This Notice Describes How Medical Information About You May Be Used and Disclosed and How You Can Get Access to This Information – Please Review This Document Carefully
Covered Entities are required by federal and state law to protect the privacy of your protected health information (“PHI”). Certain types of PHI may specifically identity you. The term “Covered Entity” includes health care providers that transmit information in an electronic form in connection with a transaction for which the Department of Health and Human Services has adopted standards and regulations (e.g., electronic billing and fund transfers).
Everflex will be providing certain educational services that are not governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). However, in the event that Everflex engage in or commences services that are governed by HIPAA and is therefore functioning as or deemed to be a Covered Entity, then the terms and conditions of this Notice will govern any uses and disclosures of PHI.
In this Notice, “we”, “our” or “us” means Everflex and our workforce of employees, contractors and volunteers. “You” and “your” refers to each of our patients who are entitled to a copy of this Notice. In this Notice, we tell you about:
- How we may use your PHI
- When we may disclose your PHI to others
- Your privacy rights and how to use them
- Our privacy duties
- Who to contact for more information or to file a complaint
Some of the ways we may use (within the organization) or disclose (outside of the organization) your PHI includes the following, if we are functioning as a Covered Entity:
- Treatment: Covered Entities may use and disclose your PHI in the course of your treatment, and share it with other professionals who are treating you. If we are acting as a Covered Entity, we will maintain records detailing the care and services you receive from our providers. These records may be used and/or disclosed by members of our workforce to ensure that proper and optimal care is being rendered.
- Health Care Operations: Covered Entities can use and disclose your PHI in the course of their health care operations, which includes disclosure necessary to monitor the quality of care provided by providers, for business management and planning, compliance monitoring, quality assessment, staff and student training, and customer services.
- Special Uses: Covered Entities may use or disclose your PHI for the following purposes that involve your relationship to the Covered Entity as a patient:
- Communicate with individuals involved in your care, unless you object to such disclosure.
- Disclose your PHI in an emergency if you are not able to express yourself.
- Advise you of new or updated services or home supplies via telecommunication or via a newsletter (you can choose to opt-out of receiving information of this nature from us).
- To other third parties with whom we do business, provided they have provided us with assurances that they will safeguard your information.
- Uses & Disclosures Required or Permitted by Law: Covered Entities may also use your health information in the following instances:
- To conduct research, provided certain protocols are followed.
- When required by federal, state or local law.
- For public health activities (e.g., reporting certain communicable diseases).
- To report neglect, abuse or domestic violence to the authorities.
- To comply with applicable Federal and state oversight and investigations.
- To respond to law enforcement officials or judicial orders, subpoenas or other process.
- Avert a serious threat to health or safety.
- To inform military and veteran authorities if you are in the Armed Forces.
- The extent necessary to comply with laws relating to workers compensation or other similar programs.
- Recommend treatment alternatives.
- In connection with certain types of organ or tissue donor programs.
- Authorization Required: All other uses and disclosure of a Covered Entity must be done with your written authorization. If we are acting as a Covered Entity, we will also obtain your authorization before using your PHI for marketing purposes. You may revoke an authorization at any time; however, this will not affect prior uses and disclosures.
- Your Privacy Rights and How to Exercise Them: If we are acting as a Covered Entity, then you have specific rights related to your PHI, which are summarized below:
- Your Right to Request Limited Use or Disclosure: You may request that we restrict how we use or disclose your PHI. However, we are not required to abide by your request, and we may say “no” if it would affect your care. We may require you to put this request in writing.
- Your Right to Confidential Communication: You may request that we contact you in a specific way (e.g., a specific address or phone number). We are not required to honor all requests. We may require you to put this request in writing.
- Your Right to Inspect and Copy Your PHI: You may inspect and copy your PHI. If we maintain our records electronically you have the right to review and/or have copies made in an electronic format. We may charge reasonable fees for copying and labor time related to copying. We may require you to put this request in writing.
- Your Right to Amend Your PHI: You may request an amendment of your record if you feel the record is incorrect or incomplete. We will require you to put this request in writing. We may deny your request if we believe the record is accurate and/or if the record was not created by us.
- Your Right to an Accounting of Disclosures: You may request an accounting of certain disclosure that we have made over the past six years as a Covered Entity, although this excludes certain disclosures (e.g., disclosures made directly to you, or for treatment, payment, and health care operations, etc.). We may require you to put this request in writing, and can charge reasonable fees for any accounting requests that occur more than once per year. We will advise you of any charge prior to proceeding, and all you will have the option of withdrawing your request.
- You Have a Right to Complain: You have the right to complain if you feel your privacy rights have been violated. You may complain directly to us by contacting our HIPAA officer noted in Section 8 below, or to the:
Office for Civil Rights, Region IX
U.S. Department of Health and Human Services
50 United Nations Plaza, Room 322
San Francisco, CA 94102
Voice Phone (415) 437-8310
Fax (415) 437-8329
TDD (415) 437-8311
We will not retaliate against you if you file a complaint about us. Your complaint should provide a reasonable amount of specific detail to enable us to investigate your concern.
Your Right to a Copy of this Privacy Notice: You can ask for a copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you a paper copy promptly.
- Some of Our Privacy Obligations as a Covered Entity and How We Perform Them
We can change the terms of this notice, and the changes will apply to all information we have about you. If we change our Notice of Privacy Practices we will provide our revised Notice to you when you next seek covered services from us, and will update it on our website.
- We are required by law to maintain the privacy and security of your PHI.
- We will let you know promptly if a breach that may have compromised the privacy or security of your information.
- We must follow the duties and privacy practices described in this notice and give you a copy of it.
- We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
- Contact Information: If you have questions about this Notice, or if you have a complaint or concern, please contact:
- Name: Kelly Sanders Address: 1106 Walnut Street #110, San Luis Obispo, CA 93401 Phone: 866-387-7778
- Effective Date: This Notice takes effect on January 2, 2017.