THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW THIS NOTICE CAREFULLY.
Your health record contains personal information about you and your health. This information, which may identify you and relates to your past, present or future physical or mental health or condition and related health care services, is referred to as Protected Health Information (“PHI”). This Notice of Privacy Practices describes how we may use and disclose your PHI in accordance with applicable law. It also describes your rights regarding how you may gain access to and control your PHI.
We are required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI. We are required to abide by the terms of this Notice of Privacy Practices. We reserve the right to change the terms of our Notice of Privacy Practices at any time. Any new Notice of Privacy Practices will be effective for all PHI that we maintain at that time. We will provide you with a copy of the revised Notice of Privacy Practices by posting a copy on our website, sending a copy to you in the mail upon request, or providing one to you at your next appointment.
We have chosen to participate in the Chesapeake Regional Information System for our Patients (CRISP), a regional health information exchange serving Maryland and D.C. As permitted by law, your health information will be shared with this exchange in order to provide faster access, better coordination of care and assist providers and public health officials in making more informed decisions. You may “opt-out” and disable access to your health information available through CRISP by calling 1-877-952-7477 or completing and submitting an Opt-Out form to CRISP by mail, fax or through their website at www.crisphealth.org. Public health reporting and Controlled Dangerous Substances information, as part of the Maryland Prescription Drug Monitoring Program (PDMP), will still be available to providers.
We participate in the CRISP health information exchange (HIE) to share your medical records with your other health care providers and for other limited reasons. You have rights to limit how your medical information is shared. We encourage you to read our Notice of Privacy Practices and find more information about CRISP medical record sharing policies at www.crisphealth.org.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU:
For Treatment. Your PHI may be used and disclosed by those who are involved in your care for the purpose of providing, coordinating, or managing your health care treatment and related services. This includes consultation with clinical supervisors or other treatment team members. We may disclose PHI to any other consultant only with your authorization.
For Payment. We may use or disclose PHI so that we can receive payment for the treatment services provided to you. This will only be done with your authorization. If it becomes necessary to use collection processes due to lack of payment for services, we will only disclose the minimum amount of PHI necessary for purposes of collection.
For Health Care Operations. We may use or disclose, as needed, your PHI in order to support our business activities including, but not limited to, quality assessment activities, employee review activities, reminding you of appointments, to provide information about treatment alternatives or other health related benefits and services, licensing, and conducting or arranging for other business activities. For example, we may share your PHI with third parties that perform various business activities (e.g., billing or typing services) provided we have a written contract with the business that requires it to safeguard the privacy of your PHI. For training or teaching purposes PHI will be disclosed only with your authorization.
Required by Law. Under the law, we must make disclosures of your PHI to you upon your request. In addition, we must make disclosures to the Secretary of the Department of Health and Human Services for the purpose of investigating or determining our compliance with the requirements of the Privacy Rule.
Following is a list of the categories of uses and disclosures permitted by HIPAA without an authorization.
- Abuse and Neglect
- Judicial and Administrative Proceedings
- Emergencies
- Law Enforcement
- National Security
- Public Safety (Duty to Warn)
Without Authorization. Applicable law and ethical standards permit us to disclose information about you without your authorization only in a limited number of other situations. The types of uses and disclosures that may be made without your authorization are those that are:
- Required by law, such as the mandatory reporting of child abuse or neglect or mandatory government agency audits or investigations (such as the social work licensing board or health department)
- Required by Court Order
- Necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. If information is disclosed to prevent or lessen a serious threat, it will be disclosed to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat.
Verbal Permission. We may use or disclose your information to family members that are directly involved in your treatment with your verbal permission.
With Authorization. Uses and disclosures not specifically permitted by applicable law will be made only with your written authorization, which may be revoked.
YOUR RIGHTS REGARDING YOUR PHI
You have the following rights regarding your personal PHI maintained by our office. To exercise any of these rights, please submit your request in writing to the address above.
- Right of Access to Inspect and Copy. You have the right, which may be restricted only in exceptional circumstances, to inspect and copy PHI that may be used to make decisions about your care. Your right to inspect and copy PHI will be restricted only in those situations where there is compelling evidence that access would cause serious harm to you. We may charge a reasonable, cost-based fee for copies.
- Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may ask us to amend the information, although we are not required to agree to the amendment.
- Right to an Accounting of Disclosures. You have the right to request an accounting of certain of the disclosures that we make of your PHI. We may charge you a reasonable fee if you request more than one accounting in any 12-month period.
- Right to Request Restrictions. You have the right to request a restriction or limitation on the use or disclosure of your PHI for treatment, payment, or health care operations. We are not required to agree to your request unless the request is to restrict disclosure of PHI to a health plan for purposes of carrying out payment or health care operations, and the PHI pertains to a health care item or service that you paid for out of pocket. In that case, we are required to honor your request for a restriction.
- Right to Request Confidential Communication. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.
- Breach Notification. If there is a breach of unsecured protected health information concerning you, we may be required to notify you of this breach, including what happened and what you can do to protect yourself
- Right to a Copy of this Notice. You have the right to a copy of this notice.
COMPLAINTS
If you believe we have violated your privacy rights, you have the right to file a complaint in writing to Grace Manglet, DNP., or to the Secretary of Health & Human Services.
Consent: I hereby acknowledge that I have received and have been given an opportunity to print out a copy of of this Notice of Privacy Practices for my records. I understand that if I have any questions, I can contact Ms. Manglet at Zohar Health by phone at (301) 250-0404.