Patient Notice of Privacy Practices
This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information, (PHI). PHI is information, including patient demographic information, that may identify you and that relates to your past, present or future physical or mental health and related health care services. Please review carefully.
We are required to abide by the terms of this Notice of Privacy Practices. We may change the terms of our notice, at any time. The new notice will be effective for all protected health) information that we maintain at that time. A copy of our Patient Notice of Privacy Practices is available from our Web site at: https://www.thederm.com. A copy is also posted in each of our offices and made available for patients upon request. This notice is effective as of 9/15/2015.
Should you have any questions about this Notice, please contact the Brodsky Dermatology LLC Practice Manager and Privacy Contact, Nicole Baskerville, at (847) 843-3376.
- Permitted Uses and Disclosures
This practice may disclose protected health information on the individual who is the subject of the information for the following:
Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another.
Payment encompasses activities of a health plan to obtain premiums, determine or fulfill responsibilities for coverage and provision of benefits, and furnish or obtain reimbursement for health care delivered to an individual and activities of a health care provider to obtain payment or be reimbursed for the provision of health care to an individual.
Health care operations: (a) quality assessment and improvement activities, including case management and care coordination; (b) competency assurance activities, including provider or health plan performance evaluation, credentialing, and accreditation; (c) conducting or arranging for medical reviews, audits, or legal services, including fraud and abuse detection and compliance programs; (d) specified insurance functions, such as underwriting, risk rating, and reinsuring risk; (e) business planning, development, management, and administration; and (f) business management and general administrative activities of the practice, including but not limited to: de-identifying protected health information, and creating a limited data set.
Business Associates: We may contract with individuals or entities known as Business Associates to perform functions related to payment and health care operations. In order to perform these health care operations on behalf of Brodsky Dermatology LLC, Business Associates are required, under legal agreement, to receive, create, maintain, use and/or disclose your protected health information only with appropriate safeguards regarding your protected health information. For example, we may disclose your protected health information to a Business Associate to administer claims or to provide support services, such as utilization management, pharmacy benefit management or subrogation. This is in compliance with HIPAA regulation 45 CFR 160.103, 45 CFR Part 160, 45 CFR Part 164.
Coroners, Funeral Directors, and Organ Donation: We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. Protected health information may be used and disclosed for cadaver, organ, eye or tissue donation purposes.
- Uses and Disclosures Subject to Patient Choice
Marketing: As defined under the Privacy Rule, Marketing is communication about a product or service. Marketing may also be conducted with an arrangement between Brodsky Dermatology LLC and a third party whereby Brodsky Dermatology LLC discloses protected health information, Patient Name and email address only to the third party or its affiliates to make communication directly with patients for marketing purposes. The Privacy Rule requires your written authorization opting in to receive these communications on an authorization form.
Fundraising: When fundraising is through the sale of a product for which a portion of the proceeds are donated to an organization; no authorization is required to opt in or out of this activity. Any funds that are a portion of the sale of the product will be used to expand and improve the services and programs we provide the community.
When fundraising activities include disclosure of PHI to a third party such as name and email address, you the patient are free to opt out of this type of fundraising solicitation, and your decision will have no impact on your treatment or payment for services. To opt out of communications on fundraising, patients may contact our office by phone (847-843-3376), email (to Privacy Contact Nicole Baskerville at firstname.lastname@example.org), or in writing indicating you know longer wish to receive these communications. New or established patients may also indicate they are opting out of fundraising communications by selecting the appropriate box on our disclosure acknowledgement form.
Research: We may disclose your protected health information for the purpose of clinical research only when you have provided authorization. To request authorization, we will provide a research communication authorization form containing the following:
- A description of the PHI needed to conduct the study;
- The name or other specific identification of the person(s), class(es) of persons, or entity who will provide PHI to the persons requesting it;
- The name or other specific identification of the person(s), or class(es) of persons, who will be receiving (using and/or disclosing) the PHI;
- A description of the purpose of the study;
- An expiration date or an expiration event: “end of the research study” or “none” are acceptable;
- A statement that the individual has the right to revoke the authorization at any time provided it is done in writing;
- Uses and Disclosures Which Do Not Require Your Authorization
In the following circumstances, informal permission for a disclosure of PHI may be obtained by asking the individual outright, or by circumstances that clearly give the individual the opportunity to agree, acquiesce, or object.
Emergencies: Where the individual is incapacitated, in an emergency situation, or not available Brodsky Dermatology LLC providers generally may make such uses and disclosures, if in the exercise of their professional judgment, the use or disclosure is determined to be in the best interests of the individual.
For Notification and Other Purposes: Brodsky Dermatology LLC also may rely on an individual’s informal permission to disclose to the individual’s family, relatives, or friends, or to other persons whom the individual identifies, protected health information directly relevant to that person’s involvement in the individual’s care or payment for care.
Incidental Use and Disclosure: The Privacy Rule does not require that every risk of an incidental use or disclosure of protected health information be eliminated. A use or disclosure of this information that occurs as a result of, or as “incident to,” an otherwise permitted use or disclosure is permitted as long as the practice has adopted reasonable safeguards as required by the Privacy Rule, and the information being shared was limited to the “minimum necessary,” as required by the Privacy Rule.
Public Health Activities: Brodsky Dermatology LLC may disclose protected health information to: (1) public health authorities authorized by law to collect or receive such information for preventing or controlling disease, injury, or disability and to public health or other government authorities authorized to receive reports of child abuse and neglect.
Victims of Abuse, Neglect or Domestic Violence: In certain circumstances, Brodsky Dermatology LLC may disclose protected health information to appropriate government authorities regarding victims of abuse, neglect, or domestic violence.
Health Oversight Activities: Brodsky Dermatology LLC may disclose protected health information to health oversight agencies (as defined in the Rule) for purposes of legally authorized health oversight activities, such as audits and investigations necessary for oversight of the health care system and government benefit programs.
Law Enforcement Purposes: Brodsky Dermatology LLC may disclose protected health information to law enforcement officials for law enforcement purposes under the following six circumstances, and subject to specified conditions: (1) as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) in response to a law enforcement official’s request for information about a victim or suspected victim of a crime; (4) to alert law enforcement of a person’s death, if the practice suspects that criminal activity caused the death; (5) when the practice believes that protected health information is evidence of a crime that occurred on its premises; and (6) by a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.
Serious Threat to Health or Safety: Brodsky Dermatology LLC may disclose protected health information that they believe is necessary to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone they believe can prevent or lessen the threat.
Military Activity and National Security: When the appropriate conditions apply, we may use or disclose protected health information of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of e determination by the Department of Veterans Affairs of your eligibility for benefits, or (3) to foreign military authority if you are a member of that foreign military services. We may also disclose your protected health information to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
Workers’ Compensation: Brodsky Dermatology LLC may disclose protected health information as authorized by, and to comply with, workers’ compensation laws and other similar programs providing benefits for work-related injuries or illnesses.
- Your Rights
Following is a statement of your rights with respect to your protected health information and a brief description of how you may exercise these rights.
Patient Authorization: Uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described above in section 3.
You may revoke this authorization, at any time, in writing, except to the extent that your physician or the physician’s practice has taken an action in reliance on the use or disclosure indicated in the authorization.
Access: Patient has the right to review and obtain a copy of their protected medical record. Brodsky Dermatology LLC may impose reasonable, cost-based fees for the cost of copying and postage of the record. Should the patient wish to review the record at the doctor’s office, every reasonable effort will be made to accommodate such request in a timely manner. You may also choose to receive copies of your protected medical record in electronic format such as MS Word, Excel, text, HTML, or text-based PDF.
Amendments: Patients have the right to request an amendment or correction to information within their medical record that is incorrect or incomplete. The physician has the right to deny said request and allow the patient in writing, to provide a statement of disagreement for inclusion in the record.
Disclosure Accounting: Patients’ have the right to an accounting of the disclosures of their protected health information by the physician(s) of record. The maximum disclosure accounting period is the six years immediately preceding the account request.
Please note that physicians are not required to account for the following types of disclosures : (a) for treatment, payment, or healthcare operations; (b) to the individual or the individual’s personal representative; (c) for notification of or to persons involved in an individual’s health care or payment for health care, for disaster relief, or for facility directories; (d) pursuant to an authorization; (e) of a limited data set; (f) for national security or intelligence purposes; (g) to correctional institutions or law enforcement officials for certain purposes regarding inmates or individuals in lawful custody; or (h) incident to otherwise permitted or required uses or disclosures. These disclosures may not be included in the response to your request.
Required Uses and Disclosures: Under the law, we must make disclosures to you upon the requests listed above and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500 et. seq. An individual has a right to and will receive notification in the event of a breach of his or her unsecured PHI.
You Have the Right to Request a Restriction of Your Protected Health Information. Under the Omnibus Rule, in subsection (vi) added to § 164.522(a)(1), a covered entity must honor an individual’s request to restrict disclosure of his or her PHI to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law and the PHI pertains solely to a health care item or service for which the individual, or a person other than the health plan on behalf of the individual (such as a family member), has paid the covered entity in full.
You may also request that any part of your protected health information is not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices.
Your request must state the specific restriction requested and to whom you want the restriction to apply.
Your physician is not required to agree to a restriction that you may request. If the physician believes it is in your best interest to permit use and disclosure of your protected health information, your protected health information will not be restricted. If your physician does agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment. With this in mind, please discuss any restriction you wish to request with your physician. You may request a restriction by letter addressed to the Privacy Contact listed above.
You Have the Right to Request to Receive Confidential Communications, From us by Alternative Means or at an Alternative Location. We will accommodate reasonable requests. We may also condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact. We will not request an explanation from you as to the basis for the request. Please make this request in writing to our Privacy Contact listed above.
You Have the Right to Obtain a Paper Copy of this Notice from Us upon request, even if you have agreed to accept this notice electronically.
Should you have a concern or complaint about the use of your PHI from this office you are to contact the Privacy Contact (Nicole Baskerville) at your provider’s office. All complaints must be made in writing and should be submitted within 180 days of when you knew or should have known of suspected violation. Written complaints can be mailed to Brodsky Dermatology LLC, 2601 Compass Road Suite 125, Glenview, Illinois 60026 or emailed to Nicole at email@example.com. There will be no retaliation against any party filing a complaint.
To file a complaint with the Secretary, mail it to: Secretary of the U.S. Department of Health and Human Services, 200 Independence Ave, S.W., Washington, D.C. 20201. Call (202) 619-0257 (or toll free (877) 696-6775) or go to the website of the Office for Civil Rights, www.hhs.gov/ocr/hipaa/, for more information. There will be no retaliation against any party filing a complaint.