HEADACHE WELLNESS CENTER & EMG/EEG CONSULTANTS Notice of Privacy Practices Effective Date: 09/23/2013
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review this notice carefully.
CONFIDENTIALITY Your physician understands the importance of patient confidentiality and is committed to the protection of your personal health information. • All personally identifying information is protected and stored on a secure server. • All information given via the physician consult form or in conversation with any of the employees is held in complete confidence. Our employees adhere to the strict standards for patient confidentiality set by the American Medical Association and the Health on the Net Foundation. • We do not share any of your personal information with any of our affiliates or associate sites. When you access a site that is not part of your physician’s website or the Medfusion website, you will be notified prior to linking to that site. • We will not release any personally identifying information to anyone unless mandated by federal or state laws. Aggregate statistical summaries may be released to third parties, but these statistics will contain no personally identifiable information. Information Security: Medfusion, Inc. provides the technical information security services for your physician’s website. When you submit your information to your physician’s website, that information is converted to a random code. This is called encryption. When the information arrives at its destination, the data is decoded and stored on a secure server. There are two ways of knowing you are connected to a secure server. 1. A little closed padlock or unbroken key will appear on the bottom of your browser’s window when you access a secure page. 2. The “http” at the beginning of the URL will change to “https” when you access secure pages. Other ways we provide internet security: • Email correspondence and notifications from Medfusion will not contain any medical information or indication of medical treatment. • Our patients and physicians may opt to communicate health information through a secure server only. To consult with your physician about health matters, patients must register on their physician’s website and communicate through our secure server. When your physician needs to correspond with you, an email will be sent notifying you to logon to your physician’s website and read the communication. The notification email contains no health information or any indication of your interaction with your physician. Powered by Medfusion. Headache Wellness Center. 2013 Medfusion, Inc. All Rights Reserved. All other trademarks are the property of their respective owners.
Your medical record may contain personal information about your health. This information may identify you and relate to your past, present or future physical or mental health condition and related health care services and is called Protected Health Information (PHI). This Notice of Privacy Practices describes how we may use and disclose your PHI in accordance with applicable law. It also describes your rights regarding how you may gain access to and control your PHI. We are required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI. We are required to abide by the terms of this Notice of Privacy Practices. We reserve the right to change the terms of our Notice of Privacy Practices at any time. Any new Notice of Privacy Practices will be effective for all PHI that we maintain at that time. We will provide you with a copy of the revised Notice of Privacy Practices by posting a copy on our website, sending a copy to you in the mail upon request or providing one to you at your next appointment.
How we may use and disclose health care information about you:
For Care or Treatment: Your PHI may be used and disclosed to those who are involved in your care for the purpose of providing, coordinating, or managing your services. This includes consultation with clinical supervisors or other team members. Your authorization is required to disclose PHI to any other care provider not currently involved in your care. Example: If another physician referred you to us, we may contact that physician to discuss your care. Likewise, if we refer you to another physician, we may contact that physician to discuss your care or they may contact us.
For Payment: Your PHI may be used and disclosed to any parties that are involved in payment for care or treatment. If you pay for your care or treatment completely out of pocket with no use of any insurance, you may restrict the disclosure of your PHI for payment. Example: Your payer may require copies of your PHI during the course of a medical record request, chart audit or review.
For Business Operations: We may use or disclose, as needed, your PHI in order to support our business activities including, but not limited to, quality assessment activities, employee review activities, licensing, and conducting or arranging for other business activities. We may also disclose PHI in the course of providing you with appointment reminders or leaving messages on your phone or at your home about questions you asked or test results. Example: We may share your PHI with third parties that perform various business activities (e.g., Council on Accreditation or other regulatory or licensing bodies) provided we have a written contract with the business that requires it to safeguard the privacy of your PHI.
Required by Law: Under the law, we must make disclosures of your PHI available to you upon your request. In addition, we must make disclosures to the Secretary of the Department of Health and Human Services for the purpose of investigating or determining our compliance with the requirements of the Privacy Rule, if so required.
Without Authorization: Applicable law and ethical standards permit us to disclose information about you without your authorization only in a limited number of other situations. Examples of some of the types of uses and disclosures that may be made without your authorization are those that are: • Required by Law, such as the mandatory reporting of child abuse or neglect or mandatory government agency audits or investigations (such as the health department) • Required by Court Order • Necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. If information is disclosed to prevent or lessen a serious threat it will be disclosed to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat.
Verbal Permission: We may use or disclose your information to family members that are directly involved in your receipt of services with your verbal permission.
With Authorization: Uses and disclosures not specifically permitted by applicable law will be made only with your written authorization, which may be revoked. Your explicit authorization is required to release psychotherapy notes and PHI for the purposes of marketing, subsidized treatment communication and for the sale of such information.
Your rights regarding your PHI You have the following rights regarding PHI we maintain about you. To exercise any of these rights, please submit your request in writing to our Privacy Officer: • Right of Access to Inspect and Copy. You have the right, which may be restricted only in exceptional circumstances or with documents released to us, to inspect and copy PHI that may be used to make decisions about service provided. • Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information although we are not required to agree to the amendment. • Right to an Accounting of Disclosures. You have the right to request an accounting of certain of the disclosures that we make of your PHI. We may charge you a reasonable fee if you request more than one accounting in any 12-month period. • Right to Request Restrictions. You have the right to request a restriction or limitation on the use or disclosure of your PHI for services, payment, or business operations. We are not required to agree to your request. • Right to Request Confidential Communication. You have the right to request that we communicate with you about PHI matters in a specific manner (e.g. telephone, email, postal mail, etc.) • Right to a Copy of this Notice. You have the right to a copy of this notice.
Website Privacy Any personal information you provide us with via our website, including your e-mail address, will never be sold or rented to any third party without your express permission. If you provide us with any personal or contact information in order to receive anything from us, we may collect and store that personal data. We do not automatically collect your personal e-mail address simply because you visit our site. In some instances, we may partner with a third party to provide services such as newsletters, surveys to improve our services, health or company updates, and in such case, we may need to provide your contact information to said third parties. This information, however, will only be provided to these third-party partners specifically for these communications, and the third party will not use your information for any other reason. While we may track the volume of visitors on specific pages of our website and download information from specific pages, these numbers are only used in aggregate and without any personal information. This demographic information may be shared with our partners, but it is not linked to any personal information that can identify you or any visitor to our site.
Breaches: You will be notified immediately if we receive information that there has been a breach involving your PHI.
Complaints: If you believe we have violated your privacy rights, you have the right to file a complaint in writing with our Privacy Officer at HEADACHE WELLNESS CENTER & EMG/EEG CONSULTANTS. If you have questions and would like additional information, you may contact us at 336-574-8000.