Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED, DISCLOSED AND HOW YOU CAN ACCESS THIS INFORMATION.
PLEASE REVIEW CAREFULLY
In this notice we use the terms “we,” “us,” and “our” to refer to Propel Health. We use the terms “you” and “your” to refer to patients and/or their guardians.
Why this notice? Under a federal law called the Health Insurance Portability and Accountability Act (HIPAA), covered health care organizations across the nation, including Propel Health, must have a Notice of Privacy Practices and provide you with a copy.
What is “Protected Health information?” Your protected health information (“PHI”) contains identifiers, such as your name, social security number, or other information that reveals your identity. For example, your medical record is considered PHI because it includes your name amongst other identifiers. Protected health information (PHI) may be spoken (oral), written (on paper) or electronic (stored in a computer or database). Only people who need your PHI for health care operations, coordinating your care and other reasons explained below are allowed to see your PHI.
Propel Health utilizes many ways to keep your PHI safe. We use methods such as cabinet locks for paper records, passwords, encryption and firewalls for our computer systems, software and databases. Paper documents that do not require retention are shredded or destroyed in such a way that your PHI cannot be read or reconstructed. Electronic information is cleared, purged or destroyed so that PHI cannot be retrieved.
What is our responsibility to protect your PHI? By law, we must:
- Protect the privacy of your PHI. We take this responsibility seriously and will take appropriate steps to safeguard your PHI;
- Tell you about your rights and our legal duties with respect to your PHI;
- Tell you about our privacy practices and follow our notice currently in effect; and
- Provide you with a timely breach notice in the event of a breach of unsecured information and without unreasonable delay. We maintain physical, administrative and technical safeguards to protect against unauthorized access, use or disclosure of your information. Should a breach involve a law enforcement investigation, there may be a delay in notification.
How will we use and disclose your PHI? Your confidentiality is important to us. Our physicians and employees are required to maintain the confidentiality of the PHI of our clients, patients and individuals we provide services to. We have policies and procedures and other safeguards to help protect your PHI from improper use and disclosure. Sometimes we are allowed by law to use and disclose certain PHI without your written permission. We will briefly describe these uses and disclosures below with examples.
How much PHI is used or disclosed without your written permission will vary depending, for example, on the intended purpose of the use or disclosure. Sometimes we may only need to disclose a limited amount of PHI, such as to send you an appointment reminder or to confirm your benefits or insurance coverage. At other times, we may need to disclose more PHI, such as when we are providing medical treatment.
I. USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
A. We may use or disclose your Protected Health Information (PHI) to provide treatment services to you. PHI may be released to other healthcare professionals within the Propel Health network (the doctors, nurses, technicians, staff or other personnel who are involved in taking care of you) for the purpose of providing you with quality healthcare. We may also use and disclose PHI or portions of PHI in connection with our healthcare operations, including quality improvement activities, training programs, accreditation, certification, licensing or credentialing activities. Propel Health may disclose your health care information to business associates whom we contract with to perform business services for us, such as billing companies, quality assurance reviewers or a translator service so a service may be performed on our behalf. We require that all business associates implement appropriate safeguards to protect your health care information. Disclosures that are incidental to permitted or required uses or disclosures under HIPAA are permissible, so long as we implement safeguards to avoid such disclosures, and we limit the PHI exposed through these incidental disclosures.
B. Required or Permitted by Law: We may use or disclose PHI or portions of PHI when we are required or permitted to do so by state or federal law. Such disclosures will be made pursuant to the terms of those laws. For example, we may disclose PHI to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect, domestic violence or are the possible victim of other crimes and when there is a clear and serious threat of homicide or intent to do serious bodily harm to another person. In addition, we may report to Child Protective Services or other appropriate law enforcement agency when there is reason to suspect abuse or neglect. In addition, we may disclose PHI to the extent necessary to avert a serious threat to your health or safety or the health or safety of others, including disclosure of PHI to a doctor or hospital in the event of a medical emergency. Other disclosures permitted or required by law may include the following: disclosures for public health activities, disclosures to judicial and law enforcement officials in response to a court order or other lawful process, disclosures for research when approved by an institutional review board and disclosures to military or national security agencies, coroners, medical examiners, worker’s compensation, to organ donation/transplantation services if you are an organ donor and correctional institutions as otherwise authorized by law.
II. USES AND DISCLOSURES REQUIRING YOUR AUTHORIZATION
- Other Uses and Disclosures: Uses and disclosures (other than those described in Section IA, IB and IC above) will only be made with your written authorization. For example, you will need to sign an authorization form before we can send PHI to your attorney. You may revoke any such authorization at any time, unless we have already taken action in reliance on the authorization.
- Other Highly Confidential Information: In addition, federal and state law requires special privacy protections for certain highly confidential information including your PHI that includes information about alcohol and drug abuse prevention, treatment and referral. In order for us to disclose such highly confidential information for a purpose other than those permitted by law, we must obtain your written authorization.
- Marketing Communications: We will not use your health information for marketing communications without your written authorization.
III. YOUR INDIVIDUAL RIGHTS
A. Right to Inspect and Copy: You may request access to your medical record and billing records maintained by us in order to inspect and request copies of the records. All requests for access must be made in writing addressed to the Director of Corporate Compliance identified in Section IIIG. We may charge a fee for the costs of copying and sending you any records requested. We may deny your request in certain limited circumstances, and you may request that decision be reviewed.
B. Right to Alternative Communications: You may request, and we will accommodate any reasonable written request from you, to receive PHI by alternative means of communication or at alternative locations.
C. Right to Request Restrictions: You have the right to request a restriction on PHI we use or disclose for treatment, payment or health care operations. You must request any such restriction in writing addressed to the Director of Corporate Compliance identified in Section IIIG. We are not required to agree to any such restriction you may request.
D. Right to Request Amendment: You have the right to request that we amend your health information. Your request must be in writing and it must explain why the information should be amended. We may deny your request under certain circumstances.
E. Right to Accounting of Disclosure: You have the right to request an accounting of disclosures of PHI. The response will exclude any disclosures for treatment on health care operations or any disclosures that you authorized in writing. You must request an accounting in writing directed to the Director of Corporate Compliance identified in Section IIIG.
F. Right to Obtain Notice: You have the right to obtain a paper copy of the Notice by submitting a written request to our Director of Corporate Compliance identified in Section IIIG at any time.
G. Questions and Complaints: If you desire further information about your privacy rights, or are concerned that we have violated your privacy rights, you may contact Brenda Eames, Propel Health’s Director of Corporate Compliance, at 503-952-4951, email@example.com
You may also file a complaint if you feel we have violated your privacy rights with the Director, Office for Civil Rights of the U.S. Department of Health and Human Services at: 2201 Sixth Avenue-M/S: RX-11, Seattle, WA 98121-1831, 206-615-2290, 206-615-2297 Fax, 1-877-696-6775 Toll free, OCRComplaint@hhs.gov.
We will not retaliate against you if you file a complaint with the Director, Office for Civil Rights or with Propel Health.
IV. EFFECTIVE DATE AND CHANGES TO THIS NOTICE
A. Effective Date: This Notice is effective on March 3, 2016.
B. Changes to this Notice: We reserve the right to change the terms of this Notice at any time. New terms may be effective for all PHI that Propel Health maintains, including any information created or received prior to Notice issuance. A revised Notice will be posted on the company website: www.propelhealth.com and physical copies can be made available upon request by contacting the Director of Corporate Compliance.
For more information about our privacy practices, or for additional copies of this Notice, please contact: Brenda Eames, the Director of Corporate Compliance: 601 SW 2nd Ave, Suite 1940, Portland, OR, 503-952-4951, firstname.lastname@example.org.