Privacy Policy
SCARSDALE MEDICAL GROUP LLP
NOTICE OF PRIVACY PRACTICES
EFFECTIVE February 18, 2010
This notice
describes how medical information about you may be used and disclosed and how
you can get access to this information. Please review it carefully.
Pursuant
to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and
its implementing regulations, the Scarsdale Medical Group LLP (the “Group”) is
legally required to protect the privacy of your health information. We call this information “protected
health information,” or “PHI” for short, and it is contained in a medical
record that is the physical property of the Group. It includes information that can be used to identify you and
that we have created or received about your past, present or future health
condition, the provision of health care to you, or the payment for this health
care.
We
are required to provide you with this notice about our privacy practices, and
we are required to adhere to these practices. This notice explains how, when and why we use and disclose
your PHI. With some exceptions, we
may not use or disclose any more of your PHI than is necessary to accomplish
the purpose of the use or disclosure.
We reserve the right to change the terms of this notice and our privacy
policies at any time. Any changes
will apply to the PHI we already have.
Whenever we make an important change to our policies, we will promptly
change this notice and post a new notice in our office. You may also request a copy of this
notice from the contact person listed below at any time.
How
the Group May Use or Disclose Your PHI:
For Treatment. The Group
may use your PHI to provide you with medical treatment or services. For example, our personnel, such as our
physicians, nurses and assistants providing health services to you, will record
information in your record that is related to your treatment. This information is necessary for our
personnel to determine what treatment you should receive. Our personnel also will record actions
taken by them in the course of your treatment and note how you respond to the
actions. The Group may, with your general
consent, disclose your PHI to hospitals, physicians, nurses and other health
care personnel outside of the Group in order to provide, coordinate or manage
your health care or any related services. Additional consent may be required with respect to PHI
related to HIV/AIDS, genetic testing, or federally funded drug or alcohol abuse
treatment facilities, or when otherwise required by other State or Federal law.
For Payment. The
Group may use and, with your general consent, disclose your PHI to others for
purposes of receiving payment for treatment and services that you receive. For example, a bill may be sent to you
or a third-party payor, such as an insurance company or health plan. The information on the bill may contain
information that identifies you, your diagnosis and your treatment or the supplies
used in the course of your treatment.
For Health Care Operations. The
Group may use your PHI for operational purposes. For example, the Group may use PHI in order to evaluate the
quality of health care services that you received or to evaluate the
performance of the health care professionals who provided health care services
to you.
Appointments. The Group
may use your PHI to provide appointment reminders or information about
treatment alternatives or other health-related benefits and services that may be
of interest to you. Please let us
know if you do not wish to have us contact you for these purposes, or if you
would rather we contact you at a different telephone number or address.
Required by Law. The
Group may use and disclose your PHI as required by law. For example, the Group may disclose
information for the following purposes:
- for judicial and administrative proceedings pursuant
to legal authority;
- to report information related to victims of abuse,
neglect or domestic violence; or
- to assist law enforcement officials in their law
enforcement duties.
Public Health. Your PHI
may be used or disclosed for public health activities, such as assisting public
health authorities or other legal authorities to prevent or control disease,
injury or disability, or for other health oversight activities.
Decedents. Your PHI
may be disclosed to funeral directors or coroners to enable them to carry out
their lawful duties. PHI also may
be disclosed to organ procurement organizations to assist them in organ, eye or
tissue donations and transplants.
Health and Safety. Your PHI
may be disclosed to avert a serious threat to the health or safety of you or
any other person pursuant to applicable law.
Worker’s Compensation. Your PHI
may be disclosed in order to comply with workers’ compensation laws.
Health Oversight Activities. Your PHI
may be disclosed to assist the government or other health oversight agency with
activities including audits, or civil, administrative or criminal
investigations, proceedings or actions, or other activities necessary for
appropriate oversight as authorized by law.
Research Purposes. Your PHI
may be disclosed in order to conduct medical research.
Specific Government Purposes. PHI of
military personnel and veterans may be disclosed in certain situations. Your PHI also may be disclosed for
national security and intelligence activities.
Family, Friends or Others. Your
PHI, but not your confidential HIV-related information, may be disclosed to a
family member, friend or other person that you indicate is involved in your
care or the payment for your health care, unless you object in whole or in
part.
Other than as stated above, we will not
disclose your PHI without your written authorization. You can later revoke your authorization in writing except to
the extent that we have already taken action in reliance upon the authorization.
Authorization for HIV-Related
Information. Confidential HIV-related information (for example,
information regarding whether or not you have ever been the subject of an HIV
test, have HIV infection, HIV-related illnesses or AIDS, or any other information
which could indicate that you have ever been potentially exposed to HIV) will not
be disclosed to any person without specific written authorization, except to
certain other persons who need to know such information in connection with your
medical care, and in certain limited circumstances, to public or government
officials (as required by law), to persons specified in a special court order,
to insurers as necessary for payment for your care or treatment, or to certain persons
who have had sexual contact or have shared needles or syringes (in accordance
with a specified process set forth by New York State law). When specific written authorization is
required to disclose HIV-related information, it will consist of a HIPAA
Compliant Authorization for Release of Medical Information and a New York State
Confidential HIV-Related Information form.
Authorization for Marketing
Communications. The Group will obtain your written authorization prior
to using or disclosing your PHI for marketing purposes. However, the Group is permitted to provide
you with marketing materials in a face-to-face encounter, without obtaining a marketing
authorization. We are also permitted to give you a promotional gift of
nominal value, if we so choose, without obtaining a marketing authorization. In addition, as long as we are not paid
to do so, we may communicate with you about products or services relating to
your treatment, case management or care coordination, or alternative
treatments, therapies, providers or care settings. We may use or disclose PHI to identify health-related
services and products that may be beneficial to your health and then contact
you about the services and products.
Incidental Uses and Disclosures of Information
May Occur. An incidental use or disclosure is a secondary use or
disclosure that cannot be prevented, is limited in nature, and that occurs as a
by-product of an otherwise permitted use or disclosure. However, such incidental uses or
disclosures are permitted only to the extent that we have applied safeguards
and do not disclose any more of your PHI than is necessary to accomplish the
permitted use or disclosure. For
example, a conversation about a patient within the office that might be
overhead by persons not involved in the patient’s care is an incidental
disclosure and it is not likely to constitute a HIPAA violation.
What
Rights You Have Regarding Your Protected Health Information:
You
have the following rights with respect to your PHI:
The Right to Request Limits on Uses and
Disclosures of Your PHI. You have the right to request in
writing that the Group limit how the Group uses and discloses your PHI. You may not limit the uses and
disclosures that the Group is legally required to make. The Group will consider your request
but is not legally required to accept it.
If the Group accepts your request, we will put any limits in writing and
abide by them except in emergency situations. Under certain circumstances, the Group may terminate an
agreement to a restriction.
The Right to Choose How the Group Sends
PHI to You. You have the right to ask that the Group send information to
you at an alternate address (for example, sending information to your work
address rather than your home address) or by alternate means (for example, via
e-mail instead of regular mail).
The Group must agree to your request so long as the Group can easily
provide it in the manner you requested.
The Right to See and Get Copies of Your
PHI. In most cases, you have the right to look at or get copies
of your PHI that the Group has, but you must make the request in writing by
completing a medical records request form. If the Group does not have your PHI but knows who does, the
Group will tell you how to get it.
The Group will provide you with the opportunity to inspect your PHI
within ten (10) days of your written request. The Group will furnish copies of any PHI requested within
sixty (60) days after the Group’s receipt of a written request by you or any
other qualified person. In certain
situations, the Group may deny your request. In such case, the Group will tell you, in writing, the
reasons for the denial and explain your right to have the denial reviewed.
If
you request a copy of your information, the Group may charge you a reasonable
fee for the costs of copying, mailing or other costs incurred in complying with
your request. Instead of providing
the PHI you requested, the Group may provide you with a summary or explanation
of the PHI as long as you agree to that and to the cost in advance.
**Please note, if you are the parent or
legal guardian of a minor, certain portions of the minor’s medical record may
not be accessible to you. For
example, records relating to sexually transmitted diseases, abortion, or care
and treatment to which the minor is permitted to consent himself/herself
(without your consent), such as HIV testing, sexually transmitted disease
diagnosis and treatment, chemical dependence treatment, prenatal care, care
received by a married minor, and contraception and/or family planning services,
may be restricted unless the minor patient provides an authorization for such
disclosure. **
The Right to Get a List of the
Disclosures the Group Has Made. You have the right to get a list of
instances in which the Group has disclosed your PHI. The list will not include uses or disclosures made for
purposes of treatment, payment or health care operations, those made pursuant
to your written authorization, or those made directly to you or your
family. The list also will not
include uses and disclosures made for national security purposes, to
corrections or law enforcement personnel, or prior to April 14, 2003.
The
Group will respond within sixty (60) days of receiving your written
request. The list the Group will
give you will include disclosures made in the last six years unless you request
a shorter time. The list will
include the date of the disclosure, to whom PHI was disclosed (including their
address, if known), a description of the information disclosed, and the reason
for the disclosure. The Group will
provide one (1) list during any 12-month period without charge. Subsequent requests may be subject to a
reasonable cost-based fee.
The Right to Receive Notice of a Breach
of Unsecured PHI. You have the right to
receive prompt notification of a “breach” of your unsecured PHI. Generally, a “breach” is defined as the
unauthorized acquisition, access, use or disclosure of PHI that compromises the
security or privacy of such information.
Security and privacy are considered compromised when the access, use or
disclosure poses a significant risk of financial, reputational or other harm to
the affected individual.
The Right to Correct or Update Your PHI. If you
believe that there is a mistake in your PHI or that a piece of important
information is missing, you have the right to request, in writing, that the
Group correct the existing information or add the missing information. You must provide the request and your
reason for the request in writing.
The Group will respond within sixty (60) days of receiving your request
in writing. The Group may deny
your request if the PHI is (i) correct and complete, (ii) not created by us,
(iii) not allowed to be disclosed, or (iv) not part of our records. The Group’s written denial will state
the reasons for the denial and explain your right to file a written statement
of disagreement with the denial.
If you do not file one, you have the right to have your request and the
Group’s denial attached to all future disclosures of your PHI. If the Group approves your request, the
Group will make the change to your PHI, tell you that the Group has done it,
and tell others that need to know about the change to your PHI.
The Right to Get This Notice by E-Mail. You
have the right to get a copy of this notice by e-mail. Even if you have agreed to receive
notice via e-mail, you also have the right to request a paper copy of this
notice.
How to Complain About the Group’s
Privacy Practices
If
you think that the Group may have violated your privacy rights, or you disagree
with a decision the Group has made about access to your PHI, you may file a
complaint with the Group’s HIPAA Compliance and Privacy Officer by writing to
259 Heathcote Road, Scarsdale, New York 10583, or by calling (914) 723-8100,
x171. You also may send a written
complaint to the Secretary of the Department of Health and Human Services at
200 Independence Ave., S.W., Room 615F, Washington, DC 20201. The Group will take no retaliatory
action against you if you file a complaint about the Group’s privacy practices. |
