NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION AND/OR PROTECTED HEALTH INFORMATION (PHI) ABOUT YOU MAY BE USED AND DISCLOSED. HOW YOU CAN GET ACCESS TO THIS INFORMATION AND WHAT ACTIONS GOES PHYSICIANS, INC (GOES) (THE PRACTICE) WILL TAKE IF THERE IS A BREACH OF YOUR MEDICAL INFORMATION AND/OR PHI. THIS NOTICE APPLIES TO ALL RECORDS OF YOUR CARE HELD BY THIS OFFICE REGARDLESS OF THE ENTITY THAT PRODUCED THE RECORDS.

This notice describes our Practice’s policies, which extend to: any health care professional authorized to enter information into your chart (including physicians, OAs, COAs, RNs, etc.): all areas of the Practice including but not limited to the front desk, administration, billing and collection, etc.; all employees, staff and other personnel that work for or with our Practice; our business associates (billing services, other facilities, etc), on-call physicians, etc.

The practice provides this Notice to comply with the Privacy Regulation issued by the Department of Health and Human Services in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

YOUR PROTECTED HEALTH INFORMATION:

We understand that your medical information is personal to you and we are committed to protecting this information. As our patient, we create paper and electronic medical records about your health, our care of you and the services and/or items we provide to you. We need this record to provide for your care and to comply with certain legal requirements.

We are required by law to:

  • Make sure that your PHI is kept private;
  • Provide you with a notice of our Privacy Practices, your legal rights with respect to PHI and our response to a breach of your PHI;
  • Follow the terms and conditions of the notice that is currently in effect.

HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU:

The following categories describe the different ways that we may use and disclose PHI.

Medical Treatment: We may use any medical information provided by you, a referring physician or other party to provide you with current or prospective medical treatment or services. Therefore, we may, and most likely will, disclose medical information about you to doctors, nurses, technicians, medical students, or hospital personnel who are involved in taking care of you. Different areas of the Practice may also share medical information about you including your record(s), prescriptions, lab work, and x-rays. Your medical information may be discussed to provide you with treatment options and/or recommendations. The Practice may disclose your medical information and/or PHI to people who may be involved in your medical care including but not limited to your family members, a personal representative authorized by you or by a legal mandate (guardian), or a designated caregiver.

Payment: We may use and disclose medical information and/or PHI for services and procedures provided to you so they may be billed to you, an insurance company or another third part. We may also advise your insurance plan and/or referring physician about a treatment you are going to receive to obtain prior approval, determine whether your plan will cover the treatment and/or to facilitate payment.

HEALTH Care Operations: We may use or disclose medical information and/or PHI so that we can run our practice more efficiently and insure quality care for all of our patients. This may include reviewing our treatment and services to evaluate the performance of our staff, to decide whether to offer additional service or discontinue services and/or to determine whether certain new treatments are effective. Your medical information, PHI, may be disclosed to doctors, nurses, technicians, medical students and other business associated for purposes of helping us to comply with our legal requirements, to auditors required to verify our records, to billing and collection companies for purposes of fee collections. When possible, we may remove any information that specifically identifies who the individual patient is. We shall endeavor, at all times, when business associates are used, to advise them of their continued obligation to maintain the privacy of your medical information/PHI.

Appointment and Patient Recall Reminders: We may ask that you sign a “Sign in Log” on the day  of your appointment. We may use and disclose medical information to contact you as a reminder that you have an appointment for medical care or are due to receive periodic care at the Practice. Contact may be made by phone, voice mail, answering machine, post card, letter, email or otherwise and may potentially be received or intercepted by others.

Emergency Situations: We may disclose medical information/PHI to an organization assisting in a disaster relief effort or in an emergency situation.

Research:  Under certain circumstances, we may use and disclose medical information/PHI for research purposes regarding medications, efficiency of treatment protocols and the like. All research projects are subject to an approval process. Information will only be used or disclosed for projects which have been approved. If possible, we will make information non-identifiable to a specific patient. If the information is not sufficiently masked, we will obtain an Authorization from you before releasing your information.

Required by Law: We will disclose medical information/PHI specific to you when required to do so by federal, state or local law.

To Avert a Serious Threat to Health or Safety: We may use and disclose medical information/PHI when necessary to prevent a serious threat either to you or to the safety and health of the public or any other person.

Organ and Tissue Donation:  If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye, or tissues transplantation or to an organ donation bank as necessary to facilitate organ or tissue donation and transplantation.

Worker’s Compensation: We may release medical information/PHI to worker’s compensation or similar programs.

Public Health Risks: Law or public policy may require us to disclose information/PHI for public health activities. These activities generally include the following; to prevent or control disease, injury or disability; to report birth and deaths; to report child abuse or neglect; to report reactions to medications or problems with products; to notify people of recalls of products; to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; to notify the appropriate government  authority if we believe a patient has been the victim of abuse, neglect or domestic violence.

Investigation and Government Activities: We may disclose medical information/PHI to a local, state or federal agency for activities authorized by law. These oversight activities include but are not limited to audits, investigations, inspections, and licensure.

Lawsuits and Disputes:  If you are involved in a lawsuit or dispute, we may disclose medical information/PHI in response to a court or administrative order, subpoena, discovery request or other lawful process.  We shall attempt to inform you about any request made by another party so that you may obtain an order protecting  the information requested if you so desire.  We may also use such information to defend our Practice or any member of our practice in any actual or threatened action.

Law Enforcement:  We may release medical information/PHI if requested by law enforcement official; in response to a court order, subpoena, warrant, summons or similar process; to identify or locate a suspect, fugitive, material witness or missing persons; about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; about a death we believe may be the result of criminal conduct; about criminal conduct at the Practice; and in emergency situations requiring the reporting of a crime, the location of a crime or victims or the identity, description or location of a person who committed the crime.

Coroners, Medical Examiners and Funeral Directors: We may disclose medical information/PHI to a coroner or medical examiner. We may also release information to funeral directors as necessary to carry out their duties.

Inmates:  If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information/PHI to the correctional institution, or law enforcement official if it is necessary for (1) the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.

CHANGES TO THIS NOTICE

GOES Physicians, Inc. reserves the right to change this notice at any time. We reserve the right to make the revised notice effective for medical information already held by the Practice as well as any information we may receive in the future. A copy of the most current Notice of Privacy Practices will be available at each location of the Practice. The notice will contain the date of last revision and effective date. A printed copy of the most current notice in effect will be available upon request.

COMPLAINTS

If you believe your privacy right has been violated, you may file a complaint with the Practice or with the Secretary of the Department of Health and Human Services. To file a complaint with the Practice contact the Practice Administrator at 937-324-3937 or 1-800-638-2034. All complaints must be submitted in writing. All complaints will be investigated without repercussion to the person filing the complaint. You will not be penalized for filing a complaint.

OTHER USES OF MEDICAL INFORMATION

Other uses and disclosures of medical information/PHI not covered by this notice or the laws that apply will be made only with your written permission unless those uses can be reasonable inferred from the intended uses above. If you have provided us with your permission to use or disclose medical information/PHI you may revoke that permission, in writing, at any time. If you provoke your permission, GOES will no longer use or disclose information about you for the reasons covered by your written authorization.  GOES will no longer use or disclose information about you for the reasons covered by your written authorization.  GOES will be unable to take back any disclosures already made with your permission. Revoking your permission to disclose information does not negate our requirement to retain records of the care that is provided to you by the Practice.

HIPAA BREACH NOTIFICATION RULE

As a HIPAA covered entity, GOES Physicians, Inc. Is required to comply with HIPAA Breach Notification Rule effective September 23, 2009, as well as any notification obligations imposed by state law and imposed by the HIPAA Privacy and Security Rules. This rule requires the notification of any individual whose medical information and/or Personal Health Information (PH) (including but not limited to full name, address, social security number, diagnosis) in any form or medium including electronic, paper or oral is accessed, acquired, used or disclosed, as a result of a security breach.

A breach is defined as the acquisition, access, use, or disclosure of unsecured PHI which is not permitted by the HIPAA Privacy Rules and compromises the security or privacy of the PHI. Unsecured PHI is defined as any patient health information that is not secured through a technology or methodology, specified by HHS that renders the PHI unusable, unreadable, or indecipherable to unauthorized individuals.

To determine whether a breach of unsecured PHI has occurred, GOES will perform a risk assessment to establish whether a significant risk of financial, reputational, or other harm to the affected individual(s) exists.

If a breach is determined to have occurred, GOES will notify the affected individuals without unreasonable delay, but not later than 60 calendar days after discovery. The date of discovery will be the first day on which the breach is known or should have been known to GOES.

Each affected individual will receive written notification via first class mail at the last known address. If the address is unknown, then a substitute notice will be provided by mean such as telephone. If the breach affects more than 10 people, a conspicuous notice will be posted on goeyesurgeons.com for a period not less than 90 days. If the breach affects 500 or more individuals, GOES will also notify major media outlets serving the relevant areas. Additionally, GOES will notify HHS in accordance with the rules.

Written notices will contain a brief description of what happened including the date of the breach and the date of the discovery to the extent these dates are known. Additionally, the notice will describe the types of unsecured PHI that were disclosed in the breach (i.e., full name, SSN, date of birth, address, diagnosis, etc.) and the actions taken by our office to investigate the breach, mitigate ham and protect against any further breaches. GOES will further advise individuals as to what steps to take to protect themselves from any potential harm arising from the breach and provide contact procedures for individuals to ask questions or receive additional information.

PATIENT RIGHTS

THIS SECTION DESCRIBES YOUR RIGHTS AND THE OBLIGATIONS OF GOES PHYSICIANS, INC. REGARDING THE USE AND DISCLOSURE OF YOUR MEDICAL INFORMATION/PHI.

You have the following rights regarding medical information/PHI we maintain about you:

Right to Inspect and Copy: You have the right to inspect and copy medical information/PHI that may be used to make decisions about your care. This includes your own medical and billing records, but does not include psychotherapy notes. To inspect and copy your records, you must submit your request in writing to our Practice Administrator. We may charge a fee for the costs of copying, mailing or other supplies associated with your request. We may deny your request in certain very limited circumstances. If you are denied access to your records, you may request, in writing, that our Compliance Committee review the denial. Another licensed health care professional chosen by the practice will review your request and the denial. GOES will comply with the outcome and recommendations of the review.

Right to Amend: If you feel the information maintained in your records is incorrect or incomplete, you may request that your information be amended. A request for amendment must be in writing, dated and signed by you and notarized. The request should include your intended amendment as well as reasons supporting the requested amendment. You have the right to request an amendment for as long as the Practice maintains your medical record. We may deny your request if you ask us to amend information that was not created by us, unless the person or entity that created the information is no longer available to make the amendment; is not part of the medical information kept by the Practice; or is not part of the information which you would be permitted to inspect or copy. A notice of disagreement may be filed with your information if we deny your request.

Right to Accounting of Disclosures:  You have the right to request an “accounting of disclosures”. This is a list of disclosures of your medical information/PHI made by GOES to others. This request must be in writing and include the time period of your request, no longer than six (6) years back. Your request should also indicated in what form you want the list (for example on paper or electronically). GOES will notify you of the cost involved to comply with your cost and you may choose to withdraw or modify your request at any time before costs are actually incurred.

Right to Request Restrictions: You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or for your care. Your request must be in writing and include; the information you want to limit; whether you want to limit our use, disclosure or both; and to whom you want the limits to apply. We are not required to agree to your request and we may not be able to comply with your request if the information is exempted from the consent requirement or we are otherwise required to disclose the information by law.

Right to Request Confidential Communication: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we only contact you at work or by mail. To request confidential communications, you must submit your request in writing and specify how or where you wish us to contact you. We will not ask you for a reason and we will accommodate all reasonable request.

Right to a Paper Copy of the Notice: You have the right to a paper copy of this notice at any time, even if you have agreed to receive this notice electronically.

REVISED: SEPTEMBER 23, 2009

EFFECTIVE DATE: SEPTEMBER 23, 2009