HIPAA Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Inverness Dermatology, LLC d/b/a Inverness Dermatology & Laser (“Practice”) is dedicated to protecting your health information. This Notice of Privacy Practices describes how we and the medical staff and personnel who provide you with care or services may use and disclose your Protected Health Information (“PHI”) to carry out treatment, payment or healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI, which is information about you, including demographic information that may identify you and that relates to your past, present or future physical or mental health or condition and related healthcare services. We are required by law to maintain the privacy of your PHI, to provide notice of our legal duties and privacy practices with respect to your PHI, to notify affected individuals following a breach of unsecured PHI, and to abide by the terms of this Notice of Privacy Practices.
We may change the terms of our notice at any time. The new notice will be effective for all PHI that we maintain at that time. Upon your request, you can receive any revised Notice of Privacy Practices by contacting the Practice’s Privacy Officer (contact information is below) or accessing our website http://www.invernessderm.com/.
How We May Use and Disclose Your PHI.
We may use or disclose your PHI as described in this section. The following are examples of the types of uses and disclosures of your PHI that our Practice is permitted to make without your specific authorization. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by our Practice. Where state or federal law restricts one of the described uses or disclosures, we will follow the requirements of such state or federal law. The following are general descriptions only. They do not cover every example of disclosure within a category. However, all of the ways we are permitted to use and disclose your PHI will fall within one of the categories in this Notice of Privacy Practices.
- Treatment:We may use PHI about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, medical students or other personnel who are involved in your care to, for example, plan a course of treatment for you. We also may disclose PHI about you to individuals outside of the Practice who may be involved in your medical care, such as family members or others we use to provide services that are part of your care.
- Payment:We may use and disclose your PHI as needed to obtain payment for the healthcare services we provide. This may include certain activities that your health insurance plan may undertake before it approves or pays for the healthcare services we recommend for you, such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity and undertaking utilization review activities. For example, obtaining approval for a medical procedure may require that your relevant PHI be disclosed to your health plan.
- Healthcare Operations:We may use or disclose your PHI as needed to support our business activities. These activities include, but are not limited to, quality assessment activities, employee review activities, training of staff and conducting or arranging for other healthcare operations. For example, your health information may be disclosed to members of the medical staff, risk or quality improvement personnel and others to evaluate the performance of our staff.
In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician. We may also call you by name in the waiting room when your healthcare provider is ready to see you. We may use or disclose your PHI, as necessary, to contact you to remind you of your appointment. Please let us know if you do not wish to have us contact you concerning your appointment, or if you wish to have us use a different telephone number or address to contact you for this purpose.
We will share your PHI with third party “business associates” that may perform various activities (e.g., billing or transcription services) for the Practice. Whenever an arrangement between our Practice and a business associate involves the use or disclosure of your PHI, we will require the business associate to appropriately safeguard it.
Other Permitted and Required Uses and Disclosures That May Be Made Without Your Authorization or Opportunity to Object.
We may use or disclose your PHI without your authorization in the following situations:
- As Required By Law:We may use or disclose your PHI to the extent that the use or disclosure is required by applicable law.
- Public Health: We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability.
- Communicable Diseases: We may disclose your PHI, if authorized by applicable law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
- Health Oversight Activities: We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations and inspections.
- Abuse or Neglect: We may disclose PHI to a governmental authority authorized by law to receive reports of abuse, neglect or domestic violence when we reasonably believe you are the victim of abuse, neglect or domestic violence and other criteria are met.
- Food and Drug Administration (“FDA”): We may disclose your PHI to a person or company required by the FDA to report information such as adverse events and product defects, to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance.
- Legal Proceedings: We may disclose PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process if certain criteria are met.
- Law Enforcement: We may release PHI for certain law enforcement purposes including, for example, reports required by law, to comply with a court order or warrant, or to report or answer questions about a crime.
- Coroners, Funeral Directors and Organ Donation: We may disclose PHI to a coroner, funeral director or medical examiner as necessary to permit them to carry out their duties.
- Research: We may use or disclose PHI for research studies when permitted by law, for example, when the research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI. These studies will not affect your treatment or welfare, and your PHI will continue to be protected.
- Criminal Activity: We may disclose your PHI if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.
- Military Activity and National Security: To appropriate domestic or foreign military authority to assure proper execution of a military mission, if required criteria are met.
- Workers’ Compensation: Your PHI may be disclosed by us as authorized to comply with workers compensation laws and other similar legally established programs.
- Required Uses and Disclosures: Under the law, we must make disclosures to you and to the U.S. Department of Health and Human Services when required to determine our compliance with the requirements of the Federal Privacy Standards.
Other Permitted and Required Uses and Disclosures That May Be Made With Your Consent.
Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your healthcare. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose PHI to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, about your general condition or death. In addition we use or disclose your PHI to provide proof of immunization to a school that is required by state or other law to have such proof with agreement to disclosure by parent, guardian or other person acting in loco parentis of the individual, if the individual is an unemancipated minor. Finally, we may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your healthcare.
Other Permitted and Required Uses and Disclosures That May Be Made With Your Authorization.
Other uses and disclosures not described in this Notice of Privacy Practices will be made only with your written authorization. For example, unless you provide written authorization, we will not use or disclose your PHI for marketing purposes and we will not sell your PHI. You may revoke your authorization at any time, but your revocation will only be effective for future uses and disclosures and will not affect any use or disclosure made in reliance on your authorization.
Following is a statement of your rights with respect to your PHI and a brief description of how you may exercise these rights. We have the right to deny your request in certain circumstances. We will inform you if your request is denied.
- Right to Access Your PHI: With some exceptions, you have the right to inspect and get a copy of the health information that we use to make decisions about your care. If you request a copy of the information, we may charge a fee for the costs of retrieving, copying, mailing and any other supplies associated with your request. For the portion of your health record maintained in our electronic health record, you may request we provide that information to or for you in electronic format. If you make such a request, we are required to provide that information for you electronically (unless we deny your request for other reasons). We may deny your request to inspect and/or copy in certain limited circumstances, and if we do this, you may ask that the denial be reviewed.
- Right to Request Restrictions: You have the right to request a restriction or limitation on the health information we use or disclose about you (1) for treatment, payment, or health care operations, (2) to someone who is involved in your care or the payment for it, such as a family member or friend, or (3) to a health plan for payment or health care operations purposes when the item or service for which the Practice has been paid out of pocket in full by you or someone on your behalf (other than the health plan). For example, you could ask that we not use or disclose information about a procedure you had, a laboratory test ordered or a medical device prescribed for your care. Except for the request noted in (3) above, we are not required to agree to your request. Any time the Practice agrees to such a restriction, it must be in writing and signed by the Practice Privacy Officer or his or her designee.
- Right to Request to Receive Confidential Communications From Us: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. We will attempt to accommodate reasonable requests. We will not request an explanation from you as to the basis for the request. Please make this request in writing to the Practice’s Medical Records Department.
- Right to Request Amendment: If you think that the PHI we have about you is wrong or incomplete, you may ask us to amend the information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Please contact the Practice’s Medical Records Department if you have a question about amending your medical record.
- Right to Request an Accounting of Certain Disclosures: You may request a list of our disclosures of your PHI, subject to several exceptions and limitations.
- Right to Be Notified of a Breach: You have a right to be notified in the event that we discover a breach of unsecured PHI, as defined under federal law.
- Right to Obtain a Paper Copy of This Notice: You have the right to obtain a paper copy of this notice, even if you agreed to receive such notice electronically.
Questions and Complaints.
You may file a complaint with us or with the Secretary of the Department of Health and Human Services if you believe your privacy rights have been violated by us. You may file a complaint with us by notifying our Privacy Officer of your complaint. We will not retaliate against you for filing a complaint. For further information about the complaint process, or to make any requests or inquiries, you may contact our Privacy Officer at:
Inverness Dermatology, LLC
250 Inverness Center Drive
Hoover, AL 35242
Telephone: (205) 995-5575
This notice was effective on April 14, 2003 and further revised effective on September 23, 2013.