GENEVA EYE CLINIC, LTD.
NOTICE OF PRIVACY PRACTICES

Date of Last Revision: 09-23-2013
Effective Date: Immediately

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. THIS NOTICE APPLIES TO ALL OF THE RECORDS OF YOUR CARE GENERATED BY THE PRACTICE, WHETHER MADE BY THE PRACTICE OR AN ASSOCIATED FACILITY.

This notice describes our Practice’s policies, which extend to:

  • Any health care professional authorized to enter information into your chart (including physicians, optometrists, ophthalmic assistants and technicians, etc.);
  • All areas of the Practice (front desk, administration, billing and collection, etc.);
  • All employees, staff and other personnel that work for or with our Practice;
  • Our business associates (including a billing service, or facilities to which we refer patients), on-call physicians, and so on.

The Practice provides this Notice to comply with the Privacy Regulations issued by the Department of Health and Human Services in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

We understand that your medical information is personal to you, and we are committed to protecting the information about you. As our patient, we create paper and electronic medical records about your health, our care for you, and the services and/or items we provide to you as our patient. We need this record to provide for your care and to comply with certain legal requirements.

We are required by law to:

  • make sure that the protected health information about you is kept private;
  • provide you with a paper copy of the Notice of our Privacy Practices and your legal rights with respect to protected health information about you; and
  • follow the conditions of the Notice that is currently in effect.

HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU.

The following categories describe different ways that we use and disclose protected health information that we have and share with others. Each category of uses or disclosures provides a general explanation and provides some examples of uses. Not every use or disclosure in a category is either listed or actually in place. The explanation is provided for your general information only.

  • Medical Treatment. We use previously given medical information about you to provide you with current or prospective medical treatment or services. Therefore we may, and most likely will, disclose medical information about you to doctors, nurses, technicians, medical students, or hospital personnel who are involved in taking care of you. For example, a doctor to whom we refer you for ongoing or further care may need your medical record. We also may disclose medical information about you to people outside the Practice who may be involved in your medical care after you leave the Practice; this may include your family members, or other personal representatives authorized by you or by a legal mandate (a guardian or other person who has been named to handle your medical decisions, should you become incompetent).
  • Payment. We may use and disclose medical information about you for services and procedures so they may be billed and collected from you, an insurance company, or any other third party. For example, we may need to give your health care information, about treatment you received at the Practice, to obtain payment or reimbursement for the care. We may also tell your health plan and/or referring physician about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment, to facilitate payment of a referring physician, or the like.
  • Health Care Operations. We may use and disclose medical information about you so that we can run our Practice more efficiently and make sure that all of our patients receive quality care. These uses may include reviewing our treatment and services to evaluate the performance of our staff, deciding what additional services to offer and where, deciding what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students, and other personnel for review and learning purposes. We may also combine the medical information we have with medical information from other Practices to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning who the specific patients are.

We may also use or disclose information about you for internal or external utilization review and/or quality assurance, to business associates for purposes of helping us to comply with our legal requirements, to auditors to verify our records, to billing companies to aid us in this process and the like. We shall endeavor, at all times when business associates are used, to advise them of their continued obligation to maintain the privacy of your medical records.

  • Appointment and Patient Recall Reminders. We may ask that you sign in writing at the Receptionists’ Desk, a “Sign In” log on the day of your appointment with the Practice. We may use and disclose medical information to contact you as a reminder that you have an appointment for medical care with the Practice or that you are due to receive periodic care from the Practice. This contact may be by phone, in writing, e-mail, or otherwise and may involve the leaving an e-mail, a message on an answering machines, or otherwise which could (potentially) be received or intercepted by others.
  • Emergency Situations. In addition, we may disclose medical information about you to an organization assisting in a disaster relief effort or in an emergency situation so that your family can be notified about your condition, status and location.
  • Research. Under certain circumstances, we may use and disclose medical information about you for research purposes regarding medications, efficiency of treatment protocols and the like. All research projects are subject to an approval process, which evaluates a proposed research project and its use of medical information. Before we use or disclose medical information for research, the project will have been approved through this research approval process. We will obtain an Authorization from you before using or disclosing your individually identifiable health information unless the authorization requirement has been waived. If possible, we will make the information non-identifiable to a specific patient. If the information has been sufficiently de-identified, an authorization for the use or disclosure is not required.
  • Treatment Alternatives and Fundraising Communications. We may contact you, by phone or in writing, to provide information about treatment alternatives or other health related benefits and services, in addition to other fundraising communications, that may be of interest to you. You do have the right to “opt out” with respect to fundraising communications from us.
  • Required By Law. We will disclose medical information about you when required to do so by federal, state or local law.
  • To Avert a Serious Threat to Health or Safety. We may use and disclose medical information about you when necessary to prevent a serious threat either to your specific health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
  • Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
  • Workers’ Compensation. We may release medical information about you for workers’ compensation programs. These programs provide benefits for work-related injuries or illness.
  • Public Health Risks. Law or public policy may require us to disclose medical information about you for public health activities. These activities generally include the following:
    • to prevent or control disease, injury or disability;
    • to report births and deaths;
    • to report child abuse or neglect;
    • to report reactions to medications or problems with products;
    • to notify people of recalls of products they may be using;
    • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
    • to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
  • Investigation and Government Activities. We may disclose medical information to a local, state or federal agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the payor, the government and other regulatory agencies to monitor the health care system, government programs, and compliance with civil rights laws.
  • Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. This is particularly true if you make your health an issue. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute. We shall attempt in these cases to tell you about the request so that you may obtain an order protecting the information requested if you so desire. We may also use such information to defend ourselves or any member of our Practice in any actual or threatened action.
  • Law Enforcement. We may release medical information if asked to do so by a law enforcement official:
    • In response to a court order, subpoena, warrant, summons or similar process;
    • To identify or locate a suspect, fugitive, material witness, or missing person;
    • About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
    • About a death we believe may be the result of criminal conduct;
    • About criminal conduct at the Practice; and
    • In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
  • Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients of the Practice to funeral directors as necessary to carry out their duties.
  • Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health
  • and safety of others; or (3) for the safety and security of the correctional institution.

BREACH NOTIFICATION

A breach is defined as the “acquisition, access, use or disclosure of protected health information which compromises the security or privacy of the protected health information”. In the event of a security breach, affected individuals and enforcing agencies will be notified accordingly as mandated by the provision of the HIPAA Privacy and Security Rules and the provision of the HITECH Act (Health Information Technology for Economic and Clinical Health Acct) passed as part of the American Recovery and Reinvestment Act.

CHANGES TO THIS NOTICE

We reserve the right to change this notice at any time. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we may receive from you in the future. We will post a copy of the current notice in the Practice. The notice will contain on the first page, in the top right-hand corner, the date of last revision and effective date. In addition, each time you visit the Practice for treatment or health care services you may request a copy of the current notice in effect.

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with the Practice or with the Secretary of the Department of Health and Human Services. To file a complaint with the Practice, contact our Administrator, who will direct you on how to file an office complaint. All complaints must be submitted in writing, and all complaints shall be investigated, without repercussion to you. [The Administrator can be reached at 630-232-1282.]

You will not be penalized for filing a complaint.

OTHER USES OF MEDICAL INFORMATION.

Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written permission, unless those uses can be reasonably inferred from the intended uses above. If you have provided us with your permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.

PATIENT RIGHTS

THIS SECTION DESCRIBES YOUR RIGHTS AND THE OBLIGATIONS OF THIS PRACTICE REGARDING THE USE AND DISCLOSURE OF YOUR MEDICAL INFORMATION.

You have the following rights regarding medical information we maintain about you:

  • Right to Inspect and Copy. You have the right to inspect and copy medical information that may be used to make decisions about your care. This includes your own medical and billing records, but does not include psychotherapy notes. Upon proof of an appropriate legal relationship, records of others related to you or under your care (guardian or custodial) may also be disclosed. To inspect and copy your medical record, you must submit your request in writing to our Compliance Officer. Ask the front desk person for the name of the Compliance Officer. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies (tapes, disks, etc.) associated with your request.

We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that our Compliance Committee review the denial. Another licensed health care professional chosen by the Practice will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome and recommendations from that review.

  • Right to Amend. If you feel that the medical information we have about you in your record is incorrect or incomplete, then you may ask us to amend the information, following the procedure below. You have the right to request an amendment for as long as the Practice maintains your medical record.

To request an amendment, your request must be submitted in writing, along with your intended amendment and a reason that supports your request to amend. The amendment must be dated and signed by you and notarized.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

  • Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
  • Is not part of the medical information kept by or for the Practice;
  • Is not part of the information which you would be permitted to inspect and copy; or
  • Is inaccurate and incomplete.
  • Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of the disclosures we made of medical information about you, to others.

To request this list, you must submit your request in writing. Your request must state a time period not longer than six (6) years back and may not include dates before April 14, 2003 (or the actual implementation date of the HIPAA Privacy Regulations). Your request should indicate in what form you want the list (for example, on paper, electronically). We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

  • Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care (a family member or friend). For example, you could ask that we not use or disclose information about a particular treatment you received.

We are not required to agree to your request and we may not be able to comply with your request. If we do agree, we will comply with your request except that we shall not comply, even with a written request, if the information is exempted from the consent requirement or we are otherwise required to disclose the information by law.

If you have paid for services “out of pocket”, in full, and you request that we do not disclose PHI related solely to those services to a health plan, we will accommodate your request, except where by law we are required to make a disclosure.

To request restrictions, you must make your request in writing. In your request, you indicate:

  • what information you want to limit;
  • whether you want to limit our use, disclosure or both; and
  • to whom you want the limits to apply, (e.g., disclosures to your children, parents, spouse, etc.)
  • Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail, that we not leave voice mail or e-mail, or the like.

To request confidential communications, you must make your request in writing. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish us to contact you.

  • Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.