THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Your protected health information
The May Eye Care Center is required by the federal privacy rule to maintain the privacy of your health information that is protected by the rule, and to provide you with notice of our legal duties and privacy practices with respect to your protected health care information. We are required to abide by the terms of the notice currently in effect.
Generally speaking, your protected health information is any information that relates to your past, present or future physical or mental health or condition, the provision of health care to you, or payment for health care provided to you that individually identifies you or reasonably can be used to identify you.
Symptoms, examination and test results, diagnoses, treatment, a plan for future care or treatment and billing records at our practice are examples of information that usually will be regarded as your protected health information. Understanding what is in your record and how your health information is used helps you to ensure its accuracy, better understand who, what, when, where, and why others may access your health information, and helps you make more informed decisions when authorizing disclosure to others.
USES and disclosures of your protected health information
Treatment, payment, and health care operations
This section describes how we may use and disclose your protected health information for treatment, payment, and health care operations purposes. The descriptions include examples. Not every possible use or disclosure for treatment, payment, and health care operations purposes will be listed.
We may use and disclose your protected health information to help us with your treatment. We may also release your protected health information to help other health care providers treat you. Treatment includes the provision, coordination, or management of health care services to you by one or more health care providers. Some examples of treatment uses and disclosures include:
During an office visit, practice physicians and other staff involved your care may review your medical record and share and discuss your medical information with each other.
We may share and discuss your medical information with an outside physician to whom we have referred you for care.
We may share and discuss your medical information with an outside physician with whom we are consulting regarding you.
We may share and discuss your medical information with an outside laboratory, radiology center, or other health care facility where we have referred you for testing.
We may share and discuss your medical information with an outside home health agency, durable medical equipment agency, or other health care provider to whom we have referred you for health care services and products.
We may share and discuss your medical information with a hospital or other health care facility where we are admitting or treating you.
We may share and discuss your medical information with another health care provider who seeks this information for the purpose of treating you.
We may use a patient sign-in sheet in the waiting area that is accessible to all patients.
We may page patients in the waiting room when it is time for them to go to an examining room.
We may contact you to provide appointment reminders.
We may use and disclose your protected health information for our payment purposes, as well as the payment purposes of other health care providers and health plans. Payment uses and disclosures include activities conducted to obtain payment for the care provided to you or so that you can obtain reimbursement for that care. Some examples of payment uses and disclosures include:
Sharing information with your health insurer to determine whether you are eligible for coverage or whether proposed treatment is a covered service.
Submission of a claim to your health insurer.
Providing supplemental information to your health insurer so that your health insurer can obtain reimbursement from another health plan under a coordination of benefits clause in your subscriber agreement.
Sharing your demographic information (for example, your address) with other health care providers who seek this information to obtain payment for health care services provided to you.
Mailing you bills in envelopes with our practice name and return address.
Provision of a bill to a family member or other person designated as responsible for payment for services rendered to you.
Providing medical records and other documentation to your health insurer to support the medical necessity of a health service.
Allowing your health insurer access to your medical record for a medical necessity or quality review audit.
Providing consumer reporting agencies with credit information (your name and address, date of birth, Social Security number, payment history, account number, and our name and address).
Providing information to a collection agency or our attorney for purposes of securing payment of a delinquent account.
Disclosing information in a legal action for purposes of securing payment of a delinquent account.
Health care operations
We may use and disclose your protected health information for our health care operation purposes as well as certain health care operation purposes of other health care providers and health plans. Some examples of health care operation purposes include:
Quality assessment and improvement activities.
Population based activities relating to improving health or reducing health care costs.
Reviewing the competence, qualifications, or performance of health care professionals.
Conducting training programs for medical and other students.
Accreditation, certification, licensing, and credentialing activities.
Health care fraud and abuse detection and compliance programs.
Conducting other medical review, legal services, and auditing functions.
Business planning and development activities, such as conducting cost management and planning related analyses.
Sharing information regarding patients with entities that are interested in purchasing our practice and turning over patient records to entities that have purchased our practice.
Other business management and general administrative activities, such as compliance with the federal privacy rule and resolution of patient grievances.
Uses and disclosures for other purposes
We may use and disclose your protected health information for other purposes. This section generally describes those purposes by category. Each category includes one or more examples. Not every use or disclosure in a category will be listed. Some examples fall into more than one category – not just the category under which they are listed.
Individuals involved in care or payment for care
We may disclose your protected health information to someone involved in your care or payment for your care, such as a spouse, a family member, or close friend. For example, if you have surgery, we may discuss your physical limitations with a family member assisting in your post-operative care.
We may use and disclose your protected health information to notify, or to assist in the notification of, a family member, a personal representative, or another person responsible for your care regarding your location, general condition, or death. For example, if you are hospitalized, we may notify a family member of the name and address of the hospital and your general condition. In addition, we may disclose your protected health information to a disaster relief entity, such as the American Red Cross, so that it can notify a family member, a personal representative, or another person involved in your care regarding your location, general condition, or death.
Required by law
We may use and disclose protected health information when required by federal, state, or local law. For example, we may disclose protected health information to comply with mandatory reporting requirements involving births and deaths, child abuse, disease prevention and control, vaccine-related injuries, medical device-related deaths and serious injuries, gunshot and other injuries by a deadly weapon or criminal act, driving impairments, and blood alcohol testing.
Other public health activities
We may use and disclose protected health information for public health activities, including:
Public health reporting, for example, communicable disease reports.
Child abuse and neglect reports.
FDA-related reports and disclosures, for example, adverse event reports.
Public health warnings to third parties at risk of a communicable disease or condition.
OSHA requirements for workplace surveillance and injury reports.
Victims of abuse, neglect, or domestic violence
We may use and disclose protected health information for purposes of reporting of abuse, neglect, or domestic violence in addition to child abuse, for example, reports of elder abuse to the Department of Aging or abuse of a nursing home patient to the Department of Public Welfare.
Health oversight activities
We may use and disclose protected health information for purposes of health oversight activities authorized by law. These activities could include audits, inspections, investigations, licensure actions, and legal proceedings. For example, we may comply with a Drug Enforcement Agency inspection of patient records.
Judicial and administrative proceedings
We may use and disclose protected health information disclosures in judicial and administrative proceedings in response to a court order or subpoena, discovery request or other lawful process. For example, we may comply with a court order to testify in a case at which your medical condition is at issue.
Law enforcement purposes
We may use and disclose protected health information for certain law enforcement purposes including to:
Comply with a legal process, for example, a search warrant.
Comply with a legal requirement, for example, mandatory reporting of gun-shot wounds.
Respond to a request for information for identification/location purposes.
Respond to a request for information about a crime victim.
Report a death suspected to have resulted from criminal activity.
Provide information regarding a crime on the premises.
Report a crime in an emergency.
Coroners and medical examiners
We may use and disclose protected health information for purposes of providing information to a coroner or medical examiner for the purpose of identifying a deceased patient, determining a cause of death, or facilitating their performance of other duties required by law.
We may use and disclose protected health information for purposes of providing information to funeral directors as necessary to carry out their duties.
Organ and tissue donation
For purposes of facilitating organ, eye, and tissue donation and transplantation, we may use and disclose protected health information to entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue.
Threat to public safety
We may use and disclose protected health information for purposes involving a threat to public safety, including protection of a third party from harm and identification and apprehension of a criminal. For example, in certain circumstances, we are required by law to disclose information to protect someone from imminent serious harm.
Specialized government functions
We may use and disclose protected health information for purposes involving specialized government functions including:
Military and veterans activities.
National security and intelligence.
Protective services for the President and others.
Medical suitability determinations for the Department of State.
Correctional institutions and other law enforcement custodial situations.
Workers’ compensation and similar programs
We may use and disclose protected health information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or similar programs, established by law that provide benefits for work-related injuries or illness without regard to fault. For example, this would include submitting a claim for payment to your employer’s workers’ compensation carrier if we treat you for a work injury.
Certain functions of the practice are performed by a business associate such as a billing company, an accountant firm, or a law firm. We may disclose protected health information to our business associates and allow them to create and receive protected health information on our behalf. For example, we may share with our billing company information regarding your care and payment for your care so that the company can file health insurance claims and bill you or another responsible party.
Creation of de-identified information
We may use protected health information about you in the process of de-identifying the information. For example, we may use your protected health information in the process of removing those aspects which could identify you so that the information can be disclosed to a researcher without your authorization
We may disclose protected health information as by-product of an otherwise permitted use or disclosure. For example, other patients may overhear your name being paged in the waiting room.
May Eye Care Center & Associates’ employees and workforce members may not disclose, use, sell or coerce an individual to consent to the disclosure, use, or sale of PHI for marketing purposes without the consent or authorization of the patient or representative who is the subject of the PHI. This prohibition includes the disclosure, use or selling of prescription drug patterns. Certain marketing activities, as described below, do not require May Eye Care Center & Associates to obtain patient authorization for the use or disclosure of PHI.
May Eye Care Center & Associates’ employees and workforce members shall not disclose identifiable information such as policy numbers or similar access data codes from a patient’s policy or transaction account to any non-affiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer unless the patient has authorized the disclosure.
Exceptions to General Rule
May Eye Care Center & Associates may use and disclose PHI without obtaining an authorization from the patient to:
Provide information on health related products and services in a face-to-face encounter with the patient;
Provide information on common health care communications, such as disease management, wellness programs, prescription refill reminders and appointment notifications;
Provide the patient with information on participating providers or plans in a network or alternative treatment options;
Provide sample products to the patient; and
Provide marketing communication involving promotional gifts of nominal value (e.g. calendars, key chains, etc. that promotes May Eye Care Center & Associates or a health care manufacturer’s products or services).
Uses and disclosures with authorization
For all other purposes that do not fall under a category listed under sections II.A and II.B, we will obtain your written authorization to use or disclose your protected health information.
III. PATIENT HEALTH INFORMATION rights
Further restriction on use or disclosure
You have a right to request that we further restrict use and disclosure of your protected health information to carry out treatment, payment, or health care operations, to someone who is involved in your care, the payment for your care, or for notification purposes.
We are not required to agree to a request for a further restriction with one exception. We must agree to a request not to disclose your protected health information to a health plan for payment or health care operations purposes if the information pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full.
To request a further restriction, you must submit a written request to our privacy officer. The request must tell us: (a) what information you want restricted; (b) how you want the information restricted; and (c) to whom you want the restriction to apply.
You have a right to request that we communicate your protected health information to you by a certain means or at a certain location. For example, you might request that we only contact you by mail or at work. We are not required to agree to requests for confidential communications that are unreasonable.
To make a request for confidential communications, you must submit a written request to our privacy officer. The request must tell us how or where you want to be contacted. In addition, if another individual or entity is responsible for payment, the request must explain how payment will be handled.
Accounting of disclosures
You have a right to obtain, upon request, an “accounting” of certain disclosures of your protected health information. This right is subject to limitations and in limited circumstances we may charge you for providing the accounting. To request an accounting, you must submit a written request to our privacy officer. The request should designate the applicable time period.
Inspection and copying
You have a right to inspect and obtain a copy of your protected health information that we maintain in a designated records set. Generally, this includes your medical and billing records. This right is subject to limitations and we may impose charges for the labor and supplies involved in providing copies. If your records are maintained electronically, you have the right to specify that the records you requested be provided in electronic form. We have the right to refuse unreasonable requests for electronic copies.
To exercise your right of access, you must submit a written request to our privacy officerThe request must: (a) describe the health information to which access is requested; (b) state how you want to access the information, such as inspection, pick-up of copy, mailing of copy; (c) specify any requested form or format, such as paper copy or an electronic means; and (d) include the mailing address, if applicable.
Right to amendment
You have a right to request that we amend protected health information that we maintain about you in a designated records set if the information is incorrect or incomplete. This right is subject to limitations. To request an amendment, you must submit a written request to our privacy officer. The request must specify each change that you want and provide a reason to support each requested change.
Paper copy of privacy notice
You have a right to receive, upon request, a paper copy of our Notice of Privacy Practices. To obtain a paper copy, contact our privacy officer.
Notification of breach
You have a right to receive timely written notification of certain breaches of your unsecured protected health information. Generally, paper records that have not been shredded are considered to be unsecured. Electronic records that are not electronically encrypted or irretrievably destroyed are also generally considered to be unsecured. A breach is generally defined as any disclosure of your unsecured protected health information not permitted by this notice. Examples of exceptions include unintentional access by employees and inadvertent disclosures within an office.
Revoke your authorization to use or disclose health information
Your authorization can be revoked at any time except to the extent that we have already taken action in reliance on your authorization, or if the authorization was obtained as a condition of obtaining insurance coverage and other applicable law provides the insurer that obtained the authorization with the right to contest a claim under the policy.
CHANGES to this notice
We reserve the right to change this notice at any time. We further reserve the right to make any change effective for all protected health information that we maintain at the time of the change – including information that we created or received prior to the effective date of the change.
notice of privacy practice availability
We will post a copy of our current notice in the waiting room for the practice. A hard copy can be obtained at our reception desk. At any time, patients may review the current notice by contacting our privacy officer. Patients also may access the current notice at our web site at www.mayeyecare.com
FOR MORE INFORMATION OR FILING A Complaint
If you have questions about this notice or would like additional information, you may contact our privacy officer at the telephone number listed below to discuss these concerns. If you believe that we have violated your privacy rights, you may submit a complaint to our privacy officer at the address below.
Address: The May Eye Care Center
Attention: Privacy & Security Compliance Officer
250 Fame Avenue, Suite 225, Hanover, PA 17331
You may also submit a complaint to the Office of Civil Rights at:
Office of Civil Rights
US Department of Health and Human Services
150 S. Independence Mall West, Suite 371
Public Ledger Building
Philadelphia, PA 19106-9111
(215) 861-4441 Hotline: (800) 368-1019
Fax: (215) 861-4431
TDD: (215) 861-4440
VII. LEGAL effect of this notice
This notice is not intended to create contractual or other rights independent of those created in the federal privacy rule.