Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY. 

This Notice is being provided to you in accordance with the requirements of the Standards for Privacy of individually identifiable Health Information of the Health Insurance Portability and Accountability Act (the “HIPAA Privacy Rules”) and by the amendments to the HIPAA Privacy Rules made by the Health Information Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”) and by the final HIPAA OMNIBUS Rule effective on September 23, 2013. 

  1. WE HAVE A LEGAL DUTY TO SAFEGUARD YOUR PROTECTED HEALTH INFORMATION (PHI):

We are legally required to protect the privacy of your health information.  We call this information “protected health information”, or “PHI” for an abbreviation, and it includes information that can be used to identify you that we’ve created or received about your past, present, or future health or condition, the provision of health care to you, or the payment of this health care.  PHI also includes “genetic information” as that term is defined in the HIPAA Privacy Rules.  We must provide you with this Notice about our privacy practices that explains how, when, and why we use and disclose your PHI.  With some exceptions, we may not use or disclose any more of your PHI than is necessary to accomplish the purpose of the use or disclosure.  We are legally required to follow the privacy practices that are described in this Notice.  We prohibit our medical staff and patients from the use or cell phone cameras, video equipment, or recording devices in connection with any patient encounters or anywhere within our office premises without express permission from both the patient and our senior management.  However, we reserve the right to change the terms of this Notice and our privacy policies at any time.  Any changes will apply to the PHI we already have.  Before we make an important change to our policies, we will promptly change this Notice and post a new Notice in the waiting area.  You can also request a copy of this Notice from the office receptionist in the office where your appointment is scheduled and can view a copy of the Notice on our Web site at www.dneph.com

  1. HOW WE MAY USE AND DISCLOSE YOUR PHI:

We use and disclose health information for many different reasons.  We are not required to obtain your consent or authorization to make uses or disclosures of your PHI for the purposes described in Subsections A and B below, and in certain other limited situations.  In some cases, as described in Subsection C and D, you may be given an opportunity to agree or object before the use or disclosure is made.  However, as described in Subsection E below, your prior written authorization is required before we can use or disclose your PHI for most other purposes.  Below, we describe the different categories of our uses and disclosures and give you some examples of each category. 

  1. PRIMARY USES AND DISCLOSURES OF PHI:
  2. For treatment:  We may disclose your PHI to physicians, nurses, medical students, and other health care personnel who provide you with health care services or are involved in your care.  For example, if you’re being treated for a knee injury, we may disclose your PHI to the physical rehabilitation department in order to coordinate your care. 
  3. To obtain payment for treatment:  We may use and disclose your PHI in order to bill and collect payment for the treatment and services provided to you.  For example, we may provide portions of your PHI to our billing department and your health plan to get paid for the health care services we provided to you.  We may also provide your PHI to our business associates, such as billing companies, claims processing companies, and others that process our health care claims. 
  4. For health care operations:  We may disclose your PHI in order to operate our clinical facilities.  For example, we may use your PHI in order to evaluate the quality of health care services that you received or to evaluate the performance of the health care professionals who provided health care services to you.  We may also provide your PHI to our accountants, attorneys, consultants, and others in order to make sure we are complying with the laws that affect us.  It may be necessary to provide PHI for purposes of obtaining malpractice insurance. 
  5. Appointment reminders and health-related benefits or services:  We may use PHI to provide appointment reminders or give you information about treatment alternatives, or other health care services or benefits we offer. 
  6. Fundraising activities:  We may use PHI to raise funds for our organization.  The money raised through these activities is used to expand and support the health care services and educational programs we provide to the community.  If you do not wish to be contacted as part of our fundraising efforts, please notify us in writing and we will not use or disclose your information for these purposes.  However, if we intend to use or disclose any of your substance use disorder treatment records that we create or maintain that are subject to 42 C.F.R. Part 2 for our own personal fundraising purposes, we will provide you with notice and an opportunity to elect not to receive the fundraising communications. 
  7. OTHER POSSIBLE USES AND DISCLOSURES OF PHI:
  8. When a disclosure is required by federal, state or local law, judicial or administrative proceedings, or law enforcement:  For example, we make disclosures when a law requires that we report information to government agencies and law enforcement personnel about victims of abuse, neglect, or domestic violence, when dealing with gunshot and other wounds; or when ordered in a judicial or administrative proceeding. 
  9. For public health activities:  For example, we report information about births, deaths, and various diseases, to government officials in charge of collecting that information, and we provide coroners, medical examiners, and funeral directors necessary information relating to an individual’s death.
  10. For health oversight activities:  For example, we will provide information to assist the government when it conducts an investigation or inspection of a health care provider or organization.
  11. To coroners, medical examiners, funeral directors, or for purposes of organ donation:  We may disclose PHI to a coroner or medical examiner for purposes of identifying a deceased person, determining cause of death, or for the coroner or medical examiner to perform other duties authorized by law.  We may also disclose information to funeral directors, as authorized by law, so that they may carry out their duties.  Further, we may notify organ procurement organizations to assist them in organ, eye, or tissue donation and transplants. 
  12. For research purposes:  In certain circumstances, we may provide PHI in order to conduct medical research.
  13. To avoid harm:  In order to avoid a serious threat to the health or safety of a person or the public, we may provide PHI to law enforcement personnel or persons able to prevent or lessen such harm. 
  14. For specific government functions:  We may disclose PHI of military personnel and veterans in certain situations; and, we may disclose PHI for national security purposes, such as protecting the President of the United States or conducting intelligence operations.
  15. For workers’ compensation purposes:  We may provide PHI in order to comply with workers’ compensation laws. 
  16. Lawsuits and disputes:  If you are involved in a lawsuit or a dispute, we may disclose health information about you in response to a court or administrative order.  Subject to all applicable legal requirements, we may also disclose health information about you in response to a subpoena. 
  17. Family and friends:  We may disclose your health information to your family members or close friends if we obtain verbal agreement to do so or if we give you the opportunity to object to such disclosure and you do not raise an objection.  We may also disclose health information to your family or friends if we can infer from the circumstances based on our professional judgment that you would not object.  For example, we may assume that you agree to our disclosure of your personal health information to your spouse when you bring your spouse with you into the exam room during treatment or when treatment is discussed.  In situations where you are not capable or giving consent, (because you are not present or due to your incapacity or medical emergency), we may determine, using our professional judgment, that a disclosure to your family member or friend is in your best interest.  We will disclose only health information relevant to the person’s involvement in your care. 
  18. Redisclosure:  PHI authorized to be disclosed under HIPAA may be subject to redisclosure by the recipient and no longer protected by HIPAA.
  19. Facility Directory:  We may use or disclose your PHI, such as your name, to maintain a directory of individuals in an applicable Dallas Nephrology Associates (“DNA”) facility that may be used by DNA facility staff members.  If you wish to restrict or limit our use or disclosure of PHI for directory purposes, please notify us in writing at the address listed in Section III(I.).
  20. PARTICIPATION IN A HEALTH INFORMATION EXCHANGE (HIE):

As part of our health care operations, we intend to participate in an electronic HIE, which is a local or regional arrangement of health care organizations and providers who have agreed to work with each other to facilitate access to health care information that may be relevant to your care.  For example, if you are admitted to a facility on an emergency basis and cannot provide important information about your health condition, the HIE will allow participating providers access to your patient health information shared from your various providers so that they may be more quickly able to offer you appropriate treatment.  When it is needed, ready access to your health information means better care for you.  Once we begin participation in an HIE, we will retain health care information (including PHI) about our patients in a shared electronic medical records with other health care providers who also participate in the HIE.  We intend that your PHI be used responsibly by our organization as well as the organizations we are affiliated with such that data will be encrypted and stored within a secure network and, if your PHI is transmitted, it will be done over a private secure network with administrative, physical and technical safeguards in accordance with this Notice and the law.  If you choose not to participate in the electronic HIE, you will be given an opportunity to opt out of the HIE.  If you later change your mind, you will be given an opportunity to opt back into the HIE. 

  • “OPTING OUT” OR “OPTING BACK” INTO THE HEALTH INFORMATION EXCHANGE (HIE): 

If you opt out of the HIE, your health information will continue to be used in accordance with this Notice and the law, but will NOT be made available through the HIE, even in medical emergencies.  Your choice for “opting out” or “opting back” into the HIE will Have to have to be made by a written request. The necessary form to enable you to do so will be provided by the staff at any of our medical office practice sites upon your request. 

  • ANY OTHER USES AND DISCLOSURES OF PHI MAY REQUIRE PRIOR WRITTEN AUTHORIZATION:

In most situations not described in Subsections A and B above, we will ask for your written authorization before using or disclosing 0any of your PHI.  If you choose to sign an authorization permitting us to use or disclose your PHI, you can later revoke that authorization in writing to stop any future uses and disclosures (to the extent that we haven’t taken any action relying on the authorization). 

  1. Marketing of PHI:  We will not use or disclose your PHI for marketing purposes unless we first obtain your written authorization, except for face-to-face communications, promotional gifts of nominal value, or  otherwise as permitted or required by law.
  2. Sale of PHI:  We will not disclose your PHI in connection with a sale of such PHI unless we first obtain your written authorization, except as permitted or required by law.
  3. Psychotherapy Notes:  If we disclose your psychotherapy notes, we will obtain a written authorization prior to such disclosure except as permitted or required by law. 

In some instances, we may need specific written authorization from you in order to disclose certain types of specially-protected health information such as HIV results, substance abuse and mental health records, and genetic testing information for purposes such as treatment, payment and healthcare operations. 

  • LIMITATIONS ON THE USE AND DISCLOSURE OF PHI RELATED TO LEGAL REPRODUCTIVE HEALTHCARE AND SUBSTANCE USE DISORDER SERVICES:

Reproductive Health Care:  We may not use or disclose any of your PHI related to reproductive health care that is lawful under the law of the state in which such health care is provided under the circumstances in which it is provided or if the reproductive health care is protected, required, or authorized by Federal law, including the United States Constitution, under the circumstances in which such health care is provided, regardless of the state in which it is provided (“Legal Reproductive Health Care”), if such use or disclosure may be used (i) to conduct a criminal, civil, or administrative investigation against you, or to impose criminal, civil, or administrative liability against you for the mere act of seeking, obtaining, providing or facilitating Legal, Reproductive Health Care (the “Prohibited Purposes”); or (ii) to identify you for one of the Prohibited Purposes.  For example, if a resident of one state travels to a second state to receive Legal Reproductive Health Care, we may not disclose PHI related to the resident’s travels to obtain Legal Reproductive Health Care for a Prohibited Purpose.  If we receive a request for the disclosure of PHI related to your Legal Reproductive Health Care for health oversight activities, judicial and administrative proceedings, law enforcement purposes, or to a coroner, medical examiner or funeral director for certain authorized purposes, we will not disclose your PHI in response to the request unless, prior to disclosure, we receive a written or electronic attestation from the individual or entity requesting your PHI that (1) states that the PHI will not be used or further disclosed for one of the Prohibited Purposes; and (2) satisfies all of the other requirements of a valid attestation under HIPAA.  For example, if we receive a request for PHI in connection with you seeking, obtaining, providing, or facilitating Legal Reproductive Health Care from a state medical board or other administrative agency for use in a professional disciplinary or other licensure proceeding, we may disclose the PHI to the administrative agency only upon receipt of a written, signed and HIPAA-compliant attestation that the agency will not use or further disclose the PHI for a Prohibited Purpose. 

Substance Use Disorder Treatment Records:  If we receive your substance use disorder treatment records from a program subject to 42 C.F.R. Part 2 or testimony relaying the content of such records, we shall not use or disclose such records in relation to a civil, criminal, administrative, or legislative proceeding against you unless we receive a written consent, or a court order after notice and an opportunity to be heard is provided to you or the holder of the applicable records, as provided in 42 C.F.R Part 2.  A court order authorizing use or disclosure must be accompanied by a subpoena or other legal requirement compelling disclosure before we may use or disclose the requested record. 

  1. WHAT RIGHTS YOU HAVE REGARDING YOUR PHI
  2. The right to request limits on uses and disclosures of your PHI:  You have the right to ask that we limit how we use and disclose your PHI.  We will consider your request but, we are not legally required to accept it unless the requested restriction involves a disclosure to a health plan for purposes of carrying out payment or health care operations and you have paid out of pocket and in full for the item or service to which the disclosure relates.  If we accept your request, we will put any limits in writing and abide by them except in emergency situations.  You may not limit the uses and disclosures that we are legally required or allowed to make.
  3. The right to receive confidential communications:  You have the right to ask that we send information to you to an alternate address (for example, sending information to your work address rather than your home address).  We must agree to your request so long as it is one that we can reasonably accommodate. 
  4. The right to inspect and get copies of your PHI:  In most cases, you have the right to look at or get copies of your PHI that we have, but you must make the request in writing.  If we do not have your PHI but we know who does, we will tell you how to get it.  In accordance with Texas Health & Safety Code 181.102(a), we will respond to you within 15 days of receiving your written request for your electronic health record and we will provide the requested record in electronic form unless you agree to accept the record in another form.  However, we are not required to provide access to your PHI if the PHI is excepted from such access, or if access may be denied, under 45 C.F.R.164.524.  If we deny your access request, we will inform you of the reason for the denial and, to the extent applicable, explain your right to have the denial reviewed.  A physician may charge a reasonable fee for providing you with copies of your medical records.  According to the Texas Medical Board, a reasonable fee for providing the requested records (i) in paper format is a charge of no more than $25.00 for the first (20) pages and $0.50 per page for every copy thereafter; (ii) in electronic format is a charge of no more than $25.00 for five hundred (500) pages or less and $50.00 for more than five hundred (500) pages, and (iii) in a hybrid format, the charge may be a combination of the fees set forth above.
  5. The right to get a list of the disclosures we have made:  You have the right to get a list of instances in which we have disclosed your PHI.  The list will not include uses or disclosures that you have already consented to, such as those made for treatment, payment, or health care operations, directly to you or to your family.  The list also won’t include uses and disclosures made for national security purposes, to corrections or law enforcement personnel, or before April 1, 2003.  We will respond within 60 days of receiving your request.  The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure.  We will provide the list to you at no charge, but if you make more than one request in the same year, we will charge you according to our fee schedule for each additional request. 
  6. The right to correct or update your PHI:  If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request that we correct the existing information or add the missing information. You must provide the request and your reason for the request in writing.  We will respond within 60 days of receiving your request.  We may deny your request in writing if the PHI is (i) correct and complete, (ii) not created by us, (iii) not allowed to be disclosed, or (iv) not part of our records.  Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial.  If you don’t file one, you have the right to request that your request and our denial be attached to all future disclosures of your PHI.  If we approve your request, we will make the change to your PHI, tell you that we have done it, and tell others that need to know about the change to your PHI.
  7. The right to be notified in the event of a “breach” of unsecured PHI:  We will make every effort to secure the privacy of your PHI.  If, however, there is an unauthorized acquisition, use, or access of your unsecured PHI that is a “reportable breach” (under the HITECH Act and the Omnibus Rule), we will notify you in writing within 60 days.  The notification will explain the incident, the steps we are taking to lessen any harm that might be caused by the incident, and any steps you should take to protect yourself from any potential harm resulting from the incident.  If you have any questions about our procedures in the event of a “breach” of your unsecured PHI, please contact DNA’s Privacy Officer.
  8. The right to get this Notice by email:  You have the right to get a copy of this Notice by email.  Even if you have agreed to receive Notice via email, you also have the right to request a paper copy of this Notice. 
  9. To Make a Complaint:  If you believe that your privacy rights have been violated, you may file a complaint with us, the Secretary of the United States Department of Health and Human Services, the Texas Medical Board or the Texas Attorney General, using the addresses and contact information set forth below:  All complaints to Dallas Nephrology Associates must be in writing.  We will take no retaliatory action against you if you file a complaint:  Dallas Nephrology Associates, 13154 Coit Rd., Ste. 100, Dallas, TX  75240 ATTN:  Bruce Wall, M. D.

You may also file a complaint by contacting the Office for Civil rights, Region VI, U.S. Department of Health and Human Services, by mail at 1301 Young St., Ste. 1169, Dallas, TX  75202, by telephone at (800) 368-1019, (214) 767-0432 (fax), or (800) 537-7697 (TDD).  You can also visit https://www.hhs.gov/ocr/privacy/hipaa/complaints.

You can also file a complaint with the Texas Medical Board by filling out the online complaints form (https://public3tmb.state.tx.us/TMB_SSO_Complaint/default.aspx), calling (800) 201-9353 or (512) 305-7100, faxing (512) 463-9416 or (888) 790-0621 or by mailing the complaint to the following address:  Texas Medical Board Investigations Department, P. O. Box 2018, Austin, TX  78768-2018

You can also file a complaint with the Office of the Texas Attorney General by visiting https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint or submitting the online complaint form, available at the above link, via mail to the following address:  Office of the Attorney General, Consumer Protection Division, P.O. Box 12548, Austin, TX  78711-2548.

  1. Contact Information:  For questions, concerns, requests for information, or more information about our Notice of Privacy Practices, please contact our HIPAA Privacy Officer, Bruce Wall, M. D., via phone at (214) 358-2300, or in writing at 13154 Coit Rd., Ste. 100, Dallas, TX  75240.                                                

This Notice last amended effective January 6, 2025.