HIPAA Privacy Practices
Notice of Privacy Practices
Buckingham Center for Facial Plastic Surgery
2745 Bee Caves Road, Suite 101, Austin, TX 78746
(Referred to in this document as “the provider”)
This Notice Describes How Medical Information About You May Be Used And Disclosed And How You Can Get Access To This Information. Please Review It Carefully.
This Notice of Privacy Practices is being provided to you as a requirement of the Health Insurance Portability and Accountability Act (HIPAA). We understand the importance of privacy and are committed to maintaining the confidentiality of your medical information. We make a record of the medical care we provide and may receive such records from others. We use these records to provide or enable other healthcare providers to provide quality medical care, to obtain payment for services provided to you, and to enable us to meet our professional and legal obligations to operate this medical practice properly. We are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. Your “protected health information” means any of your written, electronic, and oral health information, including demographic data that can be used to identify you. This is health information that is created or received by your health care provider, and that relates to your past, present, or future physical or mental health or condition and related health care services.
If you have any questions about this Notice, please contact our Privacy Officer listed on the last page of this Notice.
I. How This Medical Practice May Use or Disclose Your Health Information
This medical practice collects health information about you and stores it on a computer and in an electronic health record. This is your medical record. The medical record is the property of this medical practice, but the information in the medical record belongs to you. The law permits us to use or disclose your health information for the following purposes:
A. Treatment
We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. For example, we may share your medical information with other physicians or other healthcare providers who will provide services that we do not provide. Or we may share this information with a pharmacist who needs it to dispense a prescription to you, or a laboratory that performs a test. We may also disclose medical information to members of your family or others who can help you when you are sick or injured, or after you die.
B. Payment
Your protected health information will be used and disclosed, as needed, to obtain payment for your health care services provided by us or by another provider. This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we recommend for you such as: making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities. In order to get payment for your services, we may also need to disclose your protected health information to your insurance company to demonstrate the medical necessity of the services as required by your insurance company. We may also disclose information to other healthcare providers to assist them in obtaining payment for services they have provided to you.
C. Health Care Operations
We may use or disclose your protected health information, as necessary, for our own healthcare operations in order to facilitate the function and support the business activities of the provider. Healthcare operations include, but are not limited to:
- Quality assessment and improvement activities
- Employee review activities
- Training programs including those in which students, trainees, or practitioners in health care learn under supervision
- Accreditation, certification, licensing or credentialing activities
- Authorization of services or referrals from your health plan
- Review and auditing, including compliance reviews, medical reviews, legal services and maintaining compliance programs, and fraud and abuse detection
We may also share your medical information with our “business associates,” such as our billing service, who perform administrative services for us. We have a written contract with each of these business associates that contains terms requiring them and their subcontractors to protect the confidentiality and security of your protected health information.
We may also share your information with other health care providers, health care clearinghouses or health plans that have a relationship with you, when they request this information to help them with their quality assessment and improvement activities, their patient-safety activities, their population-based efforts to improve health or reduce health care costs, their protocol development, case management or care-coordination activities, their review of competence, qualifications, and performance of health care professionals, their training programs, their accreditation, certification or licensing activities, or their health care fraud and abuse detection and compliance efforts.
We may use or disclose your protected health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. You may contact our Privacy Officer to request that these materials not be sent to you.
D. Appointment Reminders
We may use and disclose your medical information to contact and remind you about appointments. If you are not at home, we may leave this information on your answering machine or voicemail.
E. Notification and Communication with Family
We may disclose your health information to notify or assist in notifying a family member, your personal representative or another person responsible for your care about your location, your general condition or, unless you had instructed us otherwise, in the event of your death. In the event of a disaster, we may disclose information to a relief organization so that they may coordinate these notification efforts. We may also disclose information to someone who is involved with your care or helps pay for your care. If you are able and available to agree or object, we will give you the opportunity to object prior to making these disclosures, although we may disclose this information in a disaster even over your objection if we believe it is necessary to respond to the emergency circumstances. If you are unable or unavailable to agree or object, our health professionals will use their best judgment in communication with your family and others.
F. Marketing
Provided we do not receive any payment for making these communications, we may contact you to give you information about products or services related to your treatment, case management or care coordination, or to direct or recommend other treatments, therapies, health care providers or settings of care that may be of interest to you. We may similarly describe products or services provided by this practice and tell you which health plans this practice participates in. We may also encourage you to maintain a healthy lifestyle and get recommended tests, participate in a disease management program, provide you with small gifts, tell you about government sponsored health programs or encourage you to purchase a product or service when we see you, for which we may be paid. Finally, we may receive compensation which covers our cost of reminding you to take and refill your medication, or otherwise communicate about a drug or biologic that is currently prescribed for you. We will not otherwise use or disclose your medical information for marketing purposes or accept any payment for other marketing communications without your prior written authorization. The authorization will disclose whether we receive any compensation for any marketing activity you authorize, and we will stop any future marketing activity to the extent you revoke that authorization.
G. Sale of Health Information
We will not sell your health information without your prior written authorization. The authorization will disclose that we will receive compensation for your health information if you authorize us to sell it, and we will stop any future sales of your information to the extent that you revoke that authorization.
H. Required By Law
As required by law, we will use and disclose your health information, but we will limit our use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will further comply with the requirement set forth below concerning those activities. You will be notified, if required by law, of any such uses or disclosures.
I. Public Health
We may, and are sometimes required by law, to disclose your health information to public health authorities for purposes related to:
- Preventing, controlling, or reporting disease, injury or disability
- Reporting child, elder or dependent adult abuse or neglect
- Reporting domestic violence
- Reporting product defects, adverse events, and reactions to medications to the Food and
- Drug Administration
- Reporting disease or infection exposure
- Conducting public health surveillance, investigations, and interventions as permitted or required by law
- Reporting to an employer information about an individual who is a member of the workforce as legally permitted or required
- Reporting vital events such as birth or death as permitted or required by law
When we report suspected elder or dependent adult abuse or domestic violence, we will inform you or your personal representative promptly unless in our best professional judgment, we believe the notification would place you at risk of serious harm or would require informing a personal representative we believe is responsible for the abuse or harm. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
J. Health Oversight Activities
We may disclose your protected health information to a health oversight agency for activities authorized by law including audits; civil, administrative, or criminal investigations, proceedings, or actions; inspections; licensure or disciplinary actions; or other activities necessary for appropriate oversight as authorized by law. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws. We will not disclose your health information if you are the subject of an investigation and your health information is not directly related to your receipt of health care or public benefits.
K. Judicial and Administrative Proceedings
We may, and are sometimes required by law, to disclose your health information in the course of any administrative or judicial proceeding to the extent expressly authorized by a court or administrative order. We may also disclose information about you in response to a subpoena, discovery request or other lawful process if reasonable efforts have been made to notify you of the request and you have not objected, or if your objections have been resolved by a court or administrative order.
L. Law Enforcement
We may, and are sometimes required by law, to disclose your health information to a law enforcement official for purposes such as identifying or locating a suspect, fugitive, material witness or missing person, complying with a court order, warrant, grand jury subpoena and other law enforcement purposes.
M. Coroners and Funeral Directors
We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death.
N. Organ or Tissue Donation
We may disclose your health information to organizations involved in procuring, banking or transplanting organs and tissues.
O. Public Safety
We may, and are sometimes required by law, to disclose your health information to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
P. Specialized Government Functions
We may disclose your health information for military or national security purposes or to correctional institutions or law enforcement officers that have you in their lawful custody.
Q. Workers’ Compensation
We may disclose your health information as necessary to comply with workers’ compensation laws. For example, to the extent your care is covered by workers’ compensation, we will make periodic reports to your employer about your condition. We are also required by law to report cases of occupational injury or occupational illness to the employer or workers’ compensation insurer.
R. Change of Ownership
In the event that this medical practice is sold or merged with another organization, your health information/record will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician or medical group.
S. Breach Notification
In the case of a breach of unsecured protected health information, we will notify you as required by law. If you have provided us with a current e-mail address, we may use e-mail to communicate information related to the breach. In some circumstances our business associate may provide the notification. We may also provide notification by other methods as appropriate.
T. Research
We may disclose your health information to researchers conducting research with respect to which your written authorization is not required as approved by an Institutional Review Board or privacy board, in compliance with governing law.
U. Fundraising
We may use or disclose your demographic information in order to contact you for our fundraising activities. For example, we may use the dates that you received treatment, the department of service, your treating physician, outcome information and health insurance status to identify individuals that may be interested in participating in fundraising activities. If you do not want to receive these materials, notify the Privacy Officer listed at the end of this Notice of Privacy Practices and we will stop any further fundraising communications. Similarly, you should notify the Privacy Officer if you decide you want to start receiving these solicitations again.
Except as described in this Notice of Privacy Practices, this medical practice will, consistent with its legal obligations, not use or disclose health information which identifies you without your written authorization. If you do authorize this medical practice to use or disclose your health information for another purpose, you may revoke your authorization in writing at any time. Except as described in this Notice of Privacy Practices, this medical practice will, consistent with its legal obligations, not use or disclose health information which identifies you without your written authorization. If you do authorize this medical practice to use or disclose your health information for another purpose, you may revoke your authorization in writing at any time.
II. Your Health Information Rights
Following is a statement of your rights with respect to your protected health information and a brief description of how you may exercise these rights.
A. Right to Request Special Privacy Protections
You have the right to request restrictions on certain uses and disclosures of your health information by a written request to our Privacy Officer specifying what information you want to limit, and what limitations on our use or disclosure of that information you wish to have imposed. If you tell us not to disclose information to your commercial health plan concerning health care items or services for which you paid for in full out-of-pocket, we will abide by your request, unless we must disclose the information for treatment or legal reasons.
You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply. We reserve the right to accept or reject any other request, and will notify you of our decision.
If your physician does agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment. With this in mind, please discuss any restriction you wish to request with your physician.
B. Right to Request Confidential Communications
You have the right to request that you receive your health information in a specific way or at a specific location. For example, you may ask that we send information to a particular e-mail account or to your work address. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications. We will not request an explanation from you as to the basis for the request. Please make this request in writing to our Privacy Officer.
C. Right to Inspect and Copy
You have the right to inspect and obtain a copy your health information, with limited exceptions. To access your medical information, you must submit a written request to the Privacy Officer detailing what information you want access to, whether you want to inspect it or get a copy of it, and if you want a copy, your preferred form and format. We will provide copies in your requested form and format if it is readily producible, or we will provide you with an alternative format you find acceptable. We will also send a copy to any other person you designate in writing. As permitted by federal or state law, we may charge you a reasonable fee for the costs of labor, supplies, postage, and if requested and agreed to in advance the cost of preparing an explanation or summary.
We may deny your request to inspect or copy your protected health information if, in our professional judgment, we determine that the access requested is likely to endanger your life of safety or that of another person, or that is likely to cause substantial harm to another person referenced within the information. You have the right to request a review of this decision.
Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and laboratory results that are subject to law that prohibits access to protected health information. In some circumstances, you may have a right to have this decision reviewed.
Please contact our Privacy Officer if you have questions about access to your medical record.
D. Right to Amend or Supplement
You have a right to request that we amend your health information that you believe is incorrect or incomplete for so long as we maintain this information. You must make a request to amend in writing directed to our Privacy Officer, and include the reasons you believe the information is inaccurate or incomplete. We are not required to change your health information, and will provide you with information about this medical practice’s denial and how you can disagree with the denial. We may deny your request if we do not have the information, if we did not create the information (unless the person or entity that created the information is no longer available to make the amendment), if you would not be permitted to inspect or copy the information at issue, or if the information is accurate and complete as is. If we deny your request, you may submit a written statement of your disagreement with that decision, and we may, in turn, prepare a written rebuttal and will provide you with a copy of any such rebuttal. All information related to any request to amend will be maintained and disclosed in conjunction with any subsequent disclosure of the disputed information.
E. Right to an Accounting of Disclosures
You have a right to receive an accounting of disclosures of your health information made by this medical practice, except that this medical practice does not have to account for the disclosures provided to you or pursuant to your written authorization, or as described in paragraphs A (treatment), B (payment), C (health care operations), E (notification and communication with family), and P (specialized government functions) of Section I of this Notice of Privacy Practices. We also do not have to account for the disclosures for purposes of research or public health which exclude direct patient identifiers, or which are incident to a use or disclosure otherwise permitted or authorized by law, or the disclosures to a health oversight agency or law enforcement official to the extent this medical practice has received notice from that agency or official that providing this accounting would be reasonably likely to impede their activities. The request for an accounting must be made in writing to our Privacy Officer and should specify the time period sought for the accounting.
F. Right to a Paper or Electronic Copy of this Notice
You have a right to notice of our legal duties and privacy practices with respect to your health information, including a right to a paper copy of this Notice of Privacy Practices, even if you have previously requested its receipt by e-mail.
If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, contact our Privacy Officer listed at the end of this Notice of Privacy Practices.
III. Changes to this Notice of Privacy Practices
We reserve the right to amend this Notice of Privacy Practices at any time in the future. Until such amendment is made, we are required by law to comply with the terms of this Notice currently in effect. After an amendment is made, the revised Notice of Privacy Protections will apply to all protected health information that we maintain, regardless of when it was created or received. We will keep a copy of the current notice posted in our reception area, and a copy will be available at each appointment. We will also post the current notice on our website. Upon your request, we will provide you with any revised Notice of Privacy Practices. You may request a revised version by accessing our website, or calling the office and requesting that a revised copy be sent to you in the mail or asking for one at the time of your next appointment.
IV. Complaints
Complaints about this Notice of Privacy Practices or how this medical practice handles your health information should be directed to our Privacy Officer listed at the end of this Notice of Privacy Practices. We encourage you to express any concerns you may have regarding the privacy of your information.
If you are not satisfied with the manner in which this office handles a complaint, you may submit a formal complaint to:
Jorge Lozano, Regional Manager
Office for Civil Rights
US Department of Health and Human Services
1301 Young Street, Suite 1169
Dallas, TX 75202
Phone: (800) 368-1019
Fax: (214) 767-0432
Email: [email protected]
The complaint form may be found at www.hhs.gov/ocr/privacy/hipaa/complaints/hipcomplaint.pdf. You will not be penalized in any way for filing a complaint.
V. Contact Person
The provider’s contact person for all issues regarding patient privacy and your rights under the Federal privacy standards is the Privacy Officer. Information regarding matters covered by this Notice can be requested by contacting the Privacy Officer. Complaints against the provider can be mailed to the Privacy Officer by sending it to:
Buckingham Center
Attn: Ivonne Barba
2745 Bee Caves Road, Suite 101
Austin, TX 78746
You may also contact our Privacy Officer at (512) 401-2500 or contact us for further information about the complaint process.
VI. Effective Date
This Notice was published and becomes effective September 23, 2013.