THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This policy shall be effective as of April 14, 2003, and shall remain in effect until it is either amended or cancelled.
If you have any questions or comments concerning this policy, you should contact the SSL/SBA Chief Privacy Officer by writing to101 E. Fairway Dr. Suite 402, Covington, LA 70433, or calling (985) 234-3000.
For the purposes of this policy, the following defined terms shall have the following definitions:
- HHS shall mean the United States Department of Health and Human Services.
- PHI shall mean specific, individual, identifiable Protected Health Information (hereafter referred to as “PHI”), as defined in 45 C.F.R. § 164.501 of the Privacy Standards.
II. INFORMATION COLLECTED
In the ordinary course of business, SSL/SBA may receive personal information such as:
- Patient’s name, address, and telephone number;
- Information relating to diagnosis, treatment, prognosis, or any other medical information concerning a patient; and
- Patient’s insurance information and coverage.
In addition, other information shall be gathered about a patient, and SSL/SBA shall create a record of the care and/or services rendered to the patient by SSL/SBA. Some of the information may also be provided to SSL/SBA by other individuals or organizations that are part of the patient’s “circle of care”, e.g. the patient’s referring physician, other doctors, the patient’s health insurance plan and family members, hospitals or other health care providers.
III. HOW SSL/SBA MAY USE or DISCLOSE PHI
SSL/SBA collects PHI from you and stores the information in a paper chart and/or an electronic computer. This is your medical record. The medical record is the property of SSL/SBA, but the information in the medical record belongs to you. As such, SSL/SBA shall take reasonable steps to protect the privacy of your PHI. To this end, it is the policy of SSL/SBA that your PHI may not be used or disclosed unless it meets at least one of the following conditions:
- The patient, who is the subject of the information, has consented to the use or disclosure of his/her PHI, and the use or disclosure is specifically for one or more of three reasons:
SSL/SBA shall collect information from you regarding your chief compliant, history of present illness, past medical history, and any diagnosis and/or treatment rendered at the SSL/SBA offices. This information may be transmitted to various departments within our organization, to your referring physician, local or area hospitals and/or surgery centers, and any other entities associated or involved in your medical care. This information may also be disclosed to your primary care physician.
SSL/SBA shall collect billing information from you such as your present address, social security number, date of birth, health insurance carrier, policy number and any other related billing information. SSL/SBA shall disclose to your health insurance provider, Medicare, Medicaid, or any other payer of health care claims, the minimum amount of your health care information that is necessary to process your insurance claim.
- Health Care Operations
SSL/SBA shall disclose your PHI to our physicians, nurses, nurse practitioners, physician assistants, billing clerks, administrative staff and other employees involved in your care and treatment.
- The patient has authorized the use or disclosure of his/her PHI.
- The patient does not object to the disclosure, and the disclosure is to persons involved in the care and treatment of the individual, or for facility directory purposes.
- Notification and communication with family: It is the policy of SSL/SBA to use and disclose your PHI in order to notify or assist in notifying a family member, your Personal Representative, or any person responsible for your care, including your location, your general condition, or in the event of your death. If you are able and available to agree or object, we will give you the opportunity to do so prior to making this notification. If you are unable or unavailable to agree or object, our healthcare professionals will use their best judgment in communication with your family and others.
- Voice mail messages: It is the policy of SSL/SBA that a voice mail or answering machine message may be left at a patient’s home, or any other phone number that the patient provides to SSL/SBA, regarding appointments, billing or payment issues, or any other PHI related to treatment, payment or health care operations.
- It is the policy of SSL/SBA that we may use and disclose your PHI under any of the following circumstances:
- As Required by Law
We may disclose your PHI when required to do so by federal, state or local law, including any judicial proceedings.
- Law Enforcement
We may disclose your PHI to law enforcement officials in order to identify or locate a suspect, fugitive, material witness or missing person; in order to comply with a court order or subpoena; or for any other law enforcement purposes.
- Specialized Government Functions
We may disclose your PHI for military, national security, or incarceration purposes.
- Public Health
We may disclose your PHI to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure.
- Public Safety
We may disclose your PHI to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
- Health Oversight Activities
We may disclose your PHI to health agencies during the course of audits, investigations, inspections, licensure and other proceedings.
- Deceased Person Information
We may disclose your PHI to coroners, medical examiners and funeral directors.
- Organ Donation
We may disclose your PHI to organizations involved in procuring, banking or transplanting organs and tissues.
We may disclose your PHI to researchers conducting research that has been approved by an Institutional Review Board or Privacy Board.
- Worker’s Compensation
We may disclose your PHI as necessary to comply with worker’s compensation laws.
We may contact you to provide appointment reminders or to give you information about other treatments or health-related benefits and services that may be of benefit or interest to you.
IV. OTHER POLICIES, USES and DISCLOSURES
- Notice of Privacy Practices
- Designation of Personal Representative
It is the policy of SSL/SBA that access to PHI must be granted to your designated Personal Representative as specified by you when such access is requested. This designation of a Personal Representative must be submitted in writing by completing the form entitled “Designation of Personal Representative”.
- Deceased Individuals
It is the policy of SSL/SBA that privacy protections extend to information concerning deceased individuals.
- Restriction Requests
- Minimum Necessary Disclosure
It is the policy of SSL/SBA that it shall make reasonable efforts to limit the disclosure to the minimum amount of information needed to accomplish the purpose of the disclosure. It is also the policy of SSL/SBA that all requests for PHI must be limited to the minimum amount of information needed to accomplish the purpose of the request.
- Access to Information
It is the policy of SSL/SBA that you have the right to inspect and copy your PHI. It is the policy of SSL/SBA policy that access to PHI must be granted when such access is requested. Such a request must be submitted in writing by completing the form entitled “Request for Inspection and/or Copy of PHI”. Costs associated with the copying of any PHI shall be in accordance with applicable state and federal law.
- Confidential Communications Channels
It is the policy of SSL/SBA that you have the right to receive your PHI through a reasonable alternative means or at an alternative location. Confidential communication channels can be used at your request, as long as the request is within the reasonable capabilities of SSL/SBA (e.g. a request not to be called at work). Such a request must be submitted in writing by completing the form entitled “Request for Confidential Communication Channels”.
- Amendment of Incomplete or Incorrect PHI
It is the policy of SSL/SBA that you have the right to request that SSL/SBA amend your PHI if you feel that it is incorrect or incomplete. SSL/SBA is not required to change your PHI, and will provide you with information about the denial, and how you can disagree with the denial. Such a request must be submitted in writing by completing the form entitled “Request for Amendment of PHI”.
- Accounting of Disclosures
It is the policy of SSL/SBA that an accounting of disclosures of PHI made by SSL/SBA be given to you if such an accounting is requested. Such a request must be submitted in writing by completing the form entitled “Request for Accounting of Disclosures”. Although you have the right to receive an accounting of disclosures of your PHI made by SSL/SBA, SSL/SBA does not have to account for disclosures related to the Treatment, Payment or Health Care Operations issues described above in this Notice of Privacy Practices.
It is the policy of SSL/SBA that all complaints by patients, employees, providers or other entities relating to PHI be investigated and resolved in a timely fashion. Complaints about this Notice of Privacy Practices or how SSL/SBA handles your PHI should be directed to:
Chief Privacy Officer
Surgical Specialists of Louisiana, LLC
Southern Bariatric Associates, LLC
101 E. Fairway Drive Suite 402
Covington, LA 70433Phone: (985) 234-3000If you are not satisfied with the manner in which this office handles a complaint, you may submit a formal complaint to:
Department of Health and Human Services
Office of Civil Rights
200 Independence Avenue, S.W.
Room 509F, HHH Building
Washington, DC 20201
- Prohibited Activities
It is the policy of SSL/SBA that no officer, manager or employee of SSL/SBA may engage in any intimidating or retaliatory acts or actions against any person who files a complaint or otherwise exercises their rights under HIPAA regulations. It is also the policy of SSL/SBA that no disclosure of PMI will be withheld as a condition for payment for services from the patient or from any entity.
It is the policy of SSL/SBA that the effects of any unauthorized use or disclosure of PHI be mitigated (to decrease the damage caused by the action) to the extent possible.
- Business Associates
- Preemption of State Law
It is the policy of SSL/SBA that the federal privacy regulations are the minimum standard to be used regarding the privacy of a patient’s PMI. If the laws of the State of Louisiana are more stringent in certain areas, the state laws in these areas shall prevail. In all other areas, the federal privacy regulations shall prevail.
- Cooperation with Privacy Oversight Authorities
It is the policy of SSL/SBA that oversight agencies such as the Office for Civil Rights of HHS be given full support and cooperation in their efforts to ensure the protection of PHI within this organization. It is also the policy of SSL/SBA that all SSL/SBA personnel cooperate fully with all privacy compliance review and investigations.
V. CHANGES to NOTICE of PRIVACY PRACTICES
SSL/SBA reserves the right to amend this Notice of Privacy Practices at any time in the future, and will provide a copy of any changes to you upon request. Until such amendment is made, SSL/SBA is required by law to comply with this Notice as written.