FLORIDA EYE CLINIC - NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY
In fulfillment of one of the HIPAA requirements, FEC has prepared and implemented a Patient Confidentiality Policy. This notice is a component of that policy. As a covered entity, we are required to inform you of your rights. We are also required to obtain your signature indicating that we have informed you. Thank you for your cooperation.
The U.S. Department of Health and Human Services (HHS) has issued the final rules for protecting the privacy of individually identifiable health information. The rules were issued pursuant to provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Effective September 23, 2009, a new HIPAA Breach Notification Rule (Rule) was created as a component of the American Recovery and Reinvestment Act of 2009. This Rule concerns the unauthorized acquisition, access, use, or disclosure of unsecured patient protected health information (PHI) as a result of a security breach.
Effective March 26, 2013, the (HIPAA/HITECH) Final Omnibus Rule, §164.520(b)(1)(ii)(E), adopted modifications, which require certain additional statements in this document regarding uses and disclosures that require authorization.
The final rules cover health plans, health clearinghouses (i.e., entities that process health information received from a covered entity), and healthcare providers, like FEC, that conduct certain financial and administrative transactions electronically (e.g., electronic billing and funds transfer).
The regulations cover all medical records and any other individually identifiable health information, whether communicated electronically, on paper, or orally. The rules do not apply to information that contains no identifying information, or information that has been altered so as not to identify the individual about whom the information applies.
Protected patient information generally can only be used or disclosed for purposes of healthcare treatment (e.g., documenting and referring to patient information in a medical record, sharing patient information with referring doctors, etc.), payment (i.e., submitting claims to Medicare/Medicaid or private insurance companies), and operations (i.e., internal accounting and record keeping) pursuant to a general advance consent from the patient, except for disclosures to the patient or the patient’s personal representative, emergencies, and other limited exceptions discussed below.
The privacy standard identifies certain permissible uses and disclosures, without the need to obtain written consent or authorization from a patient. The following are permissible uses and disclosures:
Other uses and disclosures not described above, including but not limited to psychotherapy notes, most uses and disclosures of PHI for marketing purposes and most sales of PHI^ will require prior authorization by you.
FEC and its business associates shall not directly or indirectly receive compensation in exchange for any patient PHI, except as provided below; and, only if FEC obtains valid patient authorization that states whether the PHI can be further compensated by the entity receiving that patient PHI.
The paragraph above shall not apply when the purpose of the exchange is:
It is the treating FEC physician’s prerogative to accept or deny the patient’s request.
In compliance with the (HIPAA/HITECH) Final Omnibus Rule discussed under History above, and to the extent that these requirements apply to FEC operations, you have the right to:
In compliance with the HIPAA Breach Notification Rule discussed under History above, FEC will take appropriate steps to determine any unauthorized acquisition, access, use, or disclosure of unsecured PHI caused by security breaches. Once a security breach has been determined, FEC, through its Privacy and Security Officer, will determine the nature of the breach, what steps will be taken to prevent such a breach from reoccurring, and take appropriate steps to notify those individuals or entities specified in the Rule.
HIPAA regulations permit covered entities like FEC to change terms of this notice. In the event changes occur, notice of such changes will be visibly posted in each FEC practice location. You may request a copy of the notice that incorporates the changes.
The regulations require that covered entities, like FEC, appoint a Privacy Officer. In keeping with this requirement, the FEC Board of Directors has appointed Sondra Hoffman,COE,CPC,CMPE,OCS in this capacity. She may be reached at 160 Boston Avenue Altamonte Springs, Fl 32701 or by calling 407-834-7776 extension 102.
* All requests for access and/or amendment to Protected Health Information (PHI) must be in writing. This written request must be addressed to the Privacy Officer referenced above.