HIPAA & Your Privacy Rights
We strongly believe in doing everything we possibly can to safeguard the privacy and security of your health information and records.
As a result, we have made some changes in our office management procedures to make sure we follow the Health Information Portability and Accountability Act (HIPAA). Passed into law in 1996, HIPAA sets federal
standards for the privacy and security of patient information for all healthcare providers, plans, insurance companies and anyone they do business with. HIPAA gives you additional rights regarding control and use of your health information, meaning you have more access and control than ever. Please take a few minutes to review these new rights. Were happy to answer any questions you may have.
Control Over Your Health Information
All healthcare providers (and health plans) are now required to give you a written explanation of how they use and disclose your personal health information before they can treat you. This way, you can decide if a provider is doing everything they should to protect your privacy before you choose them as your caregiver.
We must, by law, post a Notice of Privacy Practices, which outlines how we secure the privacy of patient information, in a place where you can easily see it.
We must get your signature for non-routine uses and disclosures of your information. A non-routine use is any situation not directly related to treatment, payment or operations. For example, if your child is going to summer camp and the camp needs a medical history, you will be asked to authorize us to release it before we can send the information. You have the right to say no, and don’t have to tell anyone why.
Authorizations of non-routine information are one-time-only, case by case, for the use defined by you.
Access to Your Health Information
You can get copies of your medical records simply by asking for them. Healthcare providers are required to get you a copy of your records within 60 days of your request. There may be a cost for this service.
Providers also must give you a history of non-routine disclosures if you ask for it. All you need to do is ask for the record and it is provided to you – no justification is needed.
You can also amend your medical records. You cannot change the existing record, but you can add notes or comments on any procedures, treatments, payment or operations.
The provider then has the right to respond to your amendment. This way, you can be sure your records reflect your side of the story about treatment and payment issues.
Patient Recourse if Privacy Protections Are Violated
Every healthcare provider must also inform you of grievance procedures. If your privacy is violated, report the incident to your Privacy Officer Immediately. You also have the right to report any violation to the Department of Health and Human Services, Office of Civil Rights, 200 Independence Ave., S.W., Washington, D.C. 20201.
If you decide to file a grievance with us or with the Department of Health and Human Services, we are not allowed to discriminate or retaliate against you in any way.
Aside from these new rights to access and control of your medical information under HIPAA, there are also clear limits on all healthcare providers regarding how they disclose medical information. Here are some of the key aspects of these boundaries.
Providers must ensure that health information is not used for non-health purposes. Health information (covered by the privacy rules) generally may not be used for purposes not related to health care – such as disclosures to employers to make personnel decisions, or to financial institutions – without your explicit authorization.
There are clear, strong protections against using health information for marketing. The privacy rules set new definitions restricting information for certain marketing purposes. Providers must get your specific authorization before sending you any materials other than those related to treatment.
Use only the minimum amount of information necessary. In general, uses or disclosures of information will be limited to the minimum necessary. This does not apply to disclosures of records for treatment purposes, because physicians, specialists and other providers may need access to the full record to provide quality care.
There are situations where healthcare providers may not have to follow these privacy rules. They include: emergency circumstances, identification of a body or the cause of death, public health needs, judicial and administrative proceedings, and limited law enforcement activities related to national defense and security.
We understand your right to have your medical information kept confidential. Our compliance with the Health Information Portability and Accountability Act is one example of our advocacy and leadership on issues of patients rights and privacy of information. We encourage you to ask questions and look forward to working together to improve the quality of your healthcare experience.