Dr. Jose A. Castillo-Lugo Honored with Teaching Award of the Year by Methodist Dallas Hospital Fellowship
June 20th, 2016
DALLAS NEPHROLOGY ASSOCIATES
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice is being provided to you in accordance with the requirements of the Standards for Privacy of Individually Identifiable Health Information of the Health Insurance Portability and Accountability Act (the “HIPAA Privacy Rules”) and by the amendments to the HIPAA Privacy Rules made by the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”) and by the final HIPAA OMNIBUS Rule effective on September 23, 2013.
I. WE HAVE A LEGAL DUTY TO SAFEGUARD YOUR PROTECTED HEALTH INFORMATION (PHI):
We are legally required to protect the privacy of your health information. We call this information “protected health information,” or “PHI” for an abbreviation and it includes information that can be used to identify you that we’ve created or received about your past, present, or future health or condition, the provision of health care to you, or the payment of this health care. PHI also includes “genetic information” as that term is defined in the HIPAA Privacy Rules.
We must provide you with this Notice about our privacy practices that explains how, when, and why we use and disclose your PHI. With some exceptions, we may not use or disclose any more of your PHI than is necessary to accomplish the purpose of the use or disclosure. We are legally required to follow the privacy practices that are described in this Notice.
We prohibit our medical staff and patients from the use of cell phone cameras, video equipment, or recording devices in connection with any patient encounters or anywhere within our office premises without express permission from both the patient and our senior management.
However, we reserve the right to change the terms of this Notice and our privacy policies at any time. Any changes will apply to the PHI we already have. Before we make an important change to our policies, we will promptly change this Notice and post a new Notice in the waiting area. You can also request a copy of this Notice from the office receptionist in the office where your appointment is scheduled and can view a copy of the Notice on our Web site at www.dneph.com.
II. HOW WE MAY USE AND DISCLOSE YOUR PHI:
We use and disclose health information for many different reasons. We are not required to obtain your consent or authorization to make uses or disclosures of your PHI for the Primary Purposes and other possible uses described in Subsections A and B below, and in certain other very limited situations. In some cases as described in Subsection C and D, you may be given an opportunity to agree or object before the use or disclosure is made. However, as described in Subsection E below, your prior written authorization is required before we can use or disclose your PHI for most other purposes. Below, we describe the different categories of our uses and disclosures and give you some examples of each category.
A. PRIMARY USES AND DISCLOSURES OF PHI:
B. OTHER POSSIBLE USES AND DISCLOSURES OF PHI:
In situations where you are not capable of giving consent, (because you are not present or due to you incapacity or medical emergency), we may determine, using our professional judgment, that a disclosure to your family member or friend is in your best interest. We will disclose only health information relevant to the person’s involvement in your care.
C. PARTICIPATION IN A HEALTH INFORMATION EXCHANGE (HIE):
As part of our health care operations, we intend to participate in an electronic HIE, which is a local or regional arrangement of health care organizations and providers who have agreed to work with each other to facilitate access to health care information that may be relevant to your care. For example, if you are admitted to a facility on an emergency basis and cannot provide important information about your health condition, the HIE will allow participating providers access to your pertinent health information shared from your various providers so that they may be more quickly able to offer you appropriate treatment. When it is needed, ready access to your health information means better care for you. Once we begin participation in a HIE, we will retain health care information (including PHI) about our patients in a shared electronic medical record with other health care providers who also participate in the HIE.
We intend that your PHI be used responsibly by our organization as well as the organizations we are affiliated with such that data will be encrypted and stored within a secure network and if your PHI is transmitted, it will be done over a private secure network, with administrative, physical and technical safeguards in accordance with this Notice and the law.
If you choose not to participate in the electronic HIE, you will be given an opportunity to opt out of the HIE. If you later change your mind, you will be given an opportunity to opt back into the HIE.
D. “OPTING-OUT” OR “OPTING-BACK” INTO THE HEALTH INFORMATION EXCHANGE (HIE):
If you opt-out of the HIE, your health information will continue to be used in accordance with this Notice and the law, but will NOT be made available through the HIE, even in medical emergencies. Your choice for” opting-out” or “opting-back” into the HIE will have to have to be made by a written request. The necessary form to enable you to do so will be provided by the staff at any of our medical office practice sites upon your request.
E. ANY OTHER USES AND DISCLOSURES OF PHI MAY REQUIRE PRIOR WRITTEN AUTHORIZATION:
In most situations not described in Subsections A and B above, we will ask for your written authorization before using or disclosing any of your PHI. If you choose to sign an authorization permitting us to use or disclose your PHI, you can later revoke that authorization in writing to stop any future uses and disclosures (to the extent that we haven’t taken any action relying on the authorization).
In some instances, we may need specific written authorization from you in order to disclose certain types of specially-protected health information such as HIV results, substance abuse and mental health records, and genetic testing information for purposes such as treatment, payment and healthcare operations.
III. WHAT RIGHTS YOU HAVE REGARDING YOUR PHI
You have the following rights with respect to your PHI:
A. The right to request limits on uses and disclosures of your PHI: You have the right to ask that we limit how we use and disclose your PHI. We will consider your request but, we are not legally required to accept it unless the requested restriction involves a disclosure to a health plan for purposes of carrying out payment or health care operations and you have paid out-of-pocket and in full for the item or service to which the disclosure relates. If we accept your request, we will put any limits in writing and abide by them except in emergency situations. You may not limit the uses and disclosures that we are legally required or allowed to make.
B. The right to choose how we send PHI to you: You have the right to ask that we send information to you to an alternate address (for example, sending information to your work address rather than your home address). We must agree to your request so long as we can easily provide it in the format you requested.
C. The right to see and get copies of your PHI: In most cases, you have the right to look at or get copies of your PHI that we have, but you must make the request in writing. If we don’t have your PHI but we know who does, we will tell you how to get it. We will respond to you within 15 days after receiving your written request. In certain situations, we may deny your request. If we do, we will tell you, in writing, our reason for the denial and explain your right to have the denial reviewed. You have the right to request a copy of your health information in electronic format.
A physician may charge “a reasonable fee” for copying medical records, and the Texas State Board of Medical examiners has clarified the interpretation of “reasonable” to be a charge of no more than $25 for the first twenty (20) pages and $.15 per page thereafter. We usually provide medical records to patients when requested for no charge on an annual basis; however, if medical records are requested more frequently than annually, a charge will be submitted.
D. The right to get a list of the disclosures we have made: You have the right to get a list of instances in which we have disclosed your PHI. The list will not include uses or disclosures that you have already consented to, such as those made for treatment, payment, or health care operations, directly to you or to your family. The list also won’t include uses and disclosures made for national security purposes, to corrections or law enforcement personnel, or before April 1, 2003.
We will respond within 60 days of receiving your request. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. We will provide the list to you at no charge, but if you make more than one request in the same year, we will charge you according to our fee schedule for each additional request.
E. The right to correct or update your PHI: If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that we correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. We will respond within 60 days of receiving your request. We may deny your request in writing if the PHI is (i) correct and complete, (ii) not created by us, (iii) not allowed to be disclosed, or (iv) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you don’t file one, you have the right to request that your request and our denial be attached to all future disclosures of your PHI. If we approve your request, we will make the change to your PHI, tell you that we have done it, and tell others that need to know about the change to your PHI.
F. The right to be notified in the event of a “breach” of unsecured PHI: We make every effort to secure the privacy of your PHI. If, however, there is an unauthorized acquisition, use, or access of your unsecured PHI that is a “reportable breach” (under the HITECH Act and the Omnibus Rule), we will notify you in writing within 60 days. The notification will explain the incident, the steps we are taking to lessen any harm that might be caused by the incident, and any steps you should take to protect yourself from any potential harm resulting from the incident. If you have any questions about our procedures in the event of a “breach” of your unsecured PHI, please contact DNA’s Privacy Officer.
G. The right to get this Notice by e-mail. You have the right to get a copy of this Notice by e-mail. Even if you have agreed to receive Notice via e-mail, you also have the right to request a paper copy of this Notice.
IV. HOW TO COMPLAIN ABOUT OUR PRIVACY PRACTICES
If you think that we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI, you may file a complaint with the following person/persons. We will take no retaliatory action against you if you file a complaint about our privacy practices.
DNA Privacy Officer:
Bruce Wall, M.D.
13154 Coit Road
Dallas, TX 75240
Office for Civil Rights:
Office of Civil Rights
U.S. Department of Health and Human Services
1301 Young Street, Suite 1169
Dallas, TX 75202
Fax (214) 767-0432
V. EFFECTIVE DATE OF THIS NOTICE
This Notice went into effect on April 1, 2003, and was amended effective February 17, 2010 with added requirements from the HITECH Act.
This Notice was amended again, effective in November 2012 with the Texas House Bill 300 which requires that patients be provided copies of their requested health information within 15 days of the written request instead of the 30 days as required under HIPAA requirements.
This Notice was amended again, effective September 23, 2013 with added requirements from the final HIPAA Omnibus Rule.
This Notice was amended again, effective January 6, 2014 with change of DNA Privacy Officer.
This Notice was amended again, effective January, 2015.
June 20th, 2016
June 20th, 2016