Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. WE ARE REQUIRED TO PROVIDE THIS NOTICE PURSUANT TO FEDERAL LAW, SPECIFICALLY THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”).
This Notice of Privacy Practices (the “Notice”) describes the privacy practices of Mistye Taylor, M.D. (“Mistye Taylor M.D.”, “we” or “us”) as they relate to maintaining the privacy of your health information (“Protected Health Information” or “PHI”), which is important to us. PHI is information about you, including basic information that may identify you and relates to your past, present, or future health or condition and the dispensing of pharmaceutical products to you. We take the responsibility for maintaining the privacy of your PHI very seriously
Our Pledge
We are required by federal and applicable state law, regulations, and other authorities to protect the privacy of your PHI and to provide you with this Notice. Our staff is required to protect the confidentiality of your PHI and will disclose your PHI to a person other than you or your personal representative only when permitted under federal or state law. This protection extends to any PHI that is oral, written, or electronic, such as prescriptions transmitted by facsimile, modem, or other electronic device. This Notice describes how we may use and disclose your PHI. In some circumstances, as described in this Notice, the law permits us to use and disclose your PHI without your express permission. In all other circumstances, we will obtain your written authorization before we use or disclose your PHI. This Notice also describes your rights and the obligations we have regarding the use and disclosure of your PHI. Under federal and applicable state law, we are required to follow the terms of the Notice currently in effect..
How we may use and disclose your PHI without your permission
Treatment, Payment or Health Care Operations Below are examples of how Federal law permits use or disclosure of your PHI for these purposes without your permission:
1. Treatment: Dispensing medications. PHI obtained by Mistye Taylor, M.D. will be used to dispense prescription medications. We will document information related to the medications dispensed and services provided in your record. Patient Contacts. We may contact you to provide treatment-related services, such as refill reminders, treatment alternatives (e.g., available generic products), and other health related benefits and services that may be of interest to you.
2. Payment: We may contact your insurer, payor, or other agent and share your PHI with that entity to determine whether it will pay for your prescription and the payment amount. We may also contact you about a payment or balance due for prescriptions dispensed to you at Mistye Taylor, M.D.
3. Health care operations: Service. Your PHI may be used to monitor the effectiveness of our services. Transfer. Your PHI may be transferred for purposes of carrying out the services if we buy another group practice or sell the group. Benefits/Research. We may also use your PHI to tell you about opportunities that may be of interest to you.
Other Special Circumstances. We are permitted under federal and applicable state law to use or disclose your PHI without your permission only when certain circumstances may arise, as described below. We may use or disclose your PHI for the following purposes: Business associates: We may from time to time provide some services through other companies termed “business associates” (Pathgroup, Natera, Myriad, The Perinatal Group, Tristar Stonecrest) Federal law requires us to enter into business associate contracts to safeguard your PHI as required by Mistye Taylor, M.D. and by law.
Individuals involved in your care or payment for care: We may disclose your PHI to a friend, personal representative, or family member involved in your medical care. For example, if we can reasonably infer that you agree, we may provide prescriptions and related information to your caregiver on your behalf.
Disclosures to parents or legal guardians: If you are a minor, we may release your PHI to your parents or legal guardians when we are permitted or required under federal and applicable state law.
Worker’s compensation: We may disclose your PHI to the extent authorized and necessary to comply with laws relating to worker’s compensation or similar programs established by law.
Law enforcement: We may disclose your PHI for law enforcement purposes as required by law or in response to a court order, subpoena, warrant, summons, or similar process; to identify or locate a suspect, fugitive, material witness, or missing person; about a death resulting from criminal conduct; about crimes on the premises or against a member of our workforce; and in emergency circumstances, to report a crime, the location, victims, or the identity, description, or location of the perpetrator of a crime.
As required by law: We must disclose your PHI when required to do so by applicable federal or state law. Judicial and administrative proceedings: If you are involved in a lawsuit or a legal dispute, we may disclose your PHI in response to a court or administrative order, subpoena, discovery request, or other lawful process.
Public health: We may disclose your PHI to federal, state, or local authorities, or other entities charged with preventing or controlling disease, injury, or disability for public health activities. These activities may include the following: disclosures to report reactions to medications or other products to the U.S. Food and Drug Administration or other authorized entity; disclosures to notify individuals of recalls, exposure to a disease, or risk for contracting or spreading a disease or condition.
Health oversight activities: We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections, as necessary for our licensure and for government monitoring of the health care system, government programs, and compliance with federal and applicable state law.
United States Department of Health and Human Services: Under federal law, we are required to disclose your PHI to the U.S. Department of Health and Human Services to determine if we are in compliance with federal laws and regulations regarding the privacy of health information. Although we may not engage in the following activities, under federal or applicable state law, we are allowed to use or disclose your PHI without your permission for these purposes: Research
Under certain circumstances, we may use or disclose your PHI for research purposes. However, before disclosing your PHI, the research project must be approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
Coroners, medical examiners, and funeral directors: We may release your PHI to assist in identifying a deceased person or determine a cause of death. Administrator or executor: Upon your death, we may disclose your PHI to an administrator, executor, or other individual so authorized under applicable state law.
Organ or tissue procurement organizations: Consistent with applicable law, we may disclose your PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
Notification: We may use or disclose your PHI to assist in a disaster relief effort so that your family, personal representative, or friends may be notified about your condition, status, and location.
Correctional institution: If you are or become an inmate of a correctional institution, we may disclose to the institution or its agents PHI necessary for your health and the health and safety of others.
To avert a serious threat to health or safety: We may use and disclose your PHI to appropriate authorities when necessary to prevent a serious threat to your health and safety or the health and safety of another person or the public.
Military and veterans: If you are a member of the armed forces, we may release your PHI as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate military authority.
National security and intelligence activities: We may release your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective services for the President and others: We may disclose your PHI to authorized federal officials so that they may provide protection to the President, other authorized persons, or foreign heads of state, or conduct special investigations.
Fund-raising: We may disclose your PHI to others for purposes of fund-raising; however, you have the right to opt-out of our fund-raising activities and can do so by notifying the Privacy Officer in writing as set forth below.
How We May Use or Disclose Your PHI For Other Purposes Only With Your Authorization:
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described above (or as otherwise permitted or required by law). You may revoke this authorization at any time by submitting a written notice to our offices at the address listed below. Your revocation will become effective upon our receipt of your written notice. We will only use or disclose your PHI for marketing purposes with your express written authorization. We will sell your PHI (other than PHI that is sold in connection with the sale of Mistye Taylor, M.D. or substantially all of its assets) only upon your written authorization.
You have the following rights with respect to your PHI:
• Obtain a paper copy of the Notice upon request. To obtain a copy at any time, you may contact our office. The address, telephone and facsimile number are set forth in the box below.
• Inspect and obtain a copy of your PHI. You have the right to access and copy your PHI contained in the “designated record set”, which includes prescription and billing records. To inspect or copy your PHI, submit a written request to Mistye Taylor, M.D. We will respond to your request in writing within 30 days. A fee may be charged for the expense of fulfilling your request. We may deny your request to inspect and copy in certain limited circumstances, such as if we have reasonably determined that providing access to PHI would endanger your life or safety or cause substantial harm to you or another person. If we deny your request, we will notify you in writing and provide you with the opportunity to request a review of the denial.
• Request an amendment of PHI. If you feel that your PHI is incomplete or incorrect, you may request that we amend it for as long as we maintain the PHI. To request an amendment, submit a written request to the Mistye Taylor, M.D. Requests must identify: (i) which information you seek to amend, (ii) what corrections you would like to make, and (iii) why the information needs to be amended. We will respond to your request in writing within 60 days (with a possible 30-day extension). In our response, we will either: (i) agree to make the amendment, or (ii) inform you of our denial, explain our reason, and outline appeal procedures. If denied, you have the right to file a statement of disagreement with the decision. We will provide a rebuttal to your statement and maintain appropriate records of your disagreement and our rebuttal.
• Receive an accounting of disclosures of PHI. You have the right to request an accounting of your PHI disclosures for purposes other than treatment, payment, or health care operations. This accounting will also exclude disclosures: made directly to you, made with your authorization, made incidentally, made to caregivers, made for notification purposes, and certain other disclosures. To obtain an accounting, submit a written request to Mistye Taylor, M.D. Requests must specify the time period, not to exceed six years. We will respond in writing within 60 days of receipt of your request (with a possible 30- day extension). We will provide an accounting per 12-month period free of charge, but you may be charged for the cost of any subsequent accountings. We will notify you in advance of the cost involved, and you may choose to withdraw or modify your request at that time.
• Receive notification in the event there is a breach of your PHI. In the event any of your unsecured PHI is inadvertently or intentionally lost or disclosed we will so notify you in writing. A breach is the acquisition, access, use or disclosure of unsecured PHI which compromises the security or privacy of the PHI. In those cases where we determine in good faith that there is a low probability that the PHI has been compromised we will not be making any such notification to you. In making such determination we will consider the nature and extent of the PHI involved and the likelihood of reidentification, the unauthorized person(s) who used the PHI or to whom the disclosure was made, whether the PHI was actually acquired or viewed, and the risk mitigation efforts implemented.
• Request communications of PHI by alternative means or at alternative locations. You have the right to request that we communicate with you in a certain way or at a certain location. For example, you may request that we contact you only in writing at a specific address. To request confidential communication of your PHI, submit a written request to Mistye Taylor, M.D. Your request must state how, where, or when you would like to be contacted. We will accommodate all reasonable requests.
• Request a restriction on certain uses and disclosures of PHI. You have the right to request a restriction or limitation on our use or disclosure of your PHI by submitting a written request to Mistye Taylor, M.D. You must identify in this request: (i) what particular information you would like to limit, (ii) whether you want to limit use, disclosure, or both, and (iii) to whom you want the limits to apply. All requests will be carefully considered, but we are not required to agree to those restrictions. We will provide you with a written response to your request within 30 days. If we do agree to restrict use or disclosure of your PHI, we will not apply these restrictions in the event of an emergency. We also have the right to terminate the restriction if: (i) you agree orally or in writing, or (ii) we inform you of the termination, which becomes effective only with respect to your PHI created or received after we inform you of the termination. You have the right to request that we not disclose certain of your PHI to a health plan for treatment or payment, provided you pay in full for the health care item or service in advance.