HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY. This Ntice applies t the Central Ohi Surgical Assciates, Inc. ( COSA ). The purpse f this Ntice is t describe hw COSA may use and disclse yur prtected health infrmatin ( PHI ) in accrdance with the Health Insurance Prtability and Accuntability Act f 1996 ( HIPAA ), the Health Infrmatin Technlgy fr Ecnmic and Clinical Health Act (the HITECH Act ) and the HIPAA Omnibus Final Rule (the Final Rule ). This Ntice als describes the bligatins f COSA with respect t yur prtected health infrmatin, describes hw yur prtected health infrmatin may be used r disclsed t carry ut treatment, payment r healthcare peratins, and describes yur rights t cntrl and access yur prtected health infrmatin. COSA has agreed t the prvisins set frth in this Ntice. We are required t prvide this Ntice t yu pursuant t HIPAA. The HIPAA Privacy Rule prtects nly certain medical infrmatin knwn as prtected health infrmatin. Generally, prtected health infrmatin is health infrmatin, including demgraphic infrmatin, cllected frm yu r created r received by a health care prvider, a health care clearinghuse, a health plan, r yur emplyer n behalf f a grup health plan, frm which it is pssible t individually identify yu and that relates t: (a) (b) (c) yur past, present, r future physical r mental health r cnditin; the prvisin f health care t yu; r the past, present, r future payment fr the prvisin f health care t yu. 1. Respnsibilities f COSA. COSA is required under HIPAA t maintain the privacy f yur prtected health infrmatin. Prtected health infrmatin includes all individually identifiable health infrmatin transmitted r maintained by COSA that relates t yur past, present r future health, treatment r payment fr health care services. COSA must abide by the terms f this Ntice, and must prvide yu with a cpy f this Ntice upn request. 2. Hw COSA May Use and Disclse Yur Prtected Health Infrmatin. The fllwing categries describe the different situatins in which COSA is permitted r required t use r disclse yur prtected health infrmatin: Fr Treatment. COSA may use r disclse yur prtected health infrmatin t facilitate medical treatment r services by prviders. COSA may disclse medical infrmatin abut yu t prviders, including dctrs, nurses, technicians, medical students, r ther hspital persnnel wh are invlved in taking care f yu. Fr Payment Purpses. COSA has the right t use and disclse yur prtected health infrmatin t satisfy their respnsibilities with respect t the billing and payment cllected frm yu, an insurance cmpany r a third party, fr treatment and services yu receive frm COSA. Fr example, COSA may need t give yur health plan infrmatin abut therapy r nursing services yu receive in rder t receive reimbursement frm yur health plan fr thse services. COSA may als tell yur health plan abut a treatment yu are ging t receive t btain prir apprval r t determine whether yur plan will cver the treatment. Health Care Operatins. COSA has the right t use and disclse yur prtected health infrmatin t perfrm functins necessary fr the peratin f COSA. Fr example, COSA may use health care infrmatin t review COSA s treatment and services and t evaluate the perfrmance f ur staff in caring fr yu. COSA may cmbine health care infrmatin abut many f ur patients t decide what additinal services we shuld
ffer, what services are nt needed, and whether certain new treatments are effective. COSA may als disclse infrmatin t dctrs, nurses, therapists, technicians, aides, students and ther COSA persnnel fr review and learning purpses. COSA may remve infrmatin that identifies yu frm the health care infrmatin s thers may use it t study health care and health care delivery withut learning the identity f any specific patient. Appintment Reminders. COSA may use and disclse health care infrmatin t cntact yu as a reminder that yu have an appintment with COSA. Treatment Alternatives. COSA may use and disclse health care infrmatin t tell yu abut r recmmend pssible treatment ptins r alternatives that may be f interest t yu. Health-Related Benefits and Services. COSA may use and disclse health care infrmatin t tell yu abut health-related benefits r services that may be f interest t yu. T the Individual. COSA may disclse prtected health infrmatin, which yu are the subject f, t yu. Individuals Invlved in Yur Care r Payment fr Yur Care. COSA may release health care infrmatin abut yu t a friend r family member wh is invlved in yur health care. COSA may als give infrmatin t smene wh helps pay fr yur care. In additin, we may disclse health care infrmatin abut yu t an entity assisting in a disaster relief effrt s that yur family can be ntified abut yur cnditin, status and lcatin. This release requires written r ral cnsent frm yu. Research. Under certain circumstances, COSA may use and disclse health care infrmatin abut yu fr research purpses. Fr example, a research prject may invlve cmparing the health and recvery f all parties wh received ne type f treatment t thse wh received anther fr the same cnditin. All research prjects, hwever, are subject t a special apprval prcess. This prcess evaluates a prpsed research prject and its use f health care infrmatin, trying t balances the research needs with patients need fr privacy f their health care infrmatin. Befre we use r disclse health care infrmatin fr research, the prject will be apprved thrugh this research apprval prcess, but COSA may, hwever, disclse health care infrmatin abut yu t peple preparing t cnduct a research prject, fr example, t help them lk fr patients with specific health care needs, s lng as the health care infrmatin they review des nt leave ur cntrl. We will almst always ask fr yur specific permissin if the researcher will have access t yur name, address r ther infrmatin that reveals wh yu are, r will be invlved in yur care with us. Business Assciates. COSA may cntract with certain service prviders ( Business Assciates ) t perfrm varius functins n behalf f COSA. T prvide these services, the Business Assciates may receive, create, maintain, use r disclse prtected health infrmatin. COSA and each Business Assciate will enter int, r have already entered int, an agreement requiring the Business Assciate t safeguard yur prtected health infrmatin as required by law and in accrdance with the terms f this Ntice. Required By Law. COSA may use r disclse yur prtected health infrmatin t the extent required by federal, state r lcal law. Fr example, COSA may disclse yur prtected health infrmatin when required by natinal security laws r public health disclsure laws. Lawsuits and Disputes. COSA may disclse yur prtected health infrmatin in respnse t a curt r administrative rder. Yur prtected health infrmatin may als be disclsed in respnse t a subpena, discvery request r ther lawful prcess if effrts have been made t tell yu abut the request r t btain an rder prtecting yur prtected health infrmatin. Certain Gvernment Agencies and Officials. COSA may disclse yur prtected health infrmatin t (i) gvernment agencies invlved in versight f the health care system, (ii) gvernment authrities authrized t receive reprts f abuse, neglect r dmestic vilence, (iii) law enfrcement fficials fr law enfrcement purpses, (iv) military cmmand authrities, if yu are r were a member f the armed frces, (v) crrectinal institutins, if yu are an inmate r in under the custdy f a law enfrcement fficial and (vi) federal fficials fr intelligence, cunterintelligence, and ther natinal security activities.
Public Health and Research Activities; Medical Examiners. COSA may als disclse yur prtected health infrmatin (i) fr public health activities r t prevent a serius threat t health and safety, (ii) t rganizatins that handle rgan dnatins, if yu are an rgan dnr, (iii) t crners, medical examiners and funeral directrs as necessary, and (iv) t researchers, if certain cnditins regarding the privacy f yur prtected health infrmatin have been met. Wrkers Cmpensatin. COSA may disclse yur prtected health infrmatin t cmply with wrkers cmpensatin laws and ther similar prgrams that prvide benefits fr wrk-related injuries r illnesses. Military and Veterans. If yu are a member f the armed frces, COSA may release health care infrmatin abut yu as required by military cmmand authrities. We may als release health care infrmatin abut freign military persnnel t the apprpriate freign military authrity. Disclsures t the Secretary f the U.S. Department f Health and Human Services. COSA may be required t disclse yur prtected health infrmatin t the Secretary f the U.S. Department f Health and Human Services t investigate r determine COSA s cmpliance with the HIPAA Privacy Rules. Other Uses and Disclsures With Written Authrizatin. Disclsures and uses f yur prtected health infrmatin that are nt described abve may be made by COSA with yur written authrizatin. If COSA is authrized t use r disclse yur prtected health infrmatin, yu may revke that authrizatin, in writing, at any time, except t the extent that COSA has taken actin relying n the authrizatin. COSA will nt be able t take back any disclsures f yur prtected health infrmatin that have already been made with yur authrizatin. 3. Yur Rights With Respect t Yur Prtected Health Infrmatin. The fllwing summarizes yur rights with respect t yur prtected health infrmatin: Right t Request a Restrictin n Uses and Disclsures f Prtected Health Infrmatin. Yu have the right t request a restrictin r limitatin n the prtected health infrmatin used r disclsed abut yu by COSA fr treatment, payment r health care peratins. Yu als have the right t request a limit n the disclsure f yur prtected health infrmatin t smene wh is invlved in yur care r the payment fr yur care, such as a family member, friend r ther persn yu have identified as respnsible fr yur care. In yur request, yu must tell COSA (i) what infrmatin yu want t limit; (ii) whether yu want t limit COSA s use, disclsure, r bth; and (iii) t whm yu want the limits t apply, fr example, disclsures t yur spuse. COSA will cmply with any restrictin request if (iv) except as therwise required by law, the disclsure is t the health plan fr purpses f carrying ut payment r health care peratins (and is nt fr purpses f carrying ut treatment); and (v) the prtected health infrmatin pertains slely t a health care item r service fr which the health care prvider invlved has been paid ut-f-pcket in full. If COSA agrees t yur request, COSA will hnr the restrictin until yu revke it r we ntify yu. Right t Request Cnfidential Cmmunicatins. Yu have the right t request that COSA cmmunicate with yu abut yur prtected health infrmatin in a certain way r at a certain lcatin. Fr example, yu can request that COSA nly cntact yu at wrk r by mail. COSA will accmmdate all reasnable requests. Right t Inspect and Cpy Yur Prtected Health Infrmatin. Yu have the right t inspect and cpy yur prtected health infrmatin. Under certain limited circumstances, we may deny yur access t a prtin f yur recrds. Fr example, yu d nt have a right t inspect and cpy psychtherapy ntes r infrmatin that COSA have cllected in cnnectin with, r in reasnable anticipatin f, any legal claim r prceeding. If yu request cpies, we may charge yu reasnable cpying and mailing csts. Right t Amend Yur Prtected Health Infrmatin. Yu have the right t request an amendment f yur prtected health infrmatin that is maintained by COSA if yu believe that the infrmatin is inaccurate r incmplete. COSA may deny yur request if yur prtected health infrmatin is accurate and cmplete r if the law des nt permit COSA t amend the requested infrmatin. COSA cannt amend infrmatin created by yur dctr r any persn ther than COSA.
Right t Receive an Accunting f Disclsures f Yur Prtected Health Infrmatin. Yu have the right t request an accunting f disclsures COSA has made f yur prtected health infrmatin during the six (6) years prir t the date f yur request. Hwever, yu will nt receive an accunting f (i) disclsures made prir t April 14, 2003, (ii) disclsures made t yu, (iii) disclsures made pursuant t yur authrizatin, (iv) disclsures fr purpses f treatment, payment r health care peratins and (v) disclsures made t friends r family in yur presence r because f an emergency. Certain ther disclsures are als excepted frm the HIPAA accunting requirements. If yu request mre than ne accunting in any twelve (12) mnth perid, COSA will charge yu a reasnable fee fr each accunting after the first accunting statement. Uses and Disclsures that Require Yur Authrizatin. The fllwing uses and disclsures will be made by COSA nly with yur authrizatin: uses and disclsures fr marketing purpses, including subsidized treatment cmmunicatins; uses and disclsures that cnstitute the sale f PHI; if COSA maintains psychtherapy ntes, the use and disclsure f such ntes will nly be made upn the authrizatin frm yu; and ther uses and disclsures nt described in this Ntice. Yu may revke yur authrizatin at any time, s lng as the revcatin is in writing. Once we receive yur written revcatin, it will nly be effective fr future uses and disclsures. It will nt be effective fr any infrmatin that may have been used r disclsed in reliance upn the written authrizatin and prir t receiving yur written revcatin. Right t Opt-Out f Fundraising Cmmunicatins. If COSA cnducts r engages in fundraising cmmunicatins, yu shall have the right t pt-ut f such fundraising cmmunicatins. Right t Receive a Paper Cpy f this Ntice. Yu have the right t receive a paper cpy f this Ntice upn request, even if yu agreed t receive this Ntice electrnically. T btain a paper cpy f this Ntice, cntact Kathy Snke, Privacy Officer at 750 Mt. Carmel Mall, Suite 330, Clumbus Ohi 43222, 614-222-8000. Right t Be Ntified f a Breach. Yu have the right t be ntified in the event that COSA (r a Business Assciate) cmmits r discvers a breach f unsecured prtected health infrmatin. T Exercise Yur Individual Rights. T exercise any f yur rights listed abve, yu must cmplete the apprpriate frm. T btain the required frm, please cntact Kathy Snke, Privacy Officer, Central Ohi Surgical Assciates, 750 Mt Carmel Mall, Suite 330, Clumbus, Ohi 43222 614-222- 8000. 4. Filing a Cmplaint With COSA r the U.S. Dept. f Health and Human Services. If yu believe that COSA has vilated yur HIPAA privacy rights, yu may cmplain t COSA r t the Secretary f the U.S. Department f Health and Human Services. Cmplaints t COSA shuld be sent t: Kathy Snke, Privacy Officer, Central Ohi Surgical Assciates, 750 Mt Carmel Mall, Suite 330, Clumbus, Ohi 43222. Cmplaints t the Secretary shuld be sent t the U.S. Department f Health and Human Services, Hubert H. Humphrey Building, 200 Independence Ave. S.W., Washingtn, D.C. 20201. COSA will nt penalize yu r retaliate against yu fr filing a cmplaint.
5. Changes t this Ntice. COSA reserves the right t change the prvisins f this Ntice and t apply the changes t all prtected health infrmatin received and maintained by COSA. If COSA makes a material change t this Ntice, a revised versin f this Ntice will be prvided t yu within thirty (30) days f the effective date f the change at yur address f recrd. 6. Effective Date. This Ntice becmes effective n September 23, 2013. 7. Cntact Infrmatin. If yu have any questins regarding this Ntice r wuld like t exercise any f yur rights described in this Ntice, please cntact: Central Ohi Surgical Assciates, Inc. Attentin: Melinda Ridgeway 750 Mt Carmel Mall, Suite 200 Clumbus, Ohi 43222 Telephne: 614-222-8000