Patient Notice of Privacy Practices
This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information, (PHI). PHI is information, including patient demographic information, that may identify you and that relates to your past, present or future physical or mental health and related health care services. (Please review carefully)
Should you have any questions about this Notice, please contact:
Privacy Officer: Marc A. Bernstein, M.D., M.M.M.
Address: Radiology Consultants of Rockford, 1401 E. State St., Rockford Illinois, 61104
We are required to abide by the terms of this Notice of Privacy Practices. We may change the terms of our notice, at any time. The new notice will be effective for all protected health information that we maintain at that time.
Permitted Uses and Disclosures
This practice may disclose protected health information on the individual who is the subject of the information for the following:
Treatment is the provision, coordination, or management of health care and related services for an individual by one or more health care providers, including consultation between providers regarding a patient and referral of a patient by one provider to another.
Payment encompasses activities of a health plan to obtain premiums, determine or fulfill responsibilities for coverage and provision of benefits, and furnish or obtain reimbursement for health care delivered to an individual and activities of a health care provider to obtain payment or be reimbursed for the provision of health care to an individual.
Health care operations: (a) quality assessment and improvement activities, including case management and care coordination; (b) competency assurance activities, including provider or health plan performance evaluation, credentialing, and accreditation; (c) conducting or arranging for medical reviews, audits, or legal services, including fraud and abuse detection and compliance programs; (d) specified insurance functions, such as underwriting, risk rating, and reinsuring risk; (e) business planning, development, management, and administration; and (f) business management and general administrative activities of the practice, including but not limited to: de-identifying protected health information, and creating a limited data set.
Business Associates: We may contract with individuals or entities known as Business Associates to perform functions related to payment and health care operations. In order to perform these health care operations on our behalf Business Associates are required, under legal agreement, to receive, create, maintain, use and/or disclose your protected health information only with appropriate safeguards regarding your protected health information. For example, we may disclose your protected health information to a Business Associate to administer claims or to provide support services, such as utilization management, pharmacy benefit management or subrogation. This is in compliance with HIPAA regulation 45 CFR 160.103, 45 CFR Part 160, 45 CFR Part 164.
Coroners, Funeral Directors, and Organ Donation: We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. Protected health information may be used and disclosed for cadaver, organ, eye or tissue donation purposes.
2. Uses and Disclosures Which Require Your Authorization
Marketing: As defined under the Privacy Rule, Marketing is communication about a product or service. Marketing may also be conducted with an arrangement between our company and a third party whereby our company discloses protected health information, Patient Name and email address only, to The third party or its affiliates to make communication directly with patients for marketing purposes. This communication requires your written authorization either opting in to receive these communications or opting out.
Research: We may disclose your protected health information for the purpose of clinical research only when you have provided authorization. Research communication authorization form must contain the following:
3. Uses and Disclosures Which Do Not Require Your Authorization
Informal permission may be obtained by asking the individual outright, or by circumstances that clearly give the individual the opportunity to agree, acquiesce, or object.
Emergencies: Where the individual is incapacitated, in an emergency situation, or not available our providers generally may make such uses and disclosures, if in the exercise of their professional judgment, the use or disclosure is determined to be in the best interests of the individual.
For Notification and Other Purposes: Our providers also may rely on an individual's informal permission to disclose to the individual's family, relatives, or friends, or to other persons whom the individual identifies, protected health information directly relevant to that person's involvement in the individual's care or payment for care.
Incidental Use and Disclosure: The Privacy Rule does not require that every risk of an incidental use or disclosure of protected health information be eliminated. A use or disclosure of this information that occurs as a result of, or as "incident to," an otherwise permitted use or disclosure is permitted as long as the practice has adopted reasonable safeguards as required by the Privacy Rule, and the information being shared was limited to the "minimum necessary," as required by the Privacy Rule.
Public Health Activities: Our providers may disclose protected health information to: (1) public health authorities authorized by law to collect or receive such information for preventing or controlling disease, injury, or disability and to public health or other government authorities authorized to receive reports of child abuse and neglect.
Victims of Abuse, Neglect or Domestic Violence: In certain circumstances, our providers may disclose protected health information to appropriate government authorities regarding victims of abuse, neglect, or domestic violence.
Health Oversight Activities: Our providers may disclose protected health information to health oversight agencies (as defined in the Rule) for purposes of legally authorized health oversight activities, such as audits and investigations necessary for oversight of the health care system and government benefit programs.
Law Enforcement Purposes: Our providers may disclose protected health information to law enforcement officials for law enforcement purposes under the following six circumstances, and subject to specified conditions: (1) as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) in response to a law enforcement official's request for information about a victim or suspected victim of a crime; (4) to alert law enforcement of a person's death, if the practice suspects that criminal activity caused the death; (5) when the practice believes that protected health information is evidence of a crime that occurred on its premises; and (6) by a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.
Serious Threat to Health or Safety: Our providers may disclose protected health information that they believe is necessary to prevent or lessen a serious and imminent threat to a person or the public, when such disclosure is made to someone they believe can prevent or lessen the threat.
Military Activity and National Security: When the appropriate conditions apply, we may use or disclose protected health information of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits, or (3) to foreign military authority if you are a member of that foreign military services. We may also disclose your protected health information to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
Workers' Compensation: Our providers may disclose protected health information as authorized by, and to comply with, workers' compensation laws and other similar programs providing benefits for work-related injuries or illnesses.
4. Your Rights
Following is a statement of your rights with respect to your protected health information and a brief description of how you may exercise these rights.
Patient Authorization: Other uses and disclosures of your protected health information will be made only with your written authorization, unless otherwise permitted or required by law as described.
You may revoke this authorization, at any time, in writing, except to the extent that your physician or the physician's practice has taken an action in reliance on the use or disclosure indicated in the authorization.
Access: Patient has the right to review and obtain a copy of their protected medical record. Our Company may impose reasonable, cost-based fees for the cost of copying and postage of the record. Should the patient wish to review the record at the doctor's office, every reasonable effort will be made to accommodate such request in a timely manner. You may also choose to receive copies of your protected medical record in electronic format such as MS Word, Excel, text, HTML, or text-based PDF. Amendments: Patients have the right to request an amendment or correction to information within their medical record that is incorrect or incomplete. The physician has the right to deny said request and allow the patient in writing, to provide a statement of disagreement for inclusion in the record.
Disclosure Accounting: Patients' have the right to an accounting of the disclosures of their protected health information by the physician(s) of record. The maximum disclosure accounting period is the six years immediately preceding the account request, except that the physician(s) are not required to account for any disclosures made prior to the enactment of the Privacy Rule compliance date.
Account of Disclosures that are not required of the physician(s): (a) for treatment, payment, or healthcare operations; (b) to the individual or the individual's personal representative; (c) for notification of or to persons involved in an individual's health care or payment for health care, for disaster relief, or for facility directories; (d) pursuant to an authorization; (e) of a limited data set; (f) for national security or intelligence purposes; (g) to correctional institutions or law enforcement officials for certain purposes regarding inmates or individuals in lawful custody; or (h) incident to otherwise permitted or required uses or disclosures.
Required Uses and Disclosures: Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500 et. seq. An individual has a right to or will receive notification of breaches of his or her unsecured PHI.
You Have the Right to Request a Restriction of Your Protected Health Information. Under the Omnibus Rule, in subsection (vi) added to § 164.522(a)(1), a covered entity must honor an individual's request to restrict disclosure of his or her PHI to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law and the PHI pertains solely to a health care item or service for which the individual, or a person other than the health plan on behalf of the individual (such as a family member), has paid the covered entity in full.
You may also request that any part of your protected health information is not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply.
Your physician is not required to agree to a restriction that you may request. If the physician believes it is in your best interest to permit use and disclosure of your protected health information, your protected health information will not be restricted. If your physician does agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment. With this in mind, please discuss any restriction you wish to request with your physician. You may request a restriction by letter addressed to the Privacy Officer at your provider's office.
You Have the Right to Request to Receive Confidential Communications From us by Alternative Means or at an Alternative Location. We will accommodate reasonable requests. We may also condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact. We will not request an explanation from you as to the basis for the request. Please make this request in writing to our Privacy Contact at your provider's office.
You Have the Right to Obtain a Copy of this Notice From Us, upon request, even if you have agreed to accept this notice electronically.
5. Complaints
Should you have a concern or complaint about the use of your PHI you are to contact the Privacy Officer listed above. All complaints must be made in writing and should be submitted within 180 days of when you knew or should have known of suspected violation. There will be no retaliation against any party filing a complaint.
To file a complaint with the Secretary, mail it to: Secretary of the U.S. Department of Health and Human Services, 200 Independence Ave, S.W., Washington, D.C. 20201. Call (202) 619-0257 (or toll free (877) 696-6775) or go to the website of the Office for Civil Rights, www.hhs.gov/ocr/hipaa/, for more information. There will be no retaliation against any party filing a complaint.