Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices describes how Piedmont Hospice, LLC may use and disclose your protected health information to carry out treatment, payment or health care operations, and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” is information about you, including demographic information that may identify you and that relates to your past, present or future physical and/or mental health, and related health care services. We are committed to maintaining your confidentiality and protecting your health information.
- We are required by law to:
- maintain the privacy of your Protected Health Information;
- provide you with this Notice of our legal duties and privacy practices relating to your Protected Health Information; and
- abide by the terms of the Notice that are currently in effect.
WITH YOUR CONSENT WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION FOR TREATMENT, PAYMENT AND HEALTH CARE OPERATIONS
You will be asked to sign a consent allowing us to use and disclose your Protected Health Information to others to provide you with treatment, obtain payment for our services, and run our health care operations. We will initially limit the use and disclosure of your Protected Health Information, to the extent practicable, to a limited data set (a limited data set does not include your direct identifiers) or, if needed, to the minimum necessary to accomplish the intended purpose of such use, disclosure or request. Here are examples of how we may use and disclose your health information.
For Treatment: We will use and disclose your Protected Health Information to health care professionals to provide you with health care services. For example, we may consult with a physician located at another location to determine how to best treat you.
For Payment: We may use and disclose your Protected Health Information to others in order for us to bill and receive payment for your health care services. For example, we may include your health information in our claim to your insurance company, Medicare or Medicaid in order to receive payment for your services. We may also disclose your health information to other health care providers so that they can receive payment for their services.
For Health Care Operations: We may use and disclose your Protected Health Information to others for our business operations. For example, we may use your Protected Health Information to maintain and improve patient care, evaluate our services and educate our staff.
WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION FOR OTHER SPECIFIC PURPOSES
As Required By Law: We will disclose your Protected Health Information when and as required by law to do so.
Business Associates. We may share your Protected Health Information with our vendors and agents who create, receive, maintain or transmit Protected Health Information for certain functions or activities on behalf of the Provider. These are called our “Business Associates” and include any subcontractor that creates, receives, maintains or transmits Protected Health Information on behalf of the Provider. For example, we may give your health information to a billing company to assist us with our billing for services, or to a law firm or an accounting firm that assists us in complying with the law and for improving our services. To protect and safeguard your health information we require our Business Associates and subcontractors to appropriately safeguard your information.
Family and Friends Involved in Your Care: Unless you object, we may disclose your Protected Health Information to a family member or close personal friend, including clergy, who is involved in your care or payment for that care.
Personal Representative: If you have a personal representative, such as a legal guardian, we will treat that person as if that person is you with respect to disclosures of your Protected Health Information. If you become deceased, we may disclose your health information to an executor or administrator of your estate, to the extent that person is acting as your personal representative or to your next of kin, as permitted under state and federal law.
Disaster Relief: We may disclose your Protected Health Information to an organization assisting in a disaster relief effort.
Public Health: We may disclose your Protected Health Information for public health activities including the reporting of disease, injury, vital events, defective medical devices or problems with medications, recalls of products, and the conduct of public health surveillance, investigation and/or intervention. We may also disclose your information to notify a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition if a law permits us to do so.
Health Oversight: We may disclose your Protected Health Information to health oversight agencies authorized by law to conduct audits, investigations, inspections, licensure actions or other legal proceedings. Oversight agencies include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
Reporting Victims of Abuse, Neglect or Domestic Violence: If we have reason to believe that you have been a victim of abuse, neglect or domestic violence, we may use and disclose your Protected Health Information to notify a government authority if required or authorized by law, or if you agree to the report.
Law Enforcement: We may disclose your Protected Health information for certain law enforcement purposes or other specialized governmental functions. Examples of law enforcement purposes include limited requests for the purpose of identification and location of a suspect, fugitive or missing person; or disclosure under certain circumstances pertaining to victims of crime.
Judicial and Administrative Proceedings: We may disclose your Protected Health Information in the course of certain judicial or administrative proceedings, such as responses to subpoenas, discovery request or other lawful process.
Research: In general, we will request that you sign a written authorization before using your Protected Health Information or disclosing it to others for research purposes. However, we may use or disclose your health information without your written authorization for research purposes provided that the research has been reviewed and approved by a special Privacy Board or Institutional Review Board.
De-identified Information: We may use your Protected Health Information to create “de-identified” information or we may disclose your information to a Business Associate so that the Business Associate can create de-identified information on our behalf. When we “de-identify” health information, we remove information that identifies you as the source of the information, health information is considered “de-identified” only if there is no reasonable basis to believe that the health information could be used to identify you.
Limited Data Set: We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research, public health, and health care operations.
Coroners, Medical Examiners, Funeral Directors, Organ Procurement Organizations: We may release your Protected Health Information to a coroner, medical examiner, funeral director or, if you are an organ donor, to an organization involved in the donation of organs and tissue.
Workers’ Compensation: We may use or disclose your Protected Health Information to comply with laws relating to workers’ compensation or similar programs.
National Security and Intelligence Activities; Protective Services: We may disclose Protected Health Information to authorized federal officials who are conducting national security and intelligence activities or as needed to provide protection to the President of the United States, or other important officials.
Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your Protected Health Information to the correctional institution or law enforcement official as necessary: (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
YOUR AUTHORIZATION IS REQUIRED FOR OTHER USES OF YOUR PROTECTED HEALTH INFORMATION
We will use and disclose your Protected Health Information other than as described in this Notice or required by law only with your written authorization. You may revoke your authorization to use or disclose Protected Health Information in writing, at any time. To revoke your authorization, contact our Privacy Officer. If you revoke your authorization, we will no longer use or disclose your Protected Health Information for the purposes covered by the authorization, except where we have already relied on the authorization.
Marketing, Treatment Alternatives and Health-Related Benefits: In most circumstances, we are required by law to receive your written authorization before we use or disclose your health information for marketing purposes. Under no circumstances will we sell our patient lists or your health information to a third party without your written authorization. We may contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you.
YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION
You have the following rights with respect to your Protected Health Information. If you wish to exercise any of these rights, please submit your request to our Privacy Officer.
Right of Access to Protected Health Information. You have the right to inspect and obtain a copy of your Protected Health Information, subject to some limited exceptions. Your request must be in writing to our Privacy Officer. You have the right to access your information in electronic format, if available. We must allow you to inspect your records within 10 days of your request. If you request copies of the records, we must provide you with copies within a reasonable time but not more than 30 days if the records are maintained onsite or 60 days if the records are maintained off-site. Under certain circumstances, we may extend the time to provide you with copies for an additional 30 days. We may charge a reasonable fee for our costs in copying and mailing your requested information or provision of information in electronic format.
In certain limited circumstances, we may deny your request to inspect or receive copies. If we deny access to your Protected Health Information, we will provide you with a summary of the information, and you have a right to request review of the denial. We will provide you with information on how to request a review of our denial and how to file a complaint with us or the Secretary of the Department of Health and Human Services. Contact our Privacy Officer if you have any questions regarding access to your medical records.
Right to Receive Notice of a Breach. We will notify you by first class mail or by e-mail (if you have indicated a preference to receive information by e-mail), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of the breach. A “Breach” means the unauthorized access, acquisition, use, or disclosure of Protected Health Information which compromises the security or privacy of Protected Health Information, except: (1) an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information; (2) any unintentional acquisition, access, or use of Protected Health Information by an employee or individual acting under the authority of a covered entity or business associate (a) was made in good faith and within the course and scope of the employment or other professional relationship of such employee, or individual, respectively, with the covered entity or business associate; and (b) such information is not further acquired, accessed, or used or disclosed by any person; or (3) any inadvertent disclosure from an individual who is otherwise authorized to access Protected Health Information at a facility operated by a covered entity or business associate to another similarly situated individual at the same facility provided that any such information received as a result of such disclosure is not further acquired, accessed, used, or disclosed without authorization. The Provider must notify you of any breach unless we can demonstrate, based on a risk assessment, that there is a low probability that the Protected Health Information has been compromised.
“Unsecured Protected Health Information” is information that is not secured through the use of a technology or methodology identified by the U.S. Department of Health and Human Services to render the Protected Health Information unusable, unreadable and undecipherable to unauthorized users. The notice is required to include the following information:
- A brief description of the breach, including the date of the breach and the date of its discovery, if known;
- A description of the type of Unsecured Protected Health Information involved in the breach;
- Steps you should take to protect yourself from potential harm resulting from the breach;
- A brief description of action we are taking to investigate the breach, mitigate losses, and protect against further breaches; and contact information, including a toll-free number, e-mail address, Website or postal address to permit you to ask questions or obtain additional information.
In the event the breach involves 10 or more individuals whose contact information is out of date, we will post a notice of the breach on the home page of our web site or in a major print or broadcast media. If the breach involves more than 500 individuals in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 individuals, we are required to immediately notify the Secretary of Health and Human Services. We are also required to submit an annual report to the Secretary of a breach that involved less than 500 individuals during the year and will maintain a written log of breaches involving less than 500 individuals. Notification to the Secretary will occur within 60 days of the end of the calendar year in which the breach was discovered.
Right to Request Restrictions. You have the right to request restrictions on the way we use and disclose your Protected Health Information for our treatment, payment or health care operations. You also have the right to request restrictions on the way we disclose your Protected Health Information to a family member, friend or other person who is involved in your care or the payment for your care. To request a restriction, you must submit a written request to our Privacy Officer. We are not required to agree to your requested restriction, and in some cases, the law may not permit us to accept your restriction. However, if we do agree to accept your restriction, we will comply with your restriction except in the case of an emergency or if the use or disclosure is required by law. If your restriction applies to disclosure of information to a health plan, for payment or health care operations purposes and is not otherwise required by law and where you paid out of pocket, in full, for items or services, we are required to honor that request. We will usually respond to your request within 60 days. Occasionally, we may need additional time to prepare the accounting. If so, we will notify you of our delay, the reason for the delay, and the date when you can expect the accounting.
Right to an Accounting of Disclosures. You have the right to request an “accounting” of our disclosures of your Protected Health Information. This is a listing of certain disclosures of your Protected Health Information made by the Provider or by others on our behalf, but does not include disclosures made for treatment, payment and health care operations or certain other purposes unless the records are maintained in an Electronic Health Record. Records maintained in an Electronic Health Record will include disclosures made for treatment, payment, health care operations and other purposes.
You must submit a request in writing to our Privacy contact, stating a time period that is within six years or less from the date of your request. Where an Electronic Health Record is used, we will provide you with an accounting of disclosures for a three year period. You are entitled to one free accounting within one 12-month period. For additional requests, we may charge you our costs.
Right to Request Amendment. If you think that your Protected Health Information is not accurate or complete, you have the right to request that the Provider amend such information for as long as the information is kept in our records. Your request must be in writing to our Privacy Officer and must state the reason for the requested amendment. We will usually respond within 60 days, but will notify you within 60 days if we need additional time to respond, the reason for the delay and when you can expect our response. We may deny your request for amendment, and if we do so, we will give you a written denial including the reasons for the denial and an explanation of your right to submit a written statement disagreeing with the denial.
Right to a Paper Copy of This Notice. You have the right to obtain a paper copy of this Notice, even if you have agreed to receive this Notice electronically. You may request a copy of this Notice at any time. You may obtain a copy of this Notice at our website, http://www.piedmonthospice.com/ or by calling our office and requesting that a copy be brought to you at your next scheduled visit.
Right to Request Confidential Communications. You have the right to request that we communicate with you concerning personal health matters in a certain manner or at an alternative location. Your request must be in writing to our Privacy contact. We will accommodate your reasonable requests.
If you believe that your privacy rights have been violated, you may file a complaint in writing with us or with the Office of Civil Rights in the U.S. Department of Health and Human Services. To file a complaint with us, or for more information regarding filing a complaint, contact our Privacy Officer. No one will retaliate or take action against you for filing a complaint.
You may contact our Privacy contact, Dee Ratley, 501A Deanna Lane Wando, SC 29492 Phone: (843-766-3331), for further information about the complaint process.
CHANGES TO THIS NOTICE
We reserve the right to change this Notice and to make the revised or new Notice provisions effective for all Protected Health Information already received and maintained by the Provider as well as for all Protected Health Information we receive in the future. We will promptly revise and distribute this Notice whenever there is a material change to the uses or disclosures, your individual rights, our legal duties, or other privacy practices stated in this Notice. Upon your request, a copy of any revised Notice may be obtained by calling the office or requesting one at the time of your next scheduled visit. You can obtain a copy of this notice electronically at http://www.piedmonthospice.com/ or by contacting our Privacy contact.
This Notice was revised on September 20, 2013 and becomes effective on September 23, 2013.