HIPAA PRIVACY NOTICE
Effective August 1, 2013
Notice of Privacy Practices
Notice of Privacy Practices
ROCKY MOUNTAIN RADIOLOGISTS, P.C.
RMR CRAIG PROF., LLC
ROCKY MOUNTAIN RADIOLOGISTS BILLING SERVICES, INC.
THIS NOTICE DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Our goal is to take appropriate steps to safeguard any medical or other personal information that is provided to us. We are required to: (i) maintain the privacy of protected health information provided to us; (ii) provide notice of our legal duties and privacy practices; and (iii) abide by the terms of our Notice of Privacy Practices (“Notice”) currently in effect.
WHO WILL FOLLOW THIS NOTICE
This Notice describes the practices of Rocky Mountain Radiologists, P.C., Rocky Mountain Radiologists Billing Services, Inc. as well as their employees, staff, business associates, independent contractors and legal advisors. Each of these individuals and entities will follow the terms of this Notice and may share protected health information with each other for the treatment, payment, or healthcare operations purposes described in this Notice. If we have obtained your protected health information in our capacity as a business associate of another covered entity, we are required to follow the privacy policies of such covered entity.
This Notice describes how medical information about you may be used and disclosed and how you can obtain access to this information. Please review it carefully.
We are required by law to maintain the privacy of “protected health information.” “Protected health information” includes any identifiable information that we obtain from you or others that relates to your physical or mental health, the health care you have received, or payment for your health care.
As required by law, this Notice provides you with information about your rights and our legal duties and privacy practices with respect to the privacy of protected health information. This Notice also discusses the uses and disclosures we will make of your protected health information. We must comply with the provisions of this Notice, although we reserve the right to change the terms of this Notice from time to time and to make the revised notice effective for all protected health information we maintain. A copy of our current Notice is posted in our office and on our website. You can always request a copy of our most current privacy notice from our office.
II. Permitted Uses and Disclosures:
We can use or disclose your protected health information for purposes of treatment, payment and health care operations.
- Treatment means the provision, coordination or management of your health care, including consultations between health care providers regarding your care and referrals for health care from one health care provider to another. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. Therefore, the doctor may review your medical records to assess whether you have potentially complicating conditions like diabetes.
- Payment means activities we undertake to obtain reimbursement for the health care provided to you, including determinations of eligibility and coverage and other utilization review activities. For example, prior to providing health care services, we may need to provide to your insurance carrier (or other third party payor) information about your medical condition to determine whether the proposed course of treatment will be covered. When we subsequently bill the carrier or other third party payor for the services rendered to you, we can provide the carrier or other third party payor with information regarding your care if necessary to obtain payment.
- Health Care Operations mean the support functions of our practice related to treatment and payment, such as quality assurance activities, case management, receiving and responding to patient complaints, physician reviews, compliance programs, audits, business planning, development, management, educational and learning purposes, and administrative activities. For example, we may use your protected health information to evaluate the performance of our staff in caring for you. We may also combine protected health information about many patients to decide what services are not needed, and whether certain new treatments are effective.
Disclosures Related To Communications with You or Your Family
We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you or relate specifically to your medical care through our office. For example, we may leave appointment reminders on your answering machine or with a family member or other person who may answer the telephone at the number that you have given us in order to contact you.
We may disclose your protected health information to your family or friends or any other individual identified by you when they are involved in your care or the payment for your care. We will only disclose the protected health information directly relevant to their involvement in your care or payment. We may also use or disclose your protected health information to notify, or assist in the notification of, a family member, a personal representative, or another person responsible for your care of your location, general condition or death. If you are available, we will give you an opportunity to object to these disclosures, and we will not make these disclosures if you object. If you are not available, we will determine whether a disclosure to your family or friends is in your best interest, and we will disclose only the protected health information that is directly relevant to their involvement in your care.
We will allow your family and friends to act on your behalf to pick up prescriptions, medical supplies, X-rays, and similar forms of protected health information, when we determine, in our professional judgment, that it is in your best interest to make such disclosures.
We may disclose protected health information of minor children to their parents or guardians unless such disclosure is otherwise prohibited by law.
Organ and Tissue Donation. If you are an organ donor, we may release protected health information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Military and Veterans. If you are a member of the Armed Forces, we may release protected health information about you as required by military command authorities. We may also release protected health information about foreign military personnel to the appropriate foreign military authority.
Public Health Risks. We may disclose protected health information about you for public health activities. These activities generally include the following:
- To prevent or control disease, injury or disability.
- To report births and deaths.
- To report victim of abuse, neglect, or domestic violence.
- To report reactions to medications.
- To notify people of product, recalls, repairs or replacements.
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
Health Oversight Activities. We may disclose protected health information to federal or state agencies that oversee our activities. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws. We may disclose protected health information to persons under the Food and Drug Administration’s jurisdiction to track products or to conduct post-marketing surveillance.
Business Associates. We may disclose protected health information to our business associates who perform functions on our behalf or provide us with services if the protected health information is necessary for those functions or services. For example, we may use another company to do our billing, or to provide transcription or consulting services for us. All of our business associates are obligated, under contract with us, to protect the privacy and ensure the security of your protected health information.
Data Breach Notification Purposes. We may disclose protected health information to provide legally required notices of unauthorized access to or disclosure of your health information.
Research. We may disclose protected health information for research purposes, but we will only do so if the research has been specifically approved by an authorized institutional review board or privacy board that has reviewed the research proposal and has set up protocols to ensure the privacy of your protected health information. Even without that special approval, we may permit researchers to look at protected health information to help them prepare for research, for example, to allow them to identify patients who may be included in their research project, as long as they do not remove, or take a copy of, any protected health information. We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research. However, we will only disclose the limited data set if we enter into a data use agreement with the recipient who must agree to (1) use the data set only for the purposes for which is was provided, (2) ensure the confidentiality and security of the data, and (3) not identify the information or use it to contact any individual.
Lawsuits and Disputes. If you are involved in a lawsuit or dispute, we may disclose protected health information about you in response to a court or administrative order. We may also disclose protected health information about you in a response to a subpoena, discovery request or other lawful process by someone else involved in the dispute. We may also disclose your protected health information to defend ourselves in the event of a lawsuit.
Law Enforcement. We may release protected health information if asked to do so by a law enforcement official:
- In response to a court order, subpoena, warrant, summons or similar process.
- To identify or locate a suspect, fugitive, material witness, or missing person.
- About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement.
- About a death we believe may be the result of a criminal conduct.
- About criminal conduct on our premises.
- In emergency circumstances to report a crime; the location of the crime or victims or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners and Funeral Directors. We may release protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release protected health information about patients to funeral directors as necessary to carry out their duties.
Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release protected health information about you to the correctional institution or law enforcement official. This release would be necessary for the institution to provide you with health care, to protect your health and safety or the health and safety of others, or for the safety and security of the correctional institution.
Serious Threats. As permitted by applicable law and standards of ethical conduct, we may use and disclose protected health information if we, in good faith, believe that the use of disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
Disaster Relief. When permitted by law, we may coordinate our uses and disclosures of protected health information with public or private entities authorized by law or by charter to assist in disaster relief efforts. We will provide you an opportunity to agree or object to such a disclosure whenever we practically can do so.
Fundraising Activities. We may use or disclose your protected health information as necessary in order to contact you for fundraising activities. You have the right to opt out of receiving fundraising communications.
Your Written Authorization Required for Other Uses and Disclosures:
The following disclosures of your protected health information will be made only with your written authorization:
1. Disclosures of protected health information for marketing purposes; and
2. Disclosures that constitute a sale of your protected health information.
Other uses and disclosures of protected health information not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer and we will no longer disclose protected health information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.
IV. Your Rights Regarding Your Protected Health Information:
1. Right to Inspect and Copy. You have the right to inspect and copy protected health information that may be used to make decisions about your care or payment for your care. We have up to 30 days to make your protected health information available to you and we may charge you a reasonable fee for the costs of copying, mailing or other supplies associated with your request. We may not charge you a fee if you need the information for a claim for benefits under the Social Security Act or any other state or federal needs-based benefit program. We may deny your request in certain limited circumstances. If we do deny your request, you have the right to have the denial reviewed by a licensed healthcare professional who was not directly involved in the denial of your request, and we will comply with the outcome of the review.
2. Right to a Summary or Explanation. We can also provide you with a summary of your protected health information, rather than the entire record, or we can provide you with an explanation of the protected health information which has been provided to you, so long as you agree to this alternative form and pay the associated fees.
3. Right to an Electronic Copy of Electronic Medical Records. If your protected health information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. We will make every effort to provide access to your protected health information in the form or format you request, if it it readily producible in such form or format. If the protected health information is not readily producible in the form or format you request your record will be provided in either our standard electronic format or if you do not want this form or format, a readable hard copy form. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record.
4. Right to Get Notice of a Breach. You have the right to be notified upon a breach of any of your unsecured protected health information.
5. Right to Request Amendments. If you feel that the protected health information we have is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us. A request for amendment must be made in writing to the Privacy Officer at the address provided at the end of this Notice and it must tell us the reason for your request. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you a copy of any such rebuttal.
6. Right to an Accounting of Disclosures. You have the right to ask for an “accounting of disclosures”, which is a list of the disclosures we made of your protected health information. This right applies to disclosures for purposes other than treatment, payment, or healthcare operations as described in this Notice. It excludes disclosures we may have made to you, to family members or friends involved in your care, or for notification purposes. The right to receive this information is subject to certain exceptions, restrictions and limitations. Additionally, limitations are different for electronic health records. The first accounting of disclosures you request within any 12-month period will be free. For additional requests within the same period, we may charge you for the reasonable costs of providing the accounting. We will tell you what the costs are, and you may choose to withdraw or modify your request before the costs are incurred.
7. Right to Request Restrictions. You have the right to request a restriction or limitation on the protected health information we use or disclose for treatment, payment, or health care operations. You also have the right to request a limit on the protected health information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. To request a restriction on who may have access to your protected health information, you must submit a written request to the Privacy Officer. Your request must state the specific restriction requested and to whom you want the restriction to apply. We are not required to agree to your request, unless you are asking us to restrict the use and disclosure of your protected health information to a health plan for payment or health care operation purposes and such information you wish to restrict pertains solely to a health care item or service for which you have paid us “out-of-pocket” in full. If we do agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment.
8. Out-of-Pocket-Payments. If you paid out-of-pocket (or in other words, you have requested that we not bill your health plan) in full for a specific item or service, you have the right to ask that your protected health information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operation, and we will honor that request.
9. Right to Request Confidential Communications. You have the right to request that we communicate with you only in certain ways to preserve your privacy. For example, you may request that we contact you by mail at a specific address or call you only at your work number. You must make any such request in writing and you must specify how or where we are to contact you. We will accommodate all reasonable requests. We will not ask you the reason for your request.
10. Right to a Paper Copy of this Notice. You have the right to a paper copy of this Notice, even if you have agreed to receive this Notice electronically. You may request a copy of this Notice at any time.
How to Exercise Your Rights. To exercise your rights in this Notice, send your request, in writing, to our Privacy Officer at the address listed at the end of this Notice. We may ask you to fill out a form that we will supply. To exercise your right to inspect and copy your protected health information, you may also contact your physician directly. To get a paper copy of this Notice, contact our Privacy Officer by phone or mail.
How to Exercise Your Rights.
To exercise your rights in this Notice, send your request, in writing, to our Privacy Officer at the address listed at the end of this Notice. We may ask you to fill out a form that we will supply. To exercise your right to inspect and copy your protected health information, you may also contact your physician directly. To get a paper copy of this Notice, contact our Privacy Officer by phone or mail.
Participation with CORHIO (Colorado Regional Health Information Organization).
Rocky Mountain Radiologists, P.C. endorses, supports, and participates in electronic Health Information Exchange (HIE) as a means to improve the quality of your health and healthcare experience. HIE provides us with a way to securely and efficiently share patients’ clinical information electronically with other physicians and health care providers that participate in the HIE network. Using HIE helps your health care providers to more effectively share information and provide you with better care. The HIE also enables emergency medical personnel and other providers who are treating you to have immediate access to your medical data that may be critical for your care. Making your health information available to your healthcare providers through the HIE can also help reduce your costs by eliminating unnecessary duplication of tests and procedures. However, you may choose to opt-out of participation in the CORHIO HIE or cancel an opt-out choice, at any time by contacting the facility where your imaging services were performed.
IV. Breaches of Protected Health Information:
We will notify you if we discover a breach of unsecured protected health information. This notification will be provided in written form by first-class mail or by e-mail if you have agreed to receive such notices electronically. Under certain circumstances we may be required to provide substitute notice by posting the notice on the home page of our web site. Under certain other, extraordinary circumstances, we may be required to provide notice to prominent media outlets serving the State in which you live.
These notifications will be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and will include, to the extent possible, a description of the breach, a description of the types of information that were involved in the breach, the steps you should take to protect yourself from potential harm, a brief description of what we are doing to investigate the breach, mitigate the harm and prevent further breaches, as well as contact information.
If a breach of unsecured protected health information occurs while we are acting as a business associate to another covered entity, we will notify the covered entity following the discovery of the breach without unreasonable delay and no later than 60 days from the discovery of the breach. We will attempt to provide the covered entity with the identification of each individual affected by the breach as well as any information required to be provided by the covered entity in its notification to affected individuals.
- V. Complaints
If you believe that your privacy rights have been violated or if you have any questions about these policies, you should immediately contact our Privacy Officer listed below. All complaints should be submitted in writing within 180 days of when you knew or should have known of the suspected violation. There will be no retaliation against you for filing a complaint.
Rocky Mountain Radiologists, P.C.
1873 South Bellaire Street, Suite 420
Denver, Colorado 80222
You also may file a complaint with the Secretary of Health and Human Services by mailing it to: Secretary of the U.S. Department of Health and Human Services, 200 Independence Ave, S.W., Washington, D.C. 20201 or call (202) 619-0257 (or toll free (877) 696-6775) or go to the website of the Office of Civil Rights, www.hhs.gov/ocr/hipaa/, for more information.