Notice of Privacy Practices Summary and Patient Rights

  • The HIPAA Privacy Rule (Standards for Privacy of Individually Identifiable Health Information) (3) provides the first national standards for protecting the privacy of health information. The Privacy Rule regulates how certain entities, called covered entities, use and disclose certain individually identifiable health information, called protected health information (PHI). PHI is individually identifiable health information that is transmitted or maintained in any form or medium (e.g., electronic, paper, or oral), but excludes certain educational records and employment records. Among other provisions, the Privacy Practice States:
  • - gives patients more control over their health information;
  • - sets boundaries on the use and release of health records;
  • - establishes safeguards that health-care providers must achieve to protect the privacy of health information;
  • - holds violators accountable with civil and criminal penalties that can be imposed if they violate patients' privacy rights;
  • - strikes a balance when public health responsibilities support disclosure of certain forms of data;
  • - strikes a balance when public health responsibilities support disclosure of certain forms of data;
  • - enables patients to make informed choices based on how individual health information may be used;
  • - enables patients to find out how their information may be used and what disclosures of their information have been made
  • With respect to individuals, they are vested with the following rights (including but not limited to):
  • - Receive access to PHI. Individual rights include inspections of records and the provision for copies of PHI about the individual in a designated record set, for as long as the PHI is maintained in the designated record set, except for psychotherapy notes, information complied for use in civil, criminal, or administrative actions, and PHI maintained by a covered entity subject to the Clinical Laboratory Improvement Amendments of 1988 [42 CFR § 263(a)]. In the majority of cases, covered entities must accommodate a request or provide a process of denial, subject to review [45 CFR § 164.524].
  • - Receive an accounting of disclosures. Upon request, covered entities are required to provide individuals with an accounting for certain types of disclosures of PHI, although the rule contains certain exceptions, including disclosures with individual authorization, disclosures related to providers' treatment, payment and health-care operations (TPO), and other exceptions. A typical accounting includes the name of the person or entity who received the information, date of the disclosure, a brief description of the information disclosed, and a brief explanation of the reasons for disclosure or copy of the request [45 CFR § 164.528]. However, requirements for accounting of public health disclosures may vary (see Accounting for Public Health Disclosures).
  • - Request restrictions. Individuals have the right to request a restriction on certain uses or disclosures of their PHI; however, the covered entity is not obligated to agree to such a request. If the covered entity does agree to a restriction, it must generally abide by the agreement, except for emergency treatment situations. But such an agreement is not effective to prevent certain permitted uses or disclosures [CFR 45 § 164.512]. Disclosure may also be required pursuant to a legal proceeding.
  • - Understanding the Type of Information: We collect information about you when you come to see us. It includes your name, date of birth, sex, financial information, insurance information and other personal information. We also get enrollment information from your health insurers and medical information from your other health care providers. When you see us, we also collect information about your condition, diagnosis and treatment.
  • Our Privacy Commitment To You:

    We care about your privacy. The information we collect about you is private. We are required to give you a notice of our privacy practices. Only people who have both the need and the legal right may see your information. Unless you give us permission in writing, we will only disclose your information for purposes of treatment, payment, business operations, when we are required by law to do so. Our use and disclosure of your personal health information must comply not only with federal privacy regulations but also with applicable Pennsylvania law. Pennsylvania law provides different protections to your personal health information. For example, Pennsylvania provides extra protection for sensitive information, like HIV/AIDS information and mental health information.
  • Pennsylvania:
  • http://www.dpw.state.pa.us/omap/hipaa/omaphipaa.asp
  • http://www.insurance.state.pa.us/html/hipaa.html
  • DHHS Office for Civil Rights --- HIPAA guidelines:
  • http://www.hhs.gov/ocr/hipaa
  • National Institutes of Health:
  • http://privacyruleandresearch.nih.gov
  • Centers for Medicare and Medicaid Services:
  • http://www.cms.gov/hipaa/
  • http://www.cms.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp
  • MM slash DD slash YYYY
  • MM slash DD slash YYYY
  • MM slash DD slash YYYY