PHI for purposes not expressly permitted in this Notice, without your authorization.
We may use your PHI for treatment, payment, and healthcare operations purposes either within CFM or with healthcare providers, health plans, and those that process health care claims, benefits and related information. We are also permitted to share your PHI, without your authorization, in the following instances.
We may also use or disclosure your PHI as permitted or required by law, including, for example:
- To public health authorities for the purposes of preventing or controlling disease or other public health purposes;
- To appropriate government authorities to report about victims of suspected abuse, neglect, or domestic violence;
- To the Food and Drug Administration to report quality, safety, or effectiveness of the FDA-regulated products or activities;
- In certain limited circumstances to an employer such as if we are asked to evaluate or treat a work-related illness or injury;
- To qualified health authorities for purposes of conducting health oversight activities;
In response to subpoenas, discovery requests, or other lawful legal processes in the course of a judicial or administrative proceeding;
- To law enforcement authorities as required or permitted by law such as, for example, to report a death, to report a crime on our premises, or if it appears necessary to alert law enforcement to respond to an emergency;
- To persons involved with respect to matters pertaining to a decedent, or relating to cadaveric organ, eye or tissue donation;
- In certain instances, for research purposes;
- We may disclose your PHI if we believe, in good faith, that it is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public;
- We may disclose your PHI for certain specialized government functions such as, for example, to Armed Forces Authorities with reference to military personnel or for national security purposes.
Unless you object, we may also disclose to a member of your family or other relative, to a close personal friend, or to any other person identified by you, PHI that is directly relevant to that person’s involvement with your care or payment related to your care.
In addition, unless you object, orally or in writing, to a Hospital employee or our Privacy Officer, we may use or disclose the PHI to notify, identify, or locate a member of your family, your personal representative, another person responsible for your care, or certain disaster relief agencies of your location, general condition, or death.
We may share with our Foundation information such as demographic information (name, address, phone number) and the dates you received services in order to contact you for fundraising efforts. If we contact you for fundraising efforts, you can tell us not to contact you again. All fundraising communications will direct you how to opt-out from future communications. You have the right to revoke your opt-out election if you change your mind and wish to start receiving fundraising information.
If you are incapacitated, there is an emergency, or you otherwise do not have the opportunity to object to this use or disclosure, we will do what in our judgment is in your best interest regarding such disclosure and will disclose only the information that is directly relevant to the person’s involvement with your healthcare.
We will also use our judgment and experience regarding your best interest in allowing people to pick up filled prescriptions, medical supplies, test results, or other similar actions involving disclosure of PHI.
We will not use your genetic information for insurance underwriting purposes such as in connection with enrollment, eligibility and coverage determinations; certification of premium and contribution amounts; application of pre-existing condition exclusions or other activities related to placement of health insurance. Your health plan may not provide genetic information to your employer if it is a health plan sponsor in regard to coverage or premium decisions. Your health plan may utilize genetic information for determination of medical appropriateness, for example, approving a mammogram for a woman under the age of 40 based on family history.
Other uses and disclosures will be made only with your written authorization, and you may revoke your authorization by notifying us by contacting our Privacy Officer as described below. We may not sell your protected health information.
YOUR PRIVACY RIGHTS
You may ask us to restrict uses and disclosures of your PHI to carry out treatment, payment, or healthcare operation or to restrict uses and disclosures to family members, relatives, friends, or other persons identified by you who are involved in your care or payment for your care. However, we are not required to agree to your request in most instances. We must honor your request to restrict our disclosures of PHI to a health plan for payment or healthcare operations purposes where the disclosure pertains solely to a healthcare item or service for which you paid out-of-pocket.
In such cases, if you paid for the medical expense from a health savings account (HSA) or Flexible Spending Account (FSA), you can instruct us not to disclose this to another health plan but you may not restrict the disclosures necessary to process payment. If you wish to make such a request you must advise our Privacy Officer, identified below, in writing.
You have the following rights with respect to your PHI: (i) to inspect and copy this information, including an electronic health record; (ii) to amend or correct incorrect information; (iii) to receive an accounting of certain of the disclosures of this information by us, including disclosures made using an electronic health record; and (iv) to receive a paper copy of this notice upon request.
If we maintain an electronic version of your medical records in an electronic designated record set, we must provide you that information in an electronic form and format requested by you if it is readily producible. If it is not readily producible, we will provide you the information in a mutually agreeable machine readable format or, if we cannot agree on a format, a paper copy will be provided. We will send the records to a clearly identified designated recipient upon your written request. We may charge a reasonable cost-based fee for providing access to your records.
In addition, you may request to receive communications of PHI by alternative means or at alternative locations. We will accommodate the request, if reasonable.
You have the right to be notified if there has been a breach of confidentiality with respect to your unsecured Protected Health Information.
If you wish to exercise any of the above rights, you must notify our Privacy Officer, identified below, in writing. We reserve the right to change the terms of this notice and to make the new notice provisions effective for all PHI we maintain, including PHI that is created or received prior to issuing the revised notice. We will promptly revise and distribute a new Privacy Notice wherever there is a material change to the uses or disclosures, your rights, our legal duties, or other privacy practices stated in this Notice. If we revise this Notice, we will mail you a notice of our new policy to your last known residential address or, if applicable, to an alternative address that you have provided to us. We are required to abide by the terms of the Privacy Notice that is then currently in effect.
If we revise the Privacy Notice the revision date will be the effective date of the Notice. If you believe your privacy rights have been violated you have the right to file a complaint with us by contacting the Privacy Officer identified below and/or to the Department of Health and Human Services by contacting its website (http://www.hhs.gov/ocr/privacyhowtofile.com) or calling them toll-free at 1-800-368-1019. We will not retaliate against you in any way for the filing of a complaint.