Notice of Privacy Practices
Cherokee Women’s Health Specialists, PC
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice is posted in our WAITING ROOMS.
This Notice is also available at WWW.CHEROKEEWOMENSHEALTH.COM
This Notice of Privacy Practices describes how Cherokee Women’s Health Specialists, PC (referred to in this Notice as “Covered Entity”) may use and disclose your protected health information (referred to in this Notice as “PHI”). This Notice also sets out Covered Entity’s obligations concerning your PHI and describes your rights to access and control your PHI. This Notice has been drafted in accordance with the HIPAA Privacy Rule, contained in the Code of Federal Regulations at 45 CFR Parts 160 and 164, and the final rule issued by the Office of Civil Rights of the U.S. Department of Health and Human Services on January 25, 2013 implementing changes to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules. Terms not defined in this Notice have the same meaning as they have in the HIPAA Privacy Rule.
Questions and Further Information. If you have any questions or want additional information about this Notice or the policies and procedures described in this Notice, please contact Covered Entity using the Contact Information provided at the end of this Notice.
Covered Entity’s Responsibilities
Covered Entity is required by law to maintain the privacy and security of your PHI and to provide you with a copy of this Notice setting forth its legal duties and its privacy practices with respect to your PHI, and to notify you following a breach of unsecured PHI. Covered Entity will abide by the terms of this Notice.
Changes to This Notice
Covered Entity reserves the right to revise its privacy practices and the provisions of this Notice at any time, as permitted or required by applicable law, and make the new provisions effective for all PHI that it maintains. Any revisions to our Notice may be retroactive. If Covered Entity makes a material change to this Notice, it will post a revised Notice on our website and provide a revised Notice to you during your next visit to our office and upon request.
Uses and Disclosures of Protected Health Information
The following is a description of when Covered Entity is permitted or required to use or disclose your PHI.
Treatment, Payment and Health Care Operations. Covered Entity has the right to use and disclose your PHI for all activities that are included within the definitions of “treatment”, “payment” and “health care operations” as defined in the HIPAA Privacy Rule.
Treatment. Covered Entity may use or disclose your PHI to any physician or other health care provider involved with the medical services provided to you, such as release of your name and insurance information to a specialist providing medical tests.
Payment. Covered Entity may use or disclose your PHI to collect payment for the medical services provided to you, such as release of the date and type of treatment Covered Entity provided to you on a claim for payment made to your health insurance company.
Health Care Operations. Covered Entity may use or disclose your PHI as part of Covered Entity’s internal health care operations, such as quality of care audits of our staff and affiliates, training programs, accreditation, certification, licensing, or credentialing activities.
Appointment Reminders, Test Results, Billing. Covered Entity (or our health insurance issuers, HMOs, business associates, or third-party administrators) may use and disclose your PHI to contact you by phone, U.S. postal mail or electronic mail as a reminder that you have an appointment or that you should schedule an appointment. We may use and disclose PHI to contact you by phone, electronic mail or U.S. postal mail with any test results, billing statements and inquiries, reminders, and/or questions.
Treatment Alternatives. Covered Entity (or our health insurance issuers, HMOs, business associates, or third-party administrators) may use and disclose your PHI in order to inform you about or recommend possible treatment options, alternatives or health-related services that may be of interest to you. You may be contacted either by phone, U.S. postal mail or electronic mail. With limited exceptions, where the making of such communications involves receipt of financial remuneration by us, we must obtain your authorization for any use or disclosure of PHI.
Fundraising. Covered Entity may contact you by phone, U.S. postal mail or electronic mail to raise funds for Covered Entity and you have the right to opt out of receiving such communications.
Business Associates. Covered Entity contracts with service providers, called business associates, to perform various functions on its behalf. For example, Covered Entity may contract with a service provider to perform the administrative functions necessary to pay your medical claims. To perform these functions or to provide the services, business associates will receive, create, maintain, use, or disclose PHI, but only after Covered Entity and the business associate agree in writing to contract terms requiring the business associate to appropriately safeguard your information.
Other Covered Entities. Covered Entity may use or disclose your PHI to assist health care providers in connection with their treatment or payment activities, or to assist other covered entities in connection with certain health care operations. For example, Covered Entity may disclose your PHI to a health care provider when needed by the provider to render treatment to you, and Covered Entity may disclose PHI to another covered entity to conduct health care operations in the areas of quality assurance and improvement activities, or accreditation, certification, licensing, or credentialing. This also means that Covered Entity may disclose or share your PHI with other health care programs or insurance carriers (such as Blue Cross, Blue Shield, etc.) in order to coordinate benefits, if you or your family members have other health insurance or coverage.
Required by Law. Covered Entity may use or disclose your PHI to the extent required by federal, state, or local law.
Public Health Activities. Covered Entity may use or disclose your PHI for public health activities that are permitted or required by law. For example, it may use or disclose information for the purpose of preventing or controlling disease, injury, or disability, or it may disclose such information to a public health authority authorized to receive reports of child abuse or neglect. Covered Entity also may disclose PHI, if directed by a public health authority, to a foreign government agency that is collaborating with the public health authority.
Health Oversight Activities. Covered Entity may disclose your PHI to a health oversight agency for activities authorized by law. For example, these oversight activities may include audits; investigations; inspections; licensure or disciplinary actions; or civil, administrative, or criminal proceedings or actions. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs, and government agencies that ensure compliance with civil rights laws.
Lawsuits and Other Legal Proceedings. Covered Entity may disclose your PHI in the course of any judicial or administrative proceeding or in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized). If certain conditions are met, Covered Entity may also disclose your PHI in response to a subpoena, a discovery request, or other lawful process.
Abuse or Neglect. Covered Entity may disclose your PHI to a government authority that is authorized by law to receive reports of abuse, neglect, or domestic violence. Additionally, as required by law, if Covered Entity believes you have been a victim of abuse, neglect, or domestic violence, it may disclose your PHI to a governmental entity authorized to receive such information.
Schools. Covered Entity may disclose proof of immunization to a school where State or other law requires the school to have such information prior to admitting the student, if Covered Entity obtains an agreement, which may be oral, from a parent, guardian or other person acting in loco parentis for the individual, or from the individual himself or herself, if the individual is an adult or emancipated minor.
Law Enforcement. Under certain conditions, Covered Entity also may disclose your PHI to law enforcement officials for law enforcement purposes. These law enforcement purposes include, by way of example, (1) responding to a court order or similar process; (2) as necessary to locate or identify a suspect, fugitive, material witness, or missing person; or (3) as relating to the victim of a crime.
Coroners, Medical Examiners, and Funeral Directors. Covered Entity may disclose PHI to a coroner or medical examiner when necessary for identifying a deceased person or determining a cause of death. Covered Entity also may disclose PHI to funeral directors as necessary to carry out their duties.
Organ and Tissue Donation. Covered Entity may disclose PHI to organizations that handle organ, eye, or tissue donation and transplantation.
Research. Covered Entity may disclose your PHI to researchers when (1) their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI, or (2) the research involves a limited data set which includes no unique identifiers (information such as name, address, social security number, etc., that can identify you).
To Prevent a Serious Threat to Health or Safety. Consistent with applicable laws, Covered Entity may disclose your PHI if disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. It also may disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.
Military. Under certain conditions, Covered Entity may disclose your PHI if you are, or were, Armed Forces personnel for activities deemed necessary by appropriate military command authorities. If you are a member of foreign military service, Covered Entity may disclose, in certain circumstances, your information to the foreign military authority.
National Security and Protective Services. Covered Entity may disclose your PHI to authorized federal officials for conducting national security and intelligence activities, and for the protection of the President, other authorized persons, or heads of state.
Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, Covered Entity may disclose your PHI to the correctional institution or to a law enforcement official for: (1) the institution to provide health care to you; (2) your health and safety, and the health and safety of others; or (3) the safety and security of the correctional institution.
Workers’ Compensation. Covered Entity may disclose your PHI to comply with workers’ compensation laws and other similar programs that provide benefits for work-related injuries or illnesses.
Disclosures to the Secretary of the U.S. Department of Health and Human Services. Covered Entity is required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining Covered Entity’s compliance with the HIPAA Privacy Rule.
Others Involved in Your Health Care. Covered Entity may disclose your PHI to a friend or family member that is involved in or responsible for your health care, unless you object or request a restriction (in accordance with the process described below under “Right to Request Restrictions”). Covered Entity also may disclose your information to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location. If you are not present or able to agree to these disclosures of your PHI, then, using professional judgment, Covered Entity may determine whether the disclosure is in your best interest.
Disclosures to You. Covered Entity is required to disclose to you or your personal representative most of your PHI when you request access to this information. Covered Entity will disclose your PHI to an individual who has been designated by you as your personal representative and who has qualified for such designation in accordance with relevant law. Prior to such a disclosure, however, Covered Entity must be given written documentation that supports and establishes the basis for the personal representation. Covered Entity may elect not to treat the person as your personal representative if it has a reasonable belief that you have been, or may be, subjected to domestic violence, abuse, or neglect by such person; that treating such person as your personal representative could endanger you; or if Covered Entity determines, in the exercise of its professional judgment, that it is not in your best interest to treat the person as your personal representative.
Other Uses and Disclosures of Your Protected Health Information
Most uses and disclosures of psychotherapy notes (where appropriate and if Covered Entity has any such notes), uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI, as well as other uses and disclosures of your PHI that are not described in this Notice will be made only with your written authorization. If you provide Covered Entity with an authorization, you may revoke the authorization in writing, and this revocation will be effective for future uses and disclosures of PHI. However, the revocation will not be effective for information that Covered Entity has used or disclosed in reliance on the authorization.
State of Georgia has laws that may limit our rights to use and disclose your PHI beyond what we are allowed to do under the Privacy Rule. The categories of PHI that are subject to these more restrictive laws include substance abuse, communicable diseases, sexually transmitted disease and/or reproductive health information, HIV/AIDS-related information and mental health information, and we are allowed to disclose these types of information only (1) under certain limited circumstances and/or (2) to specific recipients. If your written consent is required under these more restrictive laws or if a use or disclosure of PHI in these categories is prohibited or materially limited by other laws that apply to us, it is our intent to meet the requirements of the more stringent law.
Your Rights
The following is a description of your rights with respect to your PHI.
Right to Request a Restriction. You have the right to request a restriction on the PHI Covered Entity uses or discloses for treatment, payment or health care operations. You also have a right to request a limit on disclosures of your PHI to family members or friends who are involved in your care or the payment for your care. Your request must include the PHI you wish to limit, whether you want to limit Covered Entity’s use, disclosure, or both, and (if applicable), to whom you want the limitations to apply (for example, disclosures to your spouse). You may request such a restriction using the Contact Information at the end of this Notice.
Covered Entity is not required to agree to any restriction that you request, except that Covered Entity must agree to the request to restrict disclosure of PHI to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law and the PHI pertains solely to a health care item or service for which you, or a person other than the health plan on behalf of the individual, has paid the Covered Entity in full. If Covered Entity agrees to the restriction, it will not use or disclose PHI in violation of such restriction, except that, if the individual who requested the restriction is in need of emergency treatment and the restricted PHI is needed to provide the emergency treatment, Covered Entity may use the restricted PHI, or may disclose such information to a health care provider, to provide such treatment to the individual. If restricted PHI is disclosed to a health care provider for emergency treatment, Covered Entity shall request that such health care provider not further use or disclose the information. Covered Entity may terminate its agreement to a restriction if 1) you agree to or request the termination in writing, 2) you orally agree to the termination and the oral agreement is documented; 3) or Covered Entity notifies you that it is terminating its agreement to a restriction, except that such termination is not effective with respect to PHI for which Covered Entity must agree to a restriction as described above and is only effective with respect to PHI created or received after Covered Entity provided such a notice.
Right to Request Confidential Communications. You have the right to request that Covered Entity communicate with you in an alternative manner or at an alternative location. For example, you may ask that all communications be sent to your work address. You must request a confidential communication in writing using the Contact Information at the end of this Notice. Your request must specify the alternative means or location for communication with you. Covered Entity will accommodate a request for confidential communications that is reasonable, but may condition it on, when appropriate, information as to how payment, if any, will be handled.
Right to Request Access. You have the right to inspect and copy PHI that may be used to make decisions about your care. You must submit your request in writing. For your convenience, you may request a form using the Contact Information at the end of this Notice. If you request copies, Covered Entity may charge you copying and postage fees as allowed by law.
Note that under federal law, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and PHI that is subject to law that prohibits access to PHI. In some, but not all, circumstances, you may have a right to have a decision to deny access reviewed.
Right to Request an Amendment. You have the right to request an amendment of your PHI held by Covered Entity if you believe that information is incorrect or incomplete. If you request an amendment of your PHI, your request must be submitted in writing using the Contact Information at the end of this Notice and must set forth a reason(s) in support of the proposed amendment. In certain cases, Covered Entity may deny your request for an amendment. For example, Covered Entity may deny your request if the information you want to amend is accurate and complete or was not created by Covered Entity. If Covered Entity denies your request, you have the right to file a statement of disagreement. Your statement of disagreement will be linked with the disputed information and all future disclosures of the disputed information will include your statement.
Right to Request an Accounting. You have the right to request an accounting of certain disclosures Covered Entity has made of your PHI. You may request an accounting using the Contact Information at the end of this Notice. You can request an accounting of disclosures made up to six years prior to the date of your request. You are entitled to one accounting free of charge during a twelve-month period. There will be a charge to cover Covered Entity’s costs for additional requests within that twelve-month period. Covered Entity will notify you of the cost involved and you may choose to withdraw or modify your request before any costs are incurred.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice, even if you have agreed to accept this Notice electronically. To obtain such a copy, please contact Covered Entity using the Contact Information at the end of this Notice.
Right to Receive Notifications of Breaches of Unsecured PHI. You have the right to and will receive notifications of breaches of your unsecured PHI.
Complaints
Effective Date
Contact Information
To exercise any of the rights described in this Notice, for more information, or to file a complaint, please contact:
Privacy Officer
Christopher J. Litrel
Cherokee Women’s Health Specialists, PC
Billing office:
216 Riverstone Drive
Canton, GA 30114
(770) 720-7733