HIPAA Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
HIPAA NOTICE OF PRIVACY PRACTICES
Effective Date: 12/23/2015
If you have questions about this notice, please contact the PALM Privacy Officer at (314) 801-8898 or firstname.lastname@example.org.
WHO WILL FOLLOW THIS NOTICE
This notice describes the practices of:
- PALM Integrative Medicine, P.C., PALM Integrative Health Saint Louis, LLC, PALM Management Company, LLC, and their respective parents, subsidiaries and affiliates, together, PALM Health (“PALM”).
- Any health care professional authorized to enter information into your medical record maintained by PALM.
- Any persons or companies with whom PALM does business, i.e., “Business Associates.”
- All these persons, entities, sites, and locations follow the terms of this notice. In addition, these persons, entities, sites, and locations may share medical information with each other for treatment, payment, or health care operations purposes and other purposes described in this notice.
OUR PLEDGE REGARDING MEDICAL INFORMATION
We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive from PALM. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care, and billing for that care, that are generated or maintained by PALM, whether made by PALM personnel, other health care providers or PALM’s Business Associates. Other health care providers may have different policies or notices about confidentiality and disclosure that apply to your medical information that is created in their offices or at locations other than PALM.
This notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of your medical information.
We are required by law to:
- Make sure that medical information that identifies you is kept private
- Give you this notice of our legal duties and privacy practices of PALM, and your legal rights, with respect to medical information about you
- Follow the terms of the notice that is currently in effect
HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU
The following categories describe different ways that we use and disclose medical information. For each category of uses or disclosures, we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of these categories.
- For Treatment. We may use medical information about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, medical students, volunteers, or other personnel who are involved in taking care of you at PALM. For example, a doctor treating you for a broken hip may need to know if you have diabetes because diabetes may slow the healing process. We also may disclose medical information about you to people outside PALM who may be involved in your medical care after you have been treated by PALM, such as friends, family members, or employees or medical staff members of any hospital or skilled nursing facility to which you are transferred or subsequently admitted.
- For Payment. We may use and disclose medical information about you so that the treatment and services you receive from PALM may be billed by PALM, and payment may be collected from you, an insurance company, or a third party. For example, we may need to give your health plan information about treatment you received from PALM, so your health plan will pay us or reimburse you for such treatment. We also may disclose information about you to another health care provider, such as a hospital or skilled nursing facility to which you are admitted, for their billing activities concerning you.
- For Health Care Operations. We and our Business Associates may use and disclose medical information about you for health care operations. These uses and disclosures are necessary to operate PALM, and make sure that all of our patients receive quality care. For example, we may use medical information to evaluate the performance of our staff in caring for you. We may also combine medical information about many patients to decide what additional services PALM should offer, and what services are not needed. We may also disclose information to doctors, nurses, technicians, and other personnel affiliated with PALM for educational, training and quality assurance purposes. We may remove information that identifies you from this set of medical information, de-identified protected health information, so others may use it to study health care and health care delivery without learning the identities of specific patients. We also may disclose information about you to another health care provider for its health care operations purposes if you have received care from that provider.
- Treatment Alternatives. We may use and disclose medical information to tell you about or recommend different ways to treat you.
- Individuals Involved in Your Care or Payment for Your Care. We may release medical information about you to a friend or family member who is involved in your medical care. This would include persons named in any durable health care power of attorney or similar document provided to us. We may also give information to someone who helps pay for some or all of your care. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status, and location. You can object to these releases by telling us that you do not wish any or all individuals involved in your care to receive this information. If you are not present or cannot agree or object, we will use our professional judgment to decide whether it is in your best interest to release relevant information to someone who is involved in your care or to an entity assisting in a disaster relief effort.
- As Required or Permitted by Law. We may disclose medical information about you when required or permitted to do so by federal, state, or local law.
- To Avert a Serious Threat to Health or Safety. We may use and disclose medical information about you when it appears necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure would be to someone who appears able to help prevent the threat and will be limited to the information needed.
- Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation, or to an organ donation bank as necessary to facilitate organ or tissue donation and transplantation.
- Active Duty Military Personnel and Veterans. If you are an active duty member of the armed forces or Coast Guard, we must give certain information about you to your commanding officer or other command authority so that your fitness for duty or for a particular mission may be determined. We may also release medical information about foreign military personnel to the appropriate foreign military authority. We may use and disclose to components of the Department of Veterans Affairs medical information about you to determine whether you are eligible for certain benefits.
- Workers’ Compensation. In accordance with state law, we may release without your consent medical information about your treatment for a work related injury or illness or for which you claim workers’ compensation through your employer, insurer, or care manager paying for that treatment under a workers’ compensation program that provides benefits for work-related injuries or illness.
- Public Health Risks. We may disclose, without your consent, medical information about you for public health activities. These activities generally include but are not limited to the following:
- To report, prevent, or control disease, injury, or disability
- To report births and deaths
- To report reactions to medications or problems with products
- To notify people of recalls of products they may be using
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
- To report suspected abuse or neglect as required by law
- Health Oversight Activities. We may disclose, without your consent, medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. The government uses these activities to monitor the health care system, government programs, and compliance with civil rights laws.
- Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we must disclose medical information about you in response to a court or administrative order. We also may disclose medical information about you in response to a subpoena or other lawful process from someone involved in a civil dispute.
- Law Enforcement. We may release, without your consent, pursuant to applicable state or federal law, medical information to a law enforcement official:
- In response to a court order, warrant, summons, grand jury demand, or similar process
- To comply with mandatory reporting requirements for violent injuries, such as gunshot wounds, stab wounds, and poisonings
- In response to a request from law enforcement for certain information to help locate a fugitive, material witness, suspect, or missing person
- To report a death or injury we believe may be the result of criminal conduct
- To report suspected criminal conduct committed at PALM facilities
- Coroners and Medical Examiners. We may release, without your consent, medical information to a coroner or medical examiner. This may be done, for example, to identify a deceased person or determine the cause of death. We may also release medical information about deceased patients of PALM to funeral directors to carry out their duties.
- National Security and Intelligence Activities. We may release, without your consent, medical information about you as required by applicable law to authorized federal or state officials for intelligence, counterintelligence, or other governmental activities prescribed by law to protect our national security.
- Protective Services for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state, or to conduct special investigations.
- Psychotherapy Notes. Regardless of the other parts of this Notice, psychotherapy notes will not be disclosed outside PALM except as authorized by you in writing or pursuant to a court order, or as required by law. Psychotherapy notes about you will not be disclosed to personnel working within PALM, except for training purposes or to defend a legal action brought against PALM, unless you have properly authorized such disclosure in writing.
- Inmates. If you are an inmate of a correctional institution or in the custody of law enforcement, we may release medical information about you to the correctional institution or law enforcement official who has custody of you, if the correctional institution or law enforcement official represents to PALM that such medical information is necessary: (1) to provide you with health care; (2) to protect your health and safety or the health and safety of others; (3) to protect the safety and security of officers, employees, or others at the correctional institution or involved in transporting you; (4) for law enforcement to maintain safety and good order at the correctional institution; or (5) to obtain payment for services provided to you. If you are in the custody of the Missouri Department of Corrections (DOC) and the DOC requests your medical records, we are required to provide the DOC with access to your records.
YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU
You have the following rights regarding medical information we maintain about you:
- Right to Inspect and Copy. You have the right to inspect and receive a copy of your medical records, unless your attending physician determines that information in those records, if disclosed to you, would be harmful to your mental or physical health. If we deny your request to inspect and receive a copy of your medical information on this basis, you may request that the denial be reviewed. Another licensed health care professional, chosen by PALM, will review your request and the denial. The person conducting the review will not be the person who denied your request. We will do what this reviewer decides.
- If we have all or any portion of your medical information in an electronic format, you may request an electronic copy of those records or request that we send an electronic copy to any person or entity you designate in writing.
- Your medical information is contained in records that are the property of PALM. To inspect or receive a copy of medical information that may be used to make decisions about you, you must submit your request in writing to PALM’s Privacy Officer. If you request the copy of the information, we may charge a reasonable cost-based fee for the costs of copying, mailing, or other supplies associated with your request, and we may collect the fee before providing the copy to you. If you agree, we may provide you with a summary of the information instead of providing you with access to it, or with an explanation of the information instead of a copy. Before providing you with such a summary or explanation, we first will obtain your agreement to pay, and will collect the fees, if any, for preparing the summary or explanation.
- Right to Amend. If you feel that medical information we have about you in your record is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for PALM. To request an amendment, make your request in writing to PALM’s Privacy Officer. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason tosupport the request. In addition, we may deny your request for amendment of information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment
- Is not part of the medical information created or maintained by PALM
- Is not part of the information that you would be permitted to inspect and copy
- Has been determined to be accurate and complete If we deny your request for an amendment, you may submit a written statement of disagreement and ask that it be included in your medical record.
- Right to an Accounting of Disclosures. You have the right to request a list of certain disclosures we have made of medical information about you during the past six years. To request this list or accounting of disclosures, submit your request, in writing, to PALM’s Privacy Officer, and state whether you want the list delivered on paper or electronically. Your requested time period may not be longer than six years. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. We may collect the fee before providing the list to you.
- Right to Request Restrictions. Except where we are required to disclose the information by law, you have the right to request a restriction or limitation on the medical information we use or disclose about you. For example, you could revoke any and all authorizations you previously gave us relating to disclosure of your medical information. We are not required to agree to your request, with the exception of restrictions on disclosures to your health plan, as described below. If we do agree, we will comply with your request unless the information is needed to provide you with emergency treatment. To request restrictions, make your request in writing to PALM’s Privacy Officer. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse. You may request that we do not disclose your medical information to your health insurance plan for some or all of the services you receive during a visit to any PALM location. If you pay the charges for those services you do not want disclosed, in full at the time of such service, we are required to agree to your request. “In full” means the amount we charge for the service, not your copay, coinsurance, or deductible responsibility when your insurer pays for your care. Please note that once information about a service has been submitted to your health plan, we cannot agree to your request. If you think you may wish to restrict the disclosure of your medical information for a certain service, please let us know as early in your visit as possible.
- Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail, or at another mailing address other than your home address. We will accommodate all reasonable requests. We will not ask you the reason for your request. To request confidential communications, make your request in writing to the Privacy Officer and specify how or where you wish to be contacted.
- Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice or any revised notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. To obtain a copy of this notice, request a copy from PALM ’s Privacy Officer in writing.
CHANGES TO THIS NOTICE
We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current notice at PALM’s office and on PALM’s website. The notice will contain the effective date and the revised date on the first page. If the notice changes, a copy will be available to you upon request.
INVESTIGATIONS OF BREACH OF PRIVACY
We will investigate any discovered unauthorized use or disclosure of your medical information to determine if it constitutes a breach of the federal privacy or security regulations addressing such information. If we determine that such a breach has occurred, we will provide you with notice of the breach and advise you what we intend to do to mitigate the damage (if any) caused by the breach, and about the steps you should take to protect yourself from potential harm resulting from the breach.
If you believe your privacy rights have been violated or if you have any questions regarding this policy, you may file a complaint with PALM by contacting our Privacy Officer, by mail at PALM Health, Attn: Privacy Officer, 9160 Clayton Road, St. Louis MO 63124, by phone at (314)-801-8898 or by email at email@example.com.
All complaints must be submitted in writing. You can file a complaint with the United States Department of Health and Human Services by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
You will not be penalized for filing a complaint.
OTHER USES OF MEDICAL INFORMATION
Other uses and disclosures of medical information not covered by this notice may be made only with your written authorization or as required by law. If you authorize us to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. Your revocation will be effective as of the end of the day on which you provide it in writing to PALM’s Privacy Officer. If you revoke your permission, we will no longer use or disclose medical information about you for the purposes that you previously had authorized in writing. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.
GENERAL DATA PROTECTION REGULATION
PALM is located within in the United States. We will endeavor to meet those data protection laws and regulations (including the General Data Protection Regulation, or “GDPR”) to which we may be subject as and when applicable to the services provided by us.
The GDPR was passed by the European Parliament and establishes a standard for data privacy for all member states of the European Economic Area (“EEA”) (“EU”). It purpose is to give EEA residents (described as “data subjects” by the GDPR) certain rights over their Personal Information, including, the:
- Right of access: Individuals can ask for a copy of the Personal Information retained about them and an explanation of how it is being used.
- Right to rectification: Individuals have the right to correct, revise or remove any of the Personal Information retained about them at any time.
- Right to be forgotten: Individuals can ask to delete their Personal Information.At your request, we will remove your contact information from the system, and we will not contact you again.
- Right to restrict processing: If an individual believes, for example, that their Personal Information is inaccurate or collected unlawfully, the individual may request limited use of their Personal Information.
- Right of portability: Individuals have the right to receive their Personal Information in a structured, commonly used and machine-readable format.
- Right to object: Where an individual decides that they no longer wish to allow their Personal Information to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, the individual may opt out of use of their data for these purposes.