NOTICE OF PRIVACY PRACTICES
IDENTITY THEFT PREVENTION/DETECTION AND RED FLAG RULE COMPLIANCE
HEARING HEALTH CENTERS, PC
PLEASE REVIEW IT CAREFULLY
EFFECTIVE DATE: September 1, 2013
If you have any questions about this notice, please contact:
Paul D. Nelson, Privacy Officer
The Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) as revised in the 2013 HIPAA Omnibus Rule is a federal program that requires that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, or paper, or orally, are kept properly confidential. This Act gives you, the patient, significant new rights to understand and control how your health information is used. “HIPAA” provides penalties for covered entities that misuse personal health information.
It is the policy of Hearing Health Centers, P.C. to follow all federal and state laws and reporting requirements regarding identity theft as outlined in the Fair & Accurate Credit Transactions Act of 2003 (FACTA).
This notice describes how we may use and disclose your protected health information to carry out treatment, payment or audiological/health care operations and for other purposes that are permitted or required by law. This Notice also describes your rights and our duties with respect to your protected health information. The medical practice reserves the right to make changes in the Notice of Privacy Practices. The Notice describes your rights to access and control your protected health information. “Protected health information” is information about you that may identify you and that relates to your past, present or future physical or mental health/condition and related audiological/health care services. We must follow the privacy practices that are described in this Notice while it is in effect. If you have any questions about this Notice, please contact our Privacy Officer, Paul D. Nelson, Au.D., at (712) 262-7774 or firstname.lastname@example.org.
Hearing Health Centers, P.C. will (1) identify, (2) detect and (3) respond to “red flags.” A “red flag” as defined in this policy includes a pattern, practice, or specific account or record of activity that indicates possible identity theft. Although identity theft most commonly is associated with financial transactions, there are increasing concerns about identity fraud in medical care. Medical identity theft can surface when a patient seeks care using the name or insurance information of another person which can result in both false billing and corruption of a patient’s medical record. It is the policy of Hearing Health Centers, P.C. that, pursuant to the existing HIPAA Security Rule and FACTA, appropriate physical, administrative and technical safeguards will be in place to reasonably safeguard protected health information and sensitive information related to patient identity from any intentional or unintentional use or disclosure.
Who Will Follow This Notice:
This notice describes the privacy policies of our practice and that of:
- Any health care professional authorized to enter information into your medical record
- All employees of the Hearing Health Centers, PC
- Contractually bound business associates
- Written acknowledgement of your receipt of this notice
Our Pledge Regarding PHI, Identity & Medical Information
We understand that medical information about you and your health is personal, and we are committed to protecting it. A record of the care and services you receive at this practice is created and maintained at the office location where you receive care. This notice applies to all of those records of your care. All members of our workforce have been trained by September 1, 2013 and new employees will be trained on the policies and procedures governing compliance with the Red Flags Rule within a reasonable time after joining the work force.
- 1. Identify Red Flag (In the course of caring for patients, Hearing Health Centers, P.C. may encounter inconsistent or suspicious documents, information or activity that may signal identify theft. Hearing Health Centers, P.C. identifies the following as potential red flags and this policy includes procedures describing how to detect and respond to these red flags)
- 1. A complaint or question from patient based on patient’s receipt of
- a. bill for another individual
- b. denies receiving service/product
- c. receipt of EOB for services not received by this patient
- d. collection notice or bill from collector
- e. insurer report of exhausted benefits
- 2. Patient has insurance number but can’t produce insurance card or other physical evidence of coverage.
- 3. Notice or inquiry from insurance fraud investigator for private health insurance, or law enforcement agency.
- 4. Notification by law enforcement that an identity theft has been reported.
- 1. A complaint or question from patient based on patient’s receipt of
- 2. Detect Red Flags (Hearing Health Centers, P.C. staff will be alert for discrepancies in documents and patient information that suggest risk of identity theft or fraud. Staff will verify patient ID, address, insurance coverage at time of check-in/registration. Staff will require copy of photo ID for patient record.
- 1. Patient will be requested to provide a photo ID for patient chart
- a. Child without photo ID, get ID of insured parent
- b. Nursing Home Resident, if photo not available then verify ID with Nursing Home administration and document such on Acknowledgement sheet for chart.
- 2. Verify information on patient registration (Patient Info Sheet) every six months
- 3. Staff should be alert for possible ID theft in the following situations:
- c. photo ID does not resemble patient
- d. ID appears to be forged or altered
- e. Signature does not match patient records
- 1. Patient will be requested to provide a photo ID for patient chart
- 3. Respond to Red Flags (If staff of Hearing Health Centers, P.C. detects or suspects fraudulent activity or if patient claims to be victim of identity theft, Hearing Health Centers, P.C. will respond and investigate.)
- 1. Staff will gather all documentation and report to Privacy Officer.
- 2. If Privacy Officer determines activity to be fraudulent the following actions may occur:
- a. Cancel transaction (not collecting debt from true consumer)
- b. Medical information about identity thief is kept in separate medical record from that of actual patient
- c. Notify Law Enforcement
- d. Notify affected patient
- e. Encourage patient to complete ID Theft Affidavit by FTC
- f. Notify Management and make notations in affected patient record
We are required by law to:
- Make sure that medical information that identifies you is kept private
- Provide you this notice of our legal duties and privacy practices regarding your medical information
- Follow the terms of the notice that is currently in effect. We may change the terms of our notice at any time. The new notice will be effective for all protected health information that we maintain at this time. Upon your request, we will provide you with any revised Notice of Privacy Practices. You may obtain a copy by calling our office and requesting that a revised copy be sent to you in the mail or asking for one at the time of your next appointment or accessing our website at www.hearinghealthcenters.net
HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
The following categories describe the different ways that we may use and disclose your protected health information. These examples are not meant to be exhaustive, but to illustrate the types of uses and disclosures that may be made.
We may use and disclose your protected health information to provide, coordinate, or manage your audiological treatment and any related services. We may also disclose your protected health information to other third party providers involved in your audiological/health care. For example, your protected health information may be provided to a physician or other audiological/health care provider (e.g. a specialist or laboratory) to whom you have been referred to ensure that the physician or other audiological/health care provider has the necessary information to diagnose or treat you.
We may use and disclose your protected health information so that the treatment and health care services you receive may be billed to you, your insurance company, a government program, or third party payers. This may include certain activities that your health insurance plan may undertake before it approves or pays for the audiological/health care services we recommend for you, such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities. For example, we may provide your health plan with medical information about the audiological/health care services Hearing Health Centers rendered to you for reimbursement purposes.
- Audiological/Health Care Operations
We may use and disclose your protected health information for audiological/health care operation purposes. These uses and disclosures are necessary to make sure that all of our patients receive quality care and for our operation and management purposes. For example, we may use your protected health information to review the quality of the treatment and services you receive and to evaluate the performance of our team members in caring for you. We also may disclose information to audiologists, physicians, nurses, technicians, medical students, and other personnel for educational and learning purposes.
- Treatment Communications
We may provide treatment communications concerning treatment alternatives or other health related products or services. For communications for which we or a business associate may receive financial remuneration in exchange for making the communication, we must obtain written authorization unless the communication is made face-to-face and/or involving promotional gifts of nominal value. If you do not wish to receive these communications please submit a written request to our Privacy Officer, Paul D. Nelson, Au.D., Hearing Health Centers, 119 E 5th Street PO Box 17, Spencer, IA 51301.
- Fundraising Activities
We may use or disclose your demographic information and dates of services provided to you, as necessary, in order to contact you for fundraising activities supported by Hearing Health Centers. You have the right to opt out of receiving fundraising communications. If you do not want to receive these materials, please submit a written request to our Privacy Officer, Paul D. Nelson, Au.D., Hearing Health Centers, 119 E 5th Street PO Box 17, Spencer, IA 51301.
- Others Involved in Your Healthcare
Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest, based on our professional judgment. Also, for example, if you are brought into this office and are unable to communicate normally with your clinician for some reason, we may find it is in your best interest to give your hearing instrument and other supplies to the friend or relative who brought you in for treatment. We may also use and disclose protected health information to notify such persons of your location, general condition, or death. We also may coordinate with disaster relief agencies to make this type of notification. We also may use professional judgment and our experience with common practice to make reasonable decisions about your best interests in allowing a person to act on your behalf to pick up your hearing instruments, supplies, records, or other things that contain protected health information about you.
- Required by Law
We may use or disclose your protected health information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.
- Public Health
We may disclose your protected health information for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability. We may also disclose your protected health information, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
- Business Associates
We may disclose your protected health information to our business associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. To protect your health information, however, we require the business associate to appropriately safeguard your information.
- Communicable Diseases
We may disclose your protected health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
- Health Oversight
We may disclose your protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies
seeking this information include government agencies that oversee the audiological/health care system, government benefit programs, other government regulatory programs and civil rights laws.
- Abuse or Neglect
We may disclose your protected health information to a public health authority that is authorized by law to receive reports of abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
- Food and Drug Administration
We may disclose your protected health information to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance, as required by law.
- Legal Proceedings
We may disclose your protected health information in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), and in certain conditions in response to a subpoena, discovery request or other lawful process.
- Law Enforcement
We may disclose your protected health information, so long as applicable legal requirements are met, for law enforcement purposes.
- Coroners, Funeral Directors, and Organ Donation
We may disclose your protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose your protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out its duties. We may disclose such information in reasonable anticipation of death. Protected health information may be used and disclosed for cadaveric organ, eye or tissue donation purposes.
We may disclose your protected health information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information.
- Serious Threat to Health or Safety
Consistent with applicable federal and state laws, we may disclose your protected health information to prevent or lessen a serious threat to your health and safety or to the health and safety of another person or the public.
- Military Activity and National Security
If you are involved with military, national security or intelligence activities or if you are in law enforcement custody, we may disclose your protected health information to authorized officials so they may carry out their legal duties under the law.
- Workers’ Compensation
We may disclose your protected health information as authorized for workers’ compensation or other similar programs that provide benefits for a work-related illness.
- For Data Breach Notification Purposes
We may use or disclose your protected health information to provide legally required notices of unauthorized access to or disclosure of your health information.
- Required Uses and Disclosures
Under the law, we must make disclosures to you and when required by the Secretary of the
U.S. Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500 et. Seq.
SPECIAL PROTECTIONS FOR HIV, ALCOHOL AND SUBSTANCE ABUSE, MENTAL HEALTH AND GENETIC INFORMATION
Certain federal and state laws may require special privacy protections that restrict the use and disclosure of certain health information, including HIV-related information, alcohol and substance abuse information, mental health information, and genetic information. Some parts of this Notice may not apply to these types of information.
USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION BASED UPON YOUR WRITTEN AUTHORIZATION
The following uses and disclosures will be made only with your written authorization:
- Uses and disclosures of protected health information for marketing purposes for which we or a business associate may receive remuneration; and
- Disclosures that constitute a sale of protected health information. Other uses and disclosures of your protected health information not described in this Notice will be made only with your written authorization, unless otherwise permitted or required by law. You may revoke this authorization, at any time, in writing, except to the extent that Hearing Health Centers has taken an action in reliance on the use or disclosure indicated in the authorization. Additionally, if a use or disclosure of protected health information described above in this Notice is prohibited or materially limited by other laws that apply to use, it is our intent to meet the requirements of the more stringent law.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
The following is a statement of your rights with respect to your protected health information and a brief description of how you may exercise these rights.
- Right to be Notified if there is a Breach of Your Protected Health information
You have the right to be notified upon a breach of any of your unsecured protected health information.
- Right to Inspect and Copy
You may inspect and obtain a copy of your protected health information that is contained in your medical and billing records and any other records that Hearing Health Centers uses for making decisions about you. To inspect and copy your medical information, you must submit a written request to our Privacy Officer, Paul D. Nelson, Au.D., Hearing Health Centers, 119 E 5th Street PO Box 17, Spencer, IA 51301. If you request a copy of your information, we may charge you a reasonable fee for the costs of copying, mailing or other costs incurred by us in complying with you request. Under federal law, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and protected health information that is subject to law that prohibits access to protected health information. Depending on the circumstances, we may deny your request to inspect and/or copy your protected health information. A decision to deny access may be reviewable. Please contact our Privacy Officer, Paul D. Nelson, Au.D., at (712) 262-7774 or email@example.com if you have questions about access to your medical record.
- Right to Request Restrictions
You may ask us not to use or disclose any part of your protected health information for the purposes of treatment, payment or healthcare operations. You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice. To request a restriction on who may have access to your protected health information, you must submit a written request to our Privacy Officer, Paul D. Nelson, Au.D., Hearing Health Centers, 119 E 5th Street PO Box 17, Spencer, IA 51301. Your request must state the specific restriction requested and to whom you want the restriction to apply. Hearing Health Centers is not required to agree to a restriction that you may request, unless you are asking us to restrict the use and disclosure of your protected health information to a health plan for payment or audiological/health care operation purposes and such information you wish to restrict pertains solely to a audiological/health care item or service for which you have paid us “out-of-pocket” in full. If we believe it is in your best interest to permit the use and disclosure of your protected health information, your protected health information will not be restricted. If we do agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment.
- Right to Request Confidential Communication
You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable requests. You must request this by submitting a written request to our Privacy Officer, Paul D. Nelson, Au.D., Hearing Health Centers, 119 E 5th Street PO Box 17, Spencer, IA 51301.
- Right to Request Amendment
You may request an amendment of your protected health information contained in your medical and billing records and any other records that Hearing Health Centers uses for making decisions about you, for as long as we maintain the protected health information. You must request for an amendment by submitting a written request to our Privacy Officer, Paul D. Nelson, Au.D., Hearing Health Centers, 119 E 5th Street PO Box 17, Spencer, IA 51301, and provide the reason(s) that support your request. In certain cases, we may deny your request for an amendment. If we deny your request for an amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.
- Right to an Accounting of Disclosures
You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information. This right applies to disclosures for purposes other than treatment, payment or healthcare operations as described in this Notice. It excludes disclosures we may have made to you, for a resident directory, to family members or friends involved in your care, or for notification purposes. The right to receive this information is subject to certain exceptions, restrictions and limitations. Additionally, limitations are different for electronic health records. You must request for an accounting of disclosures by submitting a written request to our Privacy Officer, Paul D. Nelson, Au.D., Hearing Health Centers, 119 E 5th Street PO Box 17, Spencer, IA 51301, and provide the reason(s) that support your request.
- Right to Obtain a Paper Copy of this Notice
You have the right to receive a paper copy of this Notice even if you have agreed to receive this notice electronically. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this Notice, you can contact our Privacy Officer, Paul D. Nelson, Au.D., at (712) 262-7774 or firstname.lastname@example.org. You may also obtain a copy of this Notice at www.hearinghealthcenters.net.
COMPLAINTS OR QUESTIONS
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services. If you have a question about this Notice or wish to file a complaint with us, please contact our Privacy Officer, Paul D. Nelson, Au.D., at (712) 262-7774 or email@example.com or the Corporate Privacy Officer at the address listed below. All complaints must be submitted in writing. Hearing Health Centers will not retaliate against you for filing a complaint.
CHANGES TO THIS NOTICE
We reserve the right to change this Notice at any time. The new Notice will be effective for all health information we already have about you as well as any information we receive in the future. You can also obtain a revised Notice at www.hearinghealthcenters.net or by contacting our Privacy Officer, Paul D. Nelson, Au.D., Hearing Health Centers, 119 E 5th Street, PO Box 17, Spencer, IA 51301.