NOTICE OF PRIVACY PRACTICES
HEALTH INFORMATION PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
The Health Insurance Portability & Accountability Act of 1996, as amended by the HITECH Act and the final omnibus rule (“HIPAA”), is a federal program that requires that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper, or orally, are kept properly confidential. HIPAA gives you significant rights to understand and control how your health information is used. HIPAA provides penalties for covered entities and business associates that misuse personal health information.
As required by HIPAA, we have prepared this explanation of how we are required to maintain the privacy of your health information and how we may use and disclose your health information.
The following are situations where the law allows us to make use or disclosure of your health information without obtaining your permission:
We may use and disclose your medical records for each of the following purposes: treatment, payment, and health care operations.
- Treatment means providing, coordinating, or managing health care and related services by one or more health care providers. An example of this would include case management.
- Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collection activities, and utilization review. An example of this would be adjudicating a claim and reimbursing a provider for an office visit.
- Health care operations include the business aspects of running the Plan, such as conducting quality assessment and improvement activities, auditing functions, cost-management analysis, and customer service. An example would be an internal quality assessment review.
We may also create and distribute de-identified health information by removing all references to individually identifiable information.
We may contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you without your prior authorization unless such communications are considered to be “marketing” as described below.
In some instances, we may contract with business associates for the payment and health care operations services we provide. For example, we may use an outside company to administer and manage the Plan. We may disclose your health information to our business associates so that they can perform the work that we ask them to. However, to protect your health information, we require that our business associates protect the privacy of your information and HIPAA requires that they do so as well.
Uses or Disclosures Required or Permitted by Law. We may use or disclose health information if the law requires us to use or disclose it for certain reasons. We may also disclose health information if a state law requires us to audit or monitor situations and for licensing or certifying health care facilities or professionals.
Public Health Authorities. We may disclose your health information to public health authorities that need the information to prevent or control disease, injury, or disability or handle situations where children are abused or neglected.
Food and Drug Administration (FDA). We may disclose health information when there are problems with a product that is regulated by the FDA. For instance, when the product has harmed someone, is defective, or needs to be recalled, we may disclose certain information.
Communicable Diseases. We may disclose health information to a person who has been exposed to a communicable disease or may be at risk of spreading or contracting a disease or condition. Employment-Related Situations. We may disclose health information to an employer when the employer is allowed by law to have that information for work-related reasons. We may also disclose health information for workers’ compensation programs.
Disclosures About Victims of Abuse, Neglect, or Domestic Violence. We may disclose health information to appropriate authorities if we have reason to believe that a person has been a victim of abuse, neglect, or domestic violence.
Disclosures for Health Care Oversight. We may disclose health information so that government agencies can monitor or oversee the health care system and government benefit programs and be sure that certain health care entities are following regulatory programs or civil rights laws like they should.
Disclosures for Judicial or Administrative Proceedings. We may disclose health information in a court or other type of legal proceeding if it is requested through a legal process, such as a court order or a subpoena.
Disclosures for Law Enforcement Purposes. We may disclose health information to law enforcement if it is required by law; if needed to help identify or locate a suspect, fugitive, material witness, or missing person; if it is about an individual who is or is suspected to be the victim of a crime; if we think that a death may have resulted from criminal conduct; or if we think the information is evidence that criminal conduct occurred on our premises.
Uses or Disclosures in Situations Involving Decedents. We may use or disclose health information to coroners, medical examiners, or funeral directors so that they can carry out their responsibilities.
Uses or Disclosures Relating to Organ Donation. We may use or disclose health information to organizations involved in organ donation or organ transplants.
Uses or Disclosures Relating to Research. We may use or disclose health information for research purposes if the privacy of the information will be protected in the research.
Uses or Disclosures to Avert Serious Threat to Health or Safety. We may use or disclose your health information to appropriate persons or authorities if we have reason to believe it is needed to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
Uses or Disclosures Related to Specialized Government Functions. We may use or disclose health information to the federal government for military purposes and activities, national security, and intelligence, or so it can provide protective services to the U.S. President or other official persons.
Uses or Disclosures for Law Enforcement Custodial Situations. We may disclose health information about a person in a prison or other law enforcement custody situation for health, safety, and security reasons.
Uses or Disclosures to Those Involved in Paying for Your Care. We may disclose health information to a family member, other relative, close personal friend, or any other individual you identify if that information is relevant to their involvement in paying for your health care. If possible, we will inform you in advance and allow you to prohibit or limit the disclosure of information to such persons.
Disclosures to Plan Sponsor. We may disclose health information to the Company as the Plan Sponsor of the Plan.
Marketing. Communications of health information for the purpose of “marketing” generally require your authorization. A communication about a product or service that encourages you to purchase or use the product or service is considered “marketing.” A “marketing” communication requires your authorization, unless the Plan receives no financial remuneration for the communication and the communication relates to (i) a health-related product or service provided by the Plan to you, (ii) your treatment or (iii) case management or coordination for your benefits under the Plan. In addition, “marketing” does not include refill reminders or other communications about a drug or biologic that is currently being prescribed to you, only if any financial remuneration received by the Plan in exchange for the communication is reasonably related to the Plan’s cost of making the communication (i.e., the Plan is not making a profit on the disclosure). The Plan will never sell your protected health information without your authorization.
Any other uses and disclosures will be made only with your written authorization. Additionally, the Plan will not use or disclose genetic information for underwriting purposes. You may revoke any authorization you provide in writing, and we are required to honor and abide by that written request, except to the extent that we have already taken actions relying on your authorization.
You have the following rights with respect to your protected health information, which you can exercise by presenting a written request to the Privacy Officer:
- The right to request restrictions on certain uses and disclosures of protected health information, including those related to disclosures to family members, other relatives, close personal friends, or any other person identified by you. We are not, however, required to agree to a requested restriction; except that we will comply with your request if the request involves a disclosure not otherwise required by law and pertains solely to a health care item or service for which someone other than the Plan has paid in full. If we do agree to a restriction, we must abide by it unless you agree in writing to remove it.
- The right to reasonable requests to receive confidential communications of protected health information from us by alternative means or at alternative locations.
- The right to inspect and copy your protected health information. You may obtain a copy in an electronic format of health information we use or maintain in an electronic health record and direct us to transmit a copy of the electronic health record directly to a third party you designate. We may charge you a fee to copy and mail the information to you or to prepare a summary or explanation, and a reasonable fee for our labor costs for sending the electronic copy of your health information.
- The right to amend your protected health information.
- The right to receive an accounting of non-routine disclosures of protected health information from the Plan, for up to 6 years prior to your request. In addition, you have the right to receive an accounting of disclosures of protected health information from electronic health records for treatment, payment, and health care operations, to the extent the Plan maintains such records for you.
- The right to request and receive a paper copy of this notice, even if you agreed to receive it electronically.
- The right to receive notification from the Plan in the event there is a breach of unsecured protected health information.
We are required by law to maintain the privacy of your protected health information and to provide you with this notice of our legal duties and privacy practices with respect to protected health information.
This notice is effective as of January 2022, and we are required to abide by the terms of the Notice of Privacy Practices currently in effect. We reserve the right to change the terms of our Notice of Privacy Practices and to make the new notice provisions effective for all protected health information that we maintain. We will post and you may request a written copy of a revised Notice of Privacy Practices from this office.
You have recourse if you feel that your privacy protections have been violated by us. You have the right to file a formal, written complaint with us at the address below, or with the Department of Health & Human Services, Office for Civil Rights, about violations of the provisions of this notice or the policies and procedures of our office. We will not retaliate against you for filing a complaint.
Please contact us for more information:
Advanced Skin & Laser Center / Binhlam Aesthetics
Sonia Romero Practice Manger 1649 Westgate Circle, Ste 100
Brentwood, TN 37027 Phone: 615-843-7546
Email: sromero@advancedskinlaser.com
For more information about HIPAA or to file a complaint:
The U.S. Department of Health & Human Services Office for Civil Rights
200 Independence Avenue, S.W. Washington, D.C. 20201 Phone: (202) 619-0257 Toll Free: 1-877-696-6775
www.hhs.gov/ocr/privacy/hipaa/complaints