Notice of Privacy Practices of David Engstrom Body Therapy & Acupuncture
Introduction
At David Engstrom Body Therapy & Acupuncture, we are committed to protecting the privacy and security of our patients’ health information. This Notice of Privacy Practices (“Notice”) describes how we may use and disclose your Protected Health Information (“PHI”) in accordance with applicable law, including the Health Insurance Portability and Accountability Act (“HIPAA”), the Health Information Technology for Economic and Clinical Health (“HITECH”) Act, and the Washington My Health My Data Act. It also describes your rights concerning your PHI.
Understanding Your Health Record/Information
Each Visit Record
Each time you visit David Engstrom Body Therapy & Acupuncture, a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information, often referred to as your health or medical record, serves as a:
Basis for planning your care and treatment
Means of communication among the many health professionals who contribute to your care
Legal document describing the care you received
Means by which you or a third-party payer can verify that services billed were actually provided
Tool in educating health professionals
Source of data for medical research
Source of information for public health officials charged with improving the health of the nation
Source of data for facility planning and marketing
Tool with which we can assess and continually work to improve the care we render and the outcomes we achieve
Your Health Information Rights
Although your health record is the physical property of David Engstrom Body Therapy & Acupuncture, the information belongs to you. You have the right to:
Request a restriction on certain uses and disclosures of your information as provided by 45 CFR §164.522
Obtain a paper copy of the notice of information practices upon request
Inspect and obtain a copy of your health record as provided for in 45 CFR §164.524
Amend your health record as provided in 45 CFR §164.526
Obtain an accounting of disclosures of your health information as provided in 45 CFR §164.528
Request communications of your health information by alternative means or at alternative locations
Revoke your authorization to use or disclose health information except to the extent that action has already been taken
Our Responsibilities
David Engstrom Body Therapy & Acupuncture is required to:
Maintain the privacy of your health information
Provide you with a notice as to our legal duties and privacy practices with respect to information we collect and maintain about you
Abide by the terms of this Notice
Notify you if we are unable to agree to a requested restriction
Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations
We reserve the right to change our practices and to make the new provisions effective for all PHI we maintain. Should our information practices change, we will mail a revised notice to the address you’ve supplied us.
For More Information or to Report a Problem
If you have questions and would like additional information, you may contact the Privacy Officer at [Insert Contact Information].
If you believe your privacy rights have been violated, you can file a complaint with the Privacy Officer or with the Office for Civil Rights, U.S. Department of Health and Human Services. There will be no retaliation for filing a complaint.
Uses and Disclosures of Health Information
Treatment
We will use your health information to provide you with medical treatment or services. We may disclose health information about you to doctors, nurses, technicians, medical students, or other clinic personnel who are involved in taking care of you.
Payment
We will use and disclose your health information to obtain payment for the services we provide to you.
Healthcare Operations
We may use and disclose your health information in connection with our healthcare operations, including quality assessment and improvement activities, reviewing the competence or qualifications of healthcare professionals, evaluating practitioner and provider performance, conducting training programs, accreditation, certification, licensing or credentialing activities.
HITECH Act Amendments
Breach Notification Requirements
We are required under the HITECH Act to notify each individual whose unsecured PHI has been (or is reasonably believed to have been) accessed, acquired, or disclosed due to a breach. Our Business Associates have a similar duty under this Act. Unsecured PHI refers to private information that is readable by unauthorized individuals. PHI is encrypted so that it is unreadable, unusable, and indecipherable by unauthorized individuals. We will notify you by First Class U.S. Mail within 60 days of our discovery of such an event.
Restriction of Disclosure
Under the HITECH Act, if you pay out-of-pocket in full for services, you can require that the information regarding those services not be disclosed to your health insurance plan, as no claim to them is involved.
Access to Electronic Health Records
Under the HITECH Act, if we maintain electronic health records in one or more designated record sets, you have the right to obtain an electronic copy of your PHI, and, upon written request, you may have us send your record electronically directly to another party. We may charge you only for the labor cost for this service.
Expansion of Accounting Disclosures
As of January 1, 2014, the HITECH Act requires us, upon your written request, to provide an accounting of all disclosures made using electronic records of your PHI to carry out treatment, payment, and healthcare operations. This accounting requirement is limited to the three-year period prior to the request. We will provide you with an accounting of such disclosures made by us, and a list of our business associates including their contact information, who also upon your written request will be responsible for providing you with an accounting of their disclosures of your PHI.
Prohibition on Sale of PHI
Under the HITECH Act, neither we nor our business associates may receive direct or indirect remuneration in exchange for your PHI without your prior written authorization, unless that exchange meets one of the limited exceptions allowed by the Act.
Subsidized Marketing Limitations
Under the HITECH Act, we are restricted from most types of subsidized marketing communications to you that encourage you to make purchases, without your prior written authorization.
Fundraising Limitations
Under the HITECH Act, if we send a fundraising communication to you, we must also offer you an opportunity to opt out of future fundraising communications.
Other Ways We May Use and Disclose Your PHI
Appointment Reminders
We may contact you by telephone, postcard, or email to remind you of appointments. Please let us know if you do not wish to receive these communications.
Communication with Family
We may use and disclose relevant portions of your protected health information to your family member, relative, close friend, or other person you identify as being involved in your care or payment for care. In an emergency or when you are not capable of agreeing or objecting, we will use and disclose your PHI as we determine is in your best interest. We will inform you after the emergency and give you the opportunity to object to future disclosures to family and friends.
As Required By Law
We will use and disclose your PHI when we are required to do so by federal, state, or local law. We may disclose your PHI in the course of any judicial or administrative proceeding as allowed or required by law, or as directed by court order.
Food and Drug Administration (FDA)
We may use and disclose to the FDA your PHI relating to adverse events with respects to products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacements.
Health Oversight Agencies
We may use and disclose your PHI to appropriate health oversight agencies for health oversight activities.
To Avert a Serious Threat to Public Health or Safety
We may use and disclose your PHI to public health or legal authorities permitted to collect or receive the information for the purpose of preventing or controlling disease, injury, or disability. We may disclose your PHI to public authorities as required by law or regulation to report abuse or neglect.
Worker’s Compensation
We may use and disclose your PHI to Worker’s Compensation or similar programs that provide benefits for work-related injuries or illnesses, for your compensation.
Research
For the purposes of research that has been approved by an institutional review board and uses established protocols to ensure the protection of privacy of health information, we may use and disclose your PHI to researchers.
Inmates
If you are an inmate of a correctional institution, or under the custody or a law enforcement official, we may use and disclose to the institution or its agents, or to the law enforcement official, your PHI necessary for your health and the health and safety of other individuals.
Other Uses Or Disclosures Not Covered By This Notice
Other uses and disclosures besides those identified above will be made only by your written authorization. You may also revoke an authorization you previously provided.
Your Health Information Rights
The health and billing records we maintain are the physical property of our practice. The information in those records, however, belongs to you.
Request Restrictions on Uses and Disclosures of Your PHI
You have the right to request a restriction on how we use and disclose your health information for treatment, payment, and healthcare operations. For example, you might request non-disclosure of a treatment to a family member or other person involved in your care. Another example is given under the HITECH Restriction of Disclosure clause. Your request must be made in writing to the Privacy Officer at our office. We are not required to grant all requests but we will comply with any request we do grant, except for emergency treatment.
Receive Confidential Communication
You have the right to request the ways we communicate with you to preserve your privacy. For example, you might request we only call you at your work number, or by U.S. Mail at a certain address. Your request specifying how we are to contact you must be made in writing to the Privacy Officer at our office. We will accommodate all reasonable requests to communicate with you by alternate means or at alternate locations.
Inspect and Copy Your Protected Health Information
You have the right to inspect and copy the PHI we maintain about you in our designated record set, which includes medical, billing, and any other records used for making decisions about you. Any psychotherapy notes are by law not available for inspection or copying. The HITECH Act, as previously noted, expands this right to include access to electronic health records in an electronic format. To inspect or copy your PHI, submit a request in writing to the Privacy Officer at our office. We will respond within 30 days. We may charge you a fee for copying or mailing, but may only charge for labor costs for electronic transfers of health records.
Request an Amendment to Your Protected Health Information
You have the right to request that we amend your medical information if you feel it is incomplete or inaccurate. You must make this request in writing to the Privacy Officer at our office, explaining what information is incomplete or in error, how it should be changed, and the reasons for the change. We are not required to grant all such requests. You may file a statement of disagreement if your amendment is denied, and require that the request for amendment and any denial be attached in all future disclosures of your PHI.
Receive An Accounting of Disclosures of Your PHI
You have the right to request a list of disclosures of your PHI that were not for treatment, payment, or healthcare operations. Your request must be in writing, addressed to the Privacy Officer at our office, and must state the time period (not greater than six years) for which you request an accounting. Under the HITECH Act, as previously noted, you may request an accounting of all disclosures made using electronic records of your PHI to carry out treatment, payment, and healthcare operations, limited to the three-year period prior to the request.
Obtain A Paper Copy of This Notice
You have the right to obtain a paper copy of this Notice. Copies are available in the reception area of our office, and you can always ask us for a copy.
Our Responsibilities
We are required to abide by the terms of this Notice. Among other duties, we are required to maintain the privacy of your health information as specified by law and regulation; to provide you with a notice of our duties and privacy practices; to notify you of certain breaches of privacy; to notify you if we cannot accommodate a restriction or request; and to accommodate reasonable requests regarding methods to communicate health information with you.
File a Complaint
If you believe we have violated your privacy rights, you may file a written complaint within 180 days of the suspected violation, addressed to the Privacy Officer at our office. Please provide as much detail as you can on the matter. We will never retaliate against anyone for filing a complaint.
You may also file a complaint with the Secretary of the United States Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201; phone (202) 619-0257; toll free (877) 696-6775.
Contact for PHI Concerns
If you have questions, would like additional information or assistance, or want to report a problem regarding the handling of your information, please contact our Privacy Officer, David Engstrom:
By Phone: (206) 938-0682 during our normal office hours, Monday through Friday from 9 a.m. to 5 p.m.
By Mail: David Engstrom Body Therapy & Acupuncture, 3417 Evanston Avenue North, Suite 226, Seattle WA 98103