NOTICE OF PRIVACY PRACTICES
of GAIL C. S. ANDERSON, M.D., P.A.
Effective Date: June 9, 2016
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
When this Notice of Privacy Practices (this “Notice”) refers to “we” or “our,” it is referring to Gail C. S. Anderson, M.D., P.A. (the “Practice”) and the employees of the Practice. We are required by law to maintain the privacy of protected health information (“PHI”), to follow the Notice currently in effect, to provide you with notice of our legal duties and privacy practices with respect to PHI, and to notify affected individuals following a breach of unsecured PHI. This Notice describes how we may use and disclose your PHI and the rights you have with respect to your PHI. We reserve the right to amend this Notice and make new provisions effective for all PHI that we maintain. If we make any material revisions to this Notice, we will post a copy of the revised Notice in our office and on our website, and upon your request will give you a copy of the revised Notice.
A. How We May Use And Disclose Your Health Information.
- Treatment Purposes. We may use and disclose your PHI for the purpose of providing you with health care treatment or services. This would include, for example, sharing information with employees, nurses, doctors, technicians, health students, laboratory personnel, independent contractors, hospitals or other healthcare facilities and health care providers treating you or involved in taking care of you; and we participate in the Chesapeake Regional Information System for our Patients (CRISP; details below).
- Payment Purposes. We may use and disclose your PHI so that the treatment and services you receive from us may be billed and collected. For example, we may provide information to another person responsible for paying your bill; or if we later accept insurance, to your third party payor directly, or to our billing company to submit to your insurer or other third-party payor. However, you may request to restrict disclosure of your PHI to a health plan if: (i) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law; and (ii) the PHI pertains solely to a health care item or service for which you or another person on your behalf, has paid the Practice in full.
- Health Care Operations. We may use and disclose your PHI for the operations of our health care practice. This may include such things as: internal quality assessment and improvement activities; contacting other health care providers regarding treatment alternatives and advice (including by e-mail or other electronic means, but if so we will remove information that would identify you personally as the patient); evaluating provider performance; training providers of care; case management and care coordination; business planning and development; customer service; resolution of internal grievances; legal and medical review of care provided; legal and auditing services related to compliance program issues; and general administrative activities. We also use and store your PHI in an electronic medical record.
- Reminders, Treatment Alternatives or Health-Related Benefits. We may use and disclose your health information to contact you as a reminder that you have an appointment, to change an appointment, or if we need to speak to you about your diagnosis, treatment, treatment alternative or health-related benefits. We may contact any other persons whom you have identified and given us their phone number or address for contact purposes to leave a message regarding an appointment or to leave a message that we need to speak to you about your diagnosis or treatment if you are unavailable or unreachable. If we do not reach you or a contact personally, we may leave a voicemail or similar message about the circumstances mentioned in this paragraph. Please let us know if you do not wish to have us contact you concerning your appointment, or if you want us to only use a certain telephone number or address to contact you for this purpose.
- Family Members, Relatives or Close Friends. Unless you object to such disclosure, we may disclose your PHI to your family members, relatives or close personal friends or any other person identified by you as being involved in the treatment or payment for your medical care. If you are not present to agree or object to the disclosure, we may exercise our professional judgment to determine whether the disclosure is in your best interest. If we decide to disclose your PHI, we will only disclose the PHI that is relevant to your treatment or payment.
- Other Permitted and Required Uses and Disclosures. We may use and disclose your PHI for the following purposes:
- as required by law provided that the use or disclosure complies with relevant requirements of such law;
- to a public health authority that is authorized by law to collect and receive such information for the purpose of controlling or preventing disease, injury or disability including, but not limited to, reporting deaths; reporting adverse effects of medications or problems with products; enabling product recalls, repairs or replacements; and notifying persons exposed to a communicable disease or at risk for contracting or spreading a disease or condition;
- to disclose information about victims of abuse and neglect under certain circumstances;
- to a health oversight agency for activities authorized by law, including audits; civil, administrative or criminal investigations; inspections; licensure or disciplinary actions; civil, administrative or criminal proceedings or actions; or other activities necessary for appropriate oversight of the health care system, government programs, and compliance with civil rights laws;
- for judicial and administrative proceedings in response to: a court or administrative tribunal; in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested;
- for a law enforcement purpose to a law enforcement official: (i) to report certain types of wounds or physical injuries; (ii) to comply with a court order, subpoena, warrant, summons or similar process; (iii) to identify or locate a suspect, fugitive, material witness or missing person; (iv) to respond to an official about a victim of a crime under certain limited circumstances; (v) to disclose a suspicious death we believe may be the result of criminal conduct; and (vi) to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime in an emergency circumstance;
- to a coroner or medical examiner for the purpose of identifying a deceased person or to determine the cause of death and to funeral directors as necessary to carry out their duties;
- to organ procurement organizations or similar entities for the purpose of facilitating organ, eye or tissue donation and transplantation;
- for research purposes provided that certain approvals take place and certain assurances are given. We will always request your permission if the researcher has access to your name, address, or other information that reveals who you are, or who will be involved in your care. In addition, we may use and disclose your PHI to people preparing to conduct a research project in accordance with the previous provisions. Also, we may use or disclose a limited data set for research purposes if we enter into a data use agreement with the limited data set recipient. A “limited data set” is your health information that excludes certain direct identifiers of you, your relatives, employers or household members. For example, the following types of identifiers would be excluded: names, postal information other than town, city, State and zip code; fax numbers, telephone numbers, email addresses, social security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers; vehicle identifiers and serial numbers including license plate numbers, device identifiers and serial numbers, Web Universal Resource Locators (URLs), internet protocol (IP) address numbers, biometric identifiers including finger and voice prints, and full face photographic images and any comparable images;
- to prevent or lessen a serious and imminent threat to your health and safety or the health and safety of another person. The disclosure would be to someone able to prevent the threat;
- for military and veterans activities (including foreign military personnel) to assure proper execution of a military mission and to determine eligibility for benefits;
- to authorized federal officials for the purpose of conducting lawful intelligence, counter-intelligence, and other national security activities including for the provision of protective services to the President and other authorized persons or foreign heads of state or to conduct authorized investigations;
- to a correctional facility or law enforcement official if you are an inmate of a correctional institution or under the custody of a law enforcement official;
- for workers’ compensation or similar programs that provide benefits for work-related injuries or illness.
- due to Maryland law and for patient care purposes, the following applies in whole or part: we have chosen to participate in the Chesapeake Regional Information System for our Patients (CRISP), a regional health information exchange serving Maryland and D.C. As permitted by law, your health information will be shared with this exchange in order to provide faster access, better coordination of care and assist providers and public health officials in making more informed decisions. You may “opt-out” and disable access to your health information available through CRISP by calling 1-877-952-7477 or completing and submitting an Opt-Out form to CRISP by mail, fax or through their website at www.crisphealth.org. Public health reporting and Controlled Dangerous Substances information, as part of the Maryland Prescription Drug Monitoring Program (PDMP), will still be available to providers. The PDMP is also a function of CRISP.
- Authorizations. We must obtain your written authorization if you request a copy of your medical record or if we engage in any marketing for which we receive financial remuneration. Other uses and disclosures of PHI not described in this Notice will be made only with your written authorization which may be revoked at any time in writing except to the extent we have already taken action in reliance thereon.
B. Your Individual Rights. You have a number of rights associated with your PHI. You have the right to:
- Request restrictions on the use and/or disclosure of your PHI. For example, you could request that we not disclose information to your spouse about a treatment that you had received. We are not required to agree to your request for a restriction if it is not feasible for us to agree to the restriction or we believe that it would negatively impact your care. If we do comply with your request for a restriction, we may not use or disclose your PHI in violation of such restriction, except if you are in need of emergency treatment and the restricted information is needed to provide the emergency treatment. Furthermore, if this restricted information is disclosed to a health care provider for emergency treatment, we will request that the health care provider not further use or disclose the information.
- Receive confidential communications concerning your PHI in a certain way or at a certain location. For example, you can ask that we contact you at work or by mail. However, e-mail and other electronic communications are neither secure nor private; therefore we will not contact you about PHI (which includes such things as appointments) by e-mail or by other electronic methods of communication, including but not limited to websites and social media, until such later date as we might have secure e-mail.
- Access, inspect and obtain a copy your health information, including any electronic PHI. To the extent that we maintain electronic PHI, upon request we will provide you with a copy of your PHI in the format requested. We are entitled to charge you a reasonable, cost-based fee related to the cost of preparing your records. In some limited circumstances, we may deny your request to access, inspect and copy your PHI. If you are denied access to your PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by us will review your request and the denial. We will comply with the outcome of the review.
- Amend your PHI that is incorrect or incomplete. We may deny your request for amendment if we determine that the PHI that is the subject of the request: a) was not created by us, unless the person or entity that created the information is no longer available to make the amendment; b) is not part of the PHI kept by or for us; c) would not be available for you to inspect and copy; or d) is accurate and complete.
- Receive an accounting of disclosures of your PHI for a period of six (6) years prior to the date on which you request the accounting. You are not entitled to receive an accounting of certain PHI which is exempted under HIPAA. You will receive one request annually free of charge and, thereafter, we may charge you a reasonable, cost-based fee for each subsequent request for an accounting of disclosures within the same twelve-month period.
- Receive a paper copy of this Notice upon request even if you receive this Notice electronically.
If you believe that your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, contact the Privacy Official, Michelle Lidinsky (410-341-0005). The contact information for the Department of Health and Human Services is:
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Toll Free: 1-800-368-1019
All complaints must be submitted in writing. You will not be penalized for filing a complaint.
If you have any questions or concerns about this Notice, please contact Michelle Lidinsky, Privacy Official (410-341-0005).
F. Our Commitment
We are committed to protecting your health information and to complying with federal and state laws applicable to your health information. The health and well being of our patients is our primary concern when abiding by all laws and regulations governing your PHI.
GAIL C. S. ANDERSON, M.D., P.A.