The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal program that requires that all medical reports and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper, or orally, are kept confidential. This Act gives you, the patient, significant new rights to understand and control how your protected health information is used. HIPAA provides penalties for covered entities that misuse protected health information.
As required by HIPAA, we have prepared this explanation of how we are required to maintain the privacy of your health information and how we may use and disclose your health information.
We may use and disclose your medical records only for each of the following purposes: treatment, payment and health care operations.
Treatment means providing, coordinating or managing health care and related services by one or more health care provider. An example of this would include laboratory, referrals to specialty physicians, etc.
Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collection activities, and utilization review. An example of this would be sending a bill for your office visit to your insurance company for payment.
Health Care Operations include the business aspect of running our office such as audits and reviews by government agencies. Examples of this include audits that are required by the Alabama Medicaid Agency and the Bureau of Primary Health Care.
We may also create and distribute de-identified health information by removing all references to individually identifiable health information.
Appointment Reminders: We may use and disclose protected health information about you to contact you to provide appointment reminders.
Individuals Involved in Your Care or Payment for Your Care: We may release health information about you to a friend or family member who is involved in your health care or the person who helps pay for your care.
Research: Under certain circumstances, Whatley Health Services, Inc. may use and disclose medical information about you to researchers when their clinical research study has been approved by an appropriate Institution Review Board. While most clinical research studies require specific patient consent, there are some instances where a retrospective record review with no patient contact may be conducted by such researchers. For example, the research project may involve comparing the health and recovery of certain patients with the same medical condition who received one medical treatment to those who received another.
Organ and Tissue Donation: If you are an organ/tissue donor, Whatley Health Services, Inc., to the extent allowed by law, may disclose your medical information to organ procurement organizations and other entities engaged in the procurement, banking or transplantation of organs for the purpose of tissue donation and transplant. For example, Whatley Health Services, Inc. is required to disclose a positive communicable disease test result before and after transplantation to the medical director or executive director of the organ procurement organization and the United Network for Organ Sharing, pursuant to their regulations.
Public and Private Health Oversight Agencies: Whatley Health Services, Inc. may disclose certain contact information to a health oversight agency for activities authorized by law, including but not limited to, licensure, audits, investigations, and inspections. These activities are necessary for the government and certain private health oversight agencies to monitor the healthcare system, government programs, and compliance with civil rights.
Law Enforcement/Litigation: Whatley Health Services, Inc. may disclose your medical information for law enforcement purposes as required by law or in response to a valid subpoena or court order.
Public Health: As required by law, Whatley Health Services, Inc. may disclose your medical information to public health or legal authorities charged with preventing or controlling disease, injury or disability. For example, Whatley Health Services, Inc. may be required to report the existence of a communicable disease, such as acquired immune deficiency syndrome (“AIDS”), to the Alabama State Department of Public Health to protect the health and well-being of the general public.
Workers Compensation: Whatley Health Services, Inc. may release medical information about you for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illnesses.
Military/Veterans: Whatley Health Services, Inc. may disclose medical information about you as required by military command authorities, if you are a member of the armed forces.
Inmates: If you are an inmate of a correctional institute or under the custody of a law enforcement officer, Whatley Health Services, Inc. may release your medical record information to the correctional institute or law enforcement officer. This release would be necessary (1) for the institution to provide you with health care, (2) to protect your health and safety of the health and safety of others, or (3) for the safety and security of the correctional institution.
Required by Law: Whatley Health Services, Inc. will disclose medical information about you when required to do so by law. For example, Whatley Health Services, Inc. may disclose certain medical information to those persons who have a risk of exposure related to a communicable disease, pursuant to Alabama law.
Coroners, Medical Examiners, Funeral Directors: Whatley Health Services, Inc. may release your medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine a cause of death. Whatley Health Services, Inc. may also release your medical information to funeral directors as necessary to carry out their duties.
Any other uses and disclosures will be made only with your authorization except where disclosure is required by law. You may revoke such authorization in writing and we are required to honor and abide by that written request, except to the extent that we have already taken actions based upon your prior authorization
Although all records concerning your treatment by Whatley Health Services, Inc. are the property of Whatley Health Services, Inc., you have the following rights with respect to your protected health information, which you can exercise by presenting a written request to the Privacy Officer.
- The right to request restrictions on certain uses and disclosures of protected health information, including those related to disclosures to family members, other relatives, close personal friends, or any other person identified by you. We are however, not required to agree to a restriction. If we do agree to a restriction, we must abide by it unless you agree in writing to remove it.
- The right to reasonable requests to receive confidential communications of protected health information from us by alternative means or at alternative location.
- he right to inspect and copy your protected health information. This must be a written request and we reserve the right to charge for copying.
- The right to amend your protected health information if you feel that the health information we maintain about you is incorrect or incomplete.
- The right to receive an accounting of disclosures of protected health information. This must be a written request.
- The right to obtain a paper copy of this notice upon request.
We are required by law to maintain the privacy of your protected health information and to provide you with notice of our legal duties and privacy practices with respect to protected health information.
Whatley Health Services, Inc. reserves the right to change the terms of this notice and to make the new notice provisions effective for all protected health information that it maintains. We will post a copy of our current notice in our facility and will also provide you with a copy of our revised Notice of Privacy Practices upon request.
Notice of Effective Date
This notice is effective as of April 14, 2003, and we are required to abide by the terms of the Notice of Privacy Practices and to make the new notice provisions effective for all protected health information that we maintain.
If you feel your privacy rights have been violated, please contact the Privacy Officer, at (205) 349-3250. You may mail correspondence to the attention of the Privacy Officer at Whatley Health Services, Inc., Post Office Box 2400, Tuscaloosa, AL 35403.