DERMATOLOGY ASSOCIATES OF KENTUCKY, PSC
NOTICE OF PRIVACY PRACTICES
Effective May 1, 2010
This notice describes how your personal health information (PHI) may be used and disclosed as a patient of Dermatology Associates of Kentucky (DAK), your rights regarding use of PHI, and how you may access PHI that DAK may have on file, as is required by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health provisions of the American Recovery and Reinvestment Act of 2009 (ARRA).
DAK is required by law to maintain the confidentiality of personal health information that could be used to identify you, and to notify you and the Department of Health and Human Services of any unauthorized breach of your privacy with the potential to cause harm. We are also required by law to provide you with this notice of our legal duties and privacy practices. Any use of your PHI must be consistent with the terms of this notice.
If you have questions about your personal health information or need further information about DAK's privacy policies, please contact:
Dermatology Associates of Kentucky, PSC
250 Fountain Court
Lexington KY 40509
USE OF YOUR PERSONAL HEALTH INFORMATION
DAK may use your personal health information for the following reasons:
Treatment: Our practice will use your PHI to diagnose and treat you. We may write prescriptions and communicate with your pharmacy to order prescriptions. We may disclose your information to family members or caretakers who accompany you during appointments. We may communicate your PHI to other physicians and healthcare providers with whom you have a relationship, such as your primary care physician, for the purpose of case management and care coordination. We may access your PHI to advise you of potential treatment options or alternatives.
Payment: DAK may use or disclose your PHI in order to bill and collect payment for services. We may communicate with your insurer to verify eligibility and benefits, file claims, or provide details regarding your treatment to determine if your insurer will cover or pay for your treatment. We may use and disclose your PHI to third parties who may be responsible for costs, such as family members, the guarantor of your account, or your insurance policy holder.
Healthcare Operations: Our practice may use your records in the operation of our business for purposes such as reviewing the competence or qualifications of healthcare professionals, to assess the quality of care you received, or for training, accreditation, certification, licensing, or credentialing activities.
Benefits and Services: DAK may use your PHI to contact you to remind you of appointments or inform you of benefits and services that may be of interest to you.
USE AND DISCLOSURE OF YOUR PHI UNDER CERTAIN LEGALLY REQUIRED CIRCUMSTANCES
DAK may use or disclose your PHI when required by law, including under the following special circumstances:
After your death: To coroners and medical examiners made to assist in identifying a deceased person, to determine cause of death, or for other duties authorized by law. To funeral directors as necessary to perform their duties, including disclosures made in reasonable anticipation of the individual's death. For all other uses related to decedent information, if authorized by the executor or administrator of the estate.
For public health risks, such as:
• Reporting disease, injury, and vital events statistics (e.g, births and deaths)
• Conducting public health surveillance, investigations, and interventions
• To report child abuse or neglect as required by state law
• For investigation of suspected victims of elder or disabled abuse or neglect
• To the Food and Drug Administration (FDA)For reports about the quality, safety, or effectiveness of an FDA-regulated product or activity
• To report adverse events to food or dietary supplements, product defects or problems including the use or labeling of a product
• To enable product recalls, repairs, or replacements, including locating and notifying individuals who have received the product
Health Oversight Activities: Civil or criminal investigations, inspections, licensure, or disciplinary actions, or other activities, including government benefitprogram eligibility determinations or government regulatory programs (such as Medicare).
Legal Proceedings: In response to a court order, subpoenas, or other lawful process in conformance with federal notice requirements and with state laws.
Law Enforcement: DAK may disclose PHI to comply with a court order or court-ordered warrant, subpoena, or summons issued by a judicial officer, judge or a grand jury; to law enforcement officials to identify or locate a suspect, fugitive, material witness or missing person; to notify law enforcement about the commission and nature of a crime; or acting in good faith that the PHI constitutes evidence of criminal conduct occurring on its premises.
Military and Veterans' Activities: As deemed necessary by military command authorities to ensure proper execution of a mission where appropriate notice has been made in the Federal Register.
National security: To authorized federal officials conducting lawful intelligence, counterintelligence, or other national security activities authorized under the National Security Act.
Inmates: To correctional institution or law enforcement officials about lawfully detained individuals if necessary to provide care to the individual or to protect the health and safety of the individual, other inmates, officers, or employees, either at the institution or while transporting the individual.
Disclosures for Workers' Compensation: To comply with laws relating to Workers' Compensation or programs that provide benefits for work-related injuries or illness without regard to fault.
YOUR RIGHTS REGARDING YOUR PERSONAL HEALTH INFORMATION
Confidential Communications: You have the right to request that DAK communicate with you about health issues using a particular method or at a certain location; for example, you may ask that we not contact you at work, or contact only your cell phone number. Requests must be submitted in writing. Our practice will accommodate all reasonable requests.
Requesting Restrictions: You have the right to request a restriction in our use or disclosure of PHI for treatment, payment, or healthcare operations. You have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment of your care. For your convenience, the Patient Information form you are required to complete for registration includes a place to indicate who is authorized to speak with us regarding your private information. We are not required to agree to your request; if we do agree, we are bound by our agreement except where otherwise required by law, in emergencies, or in order to treat you.
A patient who pays out of pocket in full for a service has the right to restrict disclosure of his or her PHI to a health plan, but only if the PHI restricted by the patient pertains solely to a healthcare item or service purchased by that individual.
All such requests for restrictions must be made in writing, and must include a) the information you wish restricted; b) whether you are requesting limits to use, disclosure, or both; and c) whom you want the limits to apply.
Specially Protected Information: State and/or federal laws define specially protected categories of information that require more stringent protection than afforded by HIPAA. A valid authorization form, signed by the individual or legal representative, is required prior to any disclosures of the following:
HIV test results
Alcohol and drug abuse records (42 CFR Part 2)
Genetic screening test results
Other professional services of a licensed psychologist
Social work counseling/therapy
Domestic violence victims counseling
Sexual assault counseling
Inspection and Copies: You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including medical and billing records. To inspect or obtain a copy of records, you may complete and sign a release of information form that DAK will provide, or you may simply make a written request that includes your signature, what information should be included, where you would like the records sent, and indicate if you wish to have an expiration date on your request.
DAK will provide one copy of your records to you at no charge; for additional requests, we may charge a fee for the cost of postage, labor, and supplies. If DAK denies your request for records, you may request a review of our denial with another licensed healthcare professional chosen by the practice.
Amendment: If you believe your records held by DAK are incorrect or incomplete, you may submit a written request for an amendment, which includes reasons to support the request. Requests may be denied if not submitted in writing, if the information was not created by our practice, or if we believe the request would compromise the accuracy and completeness of the record.
Breach notification: We are required to contact you within 60 calendar days of the discovery of a problem if your unsecured PHI has been or is reasonably believed to have been breached. In addition, we must notify the U.S. Department of Health & Human Services (HHS) and, if the breach involves PHI of more than 500 residents of the same state, we must also notify prominent media outlets.
Accounting for disclosures: Patients have the right to request an accounting of disclosures, or list of certain non-routine disclosures our practice has made of your PHI for non-treatment or operations purposes. Use of your PHI as part of routine care and billing is not required to be documented. All requests must be in writing and must state a time period of no more than 6 years from the date of disclosure.
DAK does not currently use Electronic Health Records, but should EHR be implemented in the future, accounting of disclosures may be reported to you in an electronic format.
Right to a Paper Copy of Notice: You are entitled to receive a paper copy of this notice of privacy practices. You may ask us to give you a copy of this notice at any time.
Right to File a Complaint: If you believe your privacy rights have been violated, you may file a complaint with our administrator, Joy Hayes, at 859-977-2294, or with the Secretary of the Department of Health and Human Services. You will not be penalized for filing a complaint.
Right to Provide Authorization for Other Use or Disclosure: Any use or disclosure of your PHI not described in this policy will require written authorization from you. Any authorization you provide regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reason described in the authorization. Please note, we are required to retain records of your care for 10 years after your last date of service.
If you have any questions regarding this notice or about our health information policies, please contact our administrator at 859-977-2294.