DEPIETRO’S PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES
Effective SEPTEMBER 1, 2013
If you have any questions about this Notice please contact our Privacy Officer, Tom DePietro, at 617 3rd Street, Dunmore, PA 18512, Phone: 570-209-7440.
This Notice describes how our practice and our health care professionals, employees, volunteers, trainees and staff may create, receive, maintain and transmit your medical information to carry out treatment, payment or health care operations and for other purposes that are described in this Notice. We understand that medical information about you and your health, called “Protected Health Information”, or “PHI,” is personal and we are committed to protecting medical information about you. This Notice applies to all records of your care generated by this practice.
This Notice also describes your right to access and control of your information. This information about you includes demographic information that may identify you and that relates to your past, present and future physical or mental health or condition and related health care services. Typically, PHI will include symptoms, examination and test results, diagnoses, treatment and a plan for future care or treatment. In some cases, federal or state laws may provide privacy protections to PHI that are more strict than those described in this Notice. In those cases, we will comply with the stricter law. For example, federal and state laws may provide privacy protections to PHI related to mental health, HIV/AIDS, reproductive health or chemical dependency that are more strict.
We are required by law to protect the privacy of your PHI and to follow the terms of this Notice. We may change the terms of this Notice at any time. The new Notice will then be effective for all PHI that we maintain at that time and thereafter. We will provide you with any revised Notice if you request a revised copy be sent to you in the mail or if you ask for one when you are in the facility.
I. Uses and Disclosures of Protected Health Information.
Your PHI may be used and disclosed for purposes of treatment, payment and health care operations. With the exception of uses or disclosures for treatment purposes, we will limit uses and disclosures of your PHI to the minimum necessary to achieve the permitted purpose of the use or disclosure. The following are examples of different ways we use and disclose medical information. These are examples only.
• We may use and disclose your PHI to provide, coordinate, or manage your medical treatment or any related services. This includes the coordination or management of your health care with a third party that has already obtained your permission to have access to your medical information. For example, we could disclose your PHI to a home health agency that provides care to you. We may also disclose PHI to other physicians who may be treating you, such as a physician to whom you have been referred to ensure that the physician has the necessary information to diagnose or treat you. In addition, we may disclose your PHI to another physician or health care provider, such as a laboratory.
• We may use and disclose your PHI to obtain payment for the treatment and services you receive from us. For example, we may need to provide your health insurance plan information about your treatment plan so that they can make a determination of eligibility or to obtain prior approval for planned treatment. We may also need to obtain approval for a hospital stay which may require that relevant medical information be disclosed to the health plan to obtain approval for the hospital admission.
(c) Healthcare Operations:
• We may use or disclose your PHI in order to support the business activities of our practice. These activities include, but are not limited to, reviewing our treatment of you, employee performance reviews, training of medical students, licensing, marketing and fundraising activities and conducting or arranging for other business activities.
• For example, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician or health care provider. We may also call you by name in the waiting room when your physician or health care provider is ready to see you. We may use or disclose your medical information to remind you of your next appointment.
• We may share your PHI with third party “business associates” that perform activities on our behalf, such as billing or transcription for the practice. Whenever an arrangement between our facility and a business associate involves the use or disclosure of your medical information, we will have a written contract that contains terms that requires the business associate to protect the privacy of your PHI, and we will limit the disclosures to the minimum necessary amount of PHI to achieve the permitted purpose of the disclosure. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. IT FURTHER DETAILS HOW YOU OR YOUR PERSONAL REPRESENTATIVE MAY GAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW CAREFULLY. RJH Form F0210 (11/17/2008 – Rev. 07/2013)
• We may use or disclose your PHI to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may also use and disclose your PHI for other marketing activities. For example, your name and address may be used to send you a newsletter about our practice and the services we offer. We may also send you information about products or services that we believe may be beneficial to you. You may contact our Privacy Officer to request that these materials not be sent to you.
• We may use or disclose your demographic information and the dates that you received treatment from your physician or health care provider, as necessary, in order to contact you for fundraising activities supported by our facility. If you do not want to receive these materials, please contact our Privacy Officer to request that these fundraising materials not be sent to you. (d) Health Information Exchange:
• DePietro’s Pharmacy, along with certain other health care providers and practice groups in the area, participate in health information exchanges (“Exchange”). The Exchange facilitates electronic sharing and exchange of medical and other individually identifiable health information regarding patients among health care providers that participate in the Exchange. Through the Exchange we may electronically disclose demographic, medical, billing and other healthrelated information about you to other health care providers that participate in the Exchange and request such information for purposes of facilitating or providing treatment, arrangement for payment for health care services or otherwise conducting or administering their health care operations.
II. Other Permitted and Required Uses and Disclosures That May Be Made With Your Consent, Authorization or Opportunity to Object.
We may use and disclose your PHI in the following instances. You have the opportunity to agree or object to the use or disclosure of all or part of your medical information. If you are not present or able to agree or object to the use or disclosure of the medical information, then your physician or health care provider may, using professional judgment, determine whether the disclosure is in your best interest. In this case, only the medical information that is relevant to your health care will be disclosed.
(a) Others Involved in Your Healthcare:
• Unless you object, we may disclose to a member of your family, a relative or close friend your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information if we determine that it is in your best interest based on our professional judgment. We may use or disclose your information to notify or assist in notifying a family member or any other person that is responsible for your care at your location, general condition or death. Finally, we may use or disclose your PHI to an entity assisting in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your health care.
• We may use or disclose your PHI for emergency treatment. If this happens, we shall try to obtain your consent as soon as reasonable after the delivery of treatment. If the practice is required by law to treat you and has attempted to obtain your consent but is unable to do so, the practice may still use or disclose your medical information to treat you.
(c) Communication Barriers:
• We may use and disclose your information if the practice attempts to obtain consent from you but is unable to do so due to substantial communication barriers and, in our professional judgment, you intended to consent to use or disclosure under the circumstances.
III. Other Permitted and Required Uses and Disclosures That May Be Made Without Your Consent, Authorization or Opportunity to Object:
We may use or disclose your PHI in the following situations without your consent or authorization. These situations include:
(a) Required By Law:
• We may use or disclose your PHI when federal, state or local law requires disclosure. You will be notified of any such uses or disclosure.
(b) Public Health:
• We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. This disclosure will be made for the purpose of controlling disease, injury or disability.
(c) Communicable Diseases:
• We may disclose your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
(d) Health Oversight:
• We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections and licensure. These activities are necessary for the government agencies to oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
(e) Abuse or Neglect:
• We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your medical information to the governmental entity authorized to receive such RJH Form F0210 (11/17/2008 – Rev. 07/2013) information if we believe that you have been a victim of abuse, neglect or domestic violence as is consistent with the requirements of applicable federal and state laws.
(f) Food and Drug Administration:
• We may disclose your PHI to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products, to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance, as required.
(g) Legal Proceedings:
• We may disclose your PHI in the course of any judicial or administrative proceeding, when required by a court order or administrative tribunal, and in certain conditions in response to a subpoena, discovery request or other lawful process.
(h) Law Enforcement:
• We may disclose your PHI, as long as applicable legal requirements are met, for law enforcement purposes.
These law enforcement purposes include:
(i) responding to a court order, subpoena, warrant, summons or otherwise required by law;
(ii) identifying or locating a suspect, fugitive, material witness or missing person;
(iii) pertaining to victims of a crime;
(iv) suspecting that death has occurred as a result of criminal conduct;
(v) in the event that a crime occurs on the premises of the practice; and
(vi) responding to a medical emergency (not on the Practice’s premises) and it is likely that a crime has occurred.
(i) Coroners, Funeral Directors, and Organ Donors:
• We may disclose your PHI to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose PHI to funeral directors as necessary to carry out their duties.
• We may use and disclose your PHI for research purposes in certain limited circumstances. We will obtain your written authorization to use your PHI for research purposes except when an Internal Review Board (“IRB”) or Privacy Board has determined that the waiver of your authorization satisfies the following:
(i) the use or disclosure involves no more than a minimal risk to your privacy based on the following:
(A) an adequate plan to protect the identifiers from improper use and disclosure;
(B) an adequate plan to destroy the identifiers at the earliest opportunity consistent with the research (unless there is a health or research justification for retaining the identifiers or such retention is otherwise required by law); and (C) adequate, written assurances that the PHI will not be re-used or disclosed to any other person or entity (except as required by law) for authorized oversight of the research study, or for other research for which the use or disclosure would otherwise be permitted;
(ii) the research could not practicably be conducted without the waiver; and
(iii) the research could not practicably be conducted without access to and use of the PHI.
(k) Criminal Activity:
• Consistent with applicable federal and state laws, we may disclose your PHI if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.
(l) Organ and Tissue Donation:
• If you are an organ donor, we may release your PHI to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary, to facilitate organ or tissue donation and transplantation.
(m) Military Activity and National Security:
• If you are a member of the armed forces, we may use or disclose PHI
(i) as required by military command authorities;
(ii) for the purpose of determining by the Department of Veterans Affairs of your eligibility for benefits; or
(iii) for foreign military personnel to the appropriate foreign military authority. We may also disclose your medical information to authorized federal officials for conducting national security and intelligence activities, including for the protective services to the President or others legally authorized.
(n) Workers’ Compensation:
• We may disclose your PHI as authorized to comply with workers’ compensation laws and other similar programs that provide benefits for work-related injuries or illness.
• We may use or disclose your PHI if you are an inmate of a correctional facility and our practice created or received your health information in the course of providing care to you.
(p) Required Uses and Disclosures:
• Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with our legal obligations to safeguard your PHI.
IV. The Following Is a Statement of Your Rights with Respect to Your PHI and a Brief Description of How You May Exercise These Rights.
(a) You have the right to inspect and copy your PHI.
• This means you may inspect and obtain a copy of your PHI that has originated in our practice. We may charge you a reasonable fee for copying and mailing records. To the extent we maintain any portion of your PHI in electronic RJH Form F0210 (11/17/2008 – Rev. 07/2013)