HIPAA Policy
MEDICFILE.NET
HIPAA PRIVACY POLICY
Notice of Privacy Practices version 2-27-03
(Effective May 15, 2007)
THIS NOTICE DESCRIBES HOW YOUR HEALTH INFORMATION MAY BE USED AND DISCLOSED
BY HEALTHCARE PROVIDERS AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE
REVIEW IT CAREFULLY.
UNDERSTANDING YOUR PROTECTED HEALTH INFORMATION (PHI):
Understanding what is in your health record and how your health information
is used will help you to ensure its accuracy, allow you to better understand
who, what, when, where and why others may access your health information,
and assist you in making more informed decisions when authorizing disclosure
to others. When you visit us, we keep a record of your medical profile. In
using and disclosing this protected health information (PHI), it is our objective
to follow the Privacy Standards of the federal Health Insurance Portability
and Accountability Act, 45 CFR Part 464, even if this is not required in
order for healthcare providers to provide treatment for you. The law allows
us to use and disclose PHI without your specific authorization for treatment,
payment, operations and other specific purposes explained in the rest of
this policy. This includes the sharing of information, when necessary and
appropriate, with other health care providers. All other uses and disclosures
require your specific authorization.
YOUR HEALTH INFORMATION RIGHTS ALLOW YOU TO:
Request a restriction on the uses and disclosures of PHI as described in this
notice, although we are not required to agree to the restriction you request.
You should address your request to the medicfile.net customer service department
and we will notify you if we cannot agree to the restriction.
Obtain a paper copy of this Notice from Medicfile.net
Amend your medical profile anytime pertinent information changes
Obtain an accounting of disclosures of your health information, except that
we are not required to account for disclosures for treatment, payment, operations,
or pursuant to authorization, among other exceptions.
Request that Medicfile.net communicate with you by a specific method and at
a specific location.
We will typically communicate with you in person; or by letter, e-mail, fax,
and/or telephone.
Revoke an authorization to use or disclose PHI at any time except where action
has already been taken.
OUR RESPONSIBILITIES AS REQUIRED BY LAW:
Maintain the privacy of PHI and provide you with notice of our legal duties
and privacy practices with respect to PHI.
Abide by the terms of the notice currently in effect. We have the right to
change our notice of privacy practices and we will apply the change to your
entire PHI, including information obtained prior to the change.
Post notice of any changes to our Privacy Policy legal policy and make a copy
available to you upon request.
Use or disclose your PHI only with your authorization except as described
in this notice.
Follow the more stringent law in any circumstance where other state or federal
law may further restrict the disclosure of your PHI.
If you feel your rights have been violated, you may file a complaint in writing
with Medicfile.net. If you are not satisfied with the resolution of the complaint,
you may also file a complaint with the Secretary of Health and Human Services.
Filing a complaint will not result in retaliation.
We may use or disclose your PHI for treatment, payment and operations, and
for purposes described below:
TREATMENT:
The information contained in your medical profile may be accessed by a physician,
nurse practitioner, nurse or other medical professionals, staff, trainees
and volunteers to determine your best course of treatment. The information
obtained from you will become part of your medical profile. We may also disclose
your PHI to other outside treating medical professionals and staff as deemed
necessary for your care. For example, we may disclose your PHI to an outside
doctor for your care.
HEALTH CARE OPERATIONS:
Members of the medical staff, trainees, medical students, a Risk or Quality
Improvement team, or similar internal personnel may use your information
to assess the care and outcomes of your care in an effort to improve the
quality of the healthcare and service provided for you. For example, an internal
review team may review your medical records to determine the appropriateness
of care. There may also be times in which accountants, auditors, health information
specialists or attorneys may review your PHI to meet their responsibilities.
OTHER USES AND DISCLOSURES NOT REQUIRING AUTHORIZATION:
Business Associates: There are some services provided to our organization through
contracts with business associates, such as hospitals. Your health information
may be disclosed to our business associates so that they can perform these
services. We require the business associates to safeguard your information
to our standards.
Notification: Limited health information may be disclosed to friends or family
members identified by you as being involved in your care or assisting you in
payment. Notification may be given to a family member, or another person responsible
for your care, about your location and general condition.
Legally Required Disclosures & Public Health: We may disclose PHI as required
by law, or in a variety of circumstances authorized by federal or state law.
For example, we may disclose PHI to government officials to avert a serious
threat to health or safety or for public health purposes, such as to prevent
or control communicable disease (which may include notifying individuals that
may have been exposed to the disease, although in such circumstance you will
not be personally identified), federal or state health oversight agencies,
child abuse or neglect, domestic violence, to an employer to evaluate work
related injuries, and to public officials to report births and deaths.
Law Enforcement & Subpoenas: We may disclose PHI to law enforcement such
as limited information for identification and location purposes, or information
regarding suspected victims of crime. We may also disclose PHI to others as
required by court or administrative order, or in response to a valid summons
or subpoena.
Information Regarding Decedents: We may disclose health information regarding
a deceased person to: 1) coroners and medical examiners to identify cause of
death or other duties, 2) funeral directors for their required duties and 3)
To procurement organizations for purposes of organ and tissue donation.
Research: We may also disclose PHI where the disclosure is solely for the
purpose of designing a study, or where the disclosure concerns decedents, or
an institutional review board or privacy board has determined that obtaining
authorization is not feasible and protocols are in place to ensure the privacy
of your health information. In all other situations, we may only disclose PHI
for research purposes with your authorization.
Marketing: We may contact you with information about treatment or other health
related benefits and services that may be of interest to you.
DISCLOSURES REQUIRING AUTHORIZATION:
The release of health information to other treating professionals will be made
with authorization from the patient, which you have the right to revoke at
any time, except to the extent we have already relied upon the authorization
or in the event of an emergency.
ACKNOWLEDGMENT OF RECEIPT:
Federal law requires that we seek your acknowledgment of receipt of this Notice
of Privacy Practices.
Acknowledgment that I have received this Notice of Privacy Practices is included
with the membership agreement to Medicfile.nets Legal Policy and HIPAA Policy.
I understand that if I have any questions regarding this Notice, I may contact
Medicfile.net at customerservice@medicfile.net.