HIPAA & Your Privacy Rights
We strongly believe in doing everything we possibly can to safeguard the privacy and security of your health information and records. As a result, we have made some change in our office management procedures to make sure we follow the health information Portability and Accountability Act (HIPAA). Passed into law in 1996, HIPAA sets federal standards for the privacy and security of patient information for all healthcare providers, plans, insurance companies and anyone they do business with. HIPAA gives you additional rights regarding control and use of your health information, meaning you have more access and control than ever. Please take a few minutes to review these new rights. We are happy to answer any question you may have.
Control over Your Health Information
All health care providers (and health plans) are now required to give you a written explanation of how they use and disclose your personal health information before they can treat you. This way, you can decide if a provider is doing everything they should to protect your privacy before you choose them as your caregiver. We must by law, post a Notice of Privacy Practices, which outlines how we secure the privacy of patient information, in a place where you can easily see it. We must get your signature for non-routine users and disclosures of your information. A non-routine use is any situation not directly related to treatment, payment or operations. For example, if your child is going to summer camp and the camp needs a medical history, you will be asked to authorize us to release it before we can send the information. You have the right to say no, and you don’t have to tell anyone why. Authorizations of non-routine information are one-time –only, case by case, for the use defined by you.
Access to Your Health Information
You can get copies of your medical records simply by asking for them. Healthcare providers are required to get your a copy of your records within 60 days of your request. There may be a cost for this service. Providers also must give you a history of non-routine disclosures if you ask for it. All you need to do is ask for the record and it is provided to you – no justification is needed. You can also amend your medical records. You cannot change the existing record, but you can add notes or comment on any procedures, treatments, payments or operations. The provider then has the right to respond to your amendment. This way, you can be sure your records reflect your side of the story about treatment and payment issues.
Patient Recourse if Privacy Protections Are Violated
Every healthcare provider must also inform you of grievance procedures. If your privacy is violated, report the incident to our Privacy Officer immediately. You also have the right to report any violation to the Department of Health and Human Services, Office of Civil Rights. 200 Independence Avenue, SW, Washington, D.C. 20201. If you decide to file a grievance either with us or with the Department of Health and Human Services, we are not allowed to discriminate or retaliate against you in any way. Aside from these new rights to access and control of your medical information under HIPAA, there are also clear limits on all healthcare providers regarding how they disclose medical information. Here are some of the key aspects of these boundaries: Providers must ensure that health information is not used for non-health purposes. Health information (covered by the privacy rules) generally may not be used for purposes not related to health care – such as disclosures to employers to make personnel decisions, or to financial institutions – without your explicit authorization. There are clear, strong protections against using health information for marketing. The privacy rules set new definitions, restrictions and limits on the use of patient information for certain marketing purposes. Providers must get your specific authorization before sending you any materials other than those related to treatment. Use only the minimum amount of information necessary. In General, use or disclosures of information will be limited to the minimum necessary. This does not apply to disclosure of records for treatment purposes, because physicians, specialists and other providers may need access to the full record to provide quality care.
There are situations where healthcare providers may not have to follow these privacy rules. They include: emergency circumstances; identification of a body or the cause of death; public health needs; judicial and administrative proceedings; limited law enforcement activities; and activities related to national defense and security. We understand your right to have your medical information kept confidential. Out compliance with the Health Information Portability and Accountability Act is one example of our advocacy and leadership on issues of patient’s rights and privacy of information. We encourage you to ask questions and look forward to working together to improve the quality of your healthcare experience.
Click here for our records release form.