HIPAA - Privacy Notice Effective 01-01-2022
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Protecting the privacy and the confidentiality of patients’ personal information is important to the providers and staff at Harmony United Psychiatric Care. Every member of our team must abide by our commitment to privacy in the handling of personal information and be informed about the importance of privacy. Our Notice of Privacy Practices applies to the personal health information (PHI) of all patients that are in our possession and control.
Identifying purposes: We ask and collect information to establish a relationship to serve your mental health needs. We obtain most of your information about you directly from you or from your referring physician whom you have authorized to disclose information.
You have the right to determine how your personal health information is used and disclosed. For most healthcare purposes, your consent is implied because of your consent to treatment. However, in all circumstances express consent must be written. Your written consent will be forwarded to the Privacy Officer who will document the request in the patient’s medical records and notify the appropriate health care providers and their supporting staff. We will obtain your consent if we wish to use your information for other purposes.
Personal Health Information permits certain collections, uses, and disclosures of your PHI, despite the consent directive; healthcare providers may override the consent directive in certain circumstances such as emergencies and the consent directive may result in delays in receiving health care.
A. Permitted Disclosures of PHI. We may disclose your PHI for the following reasons:
- Treatment. We may disclose your PHI to a physician or other health care provider providing treatment to you. For example, we may disclose medical/mental health information about you to physicians, nurses, technicians, or personnel who are involved with the administration of your care.
- Payment. We may disclose your PHI to bill to any insurance company or Medicare or its administrators any information needed to process and pay your claims and collect payment for the services we provide to you. For example, we may send a bill to you or to a third-party payer for the rendering of services by us. The bill may contain information that identifies you, your diagnosis and procedures and supplies used. We may need to disclose this information to insurance companies to establish insurance eligibility benefits for you. We may also provide your PHI to our business associates, such as billing companies, claims processing companies and others that process our health care claims.
- Health Care Operations.
- We may disclose your PHI in connection with our health care operations. Health Care Operations include quality assessment activities, reviewing the competence or qualifications of health care professionals, evaluating provider performance, and other business operations. We may also provide your PHI to accountants, attorneys, consultants, and others to make sure we comply with the laws that govern us.
- We may call your cell phone, home phone, or email or text, and leave messages on voicemail or in person in reference to any items that assists Practice in carrying out its Health Care Operations, such as appointment reminders, insurance items and any calls pertaining to your clinical care, including laboratory test results, among others.
- We may mail to your home or other location designated by you any items that assist the Practice in carrying out Health Care Operations.
- We may e-mail you to the email address you provided us with for our records. We may email any items that assist the practice in carrying out our Health Care Operations, such as appointment reminders, telehealth links, patient statements, and informational items. Our email system is HIPAA compliant. We may send protected health information via email using secure password protected email communications. If you email us your protected health information, you understand that your email system may not be HIPAA complaint, therefore we would recommend sharing your protected health information only via password protected email communications that you receive from our practice. Otherwise, if you need to send us protected health information, we encourage you to use our secure electronic patient portal, if available, or call us. See Paragraph H below.
- We may set up a secure electronic patient portal for you to use to access and view date of your appointments with us, results of diagnostic tests, vital signs taken during your visits with us, prescriptions ordered for you, and communications with us. We have made every effort to provide a secure patient portal; however, security may be compromised due to events beyond our control. If we discover the security of our patient portal has been compromised, we will notify you if the security breach involves your records maintained on our patient portal.
- We may provide services to you via secure electronic two-way audio and video communications (telehealth platform). We have made every effort to provide a secure telehealth platform; however, security may be compromised due to events beyond our control. If we discover the security of our telehealth platform has been compromised, we will notify you if the security breach involves you.
- We may send information to you including appointment reminders, care coordination to help manage your health, referrals to specialists, or general information about the practice via US mail, email, text message, cell phone, home phone, or other methods of communications. We make every effort to send information securely; however, security may be compromised due to events beyond our control. If we discover security has been compromised, we will notify you if the security breach involves your protected health information.
- Emergency Treatment. We may disclose your PHI if you require emergency treatment or are unable to communicate with us.
- Family and Friends. We may disclose your PHI to a family member, friend, or any other person who you identify as being involved with your care or payment for care unless you object.
- Required by Law. We may disclose your PHI for law enforcement purposes and as required by state or federal law. We will inform you or your representative if we disclose your PHI because we believe you are a victim of abuse, neglect, or domestic violence, unless we determine that informing you or your representative would place you at risk. In addition, we must provide PHI to comply with an order in a legal or administrative proceeding. Finally, we may be required to provide PHI in response to a subpoena discovery request or other lawful process, but only if efforts have been made, by us or the requesting party, to contact you about the request or to obtain an order to protect the requested PHI.
- Serious Threat to Health or Safety. We may disclose your PHI if we believe it is necessary to avoid a serious threat to the health and safety of you or the public.
- Public Health. We may disclose your PHI to public health or other authorities charged with preventing or controlling disease, injury or disability, or charged with collecting public health data.
- Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities authorized by law.
- Research. We may disclose your PHI for certain research purposes, but only if we have protections and protocols in place to ensure the privacy of your PHI.
- Workers’ Compensation. We may disclose your PHI to comply with laws relating to workers’ compensation or other similar programs.
- Specialized Government Activities. If you are active military or a veteran, we may disclose your PHI as required by military command authorities. We may also be required to disclose PHI to authorized federal officials for the conduct of intelligence or other national security activities.
- Organ Donation. If you are an organ donor or have not indicated that you do not wish to be a donor, we may disclose your PHI to organ procurement organizations to facilitate organ, eye or tissue donation and transplantation.
- Coroners, Medical Examiners, Funeral Directors. We may disclose your PHI to coroners or medical examiners for the purposes of identifying a deceased person or determining the cause of death, and to funeral directors as necessary to carry out their duties.
- Disaster Relief. Unless you object, we may disclose your PHI to a governmental agency or private entity (such as FEMA or Red Cross) assisting with disaster relief efforts.
B. Disclosures Requiring Written Authorization.
- Not Otherwise Permitted. In any other situation not described in Section A above, we may not disclose your PHI without your written authorization.
- Psychotherapy Notes. We must receive your written authorization to disclose psychotherapy notes, except for certain treatment, payment, or health care operations activities.
- Marketing and Sale of PHI. We must receive your written authorization for any disclosure of PHI for marketing purposes or for any disclosure which is a sale of PHI.
C. Your Rights.
- Right to Receive a Paper Copy of This Notice. You have the right to receive a paper copy of this Notice upon request.
- Right to Access PHI. You have the right to inspect and copy your PHI for as long as we maintain your medical record. You must make a written request for access to the Privacy Officer at the address listed at the end of this Notice. We may charge you a reasonable fee for the processing of your request and the copying of your medical record pursuant to Chapter 456, Florida Statutes. In certain circumstances we may deny your request to access your PHI, and you may request that we reconsider our denial. Depending on the reason for the denial, another licensed health care professional chosen by us may review your request and the denial.
- Right to Request Restrictions. You have the right to request a restriction on the use or disclosure of your PHI for the purpose of treatment, payment, or health care operations, except in the case of an emergency. You also have the right to request a restriction on the information we disclose to a family member or friend who is involved with your care or the payment of your care. However, we are not legally required to agree to such a restriction.
- Right to Restrict Disclosure for Services Paid by You in Full. You have the right to restrict the disclosure of your PHI to a health plan if the PHI pertains to health care services for which you paid in full directly to us.
- Right to Request Amendment. You have the right to request that we amend your PHI if you believe it is incorrect or incomplete, for as long as we maintain your medical record. We may deny your request to amend if (a) we did not create the PHI, (b) is not information that we maintain, (c) is not information that you are permitted to inspect or copy (such as psychotherapy notes), or (d) we determine that the PHI is accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures of PHI made by us (other than those made for treatment, payment, or health care operations purposes) during the 6 years prior to the date of your request. You must make a written request for an accounting, specifying the time period for the accounting, to the Privacy Officer at the address listed at the end of this Notice.
- Right to Confidential Communications. You have the right to request that we communicate with you about your PHI by certain means or at certain locations. For example, you may specify that we call you only at your home phone number, and not at your work number. You must make a written request, specifying how and where we may contact you, to the Privacy Officer at the address listed at the end of this Notice.
- Right to Notice of Breach. You have the right to be notified if we or one of our business associates become aware of a breach of your unsecured PHI.
D. Changes to this Notice.
We reserve the right to change this Notice at any time in accordance with applicable law. Prior to a substantial change to this Notice related to the uses or disclosures of your PHI, your rights, or our duties, we will revise and distribute this Notice, or you can obtain an updated HIPAA privacy notice on our website or from our office locations.
E. Acknowledgment of Receipt of Notice.
We will ask you to sign an acknowledgment that you received this Notice.
F. Questions and Complaints.
If you would like more information about our privacy practices or have questions or concerns, please contact us. If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made regarding the use, disclosure, or access to your PHI, you may submit a complaint to us by contacting the Privacy Officer at the address and phone number at the end of this Notice. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file such a complaint upon request.
We will retain your information only for the time it is required for the purposes we describe and once your personal information is no longer required, it will be destroyed. However, due to our ongoing exposure to potential claims, some information is kept for a longer period of time.
H. Safeguards: We protect your information with appropriate safeguards and security measures. The practice maintains personal information in a combination of paper and electronic files. Recent paper records concerning individuals’ personal information are secured and kept on-site at our office.
Access to personal information will be authorized only for the healthcare providers and employees associated with the practice and other agents who require access in the performance of their duties and otherwise authorized by law. We provide information to health care providers acting on your behalf, understanding that they are also bound by law and ethics to safeguard your privacy.
Our computer systems and electronic medical records are secured so only authorized individuals can access these systems and databases. All our employees use HIPAA-compliant email which is encrypted. However, sending emails to the office via an email server that is not HIPAA Compliant is not secure against interception. We recommend you only share protected health information via password-protected email communications that you receive from our practice. Otherwise, if you need to send us protected health information, we encourage you to use our secure electronic patient portal, if available or call us. Our practice does not encourage email communication of sensitive information if you do not, use encrypted or HIPAA compliant email services or communicate via password-protected emails from our practice.
Access to correction with limited exceptions: We will give you access to the information we retain about you within a reasonable time, upon presentation of a written request and satisfactory identification. We may charge you a fee for this service and if so, we will give you notice in advance of processing your request. If you find errors of fact in your personal health information, please notify us as soon as possible and we will make the appropriate corrections. We are not required to correct the information relating to clinical observations or opinions made in good faith. You have a right to append a short statement of disagreement to your record if we refuse to make a requested change. If we deny your request for access to your personal information, we will advise you in writing of the reason for the refusal and then you may challenge our decision.
We encourage you to contact us with any questions or concerns you might have about your privacy. We will investigate and respond to your concerns about any aspect of handling your information.
HIPAA Privacy Notice
Harmony United Psychiatric Care
15544 W. Colonial Drive
Winter Garden, FL 34787