NOTICE OF PRIVACY PRACTICE (updated 8/2024)
How We Use and Disclose Your Information
Treatment, Payment, and Health Care Operations.
We may use your PHI as otherwise authorized or required by law for such purposes as...
- Public health reporting and oversight activities
- Judicial, administrative, or law enforcement proceedings
- Complying with workers’ compensation laws
- Communicating with your family or caregivers
- Sending appointment reminders
You Have the Right to:
- Request certain restrictions on our use and disclosure of your PHI.
- Request communications from us by specific means or locations.
- Inspect and copy your medical record.
- Ask us to correct the information in your medical record.
- Receive an accounting of disclosures of your PHI by our practice.
- Be notified in the case of a breach of unsecured PHI.
WHO WILL FOLLOW THIS NOTICE
INFORMATION COLLECTED ABOUT YOU
In the ordinary course of receiving treatment and health care services from us, you will be providing us with personal information such as:
- Your name, address, and phone number, information relating to your medical history, your insurance information and coverage, information concerning your doctor, nurse, or other medical providers and create a medical record for you. This medical record is the property of our ophthalmic practice, but the information in the medical record belongs to you. Some information also may be provided to us by other individuals or organizations that are part of your “circle of care,” such as your primary care provider, a referring physician, your other doctors, your health plan, and your close friends or family members.
HOW WE MAY USE AND DISCLOSE INFORMATION ABOUT YOU
The law permits us to use and disclose personal and identifiable health information about you for the following purposes:
- Treatment. We may use your PHI in order to provide your medical care. For example, we may use your medical history, such as any presence or absence of diabetes, to assess the health of your eyes. We may disclose information to others who are involved in providing your care. We will never share any substance abuse treatment records without your written permission.
- Payment. We may use and disclose your PHI to bill for our services and to collect payment from you or your insurance company.
- Health Care Operations. We may use and disclose your PHI for the general operation of our business.
- Required by Law. As required by law, we will use and disclose your PHI, but we will limit our use or disclosure to the relevant requirements of the law.
- Public Health. We may disclose your PHI to a public health authority authorized to collect or receive PHI for the purpose of preventing or controlling disease, injury, or disability. We may also use and disclose your PHI in order to notify persons who may have been exposed to a disease or who are at risk of contracting or spreading a disease.
- Health Oversight Activities. As required or authorized by law, we may disclose PHI to a public health authority or other government authority authorized by law to receive reports of child, elder, or dependent abuse or neglect or domestic violence, the Food and Drug Administration for activities such as adverse events, product defects or problems, or replacements; or to conduct post-marketing surveillance. We may disclose your PHI to health oversight agencies as authorized or required by law for health oversight activities such as audits, investigations, inspections, licensure or disciplinary actions, and civil, criminal, or administrative proceedings or actions.
- Judicial and Administrative Proceedings. We may disclose your PHI in the course of administrative or judicial proceedings as required by law.
- Organ Donation. As authorized by law, we may disclose your PHI to organ procurement organizations, transplant centers, and eye or tissue banks.
- Worker’s Compensation. We may disclose your PHI as necessary to comply with workers’ compensation laws. For example, to the extent your care is covered by workers’ compensation, we will make periodic reports to your employer about your condition. We are also required by law to report cases of occupational injury or occupational illness to the employer or worker’s compensation insurer.
- Employers. We may disclose your PHI to your employer if we provide health care services to you at the request of your employer, and the health care services are provided either to conduct an evaluation relating to medical surveillance of the workplace or to evaluate whether you have a work-related illness or injury.
- Armed Forces. If you are a member of the Armed Forces, we may disclose your PHI for activities deemed necessary by military command authorities. We also may disclose health information about foreign military personnel to their appropriate foreign military authority.
- Correctional Institutions. If you are an inmate, we may release your PHI to a correctional institution where you are incarcerated or to law enforcement officials in certain situations such as where the information is necessary for your treatment, health, or safety, or the health or safety of others.
- National Security. We may disclose your PHI for national security and intelligence activities and for the provision of protective services to the President of the United States and other officials or foreign heads of state.
- Business Associates. We sometimes work with outside individuals and businesses that help us operate our business successfully, such as by providing billing services. We may disclose your PHI to these business associates so that they can perform the tasks that we hire them to do and require them to protect the confidentiality of your PHI.
- Notification and Communication with Family. We may disclose your PHI to notify persons responsible for your care about your location, general condition, or death. We may disclose information to public or private entities authorized to coordinate such notifications for disaster relief purposes. We may also disclose your PHI to someone who is involved with your care or helps pay for your care. Generally, we will obtain your oral agreement before using or disclosing health information in these ways. However, under certain circumstances, such as in an emergency situation, we may make these uses and disclosures without your agreement. If you are unable or unavailable to agree or object, we will use our best judgment in communicating with your family and others.
- Facility Directories. We may use your PHI to maintain a directory of individuals in our facility unless you object.
- Change of Ownership. In the event that this medical practice is sold or merged with another organization, your medical record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.
- Appointment Reminders. We may use and disclose medical information to contact you as a reminder that you have an appointment or that you should schedule an appointment. If you are not home, we may leave this information in a telephone message, or a message left with the person answering the phone. We do not need your authorization to send you reminders or information about appointments, treatment, or medication that you are currently prescribed, even if we receive compensation from a third party for doing so, as long as the compensation only covers the costs reasonably related to making the communication.
OTHER USES AND DISCLOSURES OF PERSONAL HEALTH INFORMATION
INDIVIDUAL RIGHTS
To exercise any of your rights listed below, please contact our Privacy Officer in writing at the address listed below and include the details necessary for us to consider your request.
Restriction Requests. You have the right to ask for restrictions on certain uses and disclosures of PHI, including disclosure made to persons assisting with your care or payment for your care. We will consider your requests and notify you of the outcome but are not required to accept such requests. If we do agree to a restriction, we must abide by it unless you agree in writing to remove it.
Amend or Supplement. If you believe that information in your records is incorrect or incomplete, you have the right to ask us to correct the existing information or add missing information within 60 days. When making a request for amendment, you must state the reason for making such a request. Under certain circumstances, we may deny your request, such as when we do not have the information, the information was not created by us (unless the person or entity that created it is no longer available to make the amendment), you would not be permitted to inspect and copy the information, or the information is accurate and complete. If we deny your request, we will tell you why. You may submit a written statement of your disagreement with that decision. We may then prepare a written rebuttal. All information related to any request to amend will be maintained and disclosed in conjunction with any subsequent disclosure of the disputed information.
Breach Notification. In the case of a breach of unsecured PHI, you have the right to be notified, as provided by law. If you have given us a current email address, we may use it to communicate information related to the breach. In some circumstances our Business Associate may provide the notification. We may also provide notification by other methods as appropriate. [Only use email if you are certain, it will not contain PHI and it will not disclose inappropriate information. For example, if your email address is “retinaldiseasedocs.com” an email sent with this address could, if intercepted, identify the patient and their condition.]
Copy of Notice. You have the right to a copy of this notice in paper form, even if you agreed to receive notice electronically. You may ask us for a copy at any time.
CHANGES TO THIS NOTICE
COMPLAINTS/CONTACT INFORMATION
If you feel that your privacy protections have been violated by our office, you have the right to file a complaint with the Secretary of the Department of Health and Human Services, Office of Civil Rights by sending a letter to 200 Independence Avenue, SW, Washington, DC 20201 calling (877) 696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. Contact our Privacy Officer with any questions, comments, or complaints or to exercise any of your rights at EyeOne, Attn: Compliance Officer, 17 North Medical Park Drive, Fishersville, Virginia 22939, email info@eyeoneva.com or call 540-213-7720.