HIPAA NOTICE OF PRIVACY PRACTICES
Bonita Springs Sports and Physical Therapy Center, Inc.
Effective Date: September 23, 2013
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND
DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY
As of April 14, 2003 the federal government requires that all rules and regulations of HIPAA, be effective. Significant changes have also been made to the privacy and security obligations of providers with respect to patients’ protected health information (PHI) with the release of the Omnibus Final Rule (Omnibus Rule) on January 17, 2013. With the Omnibus Rule, the Department of Health and Human Services (HHS) made important changes to the privacy and security requirements under HIPAA and the HITECH Act. Bonita Springs Sports & Physical Therapy Center, Inc. has made all updates and satisfied all requirements to be certain of full compliance to these changes. It is our pleasure and legal duty to protect your health information!!!
If you have any questions about this notice, please contact Dr. Sandra L. Klassen, M.S., D.P.T., A.T., C. President & Compliance Officer. (239) 4980558.
HIPAA = Health Insurance Portability and Accountability Act. HIPAA was part of the Balanced Budget Act of 1996. It has been in full effect since 2003 and has recently been expanded as stated above.
Bonita Springs Sports and Physical Therapy Center, Inc. considers every aspect of your personal information to be confidential. Everything we do from internal operations to communicating with your doctor to dealing with your insurance company will be handled following all HIPAA rules & regulations. Whether such communication is electronic, on paper, or oral, all PHI is kept properly confidential. These rules have been designed to protect your personal health information in accordance with federal and state privacy laws, and it is our company policy to be certain that all compliance is fully applied so that you are fully protected.
This notice describes our privacy practices.
OUR PLEDGE REGARDING HEALTH INFORMATION:
We understand that your health information and your health care is personal. We are committed to protecting this health information. We do create a medical record of the care and services you receive from us. We need this record to provide you with safe, quality physical therapy services as well as to comply with certain legal requirements. This notice applies to all of the records of your care generated by this health care practice, whether made by your physical therapist, doctor or others working in this office. This notice will tell you about the ways in which we may use and disclose health information about you. Herein, we also describe your rights to access the health information we keep about you, and describe certain obligations we have regarding the use and disclosure of your health information.
HOW WE MAY USE AND DISCLOSE HEALTH INFORMATION ABOUT YOU.
All of the ways we are permitted to use and disclose information will fall within one or more of these categories.
For Treatment: We may disclose health information about you to doctors, nurses, technicians, health students, or other personnel who are involved in taking care of you. They may work at our offices, or at another doctor’s office, or other health care provider to whom we may refer you for consultation, or for other treatment purposes. We may also disclose health information about you to an entity assisting in a disaster relief effort or in an emergency situation so that you may be taken care of, medically, for every lifesaving way possible.
For Payment: We may use and disclose health information about you so that the treatment and services you receive from us may be billed to, and payment collected from you, an insurance company, or a third party. We may also tell your health plan about treatment you are going to receive in order to obtain prior approval (preauthorization) or to determine whether your plan will cover the treatment. Under the Omnibus Rule, we as the provider must comply with any request you may have that PHI for a specific health care item or service not be disclosed to a health plan for purposes of payment or health care operations if you, the patient, has paid outofpocket, in full, for that item or service and where you have made a written request that no such disclosure be made.
For Health Care Operations: We may use and disclose health information about you for operations of our health care practice. These uses and disclosures are necessary to run our practice and to make sure that all of our patients receive safe, quality care. For example, we may use health information to review our treatments and services in order to evaluate the performance of our staff in caring for you. It is important that a provider’s policies are both updated AND implemented. As such, all workforce members at Bonita Springs Sports & Physical Therapy Center, Inc. are well trained on any new and revised policies. Higherlevel employees are fully trained on the new breach standard, so that, if necessary, they can correctly perform any required analysis. Training of all staff is also done annually (as part of the annual employment review) as a preventative measure and to ensure employee compliance with HIPAA and the HITECH Act. Bonita Springs Sports & Physical Therapy Center, Inc. has also established “Business Associate Agreements”. We have reviewed all business relationships to ensure that they have a BAA where one is required under HIPAA. Any relationships that did not previously require a BAA, but now do, have been added to our compliance program. All Business Associate Agreements pertain to subcontractors or business associates that may come in contact with PHI. BAA’s will continue to be updated and added as appropriate.
As Required by Law: We will disclose health information about you when required to do so by federal, state, or local law.
To Avert a Serious Threat to Health or Safety: We may use and disclose health information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Military and Veterans: We may release health information about you as required by military command authorities or the Department of Veterans Affairs as may be applicable.
Workers’ Compensation: We may release health information about you for workers’ compensation or similar programs.
Public Health Risks: We may disclose health information about you for public health activities to prevent or control diseases, injury or disability; to notify a person who may have been exposed to a disease or may be a risk for contracting or spreading a disease or condition; or to notify the appropriate government authority if we believe a patient has been the victim of abuse, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Health Oversight Activities: We may disclose health information to a health oversight agency for activities authorized by law. Theses oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose health information about you in a response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process.
Law Enforcement: We may release health information if asked to do so by a law enforcement official.
Decedents’ PHI: Under the Omnibus Rule, the definition of “protected health information” now expressly excludes the health information of a person who has been deceased for more than 50 years. In addition, the Omnibus Rule provides that providers may disclose the PHI of a deceased person to such person’s family members, relatives, or close friends, or other individuals indicated by the deceased, who were involved either in the deceased’s care or the payment of care. Providers may disclose only PHI that is relevant to the family member, relative, or friend’s involvement in the deceased’s care. PHI cannot be disclosed if the provider is aware that the deceased person expressed a prior preference for it not to be disclosed to the person in question. In other words, Bonita Springs Sports & Physical Therapy Center, Inc. will continue to protect your PHI even upon your death, for more than 50 years.
Marketing and Sale of PHI: Under the Omnibus Rule, the marketing of third party products and services and sale of PHI is generally prohibited. These general prohibitions do not apply if the provider has received valid authorization from the patient. Therefore, in order for a provider to market third party services to patients based on their PHI, or to sell or provide access to PHI for payment, the provider must request permission to do so from each patient whose PHI it wishes to use. Please know that Bonita Springs Sports & Physical Therapy Center, Inc. will NEVER market with, nor sell you PHI !!!!!
Breach Standard: A “breach” is an impermissible use or disclosure of PHI. Under the Final Rule, if there is discovery or concern of a possible breach, there will then be made, a determination as to whether the breach was of low probability regarding the concern that any PHI has been compromised. Covered entities and business associates need to conduct a risk assessment that considers at least four legal factors. (The nature and extent of the PHI involved, including the types of identifiers and the likelihood of reidentification; the unauthorized person who used the PHI or to whom the disclosure was made; whether the PHI was actually acquired or viewed; and the extent to which the risk to the PHI has been mitigated). If an evaluation of the above factors, taken together, fails to demonstrate that there is a low probability that PHI has been compromised, breach notification will be required pursuant to the Omnibus Rule and HIPAA. In effect, we never ever want to have a breach! As such, Bonita Springs Sports & Physical Therapy Center, Inc. takes extra caution and concern to be certain of complete integrity and compliance amongst all of its employees and business associates.
YOUR RIGHTS REGARDING HEALTH INFORMATION ABOUT YOU
Right to Inspect and Copy: You have the right to inspect and copy health information that may be used to make decisions about your care. Usually, this includes health and billing records. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies and services associated with your request.
Provision of Electronic Copies of Medical Records: Providers complying with a patient’s request for an electronic copy of his or her PHI are required to provide access to such records in the electronic format requested by the patient if the records are maintained by the provider in an electronic designated record set and are readily producible in the requested format. At the time of this revision (September 23, 2013), Bonita Springs Sports & Physical Therapy Center, Inc. is managing your medical record in a paper format. (See above Right to Inspect and Copy).
Right to Amend: If you feel that the health information we have about you is incorrect or incomplete, you may ask us to amend the information.
Right to an Accounting of Disclosures: You have the right to request a list accounting for any disclosure of your health information we have made, except for uses and disclosure for treatment, payment, and health care operations, as previously described.
Right to Request Restrictions: You have the right to request a restriction or limitation on the health information we use or disclose about you for treatment, payment, or health care operations. Please also refer to the right to request restriction referred to above (“For Payment” section). You also have the right to request a limit on the health information we disclose about you to someone who is involved in your care or the payment of your care, such as family or friend. We are not required to agree to your request for restrictions if it against the law, for reasons noted above (such as where we MUST release information, i.e. to “Health Oversight Activities”). We also may not be required to agree to your request for restriction if it will negatively impact the care we provide you (if it risks your safety). When legal and appropriate, and we do mutually agree with your request to restriction, we will absolutely comply with your request as it is made in writing to Compliance Officer, Dr. Sandra L. Klassen, M.S., D.P.T., A.T., C. ; Bonita Springs Sports & Physical Therapy Center, Inc. 26201 S. Tamiami Trail. Bonita Springs, Florida 34134. In your request, you must tell us what information you want to limit and to whom you want the limits to apply.
Right to Request Confidential Communications: You have the right to request that we communicate with you about your health matters, in a certain way or at a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail, to a post office box or in person only, or by telephone, etc. Again, this request must be made in writing to the Compliance Officer as noted above.
Right to a Paper Copy of This Notice: This notice is a condensed summary of a detailed HIPAA Compliance Program. You have the right to obtain a paper copy of this comprehensive notice at any time. At the commencement of your physical therapy services, you will receive the HIPAA Notice of Privacy Practices (NPP) and you will have the opportunity to provide a signature of acknowledgement of such receipt. (See below: Acknowledgement of Receipt of this Notice). The NPP will also always be readily available to you at any time. Furthermore, this notice will be posted in a conspicuous place in the provider’s offices.
CHANGES TO THIS NOTICE
Bonita Springs Sports & Physical Therapy Center, Inc. reserves the right to change, modify, edit or improve upon this notice at any time. Should any such revision be made to this document we will post a copy of the revised notice in our facilities and will make you aware of such modifications so that you can obtain a paper copy of such revised document.
If you believe your privacy rights have been violated, you may file a complaint directly with Bonita Springs Sports & Physical Therapy Center, Inc. Please contact the Compliance Officer, Dr. Sandra L. Klassen, M.S., D.P.T., A.T., C. President, Bonita Springs Sports & Physical Therapy Center, Inc. 26201 S. Tamiami Trail. Bonita Springs, Florida 34134. You may also contact the Secretary of the Department of Health and Human Services. All complaints must be submitted in writing. You will not be penalized for filing a complaint.
Bonita Springs Sports & Physical Therapy Center, Inc. has finalized and formally approved and adopted all policies pursuant to any and all procedural requirements in the provider’s governing documents and standard operating procedures in order to ensure full compliance to the release of the Omnibus Final Rule as required for privacy and security under HIPAA and the HITECH Act, September 23, 2013