Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
ABOUT THIS NOTICE
Resonance Audiology and Hearing Aid Center is committed to protecting your health information. This Notice of Privacy Practices (“Notice”) is provided pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as revised in the 2013 HIPAA Omnibus Rule. This Notice describes how we may use and disclose your protected health information to carry out treatment, payment or audiological/health care operations and for other purposes that are permitted or required by law. This Notice also describes your rights and our duties with respect to your protected health information.
“Protected health information” is information about you that may identify you and that relates to your past, present or future physical or mental health/condition and related audiological/health care services. We must follow the privacy practices that are described in this Notice while it is in effect. If you have any questions about this Notice, please contact our Privacy Officer, Zoe Horan, at (717) 925-6112 or firstname.lastname@example.org.
HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
The following categories describe the different ways that we may use and disclose your protected health information. These examples are not meant to be exhaustive, but to illustrate the types of uses and disclosures that may be made.
We may use and disclose your protected health information to provide, coordinate, or manage your audiological treatment and any related services. We may also disclose your protected health information to other third party providers involved in your audiological/health care. For example, your protected health information may be provided to a physician or other audiological/health care provider (e.g. a specialist or laboratory) to whom you have been referred to ensure that the physician or other audiological/health care provider has the necessary information to diagnose or treat you.
We may use and disclose your protected health information so that the treatment and health care services you receive may be billed to you, your insurance company, a government program, or third party payers. This may include certain activities that your health insurance plan may undertake before it approves or pays for the audiological/health care services we recommend for you, such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities. For example, we may provide your health plan with medical information about the audiological/health care services Resonance Audiology and Hearing Aid Center rendered to you for reimbursement purposes.
3. Audiological/Health Care Operations
We may use and disclose your protected health information for audiological/health care operation purposes. These uses and disclosures are necessary to make sure that all of our patients receive quality care and for our operation and management purposes. For example, we may use your protected health information to review the quality of the treatment and services you receive and to evaluate the performance of our team members in caring for you. We also may disclose information to audiologists, physicians, nurses, technicians, medical students, and other personnel for educational and learning purposes.
4. Treatment Communications
We may provide treatment communications concerning treatment alternatives or other health related products or services. For communications for which we or a business associate may receive financial remuneration in exchange for making the communication, we must obtain written authorization unless the communication is made face-to-face and/or involving promotional gifts of nominal value. If you do not wish to receive these communications please submit a written request to our Privacy Officer, Zoe Horan, Resonance Audiology and Hearing Aid Center, 654 E. Main Street, New Holland, PA 17557.
5. Fundraising Activities
We may use or disclose your demographic information and dates of services provided to you, as necessary, in order to contact you for fundraising activities supported by Resonance Audiology and Hearing Aid Center. You have the right to opt out of receiving fundraising communications. If you do not want to receive these materials, please submit a written request to our Privacy Officer, Zoe Horan, Resonance Audiology and Hearing Aid Center, 654 E. Main Street, New Holland, PA 17557.
6. Others Involved in Your Healthcare
Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. Also, for example, if you are brought into this office and are unable to communicate normally with your clinician for some reason, we may find it is in your best interest to give your hearing instrument and other supplies to the friend or relative who brought you in for treatment. We may also use and disclose protected health information to notify such persons of your location, general condition, or death. We also may coordinate with disaster relief agencies to make this type of notification. We also may use professional judgment and our experience with common practice to make reasonable decisions about your best interests in allowing a person to act on your behalf to pick up your hearing instruments, supplies, records, or other things that contain protected health information about you.
7. Required by Law
We may use or disclose your protected health information to the extent that law requires the use or disclosure. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.
8. Public Health
We may disclose your protected health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability. We may also disclose your protected health information, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
9. Business Associates
We may disclose your protected health information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. To protect your health information, however, we require the business associate to appropriately safeguard your information.
10. Communicable Diseases
We may disclose your protected health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
11. Health Oversight
We may disclose your protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the audiological/health care system, government benefit programs, other government regulatory programs and civil rights laws.
12. Abuses or Neglect
We may disclose your protected health information to a public health authority that is authorized by law to receive reports of abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
13. Food and Drug Administration
We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance, as required by law.
14. Legal Proceedings
We may disclose your protected health information in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), and in certain conditions in response to a subpoena, discovery request or other lawful process.
15. Law Enforcement
We may disclose your protected health information, so long as applicable legal requirements are met, for law enforcement purposes. 16. Coroners, Funeral Directors, and Organ Donation We may disclose your protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose your protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out its duties. We may disclose such information in reasonable anticipation of death. Protected health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes. 17. Research We may disclose your protected health information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information.
16. Serious Threat to Health or Safety
Consistent with applicable federal and state laws, we may disclose your protected health information to prevent or lessen a serious threat to your health and safety or to the health and safety of another person or the public. 19. Military Activity and National Security
If you are involved with military, national security or intelligence activities or if you are in law enforcement custody, we may disclose your protected health information to authorized officials so they may carry out their legal duties under the law. 20. Workers’ Compensation
We may disclose your protected health information as authorized for workers’ compensation or other similar programs that provide benefits for a work-related illness. 21. For Data Breach Notification Purposes We may use or disclose your protected health information to provide legally required notices of unauthorized access to or disclosure of your health information.
17. Required Uses and Disclosures
Under the law, we must make disclosures to you and when required by the Secretary of the U.S. Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500 et. Seq.
SPECIAL PROTECTIONS FOR HIV, ALCOHOL AND SUBSTANCE ABUSE, MENTAL HEALTH AND GENETIC INFORMATION Certain federal and state laws may require special privacy protections that restrict the use and disclosure of certain health information, including HIV-related information, alcohol and substance abuse information, mental health information, and genetic information. Some parts of this Notice may not apply to these types of information.
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION BASED UPON YOUR WRITTEN AUTHORIZATION
The following uses and disclosures will be made only with your written authorization -
1. Uses and disclosures of protected health information for marketing purposes for which we or a business associate may receive remuneration; and 2. Disclosures that constitute a sale of protected health information.
Other uses and disclosures of your protected health information not described in this Notice will be made only with your written authorization, unless otherwise permitted or required by law. You may revoke this authorization, at any time, in writing, except to the extent that Resonance Audiology and Hearing Aid Center has taken an action in reliance on the use or disclosure indicated in the authorization. Additionally, if a use or disclosure of protected health information described above in this Notice is prohibited or materially limited by other laws that apply to use, it is our intent to meet the requirements of the more stringent law.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
The following is a statement of your rights with respect to your protected health information and a brief description of how you may exercise these rights. 1. Right to be Notified if there is a Breach of Your Protected Health information You have the right to be notified upon a breach of any of your unsecured protected health information.
Right to Inspect and Copy
You may inspect and obtain a copy of your protected health information that is contained in your medical and billing records and any other records that Resonance Audiology and Hearing Aid Center uses for making decisions about you. To inspect and copy your medical information, you must submit a written request to our Privacy Officer, Zoe Horan, Resonance Audiology and Hearing Aid Center, 654 E. Main Street, New Holland, PA 17557. If you request a copy of your information, we may charge you a reasonable fee for the costs of copying, mailing or other costs incurred by us in complying with you request. Under federal law, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and protected health information that is subject to law that prohibits access to protected health information. Depending on the circumstances, we may deny your request to inspect and/or copy your protected health information. A decision to deny access may be reviewable. Please contact our Privacy Officer, Zoe Horan, at (717) 925-6112 or email@example.com if you have questions about access to your medical record.
Right to Request Restrictions
You may ask us not to use or disclose any part of your protected health information for the purposes of treatment, payment or healthcare operations. You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice. To request a restriction on who may have access to your protected health information, you must submit a written request to our Privacy Officer, Zoe Horan, Resonance Audiology and Hearing Aid Center, 654 E. Main Street, New Holland, PA 17557. Your request must state the specific restriction requested and to whom you want the restriction to apply. Resonance Audiology and Hearing Aid Center is not required to agree to a restriction that you may request, unless you are asking us to restrict the use and disclosure of your protected health information to a health plan for payment or audiological/health care operation purposes and such information you wish to restrict pertains solely to a audiological/health care item or service for which you have paid us “out-of-pocket” in full. If we believe it is in your best interest to permit the use and disclosure of your protected health information, your protected health information will not be restricted. If we do agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment.
Right to Request Confidential Communication
You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable requests. You must request this by submitting a written request to our Privacy Officer, Zoe Horan, Resonance Audiology and Hearing Aid Center, 654 E. Main Street, New Holland, PA 17557.
Right to Request Amendment
You may request an amendment of your protected health information contained in your medical and billing records and any other records that Resonance Audiology and Hearing Aid Center uses for making decisions about you, for as long as we maintain the protected health information. You must request for an amendment by submitting a written request to our Privacy Officer, Zoe Horan, Resonance Audiology and Hearing Aid Center, 654 E. Main Street, New Holland, PA 17557, and provide the reason(s) that support your request. In certain cases, we may deny your request for an amendment. If we deny your request for an amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
Right to an Accounting of Disclosures
You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information. This right applies to disclosures for purposes other than treatment, payment or healthcare operations as described in this Notice. It excludes disclosures we may have made to you, for a resident directory, to family members or friends involved in your care, or for notification purposes. The right to receive this information is subject to certain exceptions, restrictions and limitations. Additionally, limitations are different for electronic health records. You must request for an accounting of disclosures by submitting a written request to our Privacy Officer, Zoe Horan, Resonance Audiology and Hearing Aid Center, 654 E. Main Street, New Holland, PA 17557, and provide the reason(s) that support your request.
Right to Obtain a Paper Copy of this Notice
You have the right to receive a paper copy of this Notice even if you have agreed to receive this notice electronically. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this Notice, you can contact our Privacy Officer, Zoe Horan, at (717) 925-6112 or firstname.lastname@example.org. You may also obtain a copy of this Notice at www.resonanceaudiology.com.
COMPLAINTS OR QUESTIONS:
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. If you have a question about this Notice or wish to file a complaint with us, please contact our Privacy Officer, Zoe Horan, at (717) 925-6112 or email@example.com or the Corporate Privacy Officer at the address listed below. All complaints must be submitted in writing. Resonance Audiology and Hearing Aid Center will not retaliate against you for filing a complaint.
CHANGES TO THIS NOTICE
We reserve the right to change this Notice at any time. The new Notice will be effective for all health information we already have about you as well as any information we receive in the future. You can also obtain a revised Notice at www.resonanceaudiology.com or by contacting our Privacy Officer, Zoe Horan, Resonance Audiology and Hearing Aid Center, 654 E. Main Street, New Holland, PA 17557.
Resonance Audiology and Hearing Aid Center Attn: Corporate Privacy Officer
This Notice is effective as of April 2013.
HIPAA Privacy Statement
Our Company works with industry groups to ensure that its products and services meet or exceed industry standards with respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Our Company’s products and services are specifically designed to include features that help our customers comply with HIPAA. Our Company uses a relational database that employs a secure login process requiring a user name and password.
Our Company supports role-based access. That is, users are assigned to groups, each with certain access rights, which may include the ability to edit and add data or may limit access to data. When a user adds or modifies data within the database, a record is made that includes which data were changed, the user ID, and the date and time the changes were made. This establishes an audit trail that can be examined by authorized system administrators.
Our Company’s products incorporate the standard codes required by the HIPAA transaction standards for use in Audiology and Hearing Aid Dispensing, including the related subsets of the International Classification of Diseases, 9th Edition, Clinical Modification (ICD9-CM) and Current Procedural Terminology, 4th Edition (CPT-4).
Our Company utilizes a relational database that ensures all access is through a secure login process requiring a user name and password. Our Company supports role-based access. Within Our Company, users are assigned to groups and these groups in turn are assigned access rights, which may include the ability to edit and add data or may limit access to data. When a user adds or modifies data within the database, a record is made of what data was changed, the user and the time at which the data was changed establishing an audit trail that can be examined by authorized system administrators.
Our Company’s product support staff will work with customers to help implement Our Company’s products in a HIPAA compliant environment. All remote access to customer patient information by Our Company product support staff will be made using a fully encrypted protocol.
HIPAA requires health care providers to enter into “business associate” contracts with certain businesses to which they disclose patient health information. These business associate contracts generally require the recipients of such information to use appropriate safeguards to protect the patient health information they receive. To perform certain service and support functions, Our Company personnel may need access to patient health information maintained by its customers. As a result, Our Company may be considered a “business associate” of customers to whom it provides such services. Our Company will be providing its customers with a new standard business associate agreement that complies with HIPAA requirements.
Our Company’s new business associate contract will generally assure its customers that the company will use patient information obtained from them to provide services and support only and will safeguard that information from misuse. The agreement will be effective on March 15, 2012 the current compliance date for the HIPAA privacy regulations, or any later adopted compliance date.
Privacy & Security Policy
To implement these business associate requirements and protect the confidentiality and integrity of the patient information it receives, Our Company’s Privacy and Security Policy will:
- Provide that the company obtain and use confidential patient health information obtained from its customers only as necessary to perform customer service and support functions;
- Limit access to such information to those employees and agents who perform identified service and support functions;
- Prohibit disclosure of patient health information received from customers to persons who are not employees or agents of the company in the absence of express approval from the legal department and, if appropriate, the customer and/or patient;
- Require all employees and agents of the company to report uses and disclosures of patient information that are not permitted by Our Company’s Privacy and Security Policy;
- Provide that Our Company investigate all reports that patient health information was used in a manner not permitted by its Privacy and Security Policy and will impose appropriate sanctions for conduct prohibited by the policy;
- Establish that Our Company employees who may come in contact with patient health information receive training regarding Our Company’s Privacy and Security Policy and the importance of protecting the privacy and security of patient health information; and
- Provide for the storage and transmission of patient health information received from customers in a secure manner that protects the integrity, confidentiality and availability of the information.