|
Privacy
Policy
HEALTH INSURANCE PORTABILITY and ACCOUNTABILITY ACT of 1996
(HIPAA)
NOTICE OF PRIVACY PRACTICES
Effective Date: April 14, 2003
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND
DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
IT CAREFULLY.
If you have any questions about this notice, please contact our Registration
and Reception Manager.
Understanding your Health Record Information
Each time you visit a physician or other healthcare provider, the provider
makes a record of your visit. This record usually contains your health
history, current symptoms, examination and test results, diagnoses, treatment,
and a plan for future care or treatment. The file containing this information
is often referred to as your medical record and it serves as a:
• Basis for planning your care and treatment.
• Means of communication among the many
health professionals who contribute to your care.
• Legal document describing the care you
received.
• Means by which you or a third-party payer
can verify that you actually received the services billed for.
• A tool in medical education.
• A source of information for public health
officials charged with improving the health of the regions they serve.
• A tool to assess the appropriateness
and quality of care you received.
• A tool to improve the quality of healthcare
and achieve better patient outcomes.
It is important to understand what is in your health records and how
your health information is used. This helps you to:
• Ensure its accuracy and completeness.
• Understand who, what, where, how, and
why others may access your health information.
• Make an informed decision about authorizing
disclosure to others.
• Better understand the health information
rights described below.
Your Rights Under the Federal Privacy Standard
Although your health records are the physical property of the healthcare
provider who created it, you have certain rights to the information inside.
You have the right to:
• Request restrictions on uses and
disclosures of your health information. We will use this information
for treatment, payment, and health care operations. “Health care
operations” consist of activities that are necessary to carry out
the operations of the provider, such as quality assurance and peer review.
The right to request a restriction does not extend to uses or disclosures
permitted or required under 164.502 (a)(2)(i) (disclosures to you) or
164.512 (uses and disclosures not requiring a consent or an authorization).
The latter uses and disclosures includes mandatory communicable disease
reporting under federal laws. In those cases, you do not have the right
to request a restriction.
If you decide to request a restriction, we do not have to agree to the
restriction. If we do, we will adhere to it until you decide to revoke
permission. If we decide to remove the restriction at a later date, we
will give you advance notice. You may also ask us to communicate with
you privately or by alternate means. If the method of communication is
reasonable, we must grant the alternate communication request.
• Obtain a copy of this Notice of Privacy
Practices. Although we have posted a copy in prominent locations throughout
the facility and on our website, you have the right to request a copy.
• Inspect and obtain a copy of your health
information upon request. Again, this right is not absolute. In certain
situations, we can deny access if access would cause harm to yourself
or another. You do not have the right to access the following:
• Psychotherapy notes. These are comprised of notes
recorded in any medium by a mental health professional documenting or analyzing
conversations
during a private counseling session or a group, joint, or family counseling
session and are separate from the rest of your medical record.
• Information compiled in reasonable anticipation
of or for use in civil, criminal, or administrative actions or proceedings.
•
Patient health information (PHI) that is subject to the Clinical Laboratory
Improvement Amendments of 1988 (“CLIA”), 42 U.S.C. 263a,
to the extent that law would prohibit the provision of access to the
individual.
• Information was obtained from someone other than
a healthcare provider under a promise of confidentiality and the access requested
would be
reasonably likely to reveal the source of the information.
• In other situations, the provider may
deny you access. The provider must provide you with a review of the denial
process. Grounds for denial include:
• The licensed healthcare professional has determined,
while exercising professional judgment, that there is reasonable belief that
access will
endanger the life or physical safety of the individual or another person.
• PHI makes reference to another person (other than
a healthcare provider) and a licensed healthcare provider has determined, in
the exercise of
professional judgment, that there is reasonable belief that access will
cause substantial harm to such other person.
• The request is made by a personal representative
of the individual and a licensed healthcare professional has determined in the
exercise of
professional judgment, that there is reasonable belief that providing
access to the personal representative will cause substantial harm to
the individual or another person.
For these reviewable grounds, another licensed professional must review
the decision of the provider denying access within 60 days. If we deny
you access, we will explain why and what your rights are, including how
to seek review.
If we grant access, we will tell you what you need to do to access the
information requested.
We reserve the right to charge a reasonable, cost-based fee for making
copies.
• Request amendment/correction of your
health information. We do not have to grant the request if:
• We did not create the record. We cannot confirm
if the information is accurate or not because we are not the source. In such
cases, you must
seek an amendment/correction from the party creating the record. If they
amend or correct the record, we will put the corrected record in our
records.
• The record is accurate and complete.
If we deny your request for amendment/correction: we will tell you why
you were denied and how you can attach a statement of disagreement to
your records and file a complaint. We may rebut the claim. If we grant
the request, we will make the correction and distribute the correction
to the appropriate individuals and any whom you would like to receive
the corrected information.
• Obtain an accounting of “non-routine” uses
and disclosures – other than those for treatment, payment, health
care operations, or resulting from your authorization. To individuals
of protected health information about them. We do not need to provide
an accounting for:
• For national security or intelligence purposes
under 164.512 (k)(2) (disclosures not requiring consent, authorization, or an
opportunity to object).
• To correctional institutions or law enforcement
officials under 164.512(k)(5) (disclosures not requiring consent, authorization,
or an opportunity
to object). That occurred before April 14, 2003.
We must provide the accounting within 60 days. The accounting must include:
• Date of each disclosure.
• Name and address of the organization or person
who received the protected health information.
• Brief description of the information disclosed.
• Brief statement of the purpose of the disclosure
that reasonably informs you of the basis for the disclosure or, in lieu of such
statement, a
copy of your written authorization or copy of the written request for
disclosure.
The first accounting in any 12-month period is free. Thereafter, we reserve
the right to charge a reasonable, cost-based fee.
Other Responsibilities Under the Federal Privacy Standard
In addition to providing your rights, the federal privacy standard requires
us by law to:
• Maintain the privacy of your health information,
including implementing reasonable and appropriate physical, administrative,
and technical safeguards to protect the information.
• Request written authorization from you
to release information not pertaining to treatment, payment, or healthcare
operations.
• Provide you with a Notice of Privacy
Practices with respect to the individually identifiable health information
we collect and maintain about you.
• Abide by the terms of this notice.
• Train our personnel concerning privacy
and confidentiality.
• Implement a sanction policy to discipline
those who breach privacy/confidentiality standards or our policies.
• Take corrective action for any breach
of privacy/confidentiality.
WE RESERVE THE RIGHT TO CHANGE OUR PRACTICES AND TO MAKE NEW PROVISIONS
EFFECTIVE FOR ALL INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION WE MAINTAIN.
IF A CHANGE IS MADE, WE WILL MAIL A REVISED NOTICE TO THE ADDRESS YOU
HAVE SUPPLIED TO US.
We will not use or disclose your health information without your authorization,
except as described in this notice or otherwise required by law.
How to Get More Information or to Report a Problem
If you think we may have violated your privacy rights or you disagree
with a decision we made about access to your Protected Health Information,
you may file a complaint with the person listed below. You may also send
a written complaint to the Secretary of Health and Human Services. To
file a complaint with our clinic, contact the Patient Relations Department
at 562-693-4325 or send us your written complaint to:
Patient Relations
American Indian Healing Center
12456 E. Washington Blvd.
Whittier, CA. 90602
If you have questions and/or would like additional information, please
contact AIHC.
Examples of Disclosures for Treatment, Payment, and Health Operations
We will use your health information for treatment.
Example: A physician, nurse or other member of your healthcare team will
record information in your record to diagnose your condition and determine
the best course of treatment for you. The primary caregiver will give
treatment orders and document what he or she expects from the other members
of the healthcare team for your treatment. Those other members will then
document the actions they took and their observations. In that way, the
primary caregiver will know how you are responding to treatment.
We will also provide your current physician, other healthcare professionals
or subsequent healthcare providers with copies of your records to assist
them in treating you once we are no longer treating you.
We will use your health information to bill for payment.
Example: We may send a bill containing protected health information to
you or to a third-party payer, such as your health insurer. This includes
information that identifies you, your diagnosis, treatment received,
and supplies used.
We will use your health information for health operations.
Example: Members of the medical staff, the risk or quality improvement
manager, or members of the quality assurance team may use information
in your health record to assess the care and outcomes in your cases and
the competence of the caregivers. We will use this information in an
effort to continually improve the quality and effectiveness of the healthcare
and services we provide.
Business Associates: We provide some services through contracts with
business associates. Examples include certain diagnostic tests, a copy
service to make copies of medical records, etc. When we use these services,
we may disclose your health information to business associates so that
they can perform the function(s) we have contracted them to do and to
bill you or your third-party payer for services rendered. We require
the business associate to appropriately safeguard your information to
protect you.
Notification: We may use or disclose information to notify or assist
in notifying a family member, personal representative, or other person
responsible for your care, location, and general condition.
Communication with family: Unless you object, health professionals may,
exercising their professional judgment, disclose to a family member,
other relative, close personal friend or any other person you identify,
health information relevant to the level of responsibility and/or care
they provide for you.
Research: We may disclose information to researchers when an institutional
review board that has reviewed the research proposal and established
protocols to ensure the privacy of your health information has approved
their research.
Funeral Directors: We may disclose health information to funeral directors
consistent with applicable law to enable them to carry out their duties.
Marketing Continuity of Care: We may contact you to provide appointment
reminders or information about treatment alternatives or other health-related
benefits and services that may be of interest to you.
Fund-raising: We, or a contracted service, may contact you as part of
a fund-raising effort. You have the right to request not to receive subsequent
fund-raising materials.
Food and Drug Administration (FDA): We may disclose to the FDA your health
information relating to adverse effects/events with respect to food,
drugs, supplements, products or product defects, or post marketing surveillance
information to enable product recalls, repairs, or replacement.
Workers Compensation: We may disclose health information to the extent
authorized by and to the extent necessary to comply with laws relating
to workers compensation or other similar programs established by law.
Public Health: As required by law, we may disclose your health information
to public health or legal authorities charged with preventing or controlling
disease, injury, or disability.
Correctional Institution: Should you be an inmate of a correctional institution,
we may disclose to the institution or agents thereof health information
necessary for maintaining your health and/or the health and safety of
other individuals.
Law Enforcement: We may disclose health information purposes as required
by law or in response to a valid subpoena.
Health Oversight Agencies and Public Health Authorities: If a member
of our work force or a business associate believes in good faith that
we have engaged in unlawful conduct or violated professional or clinical
standards and are potentially endangering one or more patients, workers,
and/or the public, they may disclose your health information to health
oversight agencies and/or public health authorities, such as the department
of health.
The Federal Department of Health and Human Services (DHHS): Under the
privacy standards, we must disclose your health information to DHHS as
necessary for them to determine our compliance.
|
