HIPAA NOTICE OF PRIVACY PRACTICES
Effective Date: October 1, 2020
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. PLEASE REVIEW IT CAREFULLY.
Your medical information is personal. M&M Eye Institute (“M&M”) and its employees are dedicated to maintaining the privacy of your personal health information (“PHI”), as required by applicable federal and state laws. These laws require us to provide you with this Notice of Privacy Practices, and to inform you of your rights and our obligations concerning PHI, which is information that identifies you and that relates to your physical or mental health condition. We are required to follow the privacy practices described below while this Notice is in effect.
Permitted Disclosures of PHI. We may disclose your PHI for the following reasons:
- Treatment. We may disclose your PHI to a physician or other health care M&M providing treatment to you. For example, we may disclose medical information about you to physicians, nurses, technicians or personnel who are involved with the administration of your care.
- Payment. We may disclose your PHI to bill and collect payment for the services we provide to you. For example, we may send a bill to you or to a third party payor (e.g., your health insurance company) for the rendering of services by us. The bill may contain information that identifies you, your diagnosis and procedures and supplies used. We may need to disclose this information to insurance companies to establish insurance eligibility benefits for you. We may also provide your PHI to our Business Associates, such as billing companies, claims processing companies and others that process our health care claims.
- Health Care Operations. We may disclose your PHI in connection with our health care operations. Health care operations include quality assessment activities, reviewing the competence or qualifications of health care professionals, evaluating M&M performance, and other business operations. For example, we may use your PHI to evaluate the performance of the health care services you received. We may also provide your PHI to accountants, attorneys, consultants and others to make sure we comply with the laws that govern us.
- Emergency Treatment. We may disclose your PHI if you require emergency treatment or are unable to communicate with us.
- Family and Friends. We may disclose your PHI to a family member, friend or any other person who you identify as being involved with your care or payment for care, unless you object.
- Required by Law. We may disclose your PHI for law enforcement purposes and as required by state or federal law. For example, the law may require us to report instances of abuse, neglect or domestic violence; to report certain injuries such as gunshot wounds; or to disclose PHI to assist law enforcement in locating a suspect, fugitive, material witness or missing person. We will inform you or your representative if we disclose your PHI because we believe you are a victim of abuse, neglect or domestic violence, unless we determine that informing you or your representative would place you at risk. In addition, we must provide PHI to comply with an order in a legal or administrative proceeding. Finally, we may be required to provide PHI in response to a subpoena discovery request or other lawful process, but only if efforts have been made, by us or the requesting party, to contact you about the request or to obtain an order from a court or administrative body to protect the requested PHI.
- Serious Threat to Health or Safety. We may disclose your PHI if we believe it is necessary to avoid a serious threat to the health and safety of you or the public.
- Public Health. We may disclose your PHI to public health or other authorities charged with preventing or controlling disease, injury or disability, or charged with collecting public health data.
- Health Oversight Activities. We may disclose your PHI to a Health Oversight Agency for activities authorized by law. These activities include audits; civil, administrative or criminal investigations or proceedings; inspections; licensure or disciplinary actions; or other activities necessary for oversight of the health care system, government programs and compliance with civil rights laws.
- Research. We may disclose your PHI for certain research purposes, but only if we have protections and protocols in place to ensure the privacy of your PHI.
- Workers’ Compensation. We may disclose your PHI to comply with laws relating to workers’ compensation or other similar programs.
- Specialized Government Activities. If you are active military or a veteran, we may disclose your PHI as required by military command authorities. We may also be required to disclose PHI to authorized federal officials for the conduct of intelligence or other national security activities.
- Coroners, Medical Examiners, Funeral Directors. We may disclose your PHI to coroners, or medical examiners for the purposes of identifying a deceased person or determining the cause of death, and to funeral directors as necessary to carry out their duties.
- Disaster Relief. Unless you object, we may disclose your PHI to a governmental agency or private entity (such as FEMA or Red Cross) assisting with disaster relief efforts.
- (Daily Operations. On the day of your appointment, we may ask you to sign your name on a log or “Sign in Sheet” where it could be viewed by other individuals. Throughout your appointment, your full name may be called in our reception area(s) where others may overhear.
- We may use and disclose medical information to contact you as a reminder that you have an appointment for medical care or that you are due to receive periodic care.
- We may contact you by phone, voicemail message, e-mail or in writing. These notifications could be (potentially) intercepted by others. We will disclose as little information as possible, but messages may include notification of optical goods ready for pick up, appointment reminders, access to our patient portal, review of post- operative instructions or other important information.
- Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
Disclosures Requiring Written Authorization.
- Not Otherwise Permitted. In any other situation not described in Section (a) above, we may not disclose your PHI without your written authorization.
- Psychotherapy Notes. We must receive your written authorization to disclose psychotherapy notes, except for certain treatment, payment or health care operations activities.
- Marketing and Sale of PHI. We must receive your written authorization for any disclosure of PHI for marketing purposes or for any disclosure which is a sale of PHI.
- Right to Receive a Paper Copy of This Notice. You have the right to receive a paper copy of this Notice upon request.
- Right to Access PHI. You have the right to inspect and copy your PHI for as long as we maintain your medical record. You must make a written request for access to the M&M representative at the address listed at the end of this Notice. We may charge you a reasonable fee for the processing of your request and the copying of your medical record. In certain circumstances we may deny your request to access your PHI, and you may request that we reconsider our denial. Depending on the reason for the denial, another licensed health care professional chosen by us may review your request and the denial.
- Right to Request Restrictions. You have the right to request a restriction on the use or disclosure of your PHI for the purpose of treatment, payment, or health care operations, except for in the case of an emergency. You also have the right to request a restriction on the information we disclose to a family member or friend who is involved with your care or the payment of your care. However, we are not legally required to agree to such a restriction.
- Right to Restrict Disclosure for Services Paid by You in Full. You have the right to restrict the disclosure of your PHI to a Health Plan if the PHI pertains to health care services for which you paid in full directly to us.
- Right to Request Amendment. You have the right to request that we amend your PHI if you believe it is incorrect or incomplete, for as long as we maintain your medical record. We may deny your request to amend if:
- we did not create the PHI;
- is not information that we maintain,
- is not information that you are permitted to inspect or copy (such as psychotherapy notes), or
- we determine that the PHI is accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures of PHI made by us (other than those made for treatment, payment or health care operations purposes) during the 6 years prior to the date of your request. You must make a written request for an accounting, specifying the time period for the accounting, to the M&M representative at the address listed at the end of this Notice.
- Right to Confidential Communications. You have the right to request that we communicate with you about your PHI by certain means or at certain locations. For example, you may specify that we call you only at your home phone number, and not at your work number. You must make a written request, specifying how and where we may contact you, to the HIPAA Privacy Officer at the address listed at the end of this Notice.
- Right to Notice of Breach. You have the right to be notified if we or one of our Business Associates becomes aware of a breach of your unsecured PHI.
Changes to this Notice. We reserve the right to change this Notice at any time in accordance with applicable law. Prior to a substantial change to this Notice related to the uses or disclosures of your PHI, your rights or our duties, we will revise and distribute this Notice. The new notice will be available upon request, in our office, and on our website.
Acknowledgment of Receipt of Notice. We will ask you to sign an acknowledgment that you received this Notice.
Questions and Complaints. If you would like more information about our privacy practices or have questions or concerns, please contact us. If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made regarding the use, disclosure, or access to you PHI, you may complain to us by contacting the Privacy Officer at the address and phone number at the end of this Notice. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file such a complaint upon request.
We support your right to the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services. Please direct any of your questions or complaint:
Questions / Concerns:
HIPAA Privacy Officer: Janice Miers, COA
63 S Rockford Drive, Ste. 220, Tempe, AZ 85281
Compliance Line: 602-508-4837
M&M Eye Institute will in no way penalize you for filing a complaint.
M&M Eye Institute does not discriminate against any person on the basis of race, color, national origin, disability, or age in admission, treatment, or participation in its programs, services and activities, or in employment.
For further information about this policy, contact our compliance officer, 602-508-4837