Home » HIPAA Notice of Privacy Practices
HIPAA Notice of Privacy Practices
Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Effective date: May 9, 2024
Summary
This is a brief summary of how we may use and disclose your protected health information and your rights and choices when it comes to your information. Please note that it does not encompass all aspects of our policy, we recommend reading the complete policy carefully for a more detailed explanation on the following pages.
Your Rights
You have the right to:
- Get a copy of your paper or electronic protected health information.
- Correct your protected health information.
- Ask us to limit the information we share, in some cases.
- Get a list of those with whom we have shared your information.
- Request confidential communication.
- Get a copy of this privacy notice.
- Choose someone to act for you.
- File a complaint if you believe we have violated your privacy rights.
Our Uses and Disclosures
We may use and disclose your information as we:
- Treat you.
- Bill for services.
- Run our organization.
- Do research.
- Comply with the law.
- Respond to organ and tissue donation requests.
- Respond to public health, safety and disasters.
- Work with a medical examiner or funeral director.
- Address workers’ compensation, law enforcement, and other government requests.
- Respond to lawsuits and legal actions.
Uses and Disclosures Not Covered in this Notice
Data Breach Notification
Purpose
This Notice of Privacy Practices (the “Notice”) describes the commitment of Hello Pediatrics Medical Group, PLLC, (“we,” “us” or “our”) to respect and protect your privacy. We are also legally required to maintain the privacy and confidentiality of our patients’ protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state laws.
As part of our commitment and legal compliance, we are providing you with this Notice of Privacy Practices (Notice). This Notice describes:
- Our permitted uses and disclosures of your PHI.
- Your rights regarding your PHI.
- Our legal duties and privacy practices regarding your PHI, including our duty to notify you following a data breach of your unsecured PHI
Contact
If you have any questions about this Notice, please contact us :
Hello Pediatrics Medical Group, PLLC
13135 Route 50, Suite 300
Fairfax, Virginia, 22033
or
Email: compliance@hellopediatrics.com
PHI Defined
Your PHI:
- Is health information about you:
- which someone may use to identify you; and
- which we keep or transmit in electronic, oral, or written form.
- Includes information such as your:
- name;
- contact information;
- past, present, or future physical or mental or medical conditions;
- payment for health care products or services.
Scope
We create a record of the care and health services you receive, to provide your care, and to comply with certain legal requirements. This Notice applies to all the PHI that we generate.
We follow and our employees and other workforce members follow the duties and privacy practices that this Notice describes and any changes once they take effect.
Changes to this Notice
We can change the terms of this Notice, and the changes will apply to all information we have about you. The new notice will be available on request, in our office, and on our website.
Organized Health Care Arrangements
We may participate in an organized health care arrangement (OHCA) as defined by HIPAA. An OHCA allows us to:
- Collectively provide health care services with other hospitals, physician organizations, health plans, and entities.
- Share patients’ PHI to support the participating entities’ joint operations.
Your Rights
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
You have the right to:
- Get a copy of your PHI. You can ask to see or obtain an electronic or paper copy of the PHI that we maintain about you. This right of access applies to your medical and billing records, but does not apply to psychotherapy notes.
- You have the right to ask to obtain a copy of your PHI in records on which we rely to make decisions about your care. This right of access applies to your medical and billing records, but does not apply to psychotherapy notes.
- We may require you to make access requests in writing or by submitting them electronically. If we maintain a record electronically, you may obtain an electronic copy of the record if you ask for an electronic copy.
- We may charge you a reasonable fee for copying and mailing these records.
- We may deny your request for records in certain limited circumstances. If we deny your request in whole or in part, we will provide a letter with the reason for the denial and you may request a review of the decision. This letter will include the review process and how to file a complaint with us or the Secretary of the U.S. Department of Health and Human Services.
- You may request that we provide a copy of your PHI to a family member, another person, or a designated entity. We require that you submit these requests in writing or by submitting them electronically with your signature and clearly identify the designated person and where to send the PHI
- Ask us to amend your medical record. You may ask us to correct or amend PHI that we maintain about you that you think is incorrect or inaccurate. For these requests:
- If we grant your request, the amendment will be included in addition to, and not in place of, the existing information in your record.
- You must submit requests in writing or electronically, specify the inaccurate or incorrect PHI, and provide a reason that supports your request.
- We may deny a request to amend records for any of the following reasons: (i) the request is not in writing or does not include a reason to support the request; (ii) the PHI to which the amendment is requested was not created by or for us; (iii) the PHI is not part of a record used by us to make decisions about your care; (iv) the PHI is not covered by your right to obtain a copy of your records; or (v) we determine the PHI to be correct and complete.
- If we deny your request, you will receive a letter that explains the reason for denial. The letter will explain how to file a complaint with us or the Secretary of the U.S. Department of Health and Human Services. You may also have your disagreement with our denial included in your records.
- Ask us to limit what we use or share. You have the right to ask us to limit what we use or share about your PHI (right to request restrictions). You can contact us and request us not to use or share certain PHI for treatment, payment, or operations or with certain persons involved in your care. We require that you submit this request in writing. For these requests:
- we are not required to agree;
- we may say “no” if it would affect your care; but
- we will agree not to disclose information to a health plan for purposes of payment or health care operations if the requested restriction concerns a health care item or service for which you or another person, other than the health plan, paid in full out-of-pocket, unless it is otherwise required by law.
- Get a list of those with whom we’ve shared your PHI. You have the right to request an accounting of certain PHI disclosures that we have made. For these requests:
- To request an accounting of disclosures, you may submit a written request to the compliance@hellopediatrics.com. Your request must include the time for which the accounting is sought.
- We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures, such as any you asked us to make.
- We will provide one accounting a year for free, but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
- Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI.
- Request confidential communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or at a specific address. For these requests:
- you must specify how or where you wish to be contacted, please indicate your preference during intake or contact compliance@hellopediatrics.com; and
- we will accommodate reasonable requests.
- Make a complaint. You have the right to complain if you feel we have violated your rights. We will not retaliate against you for filing a complaint. You may either file a complaint:
- directly with us by contacting compliance@hellopediatrics.com; or
- with the Office for Civil Rights at the US Department of Health and Human Services. Send a letter to Centralized Case Management Operations, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W. Room 509F HHH Bldg., Washington, D.C. 20201; or visit www.hhs.gov/ocr/privacy/hipaa/complaints/.
Uses and Disclosures of Your PHI
The law permits or requires us to use or disclose your PHI for various reasons, which we explain in this Notice. We have included some examples, but we have not listed every permissible use or disclosure. When using or disclosing PHI or requesting your PHI from another source, we will make reasonable efforts to limit our use, disclosure, or request about your PHI to the minimum we need to accomplish our intended purpose.
Uses and Disclosures for Treatment, Payment, or Health Care Operations
- Treatment. We may use or disclose your PHI to provide, coordinate or manage your health care. We may disclose your PHI to nurses, physicians, technicians, students, and others involved in your care. We may also share your PHI with third-party providers, agencies and facilities in order to provide, coordinate or manage your health care, such as prescriptions, lab work and X-rays, or to facilitate continuing medical care for you after your treatment by us.
- Billing and payment. In order to receive payment for the services we provide to you, we may use or disclose your PHI to certain entities, such as your health insurance company or other third party payor, such as Medicare or Medicaid. For example, to receive payment, we must submit a bill to your insurer with your diagnosis, treatment and identifying information, which may include your Social Security number as required. We may also share your PHI with another provider, agency or facility, such as an ambulance company or subcontractor working with us, who has provided you services so they may bill you, your health insurance company or third party payor.
- Healthcare Operations. We may use and disclose your PHI as part of our operations, including without limitation:
- Quality assessment, patient surveys and improvement activities;
- Protocol development, case management and care coordination;
- Contacting health care providers and patients with information about treatment alternatives and other related information;
- Professional review and performance evaluation;
- Training programs for example, those in which students, trainees or practitioners in healthcare learn under supervision;
- Training of non-health care professionals;
- Training in software systems such as AI;
- Accreditation, certification, licensing or credentialing activities;
- Review and auditing, including compliance reviews, medical reviews, legal services and compliance programs;
- Business planning and development; and
- Business management and general administrative activities.
Other Uses and Disclosures
We may share your information in other ways, usually for public health or research purposes or to contribute to the public good. For more information on permitted uses and disclosures, see www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. For example, these other uses and disclosures may involve:
- Business associates. We may use and disclose your PHI to outside persons or entities that perform services on our behalf, such as billing, scheduling, electronic records, information technology services, auditing, legal, or transcription (Business Associates). The law requires our business associates and their subcontractors to protect your PHI in the same way we do. We also contractually require these parties to use and disclose your PHI only as permitted and to appropriately safeguard your PHI.
- Appointment Reminders. We may use and share your PHI to remind you of appointments for treatment or care.
- Individuals Involved in Your Care or Payment for Your Care. Unless you say otherwise, we may release your PHI to people involved in your care or payment for your care, such as family members or close friends. We may disclose your PHI to a “patient representative,” which is a person with legal authority to make health decisions for you. The parent or legal guardian of a minor is typically the minor’s patient representative, unless the minor is permitted by law to act independently and make his or her own medical decisions in certain circumstances. We may also allow your family and friends to act on your behalf to pick-up filled prescriptions, medical supplies, X-rays, and similar forms of PHI when we determine, in our professional judgment, such disclosures are in your best interest. If you do not want your PHI to be released to individuals involved in your care or payment for your care, please indicate your preference at the time the services are provided or contact compliance@hellopediatrics.com.
- Health information exchanges. We may participate in health information exchanges (HIEs), which support electronic information sharing among members for treatment, payment, and health care operations purposes.
- Fundraising. We may contact you for fundraising efforts. We may use your PHI, such as the location where you were seen, in order to contact you to ask for a charitable contribution to support research, teaching or patient care, if you do not wish to be contacted about fundraising activities, please contact compliance@hellopediatrics.com.
- Patient List; Marketing. Unless you object, we may use some of your PHI to maintain a list of patients we have served. This information may include your name, place of treatment, and the services we provided to you. This patient list and the information on it may be used for marketing purposes. We may use your PHI to contact you about treatment options and other health-related services we offer that may interest you. We will never sell your PHI to a third party without your written authorization. However, we may receive payments to disclose your PHI for certain limited purposes allowed by law, such as public health reporting, treatment or research.
- Complying with the law. For example, we will share your PHI if the Department of Health and Human Services requires it when investigating our compliance with privacy laws.
- Specialized Government Functions. We may use and disclose PHI of military personnel and veterans under certain circumstances. We may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities, and for the provision of protective services to the president or other authorized persons or foreign heads of state or to conduct special investigations.
- Helping with public health and safety issues. For example, we may share your PHI to:
- report injuries, births, and deaths;
- prevent disease;
- report adverse reactions to medications or medical device product defects;
- report suspected child neglect or abuse, or domestic violence; or
- avert a serious threat to public health or safety.
- Disaster Relief Efforts. We may disclose your PHI with public or private entities assisting with disaster relief efforts, such as the American Red Cross, so that your family can be notified about your condition and location. If reasonable while trying to respond to the emergency, we will try to find out whether you want us to share this information as indicated in our records.
- Psychotherapy Notes. We will not use or disclose your psychotherapy notes without your prior written authorization except for the following: 1) use by the originator of the notes for your treatment, 2) for training our staff, students and other trainees, 3) to defend ourselves if you sue us or bring some other legal proceeding, 4) if the law requires us to disclose the information to you or the Secretary of HHS or for some other reason, 5) in response to health oversight activities concerning your psychotherapist, 6) to avert a serious and imminent threat to health or safety, or 7) to the coroner or medical examiner after you die. To the extent you revoke an authorization to use or disclose your psychotherapy notes, we will stop using or disclosing these notes.
- Change of Ownership. In the event that this medical practice is sold or merged with another organization, your health information/record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.
- Responding to legal actions. For example, we may share your PHI to respond to:
- a court or administrative order or subpoena;
- discovery request; or
- another lawful process.
- Research. We may use or disclose your PHI for certain research purposes in accordance with federal and state law. In most cases, researchers will contact you to ask if you are interested in participating in a research study only after receiving your authorization to contact you. In some cases, federal law allows us to use your PHI for research without your authorization if the research has been approved by an Institutional Review Board (IRB) or other special review board that ensures patient safety, welfare and confidentiality. Federal law also allows researchers to review your PHI while preparing for future research, so long as identifying information does not leave our possession. Research studies will not affect your treatment or welfare, and your PHI will continue to be protected. If you have any questions about how your PHI may be used in research, please contact compliance@hellopediatrics.com.
- Working with medical examiners or funeral directors. For example, we may share PHI with coroners, medical examiners, or funeral directors when an individual dies.
- Responding to organ and tissue donation requests. For example, we may share your PHI to arrange an authorized organ or tissue donation from you or a transplant for you.
- Addressing workers’ compensation, law enforcement, or other government requests. For example, we may use and disclose your PHI for:
- workers’ compensation claims;
- health oversight activities by federal or state agencies;
- law enforcement purposes or with a law enforcement official; or
- specialized government functions, such as military and veterans’ activities, national security and intelligence, presidential protective services, or medical suitability.
- Incidental Disclosures. Although we strive to protect the confidentiality of your PHI, disclosure of your PHI may occur during or as an unavoidable result of an otherwise permissible use or disclosure. For example, when you speak with personnel to facilitate medical care, another patient may overhear you. “Incidental disclosures” are permissible.
- Special Categories of Information. Certain categories of PHI, including HIV-related, mental health, genetic, and alcohol and substance abuse information, receive additional protections under the law. We will abide by all additional protections.
Uses and Disclosures Not Covered in this Notice
Uses and disclosures of your PHI not covered in this Notice or applicable laws will be made only with your written authorization, which will be obtained before disclosure. You have the right to revoke your authorization in writing at any time. However, we will be unable to revoke any disclosures previously made in reliance on your authorization.
If you are not able to tell us your preference, for example if you are unconscious, we may share your information if we believe it is in your best interest, according to our best judgment. We may also share your information when needed to lessen a serious and imminent threat to health or safety
Data Breach Notification
We will promptly notify you if a data breach occurs that may have compromised the privacy or security of your PHI.