HIPAA Privacy Statement
Notice of Information Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Understanding Your Health Record Information
Each time you visit a hospital, a physician, or another health care provider, the provider makes a record of your visit. Typically, this record contains your health history, current symptoms, examination and test results, diagnoses, treatment, and plan for future care or treatment. This information, often referred to as your medical record, serves as the following:
- Basis for planning your care and treatment.
- Means of communication among the many health professionals who contribute to your care.
- Legal document describing the care that you received.
- Means by which you or a third-party payer can verify that you actually received the services billed for.
- Tool in medical education.
- Source of information for public health officials charged with improving the health of the regions they serve.
- Tool to assess the appropriateness and quality of care that you received.
- Tool to improve the quality of health care and achieve better patient outcomes.
Understanding what is in your health records and how your health information is used helps you to:
- Ensure its accuracy and completeness.
- Understand who, what, where, why, and how others may access your health information.
- Make informed decisions about authorizing disclosure to others.
- Better understand the health information rights detailed below.
Your Rights under the Federal Privacy Standard
Although your health records are the physical property of the health care provider who completed it, you have the following rights with regard to the information contained therein:
Request restriction on uses and disclosures of your health information for treatment, payment, and health care operations. "Health care operations" consist of activities that are necessary to carry out the operations of the provider, such as quality assurance and peer review. The right to request restriction does not extend to uses or disclosures permitted or required under the following sections of the federal privacy regulations: § 164.502(a)(2)(i) (disclosures to you), 164.510(a) (for facility directories, but note that you have the right to object to such uses), or 164.512 (uses and disclosures not requiring a consent or an authorization). The latter uses and disclosures include, for example, those required by law, such as mandatory communicable disease reporting. In those cases, you do not have a right to request restriction. The consent to use and disclose your individually identifiable health information provides the ability to request restriction. We do not, however, have to agree to the restriction. If we do, we will adhere to it unless you request otherwise or we give you advance notice. You may also ask us to communicate with you by alternate means, and if the method of communication is reasonable, we must grant the alternate communication request. You may request restriction or alternate communications on the consent form for treatment, payment, and health care operations.
Obtain a copy of this notice of information practices. Although we have posted a copy on our website, you have a right to a hard copy upon request.
Inspect and copy your health information upon request. Again, this right is not absolute. In certain situations, such as if access would cause harm, we can deny access. You do not have a right of access to the following:
- Psychotherapy notes. Such notes consist of those notes that are recorded in any medium by a health care provider who is a mental health professional documenting or analyzing a conversation during a private, group, joint, or family counseling session and that are separated from the rest of your medical record.
- Information compiled in reasonable anticipation of or for use in civil, criminal, or administrative actions or proceedings.
- Protected health information ("PHI") that is subject to the Clinical Laboratory Improvement Amendments of 1988 ("CLIA"), 42 U.S.C. § 263a, to the extent that giving you access would be prohibited by law.
- Information that was obtained from someone other than a health care provider under a promise of confidentiality and the requested access would be reasonably likely to reveal the source of the information.
In other situations, we may deny you access, but if we do, we must provide you the reason for denying access. These reasons may include the following:
- A licensed healthcare professional, such as your attending physician, has determined, in the exercise of professional judgment, that the access is reasonably likely to endanger the life or physical safety of yourself or another person.
- PHI makes reference to another person (other than a health care provider) and a licensed health care provider has determined, in the exercise of professional judgment, that the access is reasonably likely to cause substantial harm to such other person.
- The request is made by your personal representative and a licensed health care professional has determined, in the exercise of professional judgment, that giving access to such personal representative is reasonably likely to cause substantial harm to you or another person.
For any of these reasons mentioned above, another licensed professional must review the decision of the provider denying access within 60 days. If we deny you access, we will explain why and what your rights are, including how to seek review.
If we grant access, we will tell you what, if anything, you have to do to get access. We reserve the right to charge a reasonable, cost-based fee for making copies.
Request amendment/correction of your health information. We do not have to grant the request if the following conditions exist:
- We did not create the record. If, as in the case of a consultation report from another provider, we did not create the record, we cannot know whether it is accurate or not. Thus, in such cases, you must seek amendment/correction from the party creating the record. If the party amends or corrects the record, we will put the corrected record into our records.
- The records are not available to you as discussed immediately above.
- The record is accurate and complete.
If we deny your request for amendment/correction, we will notify you why, how you can attach a statement of disagreement to your records (which we may rebut), and how you can complain. If we grant the request, we will make the correction and distribute the correction to those who need it and those whom you identify to us that you want to receive the corrected information.
Obtain an accounting of non-routine uses and disclosures, those other than for treatment, payment, and health care operations. We do not need to provide an accounting for the following disclosures:
- To you for disclosures of protected health information to you.
- To persons involved in your care and persons acting on your behalf.
- For national security or intelligence purposes.
- To correctional institutions or law enforcement officials.
We must provide the accounting within 60 days. The accounting must include the following information:
- Date of each non-routine disclosure.
- Name and address of the organization or person who received the protected health information.
- Brief description of the information disclosed.
- Brief statement of the purpose of the disclosure that reasonably informs you of the basis for the disclosure or, in lieu of such statement, a copy of your written authorization or a copy of the written request for disclosure.
The first accounting in any 12-month period is free. Thereafter, we reserve the right to charge a reasonable, cost-based fee.
Our Responsibilities under the Federal Privacy Standard
In addition to providing you your rights, as detailed above, the federal privacy standard requires us to take the following measures:
- Maintain the privacy of your health information, including implementing reasonable and appropriate physical, administrative, and technical safeguards to protect the information.
- Provide you this notice as to our legal duties and privacy practices with respect to individually identifiable health information that we collect and maintain about you.
- Abide by the terms of this notice.
- Train our personnel concerning privacy and confidentiality.
- Implement a sanction policy to discipline those who breach privacy/confidentiality or our policies with regard thereto.
- Mitigate (lessen the harm of) any breach of privacy/confidentiality.
We will not use or disclose your health information without your consent or authorization, except as described in this notice or otherwise required.
How to Get More Information or to Report a Problem
If you have questions, would like to report a problem, and/or would like additional information, you may contact the Privacy Officer or the Compliance Specialist at (800) 321-2843.
HIPAA Privacy Statement
Please be aware that when you communicate with The Holman Group through our website, you may have the following categories of personally identifiable information collected:
- Phone Number
- Email Address
Such information will only be reviewed by appropriate staff of The Holman Group and will not be shared with third-party persons or entities.
WE RESERVE THE RIGHT TO CHANGE OUR PRACTICES AND TO MAKE THE NEW PROVISIONS EFFECTIVE FOR ALL INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION THAT WE MAINTAIN. IF WE CHANGE OUR INFORMATION PRACTICES, WE WILL MAIL A REVISED NOTICE TO THE ADDRESS THAT YOU HAVE GIVEN US.
Contact us if you have questions or need further information about The Holman Group.