Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Privacy Notice is being provided to you as a requirement of federal law, the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Notice describes how we may use and disclose your protected health information to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information in some cases. Your “protected health information” means any written and oral health information about you, including demographic data that can be used to identify you. This is health information that is created or received by your health care provider, and that relates to your past, present, or future physical or mental health or condition.
Carolina Cataract & Laser Eye Center is a health care provider and covered entity under HIPAA; it will be referred to in this Privacy Notice as the Company.
I. Uses and Disclosures of Protected Health Information
The Company may use your protected health information for purposes of providing treatment, obtaining payment for treatment, and conducting health care operations. Your protected health information may be used or disclosed only for these purposes unless the Company has obtained your authorization, or the use or disclosure is otherwise permitted by the HIPAA privacy regulations or state law. Disclosures of your protected health information for the purposes described in this Privacy Notice may be made in writing, orally, electronically, or by facsimile.
A. Treatment. We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party for treatment purposes. We may also disclose protected health information to physicians who may be treating you or consulting with the Company with respect to your care. In some cases, we may also disclose your protected health information to an outside treatment provider for purposes of the treatment activities of the other provider.
B. Payment. Your protected health information will be used as needed to obtain payment for the services that we provide. We may also disclose protected health information to your health insurance company to determine whether you are eligible for benefits or whether a particular service is covered or requires preauthorization under your health plan. In order to get payment for the services we provide to you, we may also need to disclose your protected health information to your health insurance company to demonstrate the medical necessity of the services or, as required by your insurance company, for utilization review. We may also disclose patient information to another provider involved in your care for the other providers’ payment activities. If you do not want us to use your protected health information to obtain payment for the services that we provide, you may pay in full for your treatment and instruct us not to submit the services to your health insurance company for payment. If you make this request and pay in full for your treatment, we will not provide your insurance company with access to the information for the services that you paid for yourself unless the disclosure is required by law.
C. Operations. We may use or disclose your protected health information, as necessary, for our own health care operations of the Company. Health care operations include such activities as quality assessment and improvement activities, employee review activities, training programs, including those in which students, trainees, or practitioners in health care learn under supervision, accreditation, certification, licensing or credentialing activities, review, and auditing, including compliance reviews, medical reviews, legal services and maintaining compliance programs, and business management and general administrative activities.
D. Other Uses and Disclosures. We may also use or disclose your protected health information for the following purposes: to remind you of your appointment, to inform you of potential treatment alternatives or options, or to inform you of health-related benefits or services that we provide. Uses not described in this Privacy Notice will require your written authorization.
II. Uses and Disclosures beyond Treatment, Payment, and Health Care Operations Permitted Without Authorization or Opportunity to Object
Federal privacy rules allow us to use or disclose your protected health information without your permission or authorization for a number of reasons, including the following:
A. When Legally Required. We will disclose your protected health information when we are required to do so by any federal, state, or local law. Some examples of this are described below.
B. When There Are Risks to Public Health. We may disclose your protected health information for the following public activities and purposes:
“To prevent, control, or report disease, injury, or disability as permitted or required by law.
“To report vital events such as birth or death as permitted or required by law.
“To conduct public health surveillance, investigations and interventions as permitted or required by law.
“To collect or report adverse events and product defects, track FDA regulated products, enable product recalls, repairs or replacements to the FDA, and to conduct post-marketing surveillance.
“To notify a person who has been exposed to a communicable disease or who may be at risk of contracting or spreading a disease as authorized by law.
“To report to an employer information about an individual who is a member of the workforce as legally permitted or required.
C. To Report Suspended Abuse, Neglect, or Domestic Violence. We may notify government authorities if we believe that a patient is the victim of abuse, neglect, or domestic violence. We will make this disclosure only when specifically required or authorized by law or when the patient agrees to the disclosure.
D. To Conduct Health Oversight Activities. We may disclose your protected health information to a health oversight agency for activities including audits; civil, administrative, or criminal investigations, proceedings, or actions; inspections; licensure or disciplinary actions; or other activities necessary for appropriate oversight as authorized by law. We will not disclose your health information under this authority if you are the subject of an investigation and your health information is not directly related to your receipt of health care or public benefits.
E. In Connection with Judicial and Administrative Proceedings. We may disclose your protected health information in the course of any judicial or administrative proceeding in response to an order of a court or administrative tribunal as expressly authorized by such order. In certain circumstances, we may disclose your protected health information in response to a subpoena to the extent authorized by state law if we receive satisfactory assurances that you have been notified of the request or that an effort was made to secure a qualified protective order.
F. For Law Enforcement Purposes. We may disclose your protected health information to a law enforcement official for law enforcement purposes as follows:
“As required by law for reporting of certain types of wounds or other physical injuries.
“Pursuant to the court order, court-ordered warrant, subpoena, summons, or similar process.
“For the purpose of identifying or locating a suspect, fugitive, material witness, or missing person.
“Under certain limited circumstances, when you are the victim of a crime.
“To a law enforcement official if the Company has a suspicion that your health condition was the result of criminal conduct.
“In an emergency to report a crime.
G. To Coroners, Funeral Directors, and for Organ Donation. Consistent with applicable law, we may release medical information to a coroner, medical examiner, or funeral director. For the purposes of facilitating organ, eye, or tissue donation and transplantation, we may use or disclose protected health information to organizations that engage in procurement, banking, or transplantation of cadaveric organ, eye, or tissue transplantation.
H. For Research Purposes. If a researcher has obtained the required waiver from an Institutional Review Board or the Privacy Board and has demonstrated that the information is necessary to the research and possesses a minimal risk of inappropriate use or disclosure, we may use and disclose protected health information about you for research purposes. If a researcher has not obtained the required waiver, we will not disclose your medical information without your written authorization, other than in a limited data set as described below.
I. Limited Data Set. For purposes of research, public health, or health care operations, it may be necessary to use or disclose some of your protected health information for activities or to persons we are not otherwise authorized to give your information to. In this situation, we may use your protected health information to create a limited data set in which certain required direct identifiers (such as your name and address) have been removed. We will disclose the information in the limited data set for these purposes only if we have obtained satisfactory assurances from the recipient in a written agreement that the recipient will only use or disclose the information for limited purposes.
J. In the Event of a Serious Threat to Health or Safety. We may, consistent with applicable law and ethical standards of conduct, use or disclose your protected health information if we believe, in good faith, that such use or disclosure is necessary to prevent or lessen a serious and imminent threat to your health or safety or to the health and safety of another person or the public.
K. For Specified Government Functions. Protected health information may be disclosed for military and veterans’ affairs, for national security and intelligence activities, or for correctional facility activities.
L. For Worker’s Compensation. The Company may release your protected health information to comply with worker’s compensation laws or similar programs that are established by the law to provide benefits for work-related injuries or illness without regard to fault.
M. To Business Associates. We may disclose your information to a person or organization that performs a function or activity on behalf of the Company that involves the use or disclosure of protected health information. We will only use or disclose your information to that person or organization if we have obtained adequate assurances that the business associate will appropriately safeguard the information. The Company signs written contracts with its business associates requiring them to follow HIPAA privacy and security rules. Business associates are also required by law to follow HIPAA privacy and security rules.
N. To Personal Representative. We may disclose your information to a person who has the authority, under the law, to act on your behalf in making decisions related to health care.
O. Inmates. If you are an inmate of a correctional institution or under custody of a law enforcement official, we may disclose health information about you to the correctional institution or the law enforcement official. This is necessary for the correctional institution to provide you with health care, to protect your health and safety and the health and safety of others, or for the safety and security of the correctional institution.
III. Uses and Disclosures Permitted without Authorization but with Opportunity to Object
We may disclose your protected health information to your family member or a close friend if it is directly relevant to the person’s involvement in your care or payment related to your treatment. For example, if you are having surgery at the Surgery Center and the family member who is picking you up calls to see if you are done with surgery, we will advise them whether you have left the operating room. We can also disclose your information in connection with trying to locate or notify family members or others involved in your care concerning your location, condition, or death.
You may object to these disclosures. If you do not object to these disclosures or we can infer from the circumstances that you do not object or we determine, in the exercise of our professional judgment, that it is in your best interests for us to make disclosure of information that is directly relevant to the persons involvement with your care, we may disclose your protected health information as described.
IV. Uses and Disclosures That You Authorize
Other than as stated above, we will not disclose your protected health information other than with your written authorization. For example, we will not use or disclose your protected health information without your written authorization for marketing purposes, including subsidized treatment communications, or for what is considered a sale of protected health information, which includes any payment received for using or disclosing protected health information. You may revoke your authorization in writing at any time except to the extent that we have acted in reliance upon the authorization. In addition, if the authorization was obtained as a condition of obtaining insurance coverage, the insurer will have a right to contest a claim under the policy.
V. Your Rights
You have the following rights regarding your health information:
A. The right to inspect and copy your protected health information. You may inspect and obtain a copy of your protected health information that is contained in your medical record for as long as we maintain the protected health information. Your medical record contains medical and billing records and any other records that the Company and its licensed healthcare professionals use for making decisions about you.
Under federal law, however, you do not have the right to inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding; and protected health information that is subject to a law that prohibits access to protected health information. Depending on the circumstances, you may have the right to have a decision to deny access reviewed.
We may deny your request to inspect or copy your protected health information if, in our professional judgment, we determine that the access requested is likely to endanger your life or safety or that of another person or that it is likely to cause substantial harm to another person referenced within the information. You have the right to request a review of this decision.
To inspect and copy your protected health information, you must submit a written request to the Privacy Officer, whose contact information is listed on the last page of this Privacy Notice. If your medical record is, in whole or part, maintained electronically, you may request that we provide you with the information in an electronic format, and we will provide the record to you in your requested format if it is feasible for us to do so. If you request a copy of your information, we may charge you a fee for the costs of copying, mailing, or other costs incurred by us in complying with your request as permitted by federal and state law.
Please contact our Privacy Officer if you have questions about access to your medical record or the costs of obtaining copies.
B. The right to request a restriction on uses and disclosures of your protected health information. You may ask us not to use or disclose certain parts of your protected health information for the purposes of treatment, payment, or health care operations. You may also request that we not disclose your health information to family members or friends who may be involved in your care or for notification purposes as described in this Privacy Notice. Your request must state the specific restriction requested and to whom you want the restriction to apply.
The Company is not required to agree to a restriction that you may request unless you pay in full for the treatment provided. We will notify you if we deny your request to a restriction; however, we cannot deny your request for a restriction if you pay in full for the services related to the protected health information that you do not want to be disclosed, except where disclosure is required by law. If the Company does agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment or to make a disclosure required by law. Under certain circumstances, we may terminate our agreement to a restriction. You may request a restriction by contacting the Privacy Officer in writing.
C. The right to request to receive confidential communications from us by alternative means or at an alternative location. You have the right to request that we communicate with you in certain ways. We will accommodate reasonable requests. We may condition this accommodation by asking you for information as to how payment will be handled or the specification of an alternative address or another method of contact. We will not require you to provide an explanation for your request. Requests must be made in writing to our Privacy Officer.
D. The right to request amendments to your protected health information. You may request an amendment of protected health information about you in your medical record for as long as we maintain this information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us, and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Requests for amendment must be in writing and must be directed to our Privacy Officer. In this written request, you must also provide a reason to support the requested amendments.
E. The right to receive an accounting. You have the right to request an accounting of certain disclosures of your protected health information made by the Company. This right applies to disclosures for purposes other than treatment, payment, or health care operations as described in this Privacy Notice. We are also not required to account for disclosures that you requested, disclosures that you agreed to by signing an authorization form, disclosures for a facility directory, to friends or family members involved in your care, or certain other disclosures we are permitted to make without your authorization. In the event that the Department of Health and Human Services expands your rights to receive an accounting, the Company will comply with those expanded rights. The request for an accounting must be made in writing to our Privacy Officer. The request should specify the time period sought for the accounting. Accounting requests may not be made for periods of time in excess of six years. We will provide the first accounting you request during any 12-month period without charge. Subsequent accounting requests may be subject to a reasonable cost-based fee.
F. The right to obtain a paper copy of this Privacy Notice. Upon request, we will provide a separate paper copy of this Privacy Notice even if you have already received a copy of the Privacy Notice or have agreed to accept it electronically.
G. The right to be notified of any breach of your unsecured protected health information. In the event that your protected health information is breached, for example, if a server containing your protected health information is hacked and your unencrypted information was accessed by an unauthorized third party, we are required by law to notify you of the breach.
VI. Our Duties
The Company is required by law to maintain the privacy of your health information and to provide you with this Privacy Notice of our duties and privacy practices. We are required to abide by the terms of this Notice as may be amended from time to time. We reserve the right to change the terms of this Notice and to make the new Notice provisions effective for all future protected health information that we maintain. If the Company changes its Privacy Notice, we will make a copy of the revised Privacy Notice available to you in our office and on our website.
You have the right to express complaints to the Company and to the US Secretary of Health and Human Services if you believe that your privacy rights have been violated. You may complain to the Company by contacting the Company’s Privacy Officer verbally or in writing, using the contact information below. We encourage you to express any concerns you may have regarding the privacy of your information. You will not be retaliated against in any way for filing a complaint.
VIII. Contact Person
The Company’s contact person for all issues regarding patient privacy and your rights under the federal privacy standards is the Privacy Officer. Information regarding matters covered by this Privacy Notice can be requested by contacting the Privacy Officer. If you feel that your privacy rights have been violated by the Company, you may submit a complaint to our Privacy Officer by sending it to:
Latonya Izzard, JD
5775 Glenridge Drive
Building B, Suite 500
Atlanta, GA 30328
The Privacy Officer can be contacted by telephone at 404-920-8622.
IX. Effective Date
This revised Privacy Notice is effective April 7, 2022.