THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND
DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
THIS NOTICE APPLIES TO ALL OF THE RECORDS OF YOUR CARE GENERATED BY THE
PRACTICE, WHETHER MADE BY THE PRACTICE OR AN ASSOCIATED FACILITY.
This notice describes our policies, which extend to:
Any health care professional
authorized to enter information into your chart (including physicians, PAs,
RNs, technicians, etc.);
All areas of the Practice (front
desk, administration, billing and collection, etc.);
All employees, staff and other
personnel that work for or with our Practice;
Our business associates (including an answering service, or
facilities to which we refer patients).
Cochise
Eye and Laser is providing this Notice to comply with the Privacy Regulations
issued by the Department of Health and Human Services in accordance with the
Health Insurance Portability and Accountability Act of 1996 (HIPAA).
OUR THOUGHTS ABOUT YOUR PROTECTED HEALTH INFORMATION:
We
understand that your medical information is personal to you, and we are
committed to protecting the information about you. As
our patient, we create paper and electronic medical records about your health,
our care for you, and the services and/or items we provide to you as our
patient. We need this record to
provide for your care and to comply with certain legal requirements.
We are required by law to:
Make sure that the protected health
information about you is kept private;
Provide you with a Notice of our
Privacy Practices and your legal rights with respect to protected health
information about you; and
Follow the conditions of the Notice that is currently in effect.
HOW
WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU.
The following categories describe different ways that we use
and disclose protected health information that we have and share with others. Each
category of uses or disclosures provides a general explanation and provides
some examples of uses. Not every
use or disclosure in a category is either listed or actually in place. The
explanation is provided for your general information only.
Medical Treatment. We use previously given medical information about you to
provide you with current or prospective medical treatment or services. Therefore
we may, and most likely will, disclose medical information about you to
doctors, nurses, technicians, medical students, or hospital personnel who are
involved in taking care of you. For
example, a doctor to whom we refer you for ongoing or further care may need
your medical record. Different
areas of the practice also may share medical information about you including
your record(s), prescriptions, requests of lab work and x-rays.
We may also discuss your medical information with you to recommend possible treatment options or alternatives that may be of
interest to you. When purchasing
glasses and/or contacts from our optical office, we may discuss your medical
information with you in an open optical setting to explain your visual options.
We also may disclose medical information about you to people outside the practice who may be involved in your medical care after
you leave the practice; this may include your family members, or other personal
representatives authorized by you or by a legal mandate (a guardian or other
person who has been named to handle your medical decisions, should you become
incompetent).
Payment. We may use and disclose medical information about you for
services and procedures so they may be billed and collected from you, an
insurance company, or any other third party. For
example, we may need to give your health care information, about treatment you
received at Cochise Eye and Laser, to obtain payment or reimbursement for the
care.
We may also tell your health plan and/or referring physician about a treatment you are going to receive to obtain prior approval
or to determine whether your plan will cover the treatment, to facilitate
payment of a referring physician, or the like.
Health Care Operations. We
may use and disclose medical information about you so that we can run our
practice more efficiently and make sure that all of our patients receive
quality care. These uses may
include reviewing our treatment and services to evaluate the performance of our
staff, deciding what additional services to offer and where, deciding what
services are not needed, and whether certain new treatments are effective. We
may also disclose information to doctors, nurses, technicians, medical
students, and other personnel for review and learning purposes. We
may also combine the medical information we have with medical information from
other practices to compare how we are doing and see where we can make
improvements in the care and services we offer. We
may remove information that identifies you from this set of medical information
so others may use it to study health care and health care delivery without
learning who the specific patients are.
We may also use or disclose information about you for internal or external utilization review and/or
quality assurance, to business associates for purposes of helping us to comply
with our legal requirements, to auditors to verify our records, to billing
companies to aid us in this process and the like. We
shall endeavor, at all times when business associates are used, to advise them
of their continued obligation to maintain the privacy of your medical records.
Appointment and Patient Recall Reminders. We
may use and disclose medical information to contact you as a reminder that you
have an appointment for medical care with Cochise Eye and Laser or that you are
due to receive periodic care from the practice. This
contact may be by phone, in writing, e-mail, or otherwise and may involve
leaving a message on an answering machine, which could (potentially) be
received or intercepted by others.
Emergency Situations. We
may disclose medical information about you to an organization assisting in a
disaster relief effort or in an emergency situation so that your family can be
notified about your condition, status and location.
Research. Under certain circumstances, we may use and disclose medical
information about you for research purposes regarding medications, efficiency
or treatment protocols and the like. All
research projects are subject to an approval process, which evaluates a
proposed research project and its use of medical information. Before
we use or disclose medical information for research, the project will have been
approved through this research approval process.
We will obtain an authorization from you before using or disclosing your individually identifiable health information unless the
authorization requirement has been waived. If
possible, we will make the information non-identifiable to a specific patient. If
the information has been sufficiently de-identified, an authorization for the
use or disclosure is not required.
Required by Law. We will disclose medical information about you when required
to do so by federal, state or local law.
To Avert a Serious Threat to Health or Safety. We
may use and disclose medical information about you when necessary to prevent a
serious threat either to your specific health and safety or the health and
safety of the public or another person. Any
disclosure, however, would only be to someone able to help prevent the threat.
Organ and Tissue Donation. If
you are an organ donor, we may release medical information to organizations
that handle organ procurement or organ, eye or tissue transplantation or to an
organ donation bank, as necessary to facilitate organ or tissue donation and
transplantation.
Workers’ Compensation. We
may release medical information about you for workers’ compensation or similar
programs. These programs provide
benefits for work-related injuries or illness.
Public Health Risks. Law or public policy may require us to disclose medical
information about you for public health activities. These
activities generally include the following:
to prevent or control disease, injury or disability;
to report births and deaths;
to report child abuse or neglect;
to report reactions to medications or problems with products;
to notify people of recalls of products they may be using;
to notify a person who may have been exposed to a disease or may be at
risk for contracting or spreading a disease or
condition;
to notify the appropriate government authority if we believe a patient has
been the victim of abuse, neglect or domestic
violence. We will only make
this disclosure if you agree or when required or
authorized by law.
Investigation and Government Activities. We
may disclose medical information to a local, state or federal agency for
activities authorized by law. These
oversight activities include, for example, audits, investigations, inspections,
and licensure. These activities are
necessary for the payor, the government and other regulatory agencies to
monitor the health care system, government programs, and compliance with civil
rights laws.
Lawsuits and Disputes. If
you are involved in a lawsuit or a dispute, we may disclose medical information
about you in response to a court or administrative order. This
is particularly true if you make your health an issue. We
may also disclose medical information about you in response to a subpoena,
discovery request, or other lawful process by someone else involved in the
dispute. We shall attempt in these
cases to tell you about the request so that you may obtain an order protecting
the information requested if you so desire. We
may also use such information to defend ourselves or any member of our practice
in any actual, or threatened, action.
Law Enforcement. We may release medical information if asked to do so by a
law enforcement official:
In response to a court order, subpoena, warrant, summons or similar
process;
To identify or locate a suspect, fugitive, material witness, or missing
person;
About the victim of a crime if, under certain limited circumstances, we are
unable to obtain the person’s agreement;
About a death we believe may be the result of criminal conduct;
About criminal conduct at Cochise Eye and Laser; and
In emergency circumstances to report a crime; the location of the crime or
victims; or the identity, description or
location of the person who committed
the crime.
Coroners, Medical Examiners and Funeral Directors. We
may release medical information to a coroner or medical examiner. This
may be necessary, for example, to identify a deceased person or determine the
cause of death. We may also release
medical information about patients of Cochise Eye and Laser to funeral
directors as necessary to carry out their duties.
Inmates. If you are an inmate of a correctional institution or under
the custody of a law enforcement official, we may release medical information
about you to the correctional institution or law enforcement official. This
release would be necessary (1) for the institution to provide you with health
care; (2) to protect your health and safety or the health and safety of others;
(3) for the safety and security of the correctional institution.
CHANGES TO THIS NOTICE
We reserve the right to change this notice at any time. We
reserve the right to make the revised or changed notice effective for medical
information we already have about you as well as any information we may receive
from you in the future. We will
have a copy of the current notice available in the lobby of our offices.
The notice will contain on the first page, in the top right-hand corner, the date of the last revision and effective date. In
addition, each time you visit our offices for treatment or health care
services, you may request a copy of the current notice in effect.
COMPLAINTS
If
you believe your privacy rights have been violated, you may file a complaint
with Cochise Eye and Laser or with the Secretary of the Department of Health
and Human Services. To file a complaint
with our office, contact our Office Administrator, who will direct you on how
to file an office complaint. All
complaints must be submitted in writing, and all complaints shall be
investigated, without repercussion to you.
The Office Administrator can be reached at
520-458-8131.
You
will not be penalized for filing a complaint.
OTHER
USES OF MEDICAL INFORMATION
Other uses and disclosures of medical information not covered by this notice or
the laws that apply to us will be made only with your written permission,
unless those uses can be reasonably inferred from the intended uses above. If
you have provided us with your permission to use or disclose medical
information about you, you may revoke that permission, in writing, at any time. If
you revoke your permission, we will no longer use or disclose medical
information about you for the reasons covered by your written authorization. You
understand that we are unable to take back any disclosures we have already made
with your permission, and that we are required to retain our records of the
care that we provided to you.
PATIENT RIGHTS
THIS SECTION DESCRIBES YOUR RIGHTS AND THE OBLIGATIONS OF THIS
PRACTICE REGARDING THE USE AND DISCLOSURE OF YOUR MEDICAL INFORMATION.
You have the following rights regarding medical information we
maintain about you:
Right to Inspect and Copy. You
have the right to inspect and copy medical information that may be used to make
decisions about your care. This
includes your own medical and billing records, but does not include
psychotherapy notes. Upon proof of
an appropriate legal relationship, records of others related to you or under
your care (guardian or custodial) may also be disclosed.
To inspect and copy your medical record, you must submit your request in writing to our Compliance
Officer.
Ask the front desk person for the name of the Compliance Officer. If you request a
copy of the information, we may charge a fee of fifteen (15) cents per page for
the costs of copying, mailing or other supplies (tapes, disks, etc.) associated
with your request.
We may deny your request to inspect and copy in certain very
limited circumstances. If you are
denied access to medical information, you may request that our Compliance
Committee review the denial.
Another licensed health care professional chosen by our office will review your request and the denial. The
person conducting the review will not be the person who denied your request. We
will comply with the outcome and recommendations from that review.
Right to Amend. If you feel that the medical information we have about you
in your record is incorrect or incomplete, then you may ask us to amend the
information, following the procedure below. You
have the right to request an amendment for as long as Cochise Eye and Laser
maintains your medical record.
To request an amendment, your request must be submitted in writing to the
Compliance Officer, along with your intended amendment and a reason that
supports your request to amend. The
amendment must be dated and signed by you and notarized.
We may deny your request for an amendment if it is
not in writing or does not include a reason to support the request. In addition, we may deny your request if you
ask us to amend information that:
Was not created by us, unless the person or entity that created the information
is no longer available to make the amendment;
Is not part of the medical information kept by or for Cochise Eye and Laser;
Is not part of the information which you would be permitted to inspect and
copy; or
Right to an Accounting of Disclosures. You
have the right to request an “accounting of disclosures.” This
is a list of the disclosures we made of medical information about you to
others.
To request this list, you must submit your request in writing
to the Compliance Officer.
Your request must state a time period not longer than six (6) years back and may not include dates before April 14, 2003 (or the
actual implementation date of the HIPAA Privacy Regulations).
Your request should indicate in what form you want the list (for example, on paper, electronically). We
will notify you of the cost involved and you may choose to withdraw or modify
your request at that time before any costs are incurred.
Right to Request Restrictions. You
have the right to request a restriction or limitation on the medical
information we use or disclose about you for treatment, payment or health care
operations. You also have the right
to request a limit on the medical information we disclose about you to someone
who is involved in your care or the payment for your care (a family member or
friend). For example, you could ask
that we not use or disclose information about a particular treatment you
received.
We are not required to agree to your request and we
may not be able to comply with your request. If
we do agree, we will comply with your request except that we shall not comply,
even with a written request, if the information is excepted from the consent
requirement or we are otherwise required to disclose the information by law.
To request restrictions, you must make your request in writing to the Compliance Officer. In
your request, you must indicate:
What information you want to limit;
Whether you want to limit our use, disclosure or both; and
To whom you want the limits to apply, (e.g., disclosures to your children,
parents, spouse, etc.)
Right to Request Confidential Communications. You
have the right to request that we communicate with you about medical matters in
a certain way or at a certain location. For
example, you can ask that we only contact you at work or by mail, that we not
leave voice mail or e-mail, or the like.
To request confidential communications, you must make your request in writing
to the Compliance Officer. We will
not ask you the reason for your request. We
will accommodate all reasonable requests. Your
request must specify how or where you wish us to contact you.
Right to a Paper Copy of This Notice. You
have the right to a paper copy of this notice.
You may ask us to give you a copy of this notice at any time. Even if you have
agreed to receive this notice electronically, you are still entitled to a paper
copy of this notice.
JOB DESCRIPTION - PRIVACY OFFICER
A.
Oversee Compliance Efforts
oversee and monitor the development and implementation of the
Compliance Program;
establish methods and periodically audit the Practice to
ensure its efficiency and quality and to reduce vulnerability to exposure
areas;
coordinate compliance efforts with Compliance Personnel and
Practice department managers as needed; and
prepare and present regular reports to the Board of Directors
and the Practice as a whole, on Practice compliance.
B. Review
and Update the Compliance Plan as Necessary
receive all mailings, educational materials, etc. on HIPAA
and/or state law privacy related material;
cull through, organize and disseminate plan updates.
C. Develop
Training/Education Programs
develop and implement training and education programs for all
Practice employees (staff and providers);
ensure that independent contractors, business associates and
others who furnish services to the Practice are aware of the requirements of
the Practice's Compliance Plan;
develop mechanisms to receive and investigate reports of
non-compliance; and
develop policies and programs that encourage employees to
report non-compliance without fear of retaliation.
D. Implement the Compliance Plan
maintain current and effective Privacy policies and
procedures;
conduct periodic audits in the following areas:
staff compliance with privacy policies and procedures;
accounting
for disclosures;
patient access to information;
Business Associate compliance;
other areas as deemed appropriate.
conduct ongoing educational programs;
review
and update Business Associate Agreements;
circulate all HIPAA compliance updates" lfo9? level1
margin-left:1.25in;text-indent:-.25in;mso-list:l0
margin-top:0in;margin-right:0in;margin-bottom:12.0pt;>
investigate all complaints regarding breach of privacy
policies or procedures;
take prompt corrective actions where necessary;
respond to compliance related inquiries; and
act as liaison with legal counsel.
E.
Documentation
maintain all logs regarding compliance efforts, investigations
and the like in a secure location.
maintain log for all staff training sessions, etc.
conduct and maintain a record of all exit interviews with
employees leaving the Practice's employ;
maintain log for all Business Associates’ contracts.
JOB DESCRIPTION
- SECURITY OFFICER
A.
Oversee Compliance Efforts
oversee and monitor the development and implementation of the
Security
Compliance Program;
ensure compliance with the HIPAA Electronic Transactions
Standards;
ensure proper back-up systems for all data stored, received
and transmitted;
oversee the development of and manage the Disaster Plan;
establish methods and periodically audit the Practice to
ensure its efficiency
and quality and to reduce vulnerability to exposure areas;
coordinate compliance efforts with Compliance Personnel and
Practice
department managers as needed; and
prepare and present regular reports to the Board of Directors
and the
Practice as a whole, on Practice compliance.
C.
Develop Training/Education Programs
develop and implement training and education programs for all
Practice employees (staff and providers) in the area of security and integrity
of protected health information;
ensure that independent contractors and investigators who
furnish services to the Practice are aware of the requirements of the
Practice's Compliance Plan;
develop mechanisms to receive and investigate reports of
non-compliance;
take corrective actions to resolve non-compliance; and
develop policies and programs that encourage employees to
report non-compliance without fear of retaliation.
D. Implement the Compliance Plan
maintain current and effective security policies and
procedures;
conduct periodic audits in the following areas:
staff compliance with
security policies and procedures;
log of transmissions emanating from the Practice;
password access systems;
other areas as deemed appropriate.
conduct ongoing educational programs;
circulate all HIPAA security updates;
maintain Chain of Trust Agreements;
investigate all breaches of security and complaints of alleged
breaches;
take prompt corrective actions where necessary;
respond to compliance related inquiries;
act as liaison with information system hardware and software
vendors; and
act as liaison with legal counsel.
E.
Documentation
maintain all logs regarding compliance efforts, investigations
and the like in a secure location;
maintain logs of staff training efforts;
conduct and maintain record of all exit interviews with
employees leaving the Practice's employ; and
maintain log of all Chain of Trust Agreements.
