Patient privacy and data confidentiality is of paramount importance at my practice. I currently operate all aspects of my practice, both administrative and clinical. This fact, combined with my not accepting insurance, means that I am the one and only person that knows you or your dependent have received, or are receiving, services from my practice. I do often collaborate with other healthcare providers to provide the best treatment possible for mutual patients, but that will only occur if you sign the relevant releases with each provider, myself included, to give permission for such activity. Your health insurance provider will only know that you received service from my practice if you seek reimbursement from them for my out of network services or use insurance at the pharmacy to fill any prescriptions prescribed at our appointments.
My default behavior for the keeping of patient medical records is to use an electronic medical records (EMR) system. This system is provided as a service from a company whom I have a contract with which dictates that patient privacy and confidentiality be maintained as required by federal law (HIPAA; see below). From a legal standpoint, they are a “Business Associate” of mine, they are required to protect the personal health information I store using their software, and they must only allow my access to it. If you are uncomfortable with your personal health information being stored in this manner, I am happy to keep traditional paper records for you if requested.
The Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) is a Federal program that requests that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper, or orally are kept properly confidential. This Act gives you, the patient, the right to understand and control how your personal health information (“PHI”) is used. HIPAA provides penalties for covered entities that misuse personal health information.
As required by HIPAA, I prepared this explanation of how I maintain the privacy of your health information and how I may disclose your personal information.
I may use and disclose your medical records only for each of the following purposes: treatment, payment and health care operation.
- Treatment means providing, coordinating, or managing health care and related services by one or more healthcare providers. An example of this is a primary care doctor referring you to a specialist doctor.
- Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collections activities, and utilization review. An example of this would include sending your credit card information to my merchant account provider if you request to make payment in that manner.
- Health Care Operations include business aspects of running the practice, such as conducting quality assessments and improving activities, auditing functions, cost management analysis, and customer service. An example of this would be new patient survey cards.
- The practice may also be required or permitted to disclose your PHI for law enforcement and other legitimate reasons. In all situations, I shall do my best to assure its continued confidentiality to the extent possible.
I may create and distribute de-identified health information by removing all reference to individually identifiable information.
I may contact you, by phone or in writing, to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.
The following use and disclosures of PHI will only be made pursuant to us receiving a written authorization from you:
- Most uses and disclosure of psychotherapy notes;
- Uses and disclosure of your PHI for marketing purposes, including subsidized treatment and health care operations;
- Disclosures that constitute a sale of PHI under HIPAA; and
- Other uses and disclosures not described in this notice.
You may revoke such authorization in writing and I am required to honor and abide by that written request, except to the extent that I have already taken actions relying on your prior authorization.
You may have the following rights with respect to your PHI.
- The right to request restrictions on certain uses and disclosures of PHI, including those related to disclosures of family members, other relatives, close personal friends, or any other person identified by you. I am, however, not required to honor a requested restriction except in limited circumstances which I shall explain if you ask. If I do agree to the restriction, I must abide by it unless you agree in writing to remove it.
- The right to reasonable requests to receive confidential communications of Protected Health Information by alternative means or at alternative locations.
- The right to inspect and copy your PHI.
- The right to amend your PHI.
- The right to receive an accounting of disclosures of your PHI.
- The right to obtain a paper copy of this notice from us upon request.
- The right to be advised if your unprotected PHI is intentionally or unintentionally disclosed.
If you have paid for services “out of pocket”, in full and in advance, and you request that I not disclose PHI related solely to those services to a health plan, I will accommodate your request, except where I am required by law to make a disclosure.
I am required by law to maintain the privacy of your Protected Health Information and to provide you the notice of my legal duties and my privacy practice with respect to PHI.
This notice is effective as of August 1st, 2016 and it is my intention to abide by the terms of the Notice of Privacy Practices and HIPAA Regulations currently in effect. I reserve the right to change the terms of my Notice of Privacy Practice and to make the new notice provision effective for all PHI that I maintain. I will post and you may request a written copy of the revised Notice of Privacy Practice from my office.
You have recourse if you feel that your protections have been violated by my office. You have the right to file a formal, written complaint with office and with the Department of Health and Human Services, Office of Civil Rights. I will not retaliate against you for filing a complaint.
Feel free to contact Jacqueline Hubbard, M.D., PLLC, for more information, in person or in writing.