Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
A federal regulation, known as the “HIPAA” (Health Insurance Portability and Accountability Act of 1996) Privacy Rule,” requires that we provide detailed notice in writing of our privacy practices. We understand that this Notice is long. The HIPAA Privacy Rule requires us to address many specific items in this Notice.
I.We Have a Legal Duty to Protect Health Information about You
KidMed is required by law to protect the privacy of our patients’ health information. The HIPAA Privacy Rule requires that we protect the privacy of health information that identifies a patient or could possibly identify a patient. This information is called “protected health information” or “PHI”. This Notice describes your rights as our patient and our obligations regarding the use and disclosure of PHI.
We are required by law to:
- Maintain the privacy of your PHI.
- Give you this Notice of our legal duties and privacy practices with respect to PHI.
- Comply with the terms of our Notice of Privacy Practices that is currently in effect.
The terms of this Notice apply to all existing and future records containing your PHI that are created or for all PHI that we may already have about you. KidMed will post a copy of our current Notice in a prominent location in our offices at all times and on our Website. We reserve the right to make changes to this Notice and to make such changes effective for all existing and future PHI. Any change or amendment to this Notice will be posted in a prominent location in our offices at all times and on our website. We will also provide you with a copy of the revised Notice upon your request made to our Privacy Official.
- How We May Use and Disclose Protected Health Information about You
The following categories describe the different ways we may use and disclose PHI for treatment, payment, or health care operations. The examples included with each category do not list every type of use or disclosure that may fall within each category.
- Treatment: We may use and disclose PHI about you to provide, coordinate or manage your health care and related services. We may consult with other health care providers regarding your treatment and coordinate and manage your health care with others. For example, we may use and disclose your PHI when you need a prescription, lab work, an x-ray, or other health care services. We may use and disclose PHI about you when referring you back to your primary health care provider. For example, we may send a report about the care you received in our office so that your primary physician can follow up on your status. Additionally, we may disclose your PHI to others who may assist in your care, such as your spouse, children or parents, unless you object.
- Payment: We may use and disclose PHI so that we can bill and collect payment for the treatment and services provided to you. For example, we may contact your health insurer to certify that you are eligible for benefits (and what range of benefits), and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for your treatment. We may use and disclose your PHI for billing, claims management and collection activities. We may use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, such as family members. We may also disclose PHI to another health care provider or to a company or health plan required to comply with the HIPAA Privacy Rule for the payment activities of that health care provider, company or health plan. For example, we may allow a health insurance company to review PHI in order to determine the insurance benefits to be paid for your care.
- Health Care Operations: We may use and disclose PHI in performing business activities, which are called health care operations. Health care operations include doing things that allow us to improve the quality of care we provide and to reduce health care costs. We may use and disclose PHI about you in the following health care operations: Reviewing and improving the quality, efficiency and cost of care that we provide to our patients. For example, we may use PHI about you to develop ways to assist our physicians and staff in deciding how we can improve the medical treatment we provide to others.
- Reviewing and evaluating the skills, qualifications, and performance of health care providers taking care of you and our other patients.
- Providing training programs for students, trainees, health care providers, or non-health care professionals (for example, billing personnel) to help them practice or improve their skills.
- Cooperating with outside organizations that assess the quality of the care that we provide.
- Cooperating with outside organizations that evaluate, certify, or license health care providers or staff in a particular field or specialty. For example, we may use or disclose PHI so one of our nurses may become certified as having expertise in a specific field of nursing.
- Cooperating with various people who review our activities. For example, PHI may be seen by doctors reviewing the services provided to you, and by accountants, lawyers, and others who assist us in complying with the law and managing our business.
- Assisting us in making plans for our practice’s future operations.
- Resolving grievances within our practice.
- Reviewing our activities and using or disclosing PHI in the event that we sell our practice to someone else or combine with another practice.
- Business planning and development, such as cost-management analyses.
- Business management and general administrative activities of our practice, including complying with the HIPAA Privacy Rule and other legal requirements.
- Creating “de-identified” information that is not identifiable to any individual.
If another health care provider, company, or health plan that is required to comply with the HIPAA Privacy Rule has or once had a relationship with you, we may disclose PHI about you for certain health care operations of that health care provider or company. For example, such health care operations may include: reviewing and improving the quality, efficiency and cost of care provided to you; reviewing and evaluating the skills, qualifications, and performance of health care providers; providing training programs for students, trainees, health care providers, or non-health care professionals; cooperating with outside organizations that evaluate, certify, or license health care providers or staff in a particular field or specialty; and assisting with legal compliance activities of that health care provider or company. We may also disclose PHI for the health care operations of an “organized health care arrangement” in which we participate.
- Communication from Our Office: We may contact you to remind you of appointments notify you of lab and x-ray results and to provide you with information about treatment and treatment alternatives or other health related benefits and services.
- Disclosures Required By Law: We will use and disclose PHI when we are required to do so by law.
- You can object to Certain Uses and Disclosures: We may use and disclose PHI about you in some situations where you have the opportunity to agree or object to certain uses and disclosures of PHI about you. If you do not object, then we may make these types of uses and disclosures of PHI.
- Individuals Involved in Your Care or Payment for Your Care: We may disclose PHI about you to your family member, close friend, or any other person identified by you if that information is directly relevant to the person’s involvement in your care or payment for your care. If you are present and able to consent or object (or if you are available in advance), then we may only use or disclose PHI if you do not object after you have been informed of your opportunity to object. If you are not present or you are unable to consent or object, we may exercise professional judgment in determining whether the use or disclosure of PHI is in your best interests. For example, if you are brought into this office and are unable to communicate normally with our providers for some reason, we may find it is in your best interest to give your prescription and other medical supplies to the friend or relative who brought you in for treatment. We may also use and disclose PHI to notify such persons of your location or general condition. We also may use professional judgment and our experience with common practice to make reasonable decisions about your best interests in allowing a person to act on your behalf to pick up prescription medications, medical supplies, x-rays, or other items that contain PHI about you
- We may Use and Disclose PHI under Other Circumstances Without Your Authorization or an Opportunity to Agree or Object: We may use and/or disclose PHI about you in the following circumstances in which you do not have to consent, give authorization or otherwise have an opportunity to agree or object. Those circumstances include:
- 1. Required By Law: We may use and disclose PHI as required by federal, state, or local law. Any disclosure complies with the law and is limited to the requirements of the law.
- Public Health Activities: We may use or disclose PHI to public health authorities or other authorized persons to carry out certain activities related to public health, including the following activities:
- To prevent or control disease, injury, or disability
- To report disease, injury, birth, or death
- To report child abuse or neglect
- To report reactions to medications or problems with products or devices regulated by the federal Food and Drug Administration
- To notify a person who may have been exposed to a communicable disease in order to control who may be at risk of contracting or spreading the disease
- To report to your employer, under limited circumstances, information related primarily to workplace injuries or illness, or workplace medical surveillance.
- Abuse, Neglect, or Domestic Violence: We may disclose PHI in certain cases to proper government authorities if we reasonably believe that a patient has been a victim of domestic violence, abuse or neglect.
- Health Oversight Activities: We may disclose PHI to a health oversight agency for oversight activities including, for example, audits, investigations, inspections, licensure and disciplinary activities and other activities conducted by health oversight agencies to monitor the health care system, government health care programs, and compliance with civil rights laws and the healthcare system in general.
- Lawsuits and Other Legal Proceedings: We may use or disclose PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose PHI in response to a discovery request, subpoena, or other required legal process by another party involved in the dispute, but only if we have made an effort to inform you of the request or obtain an order protecting the information the party has requested.
- 6. Law Enforcement: Under certain conditions, we may disclose PHI to law enforcement officials for the following purposes where the disclosure is:
- Required by law
- About a suspected crime victim if, under certain limited circumstances, we are unable to obtain a person’s agreement because of incapacity or emergency
- To alert law enforcement of a death that we suspect was the result of criminal conduct
- In response to a court order, warrant, subpoena, summons, administrative agency request, or other authorized process
- To identify or locate a suspect, fugitive, material witness, or missing person
- About a crime or suspected crime committed at our office
- In response to a medical emergency not occurring at the office, if necessary to report a crime, including the nature of the crime, the location of the crime or the victim, and the identity of the person who committed the crime.
- Coroners, Medical Examiners, and Funeral Directors: We may disclose PHI to a coroner or medical examiner to identify a deceased person and determine the cause of death. In addition, we may disclose PHI to funeral directors, as authorized by law, so that they may carry out their jobs.
- Organ and Tissue Donation: If you are an organ donor, we may use or disclose PHI to organizations that help procure, locate, and transplant organs in order to facilitate an organ, eye, or tissue donation and transplantation.
- Research: We may use and disclose PHI about you for research purposes under certain limited circumstances. We must obtain a written authorization to use and disclose PHI about you for research purposes except in situations where a research project meets specific, detailed criteria established by the HIPAA Privacy Rule to ensure the privacy of PHI.
- To Avert a Serious Threat to Health or Safety: We may use or disclose PHI about you in limited circumstances when necessary to prevent a threat to the health or safety of a person or to the public. This disclosure can only be made to a person or organization able to help prevent the threat.
- Specialized Government Functions: Under certain circumstances we may disclose PHI:
- For certain military and veteran activities, including determination of eligibility for veterans for veterans benefits and where deemed by military command authorities
- For national security and intelligence
- To help provide protective services for the president and others
- For the health or safety of inmates and others at correctional institutions or other law enforcement custodial situations for the general safety and health related to corrections facilities.
- Disclosures required by HIPAA Privacy Rule: We are required to disclose PHI to the Secretary of the United States Department of Health and Human Services when requested by the Secretary to review our compliance with the HIPAA Privacy Rule.
- Other Uses and Disclosures of Protected Health Information Require Your Authorization
- Workers’ Compensation: Only with your authorization may we disclose PHI as authorized by workers’ compensation laws or other similar programs that provide benefits for work-related injuries or illness.
- All other uses and disclosures of PHI about you will only be made with your written authorization. If you have authorized us to use or disclose PHI about you, you make revoke your authorization at any time, except to the extent we have taken action based on authorization.
III. You Have Several Rights Regarding PHI about You
Under federal law, you have the following rights regarding PHI about you:
- Right to Request Restrictions: You have the right to request additional restrictions on the PHI that we may use for treatment, payment and health care operations. You may also request additional restrictions on our disclosure of PHI to certain individuals involved in your care that otherwise are permitted by the Privacy Rule. We are not required to agree to your request. If we do agree to your request, we are required to comply with our agreement except in certain cases, including where the information is needed to treat you in the case of an emergency. To request restrictions, you must make your request in writing to our Privacy Official. In your request, please include (1) the information that you want to restrict; (2) how you want to restrict the information (for example, restricting use to this office, only restricting disclosure to persons outside this office, or restricting both; and (3) to whom you want those restrictions to apply, for example, you do not want disclosure to your spouse.
You also have the right to restrict use and disclosure of your medical information about a service or item for which you have paid out of pocket, for payment (i.e. health plans) and operational (but not treatment) purposes, if you have completely paid your bill for this item or service. We will not accept your request for this type of restriction until you have completely paid your bill (zero balance) for this item or service. We are not required to notify other healthcare providers of these restrictions that is you responsibility.
- Right to Receive Confidential Communications: You have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. For example, you may request that we contact you at home, rather than at work. You must make your request in writing to our Privacy Official. You must specify how you would like to be contacted (for example, by regular mail to your post office box and not your home). We are required to accommodate reasonable requests.
- Right to Inspect and Copy: You have the right to request the opportunity to inspect and receive a copy of PHI about you in certain records that we maintain. This includes your medical and billing records but does not include psychotherapy notes or information gathered or prepared for a civil, criminal, or administrative proceeding. We may deny your request to inspect and copy PHI only in limited circumstances. To inspect and copy PHI please contact our Privacy Official. If you request a copy of PHI about you, we may charge you a reasonable fee for the copying, postage, labor and supplies used in meeting your request.
- Right to Amend: You have the right to request that we amend PHI about you as long as our office keeps such information. To make this type of request you must submit your request in writing to our Privacy Official. You must also give us a reason that supports your request for amendment. We may deny your request in certain cases, including if it is not in writing or if you do no give a reason for the request.
- Right to Give Accounting of Disclosures: You have the right to request an “accounting of disclosures” that we have made of PHI about you. An “accounting of disclosures” is a list of certain non-routine disclosures we have made of your PHI during a specified period of up to six years other than disclosures made: for treatment, payment, health care operations, to family members involved in your care; to you directly, pursuant to an authorization of you or your personal representative, or for certain notification purposes (including national security, intelligence, correctional, and law enforcement purposes.) Use of your PHI as part of the routine patient care in our practice is not required to be documented. For example, the doctor sharing information with the nurse; or the billing department using your information to file your insurance claim. If you wish to make such a request, please contact our Privacy Official. The first list that you request in a 12-month period will be free, but we may charge you for our reasonable costs of providing additional lists in the same 12-month period. We will inform you of these costs, and you may choose to cancel your request at any time before the costs are incurred.
- Right to a Paper Copy of This Notice: You have the right to receive a paper copy of this Notice at any time. You are entitled to a paper copy of this Notice even if you have previously agreed to receive this Notice electronically. To obtain a paper copy of this Notice, please contact our Privacy Officer.
- You May File a Complaint About Our Privacy Practices
If you believe your privacy rights have been violated, you may file a complaint with us or the Secretary of the United States Department of Health and Human Services. To file a complaint with our office, please contact our Privacy Official at the address and number listed below. We will not be able to retaliate or take action against you for filing a complaint.
- You May Ask Questions About Our Privacy Practices
If you have any questions about this Notice, please contact our Privacy Official at the address and number listed below.
- How You Can Contact Our Privacy Official
You may contact our Privacy Official at the following address and phone number:
VIII. Fundraising Activities. We may use information about you to contact you in an effort to raise money for the Provider and its operations. We may disclose information to a foundation related to the Provider so that the foundation may contact you about raising money for the Provider. We only would release contact information, such as your name, address and phone number and the contact you for fundraising efforts, you must notify us in writing and you will be given opportunity to “Opt-out’ of the communications.
- Please note- KidMed does not participate in fundraising activities
Michelle Friend- Privacy Officer
4687 Pouncey Tract Road
Glen Allen, VA 23059
Phone: 804-592-5437 ext. 333 Email: [email protected]
VII. Effective Date of this Notice
This notice was published and effective in 2013 updated May 2017.