Midsota Privacy Notice
Midsota Plastic Surgeons P.A.,
Midsota Surgical Suites, P.A., Midsota Skin & Laser, Midsota Regional Hand Center
HIPAA NOTICE OF PRIVACY PRACTICES
Effective Date: April 14, 2003
Revised Date: May 23, 2013
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
If you have any questions about this notice, please contact our Privacy Officer at 3701 12th Street N, Suite 100,
St. Cloud, MN 56303.
WHO WILL FOLLOW THIS NOTICE.
This notice describes Midsota and that of:
Any health care professional authorized to enter information into your medical record.
All departments and units of the facilities.
Any member of a volunteer group we allow to help you while you are in any of our facilities.
All workforce members.
All entities, sites and locations follow the terms of this notice. In addition, these entities, sites and locations may share medical information with each other for treatment, payment or hospital operations purposes described in this notice.
OUR PLEDGE REGARDING MEDICAL INFORMATION:
We understand that medical information about you and your health is personal. Midsota is committed to protecting medical information about you. We create a record of the care and services you receive at our facilities. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated by the facilities, whether made by clinical personnel or your personal doctor. This notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information.
Law requires us to:
make sure medical information that identifies you is kept private and secure;
give you this notice of our legal duties and privacy rights with respect to medical information about you; and
follow the terms of the notice that is currently in effect.
HOW MIDSOTA MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU.
The following categories describe different ways that we may use and disclose medical information. For each category of uses or disclosures we will explain what we mean. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.
For Treatment. We may use medical information about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, medical students, or other personnel who are involved in taking care of you at our facilities. Different departments of our facilities may share medical information about you in order to coordinate the different needs of our patients, such as prescriptions, lab work and x-rays. We also may disclose medical information about you to people outside our facilities who may be involved in your medical care after you leave the facility, such as family members, clergy or others we use to provide services that are part of your care. An example of sharing your information may be with another physician for a consultation or referral. In the course of your treatment, verbal communications between our staff members and others related to your healthcare may be overheard by non-staff members in our office. We will make our best efforts to keep your health information as private as possible.
For Payment. We may use and disclose medical information about you so that the treatment and services you receive at our facilities may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about treatment you received at our facilities so your health plan will pay us or reimburse you for the treatment. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
For Health Care Operations. We may use and disclose medical information about you for the facilities operations. These uses and disclosures are necessary to run the facility and make sure that all of our patients receive quality care. For example, we may use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also disclose information to doctors, nurses, technicians, medical students, and other clinic personnel for review and learning purposes. We may also combine the medical information we have with medical information from other physicians to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning who the specific patients are. We may have occasion to use your name as a part of the operational process of servicing our patients. Our staff will make their best effort to protect any information, written or oral, from being seen or over heard by those not authorized to receive the information.
Ø Business Associates. There may be instances where services are provided to our office through contracts with third party “business associates”. Whenever a business associate arrangement involves the use or disclosure of your health information, we will have a written contract that requires the business associate to maintain the same high standards of safeguarding and securing your privacy that we require of our own employees and affiliates. Examples of Business Associates are Midsota attorneys, consultants, collection agencies, and accreditation organizations.
Appointment Reminders. We may use and disclose medical information to contact you as a reminder that you have a future appointment for treatment or medical care at our facility, this may done by phone or by mail, or with permission, by text or e-mail through our automated appointment reminder service. We may also leave other health information related to you on your answer machine using the minimum necessary standard. We will use the phone number you provide to us.
Treatment Alternatives. We may use and disclose medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
Health-Related Benefits and Services. We may use and disclose medical information to tell you about health-related benefits or services that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care. Midsota will only disclose medical information to those involved in taking care of you or involved in payment of your bills. We will disclose only the minimum necessary for their involvement in your care. For example, we may provide limited information for a family member to pick up a prescription for you. Generally we will obtain your written permission prior to making disclosures about you to family or friends. If you are unable to make medical decisions for yourself, Midsota will disclose relative information to family members or other responsible people if we feel it is in your best interest to do so, including in an emergency situation.
Research. Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients’ need for privacy of their medical information. Before we use or disclose medical information for research, the project will have been approved through this research approval process, but we may, however, disclose medical information about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the medical information they review does not leave our facility. We will almost always ask for your specific permission if the researcher will have access to your name, address or other information that reveals who you are.
As Required By Law. We will disclose medical information about you when required to do so by federal, state, or local law.
To Avert a Serious Threat to Health or Safety. We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
Facility Directory. We may include certain limited information about you in our directory while you are a patient in our facilities. This information may include your name, location in the facility, and your religious affiliation if you provide us this information. The directory information, except your religious affiliation and condition, may be released to people who ask for you by name. This is so your family, friends, and clergy can know your location. Your religious affiliation may be given to a member of clergy, such as a priest, pastor, or rabbi even if they don’t ask for you by name. If you would prefer Midsota not make these disclosures, please notify our Privacy Officer at Midsota Plastic Surgeons, 3701 12th Street, Suite 100, St. Cloud, MN 56303.
Organ and Tissue Donation. If you are an organ donor, we may release medical information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation. The information Midsota may disclose is limited to the information necessary to make a transplant possible.
Military and Veterans. If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority. We may use and disclose to components of the Department of Veterans Affairs medical information about you to determine whether you are eligible for certain benefits.
Worker’s Compensation. We may release medical information about you for worker’s compensation or similar programs. These programs provide benefits for work-related injuries or illness. These programs provide benefits for work-related injuries or illnesses. We are permitted to disclose this information to the parties involved in the claim (your employer) without authorization, as long as the claim is related to the worker’s compensation claim.
Public Health Risks. We may disclose medical information about you for public health activities. These activities generally include the following:
· to prevent or control disease, injury or disability;
to report births and deaths;
to report child abuse or neglect;
to report reactions to medications or problems with products;
to notify people of recalls of products they may be using;
to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Reporting to the FDA as permitted or required by law.
Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws. Minnesota law requires that the patient-identifying information (such as your name, social security number, etc.) be removed from most disclosures for health oversight purposes, unless you have provided us with written authorization for the disclosure.
Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request and you have not objected to the disclosure or you authorized the release of the information requested.
Law Enforcement. We may release medical information if asked to do so by a law enforcement official:
· In response to a court order, subpoena, warrant, summons or similar process;
To identify or locate a suspect, fugitive, material witness, or missing person;
About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
About a death we believe may be the result of criminal conduct;
About criminal conduct at the clinic; and
In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. Other disclosures of your health record will require written authorization of a legally appointed representative, spouse, parent, or adult child.
National Security and Intelligence Activities. We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective Services for the President and Others. We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
Ø Breach Notification. Under certain circumstances we may be required to notify the Minnesota Attorney General and/or the Department of Health and Human Services of a breach of your patient information. You would also receive notification of this breach.
A breach of personal data under Minnesota Statute §325E.61 would include the first initial and surname combined with anyone or more of the following:
· Social Security Number;
· Driver’s license or Minnesota identification card number; or
· Account number combined with a security code or password that would allow access to a financial account.
Ø Sale of PHI. We are not allowed to sell your protected health information without your authorization with the exception of permitted uses and disclosure for which a fee is appropriate under HIPAA, such as medical record copy fees or the sale of our practice.
YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU.
You have the following rights regarding medical information we maintain about you:
Right to Inspect and Copy. You have the right to inspect and receive a copy of your medical information that may be used to make decisions about your care. Usually, this includes medical and billing records, but does not include psychotherapy notes. To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to our Medical Records Department at 3701 12th Street, Suite 100, St. Cloud, Minnesota 56303. If you request a copy of the information a fee for the costs of copying, mailing or other supplies associated with your request would apply. If we maintain your health information in electronic health record you have the right to request a copy of your health record in electronic format.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by the clinic will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review. Denials would occur if a Midsota physician believes that the information could be harmful to your health or could cause harm or a threat to someone else.
Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for our facility and was created by Midsota.
To request an amendment, your request must be made in writing and submitted to the attention of the Privacy Officer at 3701 12th Street, Suite 100, St. Cloud, Minnesota 56303. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
Is not part of the medical information kept by or for the clinic;
Is not part of the information which you would be permitted to inspect and copy; or
Is accurate and complete.
Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of the disclosures we made of medical information about you outside of treatment, payment, operational purposes, for facility directories, for national security, to correctional institutions or law enforcement with custody of you, disclosure that took place before April 14, 2003 and disclosure with an authorization. An example of an “accountable disclosure” would be information faxed to the wrong number.
To request this list or accounting of disclosures, you must submit your request in writing to our Privacy Officer at 3701 12th Street, Suite 100, St. Cloud, Minnesota 56303. Your request must state a time period, which may not be longer than six years and may not include dates before April 16, 2003. Your request should indicate in what form you want the list (for example, on paper, electronically). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had at our facility. You also have the right to restrict how we use your health information to your health plan if you paid for the service in full, and out of pocket. Midsota is required to comply with this request to restrict disclosing to your insurance carrier services you paid in full and out-of-pocket.
We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
To request restrictions, you must make your request in writing to any of our Privacy Officer at 3701 12th Street, Suite 100, St. Cloud, Minnesota 56303. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.
Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.
To request confidential communications, you must make your request in writing to our Privacy officer at 3701 12th Street, Suite 100, St. Cloud, Minnesota 56303. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
To obtain a paper copy of this notice, you may obtain one at the front desk of our office.
Various Forms needed for the above mentioned requests are available at our front desk.
Ø You have the right to a notification of a breach that involves your PHI and that has the potential to cause harm to you.
Required Authorizations: Authorizations arerequired from an individual at least in the following three circumstances: (1) most uses and disclosures of psychotherapy notes; (2) uses and disclosures for marketing purposes; and (3) uses and disclosures that involve the sale of PHI.
CHANGES TO THIS NOTICE
We reserve the right to change this notice. This notice has been updated May 23, 2013. We reserve the right to change this notice. We will post a copy of the current notice in the facilities offices. The notice will contain on the first page, in the top right-hand corner, the effective date. In addition, each time you register for treatment or health care services as an outpatient, we will offer you a copy of the current notice in effect. This notice can also be found at our web-site; www.midsota.com.
If you believe your privacy rights have been violated, you may file a complaint with Midsota by contacting our Privacy Officer in writing at 3701 12th Street, Suite 100, St. Cloud, Minnesota 56303 or file with the Secretary of the Department of Health and Human Services or the Office of Civil Rights. All complaints will have to be submitted in writing.
You will not be penalized for filing a complaint.
OTHER USES OF MEDICAL INFORMATION.
Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written authorization. If you provide us written authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of the care that we provided to you.