NOTICE OF PRIVACY PRACTICES
This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please read it carefully.
We are required by law to provide you with this notice to explain our privacy practices with regard to your health information. This document describes how we may use and disclose your protected health information (PHI) for treatment, payment, healthcare operations, and other purposes permitted or required by law. Your rights with respect to your protected health information are also described in this notice.
This Notice of Privacy Practices became effective on 1/1/2003 and was amended on 9/30/2013.
Right to Amend This Notice
We reserve the right to change the provisions of our Notice of Privacy Practices and make new provisions for the privacy of the protected health information we maintain. If we make a material change, we will post the amended notice promptly on our website: www.healthwiseacupuncture.com
What is Protected Health Information (PHI)?
Protected health information is individually identifiable health information we obtain or generate in providing our services to you. Such information may include documenting your symptoms, examination results, test results, diagnoses, treatments, and applying for future care or treatment. It also includes billing documents for those services
Types of Uses and Disclosures of Protected Health Information
We will use and disclose your protected health information to provide, manage, and coordinate your care and any related services. We will also disclose your protected health information to other providers whom we may consult or coordinate with in your care, such as obtaining the input of a specialist.
We will use your protected health information to obtain payment for services provided. For example, we may provide protected health information to a health insurance company or to a business associate to obtain payment for your treatment.
We will use your protected health information for the management functions of our office. For example, your protected health information may be used in quality reviews, outcome evaluations, and staff performance reviews. Additionally, your protected health information may be used as necessary by business associates who provide us with services such as legal services, accounting services, insurance, and training programs.
HITECH Breach Notification Requirements
We are required under the HITECH Act to notify each individual whose unsecured PHI has been (or is reasonably believed to have been) accessed, acquired, or disclosed due to a breach. Our Business Associates have a similar duty under this Act. Unsecured PHI refers to private information that is readable by unauthorized individuals. Secured PHI is encrypted to be rendered unreadable, unusable, or indecipherable to unauthorized individuals. We will notify you by first class mail within 60 days of our discovery of such an event.
HITECH Restriction of Disclosure
Under the HITECH Act, if you pay out of pocket in full for services, you can require that the information regarding those service not be disclosed to your health insurance plan, as no claim to them is involved.
HITECH Access to Electronic Health Records
Under the HITECH Act, if we maintain electronic health records in one or more designated record sets, you have the right to obtain an electronic copy of your PHI, and you may by written request have us send your record electronically directly to another party. We may only charge you the labor cost for this service.
HITECH Expansion of Accounting Disclosures
As of January 1, 2014, the HITECH Act requires us, on your written request, to provide an accounting of all disclosures made using electronic records of your PHI to carry out treatment, payment, and healthcare operations. This accounting requirement is limited to the three year period prior to the request. We will provide you with an accounting of such disclosures made by us, and a list of our business associates including their contact information, who on your written request will be responsible for providing you with an accounting of their disclosures of your PHI.
HITECH Prohibition on Sale of PHI
Under the HITECH Act, neither we nor our business associates may receive direct or indirect remuneration in exchange for your PHI without your prior written authorization, unless that exchange meets one of the limited exceptions allowed by the Act.
HITECH Subsidized Marketing Limitations
Under the HITECH Act, we are restricted from most types of subsidized marketing communications to you that encourage you to make purchases, without your prior written authorization.
HITECH Fundraising Limitations
Under the HITECH Act, if we send a fundraising communication to you, we must also offer you an opportunity to opt out of future fundraising communications.
Other Ways We May Use and Disclose Your Protected Health Information
We may contact you by telephone, postcard, or email to remind of appointments. Please let us know if you do not wish to receive these communications.
Communication with Family
We may use and disclose relevant portions of your protected health information to your family member, relative, close friend, or other person you identify as being involved in your care or payment for care. In an emergency or when you are not capable of agreeing or objecting, we will use and disclose your protected health information as we determine is in your best interest. We will inform you after the emergency and give you the opportunity to object to future disclosures to family and friends.
As Required By Law
We will use and disclose your protected health information when we are required to do so by federal, state or local law. We may disclose your protected health information in the course of any judicial or administrative proceeding as allowed or required by law, or as directed by court order.
Food and Drug Administration (FDA)
We may use and disclose to the FDA your protected health information relating to adverse events with respects to products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacements.
Health Oversight Agencies
We may use and disclose your protected health information to appropriate health oversight agencies for health oversight activities.
To Avert a Serious Threat to Public Health or Safety
We may use and disclose your protected health information to public health or legal authorities permitted to collect or receive the information for the purpose of preventing or controlling disease, injury, or disability. We may disclose your protected health information to public authorities as required by law or regulation to report abuse or neglect.
We may use and disclose your protected health information to Worker’s Compensation or similar programs that provide benefits for work-related injuries or illnesses, for your compensation.
For the purposes of research that has been approved by an institutional review board and uses established protocols to ensure the protection of privacy of health information, we may use and disclose your protected health information to researchers.
If you are an inmate of a correctional institution, or under the custody or a law enforcement official, we may use and disclose to the institution or its agents, or to the law enforcement official, your protected health information necessary for your health and the health and safety of other individuals.
Other Uses Or Disclosures Not Covered By This Notice
Other uses and disclosures besides those identified above will be made only by your written authorization. You may also revoke an authorization you previously provided.
Your Health Information Rights
The health and billing records we maintain are the physical property of our practice. The information in those records, however, belongs to you.
Request Restrictions on Uses and Disclosures of Your Protected Health Information
You have the right to request a restriction on how we use and disclose your health information for treatment, payment, and healthcare operations. For example, you might request non-disclosure of a treatment to a family member or other person involved in your care. Another example is given under the HITECH Restriction of Disclosure clause. Your request must be made in writing to the Privacy Officer at our office. We are not required to grant all requests but we will comply with any request we do grant, except for emergency treatment.
Receive Confidential Communication
You have the right to request the ways we communicate with you to preserve your privacy. For example, you might request we only call you at your work number, or by mail at a certain address. Your request specifying how we are to contact you must be made in writing to the Privacy Officer at our office. We will accommodate all reasonable requests to communicate with you by alternate means or at alternate locations..
Inspect and Copy Your Protected Health Information
You have the right to inspect and copy the protected health information we maintain about you in our designated record set, which includes medical, billing, and any other records used for making decisions about you. Any psychotherapy notes are by law not available for inspection or copying. The HITECH Act, as previously noted, expands this right to include access to electronic health records in an electronic format. To inspect or copy your protected health information, submit a request in writing to the Privacy Officer at our office. We will respond within 30 days. We may charge you a fee for copying or mailing, but may only charge for labor costs for electronic transfers of health records.
Request an Amendment to Your Protected Health Information
You have the right to request that we amend your medical information if you feel it is incomplete or inaccurate. You must make this request in writing to the Privacy Officer at our office, explaining what information is incomplete or in error, how it should be changed, and the reasons for the change. We are not required to grant all such requests. You may file a statement of disagreement if your amendment is denied, and require that the request for amendment and any denial be attached in all future disclosures of your protected health information.
Receive An Accounting of Disclosures of Your Protected Health Information
You have the right to request a list of disclosures of your protected health information that were not for treatment, payment, or healthcare operations. Your request must be in writing, addressed to the Privacy Officer at our office, and must state the time period (not greater than 6 years) for which you request an accounting. Under the HITECH Act, as previously noted, you may request an accounting of all disclosures made using electronic records of your PHI to carry out treatment, payment, and healthcare operations, limited to the three year period prior to the request.
Obtain A Paper Copy of This Notice
You have the right to obtain a paper copy of this Notice. Copies are available in the reception area of our office, and you can always ask us for a copy.
We are required to abide by the terms of this Notice. Among other duties, we are required to maintain the privacy of your health information as specified by law and regulation; to provide you with a notice of our duties and privacy practices; to notify you of certain breaches of privacy; to notify you if we cannot accommodate a restriction or request; and to accommodate reasonable requests regarding methods to communicate health information with you.
File a Complaint
If you believe we have violated your privacy rights, you may file a written complaint within 180 days of the suspected violation, addressed to the Privacy Officer at our office. Please provide as much detail as you can on the matter. We will never retaliate against anyone for filing a complaint.
You may also file a complaint with the Secretary of the United States Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201; phone (202) 619-0257; toll free (877) 696-6775.
If you have questions, would like additional information or assistance, or want to report a problem regarding the handling of your information, please contact our Privacy Officer.
Michael Pope, 541.779.9393 during our normal office hours.
Or you may contact the Privacy Officer in writing at: 2612 East Barnett Rd. Medford OR 97504