Notice of Medical Information Privacy Practices.
United Concierge Medicine, PLLC (“United Concierge”)
Effective Date: September 1, 2014
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions about this notice, please contact our Privacy Officer (contact information is set forth at the very end of this notice).
Terms used, but not defined, in this notice have the meanings set forth in the Federal HIPAA Law.
WHO WILL FOLLOW THIS NOTICE
United Concierge may be subject to the HIPAA law. If this is the case (and in any event), this notice describes United Concierge’s privacy practices and that of:
- Any health care professional authorized to enter information into your United Concierge chart.
- All departments and units and facilities and site locations of United Concierge.
- Any subsidiaries, affiliates, and entities under common ownership/control with United Concierge. All these of entities, sites and locations follow the terms of this notice. In addition, these entities, sites and locations may share medical information with each other for treatment, payment or health care operations, and any other purposes described in this notice and/or allowed by applicable law.
- Any member of a volunteer group we allow to help you while you are at United Concierge.
- All employees, staff and other United Concierge personnel.
OUR PRIVACY OBLIGATIONS REGARDING MEDICAL INFORMATION
United Concierge understands that medical information about you and your health is personal, and United Concierge is committed to protecting medical information about you and keeping it private. United Concierge creates a record regarding your information and information regarding the care and services you receive at United Concierge. United Concierge needs this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the medical information/“protected health information” or “PHI” which United Concierge creates or receives, whether made by United Concierge personnel or received from another health care provider. Medical information includes information that can be used to identify you that is created or received about your past, present, or future health or condition, the provision of healthcare to you, or the payment for the health care. We are required by law to protect the privacy of this information. Be aware, however, that your other health care providers may have different policies or notices regarding their use and sharing of your medical information that they create or maintain.
This notice will tell you about the ways in which United Concierge may use and share your medical information. This notice also describes your rights and certain obligations United Concierge has regarding the use and sharing of medical information.
United Concierge may be required by law to:
- Make sure that medical information that identifies you is kept private (with certain exceptions) and secure.
- Follow the duties and privacy practices described in this notice and give you a copy of it
- If medical information is used or disclosed in violation of the law, notify you promptly if the use/disclosure is a “Breach of Unsecured Protected Health Information” (as such terms are defined by the Federal HIPAA Law), and also notify you pursuant to any State law that may be applicable.
Regardless of whether United Concierge is subject to the HIPAA law, United Concierge is committed to your medical information’s privacy, and in any event will not use or disclose your medical information in an improper manner, including any manner that is contrary to any applicable law or regulation.
HOW WE MAY USE AND SHARE YOUR MEDICAL INFORMATION
The following categories describe different ways that we are permitted to use and disclose/share your medical information. For the most typical uses and disclosures we make, we will explain what we mean and try to give some examples. Not every specific use or disclosure or type of use/disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories. In many of the instances briefly described below, we will additionally have to meet conditions before we can use or share your information for the purposes described. Any other uses and disclosures not described in this notice will not be made without your authorization.
HIGHLY SENSITIVE INFORMATION: SPECIAL AUTHORIZATION MAY BE REQUIRED
In some circumstances, your health information may be subject to restrictions that may limit or preclude some uses or disclosures described in this notice.
Our records may contain information regarding your mental health, substance abuse, pregnancy, sexually transmitted diseases, psychotherapy, HIV/AIDS/ARC or other types of highly sensitive/protected information. Records of these types may be protected by additional restrictions under state and federal law, which we will comply with. For example, with regard to mental health records, United Concierge complies with the applicable laws and will obtain your general consent with regard to many of the categories discussed in this notice even though HIPAA may not require that United Concierge obtain such consent. Sharing these types of information may, but not necessarily, require authorization/consent from you. Please note, however, that psychotherapy notes are narrowly defined under HIPAA and do not include all mental health care records. In most cases, United Concierge does not have psychotherapy notes as defined by HIPAA.
Government health benefit programs, such as state Medicaid programs, may also limit the sharing of beneficiary information for purposes unrelated to the program.
DISCLOSURES THAT GENERALLY REQUIRE AUTHORIZATION(PSYCHOTHERAPY NOTES, MARKETING, AND SALE)
Under the HIPAA law, there are some circumstances where we can only use and share medical information if you have signed a HIPAA authorization/given us written permission. Your authorization is required for most uses and disclosures of your medical information involving psychotherapy notes (we may or may not maintain “psychotherapy notes”). In most cases, United Concierge does not have psychotherapy notes as defined by HIPAA. Please note, however, psychotherapy notes are narrowly defined under HIPAA and do not include all mental health care records.
Your authorization is also required for most uses and sharing of your medical information for “Marketing” purposes, including subsidized treatment communications, or for disclosures that constitute the “Sale” of medical information. Please be aware, however, that HIPAA’s definitions of “Marketing” and “Sales”, and the restrictions related thereto, are technical, include exceptions, and do not apply to all situations that you may personally consider to be marketing or sales. We are permitted to use and/or share medical information for marketing or sales purposes in accordance with HIPAA and State law, which in some, but not all, situations requires your authorization or consent to do so. If your authorization is not required, and HIPAA/State law allows for a use that you may personally consider to be a use or sharing for marketing/sales purposes, we may utilize your information for such purposes without your consent (examples include, but are not limited to, face-to-face communications to you about a product, to provide refill reminders, research purposes, and the sale, transfer, merger or consolidation of all or part of United Concierge).
We may use and share medical information about you to provide you with medical treatment, healthcare, or other related services (including for care coordination purposes). United Concierge may share medical information about you to doctors, nurses, assistants, technicians, health care students, or other personnel who are involved in taking care of you. United Concierge also may share medical information about you with people outside of United Concierge who may be involved in your medical care after you leave MCH, such as family members, skilled nursing facilities, home health agencies, and physicians or other practitioners. For example, an outside doctor treating you for an injury asks a United Concierge doctor about your overall health condition or a particular test result, or we internally share medical information about you in order to coordinate the different things you need from us.
Additionally, we may share your medical information with physicians and other health care providers as a member of an Accountable Care Organization (“ACO”), Regional Health Information Organization (“RHIO”) or other Health Information Exchange (“HIE”). In some (but not all) cases, there may be an “opt out” right or other rights particular to an ACO, RHIO or HIE – please contact our Privacy Officer utilizing the information below (contact information is set forth at the very end of this notice) if you would like more information on “opt out” or other rights you may have, to the extent that we participate in these organizations.
We may use and share medical information about you so that the treatment and services you receive at or from United Concierge may be billed to and payment may be collected from either you, an insurance company, or a third party. United Concierge may also share your medical information with another health care provider or payor of health care for the payment activities of that entity. For example, we may need to give your health plan information about a test you received from us so your health plan will pay us or reimburse you for the test. We may also tell your health plan about a treatment you are going to receive to obtain prior approval, referrals, or to determine whether your plan will cover the treatment. We may also provide basic information about you and your health plan, insurance company or other source of payment to practitioners outside United Concierge who are involved in your care, to assist them in obtaining payment for services they provide to you. United Concierge may also need to use and share your medical information in various appeals processes to defend the necessity of services offered in the past, and to pursue collections actions for services which we have rendered to you.
If you do not want us to share medical information about you to your health plan, you have the right to pay for all services and care out of pocket in full, and to inform us that you wish to restrict the information shared to your health plan. For more information, see your rights listed below.
FOR HEALTH CARE OPERATIONS
United Concierge may use and share your medical information for health care operations. These uses and disclosures are necessary to run United Concierge and make sure that all of our patients receive competent, quality health care, and to maintain and improve the quality of health care that United Concierge provides. United Concierge may additionally provide your medical information to various governmental or accreditation entities to maintain any license(s) and/or accreditations we may have. For example, United Concierge may use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. United Concierge may also combine medical information about many United Concierge patients to decide what additional services United Concierge should offer, what services are not needed, and whether certain new treatments are effective.
TO INDIVIDUALS INVOLVED IN YOUR CARE OR PAYMENT FOR YOUR CARE (AND YOUR OPPORTUNITY TO OBJECT)
We may release medical information about you to a friend or family member who is involved in your medical care, unless you object in whole or in part. We may also give information to someone who helps pay for your care. Unless there is a specific written request/objection from you to the contrary, we are also permitted under the HIPAA rules to tell your family or friends your condition and that you are at United Concierge in limited circumstances.
In addition, to the extent applicable, United Concierge may share certain medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location. If you arrive at our facilities either unconscious or otherwise unable to communicate, we may go ahead and share your information if we believe it is in your best interests.
TO COMPLY WITH THE LAW
We will share medical information about you when required to do so by federal, state or local law, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
We may in certain circumstances, and only if allowed by State law, use and share medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
We may disclose/share information when requested by you. This disclosure at your request may require a written authorization by you. Any authorizations that you give can be revoked at any time. Under certain circumstances, we are permitted to use and share medical information about you for research purposes. In some situations, your authorization is required in connection with research uses and disclosures. We may occasionally inadvertently use or share your medical information when such use or disclosure is incident to another use or disclosure that is permitted or required by law. Please be assured, however, that as much as possible, United Concierge has appropriate safeguards in place in an effort to avoid such situations. We are permitted to use or share certain parts of your medical information, called a “limited data set,” for purposes of research, public health reasons or for our health care operations, subject to certain conditions. United Concierge may use or share your medical information to create information that does not identify you in accordance with HIPAA. Once United Concierge has de-identified your information, it can be used or shared in any way according to law. In certain circumstances, members of United Concierge‘s workforce are permitted to share your medical information to a health oversight agency, public health authority, law enforcement official, or health care accreditation organization or attorney hired by the workforce member. We may share medical information with covered entities participating in any organized health care arrangement in which we participate, as necessary to carry out treatment, payment, or health care operations relating to the organized health care arrangement. So long as done in compliance with the HIPAA marketing/sale of PHI rules, we may use and share medical information to tell you about our health-related products or services that may be of interest to you. If you do not wish us to contact you regarding health related-products and services, you must notify us in writing and state that you wish to be excluded from this activity. We may share your medical information to third parties (sometimes called business associates) with whom United Concierge has contact to perform services on United Concierge‘s behalf. If we share your information to these entities, we will have a written agreement with them to safeguard your information.We can share medical information to organizations that handle organ procurement, transplantations, or organ donation banks.We may use or share medical information about you in certain circumstances for: (i) workers’ compensation or similar programs; (ii) law enforcement purposes or with law enforcement officials in certain circumstances; and (iii) special government functions such as military, national security, intelligence and presidential protective services.We may share medical information about you for certain public health and safety purposes, including, without limitation, the following: (i) preventing/controlling disease, injury or disability; (ii) reporting births and deaths; (iii) to report regarding the abuse or neglect of children, elders, and dependent adults; (iv) to report reactions to medications or problems with products; (v) to notify you regarding product recalls; (vi) to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; (vii) to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence; and (viii) to notify emergency response personnel regarding possible exposure to HIV/AIDS, to the extent necessary to comply with State and federal laws.We may share medical information to a health oversight agency for activities authorized by law. In certain circumstances, we may share medical information about you in the course of judicial or administrative proceedings in response to a court or administrative order, or a subpoena, discovery request, or other lawful process. We may release medical information to a coroner, medical examiner, or funeral director when an individual dies. In certain circumstanced, we may share medical information about inmates and those in the custody of a law enforcement official to the correctional institution or law enforcement official. United Concierge may share health information to a multidisciplinary personnel team relevant to the prevention, identification, management or treatment of an abused child and the child’s parents, or elder abuse and neglect.
YOUR RIGHTS REGARDING MEDICAL INFORMATION
In addition to any rights that you may have under State law, you may have the following HIPAA rights regarding medical information that United Concierge maintains about you.
GET AN ELECTRONIC OR PAPER COPY OF YOUR MEDICAL RECORD
You have the right to inspect and copy medical information that may be used to make decisions about your care.
To inspect and copy medical information, you must submit your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). If United Concierge uses or maintains your medical information in an electronic health record (or to the extent that we maintain the information in an electronic form), you have the right to obtain an electronic copy of such information. When information is not readily producible in the electronic form and format you have requested, we will provide you the information in an alternative readable electronic format as we may mutually agree upon. Furthermore, you have the right to direct United Concierge to transmit such electronic copy directly to another entity or person that you designate. If you request a copy of the information, United Concierge may charge a fee for the costs of copying, mailing or other supplies associated with your request. United Concierge will follow State law with regard to approved copying and other costs.
United Concierge may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by United Concierge will review your request and the denial. The person conducting the review will not be the person who denied your request. United Concierge will comply with the outcome of the review.
We are advising you in this notice that, if you request that information available in an electronic format be provided via email, that email is an unsecure medium for transmitting information and that there is some risk if medical information is emailed. Information transmitted via email is more likely to be intercepted by unauthorized third parties than more secure transmission channels. If we agree to email you information, you are accepting the risks we have notified you of, and you agree that we are not responsible for unauthorized access of such medical information while it is in transmission to you based on your request, or when the information is delivered to you.
AMEND YOUR MEDICAL INFORMATION
If you feel that your medical information is incorrect or incomplete, you have the right to request an amendment of the information for as long as the information is kept by or for United Concierge. To request an amendment, your request must be made in writing and submitted to our Privacy Officer (contact information is set forth at the very end of this notice). We may deny your request for an amendment for a number of legally permissible reasons, but we will tell you why in writing within 60 days, and also give you the right to submit a written statement of disagreement with our decision. If you clearly indicate in writing that you want the statement of disagreement to be made part of your medical record, United Concierge will attach it to your records and include it whenever United Concierge makes a disclosure of the item or statement you believe to be incomplete or incorrect.
RECEIVE AN ACCOUNTING OF DISCLOSURES
You have the right to request an “accounting of disclosures.” This is a list of the disclosures United Concierge made of medical information about you other than our own uses for treatment, payment and health care operations (as those functions are described above) United Concierge, and certain other disclosures. If, however, United Concierge is using an electronic health record, United Concierge will also account for treatment, payment and health care operations made using the electronic health record.
To request this list or accounting of disclosures, you must submit your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). Your request must state a time period which may not be longer than six (6) years prior to the date you ask. Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a 12-month period will be free. For additional lists within a 12-month period, United Concierge may charge you a reasonable, cost-based fee for providing the list.
REQUEST RESTRICTIONS ON WHAT WE USE OR SHARE
You have the right to request a restriction or limitation on the use and/or disclosure of your medical information in connection with treatment, payment or heath care operations. You also have the right to request a limit on the medical information United Concierge shares about you to someone who is involved in your care or the payment for your care, like a family member or friend.
United Concierge is generally NOT, however, required to agree to your restriction request.
In one narrow instance, however, we are required to agree to the request, if all of the following apply: (i) you have requested that we restrict disclosure for payment or healthcare operations purposes; (ii) the disclosure would be made to a health plan/insurer (e.g., we are not precluded from making other allowable disclosures, only disclosures to the health plan/insurer); (iii) the disclosure is not otherwise required by law; and (iv) the medical information restricted pertains solely to a healthcare item or service for which you, or someone on your behalf, have paid us in full (excluding payments made by the health plan on your behalf) (e.g., you may not restrict the entirety of your medical record from being shared to a health plan/insurer – you may only restrict the portions of your record for those items or services which have been paid in full). You are hereby advised that, even if you utilize this required restriction request and meet the criteria set forth above, the required restriction is narrow. In particular, even if you have requested and received a required restriction, we may still share your information to others for other allowable purposes, such as sending information to a pharmacy to have a prescription filled. In the event that we make such allowable disclosures, the party to which we have permissibly shared the information to is not bound by the required restriction request that you made to us, and we are not obligated to relay your request to such party. The only way for you to guarantee that such 3rd parties do not then share said information to your insurer/health plan is for you to make a required restriction request with the 3rd party that meets all of the required restriction elements set forth above. We hereby advise you to do so if you desire. Note also that to the extent that you seek follow-up or other treatment from us, and it is necessary for us to include previously restricted PHI when billing your insurer/ health plan for the follow-up treatment (e.g., you have not fully paid out-of-pocket for the service and requested a required restriction), we may share such previously restricted information, but only to the extent that including such PHI is required to support medical necessity of the follow-up care and you do not request a new required restriction/pay out-of-pocket in full for the follow-up care.
If United Concierge does agree to comply with other non-required requests, United Concierge will comply with your request unless (a) the information is needed to provide you emergency treatment, or (b) other legal exceptions apply.
To request restrictions, you must make your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice). United Concierge will not ask you the reason for your request. United Concierge will attempt to accommodate all reasonable requests.
REQUEST CONFIDENTIAL COMMUNICATIONS
You have the right to request that United Concierge communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that United Concierge only contact you at work or by mail. United Concierge will not ask you the reason for your request. We will say “yes” to all reasonable requests. To request confidential communications, you must make your request in writing to our Privacy Officer (contact information is set forth at the very end of this notice).
PAPER COPY OF THIS NOTICE
You have the right to a paper copy of this notice at any time, even if you have agreed to receive this notice electronically.
You may also obtain a copy of this notice at our website: https://www.upstatevipmedicine.com/notice-of-medical-information-privacy-practices/
To obtain a paper copy of this notice, ask our admissions professionals or front desk staff, or our Privacy Officer (contact information is set forth at the very end of this notice).
BE NOTIFIED IN THE EVENT OF A “BREACH OF UNSECURED PHI”
If, in any case, medical information is used or disclosed in violation of the law, we are required to notify you if the use/disclosure is a “Breach of Unsecured Protected Health Information” (as such terms are defined by the Federal HIPAA Law). We may also be required to notify you pursuant to any State law that may be applicable.
FILE A COMPLAINT IF YOU FEEL YOUR RIGHTS ARE VIOLATED
If you believe your privacy rights have been violated, you may file a complaint with United Concierge or with the Secretary of the U.S. Department of Health and Human Services. To file a complaint with United Concierge, contact our Privacy Officer in writing (contact information is set forth at the very end of this notice). We respectfully request that complaints be submitted in writing. You will not be penalized or retaliated against for filing a complaint.
CHANGES TO THE TERMS OF THIS NOTICE
United Concierge reserves the right to change this notice and our privacy or security policies at any time, and the changes will apply to all information we already have about you. United Concierge will post a copy of the current/changed notice in United Concierge‘s facilities and on our website. The notice will contain the effective date and will be available upon request.
OTHER USES OF MEDICAL INFORMATION/PERMISSIONS/AUTHORIZATIONS
Other uses and disclosures of medical information not covered by this notice or the laws that apply to United Concierge will be made only with your written permission/authorization. If you provide us permission to use or share medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, this will stop any further use or disclosure of your medical information for the purposes covered by your written authorization, except if United Concierge has already acted in reliance on your permission. You understand that United Concierge is unable to take back any disclosures United Concierge has already made with your permission, and that United Concierge is required to retain United Concierge‘s records of the care that United Concierge provided to you.
PRIVACY OFFICER CONTACT INFORMATION
If you have any questions about this notice, please contact our Privacy Officer utilizing the contact information set forth below.
Keith Algozzine, PA-C, kalgozzine@upstateVIPmedicine.com; (518) 441-8853; 5 South Side Dr., Ste. 11-164, Clifton Park, NY 12065
Certain provisions of this notice and our related policies and procedures require that notice or other requests be in writing. Please follow our instructions for any such issue.
Revised: September 11, 2014
4826-8132-8412, v. 1