The Health Insurance Portability Accountability Act (HIPAA) protects the privacy of your health and personal information, or Protected Health Information (PHI) from being used or accessed by unauthorized individuals or entities.
A copy of your rights under this Statute must be provided to you by all health care providers in this Notice of Privacy Practices, available in a visible section of the practice facility for retention by any patient. If this is your first time visiting this office you will be given a copy of the Notice of Privacy Practices and asked to Acknowledge that you have reviewed and received it.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
Your rights have been expanded and revised by the HIPAA Omnibus Rule and corresponding HITECH regulations on the disclosure of electronic PHI. Below is a summary of those rights, how we can use or disclose your PHI, and how you can either restrict disclosure of your PHI or gain access to copies of the PHI held by us.
Why we need to use your Protected Health Information and permitted uses and disclosures:
Ambra Dental Care needs to use your health information to treat you better. We use your health history to conduct initial examinations and gain relevant information from you about your dental care needs go treat you better. We can then make more informed, knowledgeable and accurate diagnosis and formulate a beneficial treatment plan by referencing prior treatment, reviewing notes by previous doctors and medical providers, and knowing enough about your dental history to help our staff help you get the best dental care possible. Other medical providers that are working with your treatment may need to access your PHI in order to make your treatment successful.
To take care of paying for your dental care, either by you, a third party, a health insurance plan, or a managed care organization, we may need to verify that your health and dental conditions are covered by insurance to the maximum extent possible. Your PHI needs to be disclosed on claim forms and to third parties specifically for that purpose, and it is a proper use of your PHI under HIPAA. Other personal information not related to health care, including social security numbers, financial information and other identifying personal information may be needed to follow through with a complete payment process.
Health Care Operations:
The administration of our office in an efficient manner requires us to use your health information and other personal information to assist in activities such as setting appointments and contacting by telephone, mail, fax or e-mail about upcoming appointments.
Use of your PHI for treatment, payment and health care operations can be made without your authorization, and in the other circumstances below allowed by the HIPAA statute:
1. Public health purposes such as for the prevention or control of disease, injury or disability, to report child suspected child abuse or neglect to public health or law enforcement authorities, at the direction of a public health authority.
2. To a person subject to the jurisdiction of the Food and Drug Administration (FDA) for the purposes of activities related to the quality, safety or effectiveness of FDA regulated products or activities.
3. To a person who may have been exposed to a communicable disease or may otherwise be at risk of spreading a disease or condition, if the medical provider or public health authority is authorized by law to notify such a person in the course of conduct of a public health intervention or investigation.
4. To an employer of a member of the workforce only if the information is relevant to work-related illnesses or injuries or workplace-related medical surveillance, and it is required to fulfill the obligations of the employer under state or federal law.
5. For judicially mandated administrative and court proceedings, and law enforcement.
6. For government oversight activities authorized by law of the health care system, government benefit programs having to do with benefits eligibility.
7. For investigation of compliance with civil rights laws.
8. To entities subject to government regulatory programs requiring the information for determining compliance with program standards.
9. Emergency circumstances require disclosure to prevent a serious threat to your health or to the health or safety of others.
10. If we reasonably believe you may be a victim of abuse or neglect, or that there is suspected abuse, neglect, or domestic violence, then we may disclose your information to the extent authorized by statute or regulation to a government authority, social service agency or protective services agency authorized by law to received reports of abuse, neglect or domestic violence.
11. To authorized federal officials or military authorities for the conduct of lawful intelligence, counter-intelligence or other national security activities as allowed by law.
12. To a coroner or medical examiner to assist in identifying you or determining the cause death.
13. For use in activities relevant to organ, eye or tissue donations.
14. If the information is de-identified so that it cannot be used to identify you.
15. To family members, friends or others, but only if you are present and verbally give your permission and do not object, or in emergency circumstances when we reasonably infer that it is in your best interest in the judgment of a medical provider, it is consistent with a prior expressed preference, and you are not capable of agreeing or objecting in writing.
16. As otherwise required by federal, state or local law.
Disclosure to Family, Friends, other relatives or other identified individuals.
Disclosure of your protected health information may be made only if you are giving an opportunity to agree or object to disclosure to a family member, other relative, or close personal friend, or any other person identified by you if the protected health information is directly relevant to that person’s involvement in or responsibility for your care or the payment for your care. You must also be given an opportunity to agree or object to the use of your information for facility directories.
Disclosure of Psychotherapy Notes or Sensitive Protected Health Information.
You must authorize in writing any use of psychotherapy notes maintained by a medical provider and there are special rules regarding the disclosure of sensitive information under federal and state law. Any information determined to be mental health communications (such as between you and your psychiatrist, psychologist, social worker, mental health specialist, sexual assault counselor, domestic violence counselor, or other mental health or human services professional) cannot be used without your authorization unless it is used for treatment, payment, or health care operations or required authorized by law. Sensitive protected health information related to ADIS, ARC or HIV testing requires your written authorization to be used for payment and discharge planning.
We cannot use or disclose your protected health information other than in the above listed exceptions or for treatment, payment or health care operations unless you give us authorization in writing. You have a right to revoke that authorization with a written request, except where the authorization was obtained as a condition for obtaining insurance coverage. We are only allowed by this authorization to use the minimum necessary information to provide the best treatment for you.
You have other rights regarding disclosure of your protected health information that you should be aware of:
· You can request restrictions on the use of your protected health information for treatment, payment or health care operations, although we may deny that request.
· You have a right to restrict disclosure of protected health information to health insurance plans if it is used for payment or operations and it pertains to a service for which you have paid out of pocket in full.
· You have a right to restrict disclosures to family members or other individuals, except in cases of emergencies, and we may deny certain of these requests if we state the reasons for the denial and they correspond with our legal rights to disclose protected health information.
In response to technological advances in electronic information communications, you have gained new rights under the 2013 HIPAA Omnibus rules updating the HIPAA and corresponding HITECH rules regarding electronic storage and transfer of PHI.
1. You may submit to us a Request for Accounting of Disclosures to receive a list from us of any disclosures of your protected health information for purposes other than treatment, payment or health care operations, or to your legal representative. You should state on the Request what format you want to receive the information, such as by paper or electronically, and you do have the right to ask that the PHI be encrypted to the extent reasonably possible to prevent access over the internet or to other unauthorized parties.
2. You have the right to inspect and copy your PHI by submitting a request in writing to our Privacy Officer, and you can receive this information upon request by paper photocopies, in electronic form if feasible, or in summarized form. We can charge you reasonable costs, as determined by law, for copying, supplies, postage, and staff time for copying but not for searching or retrieval of the information. We will respond to this request within 30 days, or 60 days if we notify you of the reason for the extension of time. We can deny your request in only certain circumstances, such as when other confidentiality rights are compromised, and a licensed health care professional will review this denial at your request.
3. You can Request Alternative Communication of your PHI via in a different form or to a different place. In this way you can restrict disclosure of your PHI by e-mail if not encrypted, by mail to a post office box or an address you feel may not be secure from unauthorized parties who may view your PHI. You can request that such communications as appointment reminders or information about prescriptions can be communicated to you in a different way, for example.
There are provisions of HIPAA requirements which may have changed that we must make you aware of in the following areas:
1. Use of Protected Health Information where there is remuneration involved.
Your protected health information can never be directly sold. However, since there may be circumstances in which remuneration could result when your PHI is disclosed, such as when there is payment for other products or services in which PHI appears, you must be notified of that possibility before you authorize disclosure.
2. Use of Protected Health Information for marketing purposes.
Before your PHI is disclosed in a communication about a product or service that encourages use of that product or service, you must authorize this use of your PHI for marketing purposes. Before any health information that can be used to identify you is used in advertising, websites, brochures or any other promotional materials you must authorize this use of your PHI.
3. Use of Protected Health Information for research purposes.
We may seek your authorization to use your PHI for research purposes, but if the information can be used to identify you and may be an improper disclosure, then your authorization is required before it is used in that way.
4. Use of Protected Health Information for fund raising purposes.
We must notify you if we plan to use you protected health information for fund raising purposes, and give you the option to deny authorization the use it in this way.
5. Appointment reminders.
We may use your protected health information to a minimum degree necessary for appointment reminders, unless you request us not to do so.
6. Information about treatment alternatives or health related benefits and services.
We may use your protected health information to provide your information about treatment alternatives or health related benefits and services, unless you request us not to do so.
Breaches of the Security of Your Protected Health Information.
It is possible that we may discover that the security of your Protected Health Information has been breached, such as when there has been unauthorized access, use or disclosure of your Protected Health Information which compromises the security or privacy of this information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain this information.
In the event of a breach of the security of your protected health information, we will make a risk assessment of whether or not there is a low probability that harm to you that may result from that breach. If there is anything other than a low probability of harm then we will notify you by first class mail, or if you wish by e-mail, of the breach within 60 days of its taking place, giving you a description of the breach, including the date it happened and was discovered, the types of protected health information involved, steps you should take to protect you from further harm, what we are doing to mitigate that harm, and the procedures for asking questions about the breach.
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site. The effective date of this policy is March 5, 2021.
Complaints or Questions about these Rules and the privacy of your Protected Health Information should be directed to the Privacy Officer Erica Ambra of Ambra Dental Care at email@example.com, or if necessary the United States Department of Health and Human Services.