CONNIE F. CICORELLI, D.D.S., P.A.
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND
DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are required by law to maintain the privacy of protected health information (“PHI”), to provide individuals with notice of our legal duties and privacy practices with respect to PHI, and to notify affected individuals following a breach of unsecured PHI. We must follow the privacy practices that are described in this Notice while it is in effect. This Notice takes effect 9/23/13, and will remain in effect until we replace it.
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law, and to make new Notice provisions effective for all PHI information that we maintain. When we make a significant change in our privacy practices, we will change this Notice and post the new Notice clearly and prominently at our practice location, and we will provide copies of the new Notice upon request.
You may request a copy of our Notice at any time. For more information about our privacy practices, or for additional copies of this Notice, please contact us using the information listed at the end of this Notice.
HOW WE MAY SEND HEALTH INFORMATION ABOUT YOU
Your protected health information includes information relating to your mental or physical health and to the health care provided to you, including materials like your dental records, dental x-rays, and payment records. Some documents containing PHI may include such sensitive personal information as a Social Security Number, credit card number, mental health diagnosis, genetic information, alcohol/substance abuse records, HIV status, and other kinds of sensitive information.
Sometimes our dental practice needs to send PHI to the patient or to someone else, such as a specialist. There are various ways to send PHI, including email and other electronic means. Our dental practice does not encrypt email or other electronic forms of communication.
There is a risk that unencrypted information may be acquired by hackers or received by unintended recipients. If you are concerned about the security of PHI that may be sent unencrypted, please let us know and we will sent it a different way, which may include providing the information to you to deliver.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU
We may use and disclose your health information for different purposes, including treatment, payment, and health care operations. For each of these categories, we have provided a description and an example. Some information, such as HIV-related information, genetic information, alcohol and/or substance abuse records, and mental health records may be entitled to special confidentiality protections under applicable state or federal law. We will abide by these special protections as they pertain to applicable cases involving these types of records.
Treatment. We may use and disclose your health information for your treatment. For example, we may disclose your health information to a specialist providing treatment to you.
Payment. We may use and disclose your health information to obtain reimbursement for the treatment and services you receive from us or another entity involved with your care. Payment activities include billing, collections, claims management, and determinations of eligibility and coverage to obtain payment from you, an insurance company, or another third party. For example, we may send claims to your dental health plan containing certain health information.
Healthcare Operations. We may use and disclose your health information in connection with our healthcare operations. For example, healthcare operations include quality assessment and improvement activities, conducting training programs, and licensing activities.
Individuals Involved in Your Care or Payment for Your Care. We may disclose your health information to your family or friends or any other individual identified by you when they are involved in your care or in the payment for your care. Additionally, we may disclose information about you to a patient representative. If a person has the authority by law to make health care decisions for you, we will treat that patient representative the same way we would treat you with respect to your health information.
Disaster Relief. We may use or disclose your health information to assist in disaster relief efforts.
Required by Law. We may use or disclose your health information when we are required to do so by law.
Public Health Activities. We may disclose your health information for public health activities, including disclosures to:
· Prevent or control disease, injury or disability;
· Report child abuse or neglect;
· Report reactions to medications or problems with products or devices;
· Notify a person of a recall, repair, or replacement of products or devices;
· Notify a person who may have been exposed to a disease or condition; or
· Notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence.
National Security. We may disclose to military authorities the health information of Armed Forces personnel under certain circumstances. We may disclose to authorized federal officials health information required for lawful intelligence, counterintelligence, and other national security activities. We may disclose to a correctional institution or a law enforcement official having lawful custody the PHI of an inmate or patient.
Secretary of HHS. We will disclose your health information to the Secretary of the U.S. Department of Health and Human Services when required to investigate or determine compliance with HIPAA.
Worker’s Compensation. We may disclose your protected health information (“PHI”) to the extent authorized by and to the extent necessary to comply with laws relating to worker’s compensation or other similar programs established by law.
Law Enforcement. We may disclose your PHI for law enforcement purposes as permitted by HIPAA, as required by law, or in response to a subpoena or court order.
Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to tell you about the request or to obtain an order protecting the information requested.
Research. We may disclose your PHI to researchers when their research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
Coroners, Medical Examiners, and Funeral Directors. We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
Fundraising. We may contact you to provide you with information about our sponsored activities, including fundraising programs, as permitted by applicable law. If you do not wish to receive such information from us, you may opt out of receiving the communications.
Other Uses and Disclosures of PHI
Your authorization is required, with a few exceptions, for disclosure of psychotherapy notes, use or disclosure of PHI for marketing, and for the sale of PHI. We will also obtain your written authorization before using or disclosing your PHI for purposes other than those provided for in this Notice (or as otherwise permitted or required by law). You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
Your Health Information Rights
Access. You have the right to look at or get copies of your health information, with limited exceptions. You must make the request in writing. You may obtain a form to request access by using the contact information listed at the end of this Notice. You may also request access by sending us a letter to the address at the end of this Notice. If you request information that we maintain on paper, we may provide photocopies. If you request information that we maintain electronically, you have the right to an electronic copy. We will use the form and format you request if readily producible. We will charge you a reasonable cost-based fee for the cost of supplies and labor of copying, and for postage if you want copies mailed to you. Contact us using the information listed at the end of this Notice for an explanation of our fee structure.
If you are denied a request for access, you have the right to have the denial reviewed in accordance with the requirements of applicable law.
Disclosure Accounting. With the exception of certain disclosures, you have the right to receive an accounting of disclosures of your health information in accordance with applicable laws and regulations. To request an accounting of disclosures of your health information, you must submit your request in writing to the Privacy Official. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to the additional requests.
Right to Request a Restriction. You have the right to request additional restrictions on our use or disclosure of your PHI by submitting a written request to the Privacy Official. Your written request must include (1) what information you want to limit, (2) whether you want to limit our use, disclosure or both, and (3) to whom you want the limits to apply. We are not required to agree to your request except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, and the information pertains solely to a health care item or service for which you, or a person on your behalf (other than the health plan), has paid our practice in full.
Alternative Communication. You have the right to request that we communicate with you about your health information by alternative means or at alternative locations. You must make your request in writing. Your request must specify the alternative means or location, and provide satisfactory explanation of how payments will be handled under the alternative means or location you request. We will accommodate all reasonable requests. However, if we are unable to contact you using the ways or locations you have requested we may contact you using the information we have.
Amendment. You have the right to request that we amend your health information. Your request must be in writing, and it must explain why the information should be amended. We may deny your request under certain circumstances. If we agree to your request, we will amend your record(s) and notify you of such. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it and explain your rights.
Right to Notification of a Breach. You will receive notifications of breaches of your unsecured PHI as required by law.
Electronic Notice. You may receive a paper copy of this Notice upon request, even if you have agreed to receive this Notice electronically on our Web site or by electronic mail (e-mail).