THIS
NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW
YOU MAY ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY
Effective
5/1/2012
FOR
QUESTIONS OR MORE INFORMATION, PLEASE
CONTACT
OUR PRIVACY OFFICER
Dr. Mark
Ahearn
+1(713) 358-9270
Mark.Ahearn@nuphysicia.com
We
at NHOT are required by law to
maintain the privacy of our patients’ health information (known as “protected
health information” and referred to here as “PHI”). We are required to
provide you with notice of our legal duties and privacy practices with respect
to your PHI (“Notice”), notify you
upon a breach of unsecured PHI, and follow the terms of this Notice.
When
we say “you” or “your” in this Notice, this refers to the patient who is the
subject of the PHI. When we say “we,”
“our” or “us,” this refers to NHOT.
We
collect PHI from you through treatment, payment, related health care
operations, the application and enrollment process, health care providers,
health plans, or our other activities in connection with the general management
of NHOT. Your PHI includes any
information, oral, written or recorded, that is created or received by certain
health care entities, including health care providers, as well as health
insurance companies or health plans. The
law specifically protects information that relates to the past, present, or
future treatment or payment for your health care, or your enrollment in a
health plan, that contains your name, address, social security number,
insurance number, or other information or data that could be used to identify
you as the individual patient who is associated with that health information. In
addition, when you give permission, phone applications will allow access to
your location and also access to your photos, again when you give permission.
HOW WE MAY USE OR
DISCLOSE YOUR PHI
Generally,
we may not use or disclose your PHI without your permission. Further, once your permission has been
obtained, we must use or disclose
your PHI in accordance with the specific terms of that permission. The following sections describe different
ways that we may use or disclose your PHI.
Use or Disclosure Not
Requiring Your Permission
Treatment. We may
use your PHI to provide you with health care services and treatment that you
request. Examples: (a) the provision, coordination, or management your
health care and related services by health care providers; (b) consultation
between health care providers relating to your treatment; or (c) the referral
of your care and treatment from one health care provider to another.
Payment. We may use your PHI to collect payment for the
services and treatment that you receive.
Examples: (a) billing and
collection activities and related data processing; (b) medical necessity and
appropriateness of care reviews, utilization review activities; and (c)
disclosure to consumer reporting agencies of information relating to collection
of premiums or reimbursement.
Health Care
Operations. We may use your PHI for
our health care operations. Examples: (a) development of clinical
guidelines; (b) contacting you with information about treatment alternatives or
communications in connection with case management or care coordination; (c)
reviewing the qualifications of and training health care professionals; (d)
underwriting and premium rating; (e) medical review, legal services, and
auditing functions; and (f) general administrative activities such as customer
service and data analysis.
Disclosures to Our
Employees and Business Associates. We may disclose your PHI
to our employees and to our business associates when necessary to perform, or
assist us in performing, treatment, payment and health care operations. We require our employees and business associates
to comply with our policies and procedures and to take steps to reasonably and
appropriately safeguard your PHI.
Use or
Disclosure Required By Law
Public Health
Disclosures. We may disclose your PHI for public health
purposes.
Health Oversight
Activities. We may disclose your PHI to governmental,
licensing, auditing and accrediting agencies for health oversight
activities.
To Avert a Serious
Threat to Health or Safety. We may use or
disclose your PHI when necessary to prevent a serious threat to health or
safety of a person.
Specialized Government
Functions. We may disclose your PHI to certain
specialized government functions.
Law Enforcement. We may release your PHI for law enforcement
purposes.
Legal Proceedings. We may disclose your PHI to courts, attorneys
and court employees when we get a court order, warrant, subpoena, discovery
request, or other lawful process in the course of lawful, judicial or
administrative proceedings.
Coroners, Medical
Examiners and Funeral Directors. We may
disclose your PHI to a coroner or medical examiner for the purpose of
identifying a deceased person, determining the cause of death or other
duties. We may also disclose you PHI to
funeral directors as necessary to carry out their duties.
Organ, Eye and Tissue
Donation. If you a donor, we may release your PHI to
procurement organization or banks for purposes of cadaveric donation of organs,
eyes, or tissue.
Workers’ Compensation. We may disclose your PHI to covered entities
that are government programs providing public benefits and for workers’
compensation.
Use or
Disclosure Requiring Your Authorization
Marketing. We are not permitted to provide your PHI to
any other person or company for marketing to you of any products or
services. We are also not permitted to
receive payment in exchange for making such marketing communication to
you. However, if the communication
describes your prescription drug or biologic, and the payment received is
reasonable: (a) we are permitted to send such communication to you with your
authorization; and (b) our business associate may also send such communication
to you on our behalf, provided that the communication is consistent with the
written contract between us and our business associate.
Sale of PHI. We are not permitted to receive payments for
the sale of your PHI. However, there are
exceptions when the purpose of the exchange is for: (a) public health
activities; (b) research purposes (if the price charged reflects the cost of
preparation and transmittal of the information); (c) your treatment; (d) health
care operations related to the sale, merger or consolidation of our business;
(e) performance of services by a business associate on our behalf; (f)
providing you with a copy of your PHI; or (g) other reasons determined
necessary and appropriate by the Secretary of the U.S. Department of Health and
Human Services (the “Secretary”).
All Other Uses. Except as otherwise permitted or required, as
described in this Notice, we may not use or disclose your PHI without a written
authorization from you. Further, we are
required to use or disclose your PHI consistent with the terms of your
authorization. You may revoke your
authorization at any time, except to the extent that we have taken action in
reliance on your authorization, or if you provided the authorization as a
condition of obtaining insurance coverage, other law provides the insurer with
the right to contest a claim under the policy..
Right To Request
Restrictions On Use Or Disclosure
You
have the right to request restrictions on certain uses and disclosures of your
PHI. We may require written
requests. You may request restrictions
relating to the following uses or disclosures: (a) to carry out treatment, payment or
healthcare operations; (b) disclosures to your family members, relatives, or
close personal friends of PHI directly relevant to your care or payment related
to your health care, location, general condition, or death; (c) instances in
which you are not present or when your permission cannot practicably be
obtained due to your incapacity or an emergency circumstance; (d) permitting
other persons to act on your behalf to pick up filled prescriptions, medical
supplies, X-rays, or other similar forms of PHI; or (e) disclosure to a public
or private entity authorized by law or by its charter to assist in disaster
relief efforts.
We
are not required to agree to any requested restriction, except for the health
plan restriction request described below.
However, if we agree to a restriction, we are bound not to use or
disclose your PHI in violation of such restriction, except in certain emergency
situations.
We
are required to honor your request for restriction if the disclosure is to a
health plan for purposes of carrying out treatment, payment or health care
operations and the PHI relates solely to treatment or services for which the
health care provider has been paid out-of-pocket and in full. You cannot request to restrict uses or
disclosures that are otherwise required by law.
Right To Receive
Confidential Communications
You
have the right to receive confidential communications of your PHI. We may require written requests. We must accommodate your request if it is
reasonable and you clearly state that disclosure of all or part of the
information to which the request pertains, if not restricted, would endanger
you. We will not require you to provide
an explanation of the basis for your request as a condition of providing such
communications to you.
Right To
Inspect And Copy Your PHI
We
maintain your designated record, which includes medical records and billing
records, enrollment, payment, claims adjudication, and case and medical
management records. You have the right
of access to inspect and obtain a copy your PHI contained in your records, except for (a) psychotherapy notes, (b)
information compiled in reasonable anticipation of, or for use in, a civil,
criminal, or administrative action or proceeding, and (c) certain health
information maintained by us to the extent to which the provision of access to
you would be prohibited by law.
We
may require you to submit your request for access in writing. We
must provide you with access to your PHI in the form or format requested by
you, if it is readily available, or, if not, in a readable hard copy form. Alternatively, with your prior approval and
for a fee, we may prepare a summary of your PHI for you. We will provide you with timely access,
including arranging a convenient time and place for you to inspect and/or
obtain copies of your PHI, or mailing a copy to you at your request. We will discuss the scope, format, and other
aspects of your request for access as necessary to facilitate timely access.
You have the right to receive a copy of your PHI contained in an electronic
health record (EHR), if maintained by us, and to direct us to send a copy of
the EHR to a designated third party. We
may charge a cost-based fee for preparation, copying and postage or transmittal
of your PHI, as applicable.
We
reserve the right to deny you access to and copies of certain PHI as permitted
or required by law. We will reasonably
attempt to accommodate your request and, to the extent possible, provide you
access to your PHI after excluding the information for which access has been
denied. Upon denial, we will provide you
with a written denial specifying the basis for denial, a statement of your
rights, and a description of how you may file a complaint with us. In certain cases, you have the right to
request a review of a denial of your request by a licensed health care
professional designated by us, who did not participate in the decision to deny
your request. If we do not have the
information but know where it is maintained, we will inform you of where to
direct your request for access.
Right To
Amend Your PHI
Right To Receive
Notification of Unauthorized Disclosure of Your PHI (Breach Notification)
We
are required to notify you upon a breach of any unsecured PHI. PHI is “unsecure” if it is not protected by a
technology or methodology (for example, encryption) specified by the Secretary
of Health and Human Services. The notice
must be made without unreasonable delay, but no later than 60 days from when we
discover the breach. The notice will
include, to the extent reasonably possible: (a) a brief description of the
breach, including the date of breach and discovery; (b) a description of the
types of unsecured PHI disclosed or misappropriated during the breach; (c) the
steps you can take to protect your identity; (d) a brief description of our
actions to investigate the breach, mitigate harmful effects and prevent future
breaches; and (e) contact procedures for affected individuals to obtain
additional information.
We
must notify you in writing by first class mail (unless you have opted for
electronic communications with us).
However, if we have insufficient contact with you, a reasonable
alternative notice method (posting on website, broadcast media, etc.) may be
used.
If
a breach affects 500 or more individuals, we must notify the Secretary after
which the Secretary will post our name on its internet website. Additionally, we may be required to publish a
notice in a prominent media outlet in each state or jurisdiction where more
than 500 individuals’ unsecured PHI has been breached. For breaches involving less than 500
individuals, we will maintain a log of such breaches and submit a report
annually to the Secretary. Finally, we
may give telephonic notice to you if we reasonably believe there is a
possibility of imminent misuse of your unsecured PHI; however, such telephonic
notice will not substitute for our written notice obligations.