NOTICE OF PRIVACY PRACTICES
This Notice describes how medical information about you may be used or disclosed and how you can get access to this information. Please read it carefully.
If you have any questions about our Privacy Practices, including your rights and ability to voice your concerns, please call us at 630-232-2200.
Dear Patient:
The confidentiality of your personal health information is important to us. As physicians, we rely on you to provide us with complete and accurate information about your condition, symptoms and health history, which helps us make a diagnosis and provide you care and treatment. We appreciate how you trust us with this personal information. We want you to know about the privacy practices in our office that are intended to safeguard the proper use and disclosure of your Protected Health Information (PHI).
Please sign the Acknowledgement, so we know you received a copy of our Notice of Privacy Policies.
We want you to know about HIPAA’s privacy rule and its terms used in our notice of privacy practices.
Our Privacy Practices follow HIPAA’s Privacy Rule. Some of HIPAA’s terms are new and have specific meanings. We will capitalize those terms in this Notice. Please ask us to explain any term you don’t understand.
Let’s Start With Some Important HIPAA Terms:
HIPAA means the Health Insurance Portability and Accountability Act. On August 14, 2002, the Department of Health and Human Services issued the HIPAA Privacy Rule, which describes how PHI may be properly used and disclosed.
Protected Health Information (PHI) – means information about your past, present and future medical condition, treatment of your medical condition, and payment for your treatment.
Use- means how we (physicians and staff) properly use, share, employ, examine, utilize, or analyze PHI internally within our office.
Disclose- means how we properly release, transfer, divulge or provide access to PHI to an outside person or entity, such as another doctor, hospital or nursing home.
Treatment- means the provision of medical care by physicians and staff within our office as well as the management and coordination of care and services between our office and other health care providers, such as doctors, hospitals, nursing homes, home health agencies, and the information and records related to that treatment and care.
Payment- means our activities to obtain payment or reimbursement from a Health Plan for Treatment that we have provided. Payment includes billing and claims management, collection activities and related health care data processing.
Health Plan- means a group insured or self-insured plan, HMO, PPO, or other plan offered by your employer or by Medicare or Medicaid that provides for the Payment of treatment for eligible persons and their dependents.
Health Care Operations- means certain internal functions, business management and administrative activities we perform in our office, such as quality assessment and improvement, evaluating our employees, performing risk management and compliance activities, and arranging for legal and accounting services. Business Associates perform some of these services.
Business Associate- means a person whom, when performing certain services on our behalf may have access or use of PHI. We have entered into agreements with our Business Associates to assure that they safeguard your PHI according to HIPAA’s Privacy Rule.
Non-Covered Person or Entity- means a person or entity that is not required to comply with HIPAA’s Privacy Rule for the use or disclosure of PHI. For example, your employer is a non-covered entity. Health information in your employee record is not considered PHI under HIPAA’s privacy rule.
Notice of Privacy Practices- means this Notice that we are giving you, consistent with the requirements of HIPAA’s Privacy Rule, which describes our practices for maintaining the privacy of your PHI and for creating an internal process for you to express concerns and complaints about privacy issues. We will follow those practices and procedures described in this Notice. If there is a change in the law or in our practices, you may request a copy of those changes.
Designated Record Set- means medical and billing records created and maintained by our office for treatment and payment.
Privacy Officer- means the person in our office who is in charge of assuring that we follow our privacy practices to safeguard your PHI.
We want you to know about our Privacy Practices for safeguarding PHI.
• How We Use and Disclose PHI for Treatment, Payment and Health Care Operations
As permitted by HIPAA’s Privacy Rule, we will use and disclose PHI for treatment, payment and health care operations. There is no need for you to sign consent for us to use and disclose PHI for these purposes.
For example, our physicians and staff will use PHI to provide you treatment in our office. We also will disclose PHI to other physician, health care providers, hospitals and facilities that are involved in providing or coordinating your treatment. We will take reasonable precautions to protect against someone accidentally seeing confidential material or overhearing confidential conversations.
An example of our use and disclosure of PHI for payment is when we check with your health plan about eligibility, coverage and pre-certification requirements, as well as when we submit a claim to your health plan for payment of treatment that we provided to you.
An example of how we use PHI for health care operations is when we monitor our own performance quality in providing you treatment.
• Our Use and Disclosure of PHI according to Your Written Authorization and Your Right to Revoke in Writing that Authorization
We will not use or disclose your PHI for purposes other that treatment, payment, or health care operations, unless required to do so by law) without your signed, written Authorization.
For example, we will not release records to your employer for employment purposes without obtaining your written authorization. We will not disclose PHI to a third party for marketing purposes without your written authorization. Once information is obtained by a non-covered entity, it no longer is considered PHI and is not covered under HIPAA’s privacy rule.
It also is necessary for you to sign an Authorization before we can use or disclose PHI for medical research. You must also sign an authorization before we disclose any psychotherapy notes.
We are attaching a copy of our authorization form to this Notice, so you can become familiar with it.
You may revoke the Authorization in writing at any time. Once we receive your written revocation, we will stop the use or disclosure of PHI according to the Authorization. However, we cannot be held responsible for any previous use or disclosure of PHI as permitted by the authorization be fore we receive your written revocation.
• Our Use and Disclosure of PHI Without Written Authorization, As Permitted or Required by Federal and Illinois Law
We want you to know that we may use or disclose PHI, without a written authorization, as permitted or required by Federal or Illinois law.
- Worker’s Compensation
- Public Health Agencies – CDC, Public Health Department
- FDA and OSHA
- Regulatory Agencies
- National Security
- Coroner and Funeral Directors
- Subpoena and Court Order
- Law Enforcement – identification, pertinent to victims of crime, criminal investigation, prevent or lessen imminent threat to others
• Our Privacy Practices for Contacting You
On occasion, we may contact you for purposes of scheduling or reminding you of an appointment, providing you with test results, or informing you about treatment alternatives or other health-related benefits and services that may be of interest to you.
We may contact you by mail at your home address, or we may call your home or at another telephone number that you specify.
If we contact you by phone, we simply will identify our office and ask to speak with you. If you are not available, we will leave a message with the person answering the telephone for you to call us. We will give a telephone number, but will not disclose any details. If you have an answering machine, we will identify our office and the telephone number with a message for you to return our call, but we will not discloses any details. We will ask you to fill out our Confidential Communication form permitting our office to leave messages or contact you as you request.
We Want You to Know Your Rights under the Privacy Rule and Our Privacy Practices
Your rights under HIPAA’s Privacy Rule and our Privacy Practices are very important to us. We want you to understand your rights, and how we may respond to your requests. If you have any questions or need further clarification, please contact our Privacy Officer.
• You have the right to request and receive from us confidential communications of PHI by alternative means or at alternative locations.
Our general policy is to contact you by mail or by telephone at your home address or telephone number. You have the right to request that we communicate with you confidentially by alternative means or at alternative locations. Our policy is to honor all reasonable requests. If we cannot honor your request, we will inform you of that.
For example, if you do not want us to contact you by telephone or at your home telephone, please fill out the written request that appears in the new patient form or in the separate request form. You also may request that we send a bill to a certain address. We will not require an explanation for why you are making this request.
• You have the right to request restrictions on certain uses and disclosures of PHI.
You may request that we restrict certain uses or disclosures of your PHI by completing the Request for Restriction form. You may present or mail the completed form to us.
This request may involve certain restrictions in connection with treatment, payment or health care operations. It also may involve a request that we do not discuss PHI with family members, friends, or others who are involved in caring for you.
HIPAA’s Privacy Rule gives all physicians the right to deny patient’s request for restricted use or disclosure of PHI.
While we will consider reasonable requests, it is our general policy and practice not to restrict the use or disclosure of PHI that is necessary for providing good treatment or important for protecting the health and safety of others providing treatment or taking care of you. For example, information that you provide when giving us your medical history or certain test results may necessarily be shared with another physician or provider of care. Restricting disclosure could adversely affect the ability of that physician or provider to give you proper treatment.
It also is our general policy and practice not to restrict the use or disclosure of PHI when submitting a claim to a health plan for reimbursement.
If you are a Minor (less than 18 years old), you may request us not to disclose PHI to your parents. We will consider this request in connection with our obligations under Illinois law.
We will consider all other requests for restricted use or disclosure of PHI on a case-by-case basis, taking into account risks and benefits to you and others. If we cannot honor your request, we will let them know.
• You have a right to access, inspect and copy you own PHI that we maintain in a Designated Record Set.
You have the right generally to access, inspect and copy your own PHI that our office maintains in a Designated Record Set.
There are some exceptions under the Privacy Rule. For example, you do not have the right to inspect or copy psychotherapy notes or information compiled in anticipation of civil, criminal or administrative proceedings. Your right also may not extend to information covered by other laws or information obtained from someone other that another health care provider based on a promise of confidentiality.
We may also deny access if, in our judgment, it could endanger the life or safety of you or another.
You may request access to your PHI by completing the Request for Access form and presenting or sending it to us.
Our practice will consider all requests according to our legal responsibilities under the Privacy Rule. We generally will act on your request within 30 days from the time we receive the completed for m. In some circumstances, it may take more than 30 days. If we anticipate that it could take more than 30 days, we will notify you and will act on you request as soon thereafter as reasonably possible.
If we are able to grant your request, we will contact you to set up an appointment for you to inspect your PHI and request a copy of that information. You may not make changes in the original record.
Alternatively, with your permission, we may provide you with a summary or explanation of the PHI in lieu of having you inspect the record.
Under the Privacy Rule, we may charge you copying costs and postage.
If we are unable to grant your request, because of the reasons listed above, or because the information is not part of a Designated Record Set, we will notify you in writing of the basis for the denial and your rights for review of our denial.
• You have the right to amend incorrect or incomplete facts in your PHI maintained in a Designated Record Set.
You may make a request to amend you PHI. All requests to amend PHI must be made in writing
We will respond to your request within 60 days from the date we received your written request.
We will honor your request if PHI is incorrect or incomplete. We may not under the HIPAA Privacy Rule, amend your PHI if it is not part of a Designated Record Set, if it would not be available for you to inspect, or if the information is accurate and complete.
For example, if your record mistakenly indicates that you received treatment for a fracture of the right arm when, in fact, you treatment was for a sprain of your left leg, clearly that information should be amended. If, however, you want to delete a reference contained in the history that you told the physician you were feeling “depressed”, it would not be appropriate to delete that reference from the PHI, because it accurately reflected the information you gave the physician.
If we accept the requested amendment, we will amend the PHI in the designated record set, inform you that we have made the amendment, and notify persons who have received and may have relied on PHI that it has been amended.
If we deny your request to amend PHI, we will:
1) Notify you in writing of the basis for that denial;
2) Inform you of your right to submit a written statement of disagreement and provide you with a form to submit your statement of disagreement, which we will maintain with your record and will include with future disclosures;
3) Inform you of your right to file a complaint.
• You have a right to receive an accounting of disclosures of PHI.
You have a right to receive an Accounting of Disclosures that we have made to others of your PHI. This right is limited and does not require us to provide you with an Accounting of Disclosures made for:
1) Treatment, payment and health care operations (TPO);
2) Disclosures made to you or your legal representative on you behalf;
3) Disclosures made in accordance with a written authorization that you signed;
4) Disclosures made before April 14, 2003
All requests for accounting of disclosure must be made in writing.
