Notice of Privacy Practices

This notice describes how health information about you may be used and disclosed and how you can get access to this information. Please read it carefully.

We are required by law to provide you with this notice to explain our privacy practices with regard to your health information. This document describes how we may use and disclose your protected health information (“PHI”) for treatment, payment, healthcare operations, and other purposes permitted or required by law. Your rights with respect to your protected health information are also described in this notice.

 

Effective Date

This Notice of Privacy Practices became effective on April 14, 2003 and was amended on December 6, 2016.

 

Right to Amend This Notice

We reserve the right to change the provisions of our Notice of Privacy Practices and make new provisions for the privacy of the protected health information we maintain. If we make a material change, we will post the amended notice promptly on our website: www.davidengstrom.net/privacy-practices.

 

What is Protected Health Information (PHI)?

Protected Health Information (“PHI”) is individually identifiable health information we obtain or generate in providing our services to you. Such information may include documenting your symptoms, examination results, test results, diagnoses, treatments, and applying for future care or treatment, as well as billing documents for those services.

 

Types of Uses and Disclosures of Protected Health Information

Treatment

We will use and disclose your PHI to provide, manage, and coordinate your care and any related services. We will also disclose your PHI to other providers whom we may consult or coordinate with in your care, such as obtaining the input of a specialist.

 

Payment

We will use your PHI to obtain payment for services provided. For example, we may provide PHI to a health insurance company or to a business associate to obtain payment for your treatment.

 

Healthcare Operations

We will use your PHI for the management functions of our office. For example, your PHI may be used in quality reviews, outcome evaluations, and staff performance reviews. Additionally, business associates who provide us with services such as legal services, accounting services, insurance, and training programs may use your PHI as necessary.

 

Health Information Technology for Economic and Clinical Health (HITECH) Amendments

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology.

 

HITECH Breach Notification Requirements

We are required under the HITECH Act to notify each individual who’s unsecured PHI has been (or is reasonably believed to have been) accessed, acquired, or disclosed due to a breach. Our Business Associates have a similar duty under this Act. Unsecured PHI refers to private information that is readable by unauthorized individuals. PHI is encrypted so that it is unreadable, unusable, and indecipherable by unauthorized individuals. We will notify you by First Class U.S. Mail within 60 days of our discovery of such an event.

 

HITECH Restriction of Disclosure

Under the HITECH Act, if you pay out-of-pocket in full for services, you can require that the information regarding those service not be disclosed to your health insurance plan, as no claim to them is involved.

 

HITECH Access to Electronic Health Records

Under the HITECH Act, if we maintain electronic health records in one or more designated record sets, you have the right to obtain an electronic copy of your PHI, and, upon written request, you may have us send your record electronically directly to another party. We may charge you only for the labor cost for this service.

 

HITECH Expansion of Accounting Disclosures

As of January 1, 2014, the HITECH Act requires us, upon your written request, to provide an accounting of all disclosures made using electronic records of your PHI to carry out treatment, payment, and healthcare operations. This accounting requirement is limited to the three-year period prior to the request. We will provide you with an accounting of such disclosures made by us, and a list of our business associates including their contact information, who also upon your written request will be responsible for providing you with an accounting of their disclosures of your PHI.

 

HITECH Prohibition on Sale of PHI

Under the HITECH Act, neither we nor our business associates may receive direct or indirect remuneration in exchange for your PHI without your prior written authorization, unless that exchange meets one of the limited exceptions allowed by the Act.

 

HITECH Subsidized Marketing Limitations

Under the HITECH Act, we are restricted from most types of subsidized marketing communications to you that encourage you to make purchases, without your prior written authorization.

 

HITECH Fundraising Limitations

Under the HITECH Act, if we send a fundraising communication to you, we must also offer you an opportunity to opt out of future fundraising communications.

 

Other Ways We May Use and Disclose Your PHI

Appointment Reminders

We may contact you by telephone, postcard, or email to remind of appointments. Please let us know if you do not wish to receive these communications.

 

Communication with Family

We may use and disclose relevant portions of your protected health information to your family member, relative, close friend, or other person you identify as being involved in your care or payment for care. In an emergency or when you are not capable of agreeing or objecting, we will use and disclose your PHI as we determine is in your best interest. We will inform you after the emergency and give you the opportunity to object to future disclosures to family and friends.

 

As Required By Law

We will use and disclose your PHI when we are required to do so by federal, state, or local law. We may disclose your PHI in the course of any judicial or administrative proceeding as allowed or required by law, or as directed by court order.

 

Food and Drug Administration (FDA)

We may use and disclose to the FDA your PHI relating to adverse events with respects to products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacements.

 

Health Oversight Agencies

We may use and disclose your PHI to appropriate health oversight agencies for health oversight activities.

 

To Avert a Serious Threat to Public Health or Safety

We may use and disclose your PHI to public health or legal authorities permitted to collect or receive the information for the purpose of preventing or controlling disease, injury, or disability. We may disclose your PHI to public authorities as required by law or regulation to report abuse or neglect.

 

Worker’s Compensation

We may use and disclose your PHI to Worker’s Compensation or similar programs that provide benefits for work-related injuries or illnesses, for your compensation.

 

Research

For the purposes of research that has been approved by an institutional review board and uses established protocols to ensure the protection of privacy of health information, we may use and disclose your PHI to researchers.

 

Inmates

If you are an inmate of a correctional institution, or under the custody or a law enforcement official, we may use and disclose to the institution or its agents, or to the law enforcement official, your PHI necessary for your health and the health and safety of other individuals.

 

Other Uses Or Disclosures Not Covered By This Notice

Other uses and disclosures besides those identified above will be made only by your written authorization. You may also revoke an authorization you previously provided.

 

Your Health Information Rights

The health and billing records we maintain are the physical property of our practice. The information in those records, however, belongs to you.

 

Request Restrictions on Uses and Disclosures of Your PHI

You have the right to request a restriction on how we use and disclose your health information for treatment, payment, and healthcare operations. For example, you might request non-disclosure of a treatment to a family member or other person involved in your care. Another example is given under the HITECH Restriction of Disclosure clause. Your request must be made in writing to the Privacy Officer at our office. We are not required to grant all requests but we will comply with any request we do grant, except for emergency treatment.

 

Receive Confidential Communication

You have the right to request the ways we communicate with you to preserve your privacy. For example, you might request we only call you at your work number, or by U.S. Mail at a certain address. Your request specifying how we are to contact you must be made in writing to the Privacy Officer at our office. We will accommodate all reasonable requests to communicate with you by alternate means or at alternate locations.

 

Inspect and Copy Your Protected Health Information

You have the right to inspect and copy the PHI we maintain about you in our designated record set, which includes medical, billing, and any other records used for making decisions about you. Any psychotherapy notes are by law not available for inspection or copying. The HITECH Act, as previously noted, expands this right to include access to electronic health records in an electronic format. To inspect or copy your PHI, submit a request in writing to the Privacy Officer at our office. We will respond within 30 days. We may charge you a fee for copying or mailing, but may only charge for labor costs for electronic transfers of health records.

 

Request an Amendment to Your Protected Health Information

You have the right to request that we amend your medical information if you feel it is incomplete or inaccurate. You must make this request in writing to the Privacy Officer at our office, explaining what information is incomplete or in error, how it should be changed, and the reasons for the change. We are not required to grant all such requests. You may file a statement of disagreement if your amendment is denied, and require that the request for amendment and any denial be attached in all future disclosures of your PHI.

 

Receive An Accounting of Disclosures of Your PHI

You have the right to request a list of disclosures of your PHI that were not for treatment, payment, or healthcare operations. Your request must be in writing, addressed to the Privacy Officer at our office, and must state the time period (not greater than six years) for which you request an accounting. Under the HITECH Act, as previously noted, you may request an accounting of all disclosures made using electronic records of your PHI to carry out treatment, payment, and healthcare operations, limited to the three-year period prior to the request.

 

Obtain A Paper Copy of This Notice

You have the right to obtain a paper copy of this Notice. Copies are available in the reception area of our office, and you can always ask us for a copy.

 

Our Responsibilities

We are required to abide by the terms of this Notice. Among other duties, we are required to maintain the privacy of your health information as specified by law and regulation; to provide you with a notice of our duties and privacy practices; to notify you of certain breaches of privacy; to notify you if we cannot accommodate a restriction or request; and to accommodate reasonable requests regarding methods to communicate health information with you.

 

File a Complaint

If you believe we have violated your privacy rights, you may file a written complaint within 180 days of the suspected violation, addressed to the Privacy Officer at our office. Please provide as much detail as you can on the matter. We will never retaliate against anyone for filing a complaint.

You may also file a complaint with the Secretary of the United States Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201; phone (202) 619-0257; toll free (877) 696-6775.

 

Contact for PHI Concerns

If you have questions, would like additional information or assistance, or want to report a problem regarding the handling of your information, please contact our Privacy Officer, David Engstrom:

By Phone: (206) 938-0682 during our normal office hours

By Mail: David Engstrom Body Therapy, 3601 Fremont Avenue North, Suite 412, Seattle WA 98103