NOTICE OF PRIVACY PRACTICES

Mid-Atlantic Women’s Care, PLC

Effective Date: September 23, 2013

Last Revised: September 23, 2013

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

If you have further questions, please contact our Privacy Officer:

Paul Lindner, MD, 757-455-8833

420 North Center Drive, Suite 203

Norfolk, VA 23502

1. Purpose. We understand that medical information about you and your health is personal and we are committed to protecting that information. We create a record of the care and services you receive at Mid-Atlantic Women’s Care, PLC (the “Practice”) in order to provide you with quality care and to comply with certain legal requirements.

This Notice of Privacy Practices (the “Notice”) describes how we may use and disclose your PHI to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” or “PHI” is information about you, including demographic information, that may identify you that relates to your past, present, or future physical or mental health or condition and related health care services.

We are required by law to maintain the privacy of, and provide individuals with, this notice of our legal duties and privacy practices with respect to PHI. We are also required to abide by the terms of the Notice of Privacy Practices currently in effect. If you have any questions about this Notice, please ask to speak with our Privacy Officer.

2. Written Acknowledgement. You will be asked to sign a written statement acknowledging that you have been offered an opportunity to review this Notice and to receive a copy upon request. The acknowledgement only serves to create a record that you have been offered a copy of this Notice for review.

3. Changes to this Notice. We may change the terms of our Notice at any time. The new Notice will be effective for all PHI that we maintain at that time. Upon your request, we will provide you with any revised Notice of Privacy Practices. To request a revised copy, you may call our office and request that a revised copy be sent to you in the mail, or you may ask for one at the time of your next appointment.

4. How We May Use and Disclose Your Protected Health Information. Your PHI may be used and disclosed without your prior authorization by your physician, our office staff, and others outside our office that are involved in your care and treatment for the purpose of providing health care services to you, to pay your health care bills, to support the operation of the Practice, and any other use required by law. The following categories describe the different ways that the Practice may use and disclose your PHI without your prior authorization. Examples of these situations are also provided. These examples are not meant to describe every circumstance, but to give you an idea of the types of uses and disclosures that may be made by the Practice. Other uses and disclosures of your PHI that are not listed or described in this Notice will be made only with your prior written authorization. You may revoke this authorization at any time in writing, but it will not apply to any actions we have already taken.

Uses and Disclosures That May Be Made Without Your Prior Written Authorization:

  • Treatment: Your PHI may be used and disclosed by us for the purpose of providing medical treatment to you or for another health care provider providing medical treatment to you. For example, a nurse obtains treatment information about you and documents it in your medical record, and the physician has access to that information. If you require an x-ray to be taken, the x-ray technician also has access to your PHI. In addition, your PHI may be provided to a physician to whom you have been referred or are otherwise seeing to ensure that the physician has the necessary information to diagnose or treat you. This may also include your primary care physician, physician who referred you to our practice, or pharmacy employees involved in filling or managing your prescriptions.

  • Payment: Your PHI may be used and disclosed by us to obtain payment for your health care bills or to assist another health care provider in obtaining payment for its health care bills. For example, we may submit requests for payment to your health insurance company for the medical services that you received. We may also disclose your PHI as required by your health insurance plan before it approves or pays for the health care services we recommend for you.

  • Health Care Operations: Your PHI may be used and disclosed by us to support our daily operations. These health care operation activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, and conducting or arranging for other business activities. For example, we may disclose your PHI to medical school students that see patients at our office. We may also use your PHI to determine how we can improve the services and care the Practice offers.

  • Health Care Operations of Other Health Care Providers: We may also use or disclose your PHI to assist other health care providers treating you with its quality improvement activities, evaluation of the health care professionals or for fraud and abuse detection or compliance. For example, we may disclose your PHI to another practice to assist in its efforts with complying with all rules related to operating a medical practice.

  • Appointment Reminders: We may use or disclose your PHI to contact you to remind you of your appointment by mail or by telephone. Our message will include the name of the Practice or the name of the treating physician as well as the date and time of your appointment or a reminder that an appointment needs to be rescheduled.

  • Treatment Alternatives: We may use or disclose your PHI to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. For example, we may contact several home health agencies or physical therapy providers to discuss the services they provide when we have a patient who needs these services.

  • To Our Business Associates: We will share your PHI with third party “business associates” that perform various activities (e.g., billing, transcription services) for the Practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your PHI, we will have a written agreement with that business associate that contains terms that will protect the privacy of your PHI. For example, the Practice may hire a billing company to submit claims to your health care insurer. Your PHI will be disclosed to this billing company, but a written agreement between our office and the billing company will prohibit the billing company from using your PHI in any way other than what we allow.

  • Emergencies. We may use or disclose your PHI in an emergency treatment situation. If this happens, we will try to obtain your consent as soon as reasonably practicable after the delivery of treatment. If your healthcare provider or another healthcare provider in our Practice is required by law to treat you and the healthcare provider has attempted to obtain your consent but is unable to obtain your consent, he or she may still use or disclose your PHI to treat you.

Uses or Disclosures that Require Us to Give You an Opportunity to Object:

  • Others Involved in Your Health Care or Payment for Your Health Care: Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your health care. You will be asked to identify such individuals in writing for our medical records. Failure to provide this written notice may result in family members or others involved in your care being denied access to your information. If this written indication is absent, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose your PHI to notify a family member or any other person that is responsible for your care of your location and general health condition.

  • Disaster Relief: We may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or others involved in your health care.

Other Permitted and Required Uses and Disclosures That May Be Made Without Your Authorization or Opportunity to Consent or Object:

  • As Required by Law: We may use or disclose your PHI to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, if required by law, of any such uses or disclosures.

  • Public Health Activities: We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. For example, the disclosure may be made for the purpose of controlling disease, injury or disability. We may also disclose your PHI, if directed by the public health authority, to any other government agency that is collaborating with the public health authority.

  • Food and Drug Administration: We may disclose your PHI to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, or to track products to enable product recalls; to make repairs the operating room replacements; or to conduct post marketing surveillance, as required.

  • Communicable Diseases: We may disclose your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.

  • Abuse or Neglect: We may disclose your PHI to a public health authority that is authorized by law to receive reports of child or adult abuse or neglect. In addition, we may disclose your PHI if we believe that you have been a victim of abuse, neglect, or domestic violence as may be required or permitted by Virginia and/or federal law.

  • Health Oversight: We may disclose your PHI to a health oversight agency for activities authorized by law. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs (such as Medicare or Medicaid), other government regulatory programs and civil rights laws.

  • Legal Proceedings: We may disclose your PHI in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), and in certain conditions in response to a subpoena or other lawful request.

  • Law Enforcement: We may disclose your PHI, so long as all legal requirements are met, for law enforcement purposes. Examples of these law enforcement purposes include (1) legal processes and otherwise required by law, (2) limited information requests for identification and location purposes, (3) pertaining to victims of a crime, (4) suspicion that death has occurred as a result of criminal conduct, (5) in the event that a crime occurs on the premises of our practice, and (6) medical emergency (not on our practice’s premises) and it is likely that a crime has occurred.

  • Coroners, Funeral Directors, and Organ Donation: We may disclose your PHI to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose PHI to a funeral director in order to permit the funeral director to carry out its duties. We may disclose such information in reasonable anticipation of death. Your PHI may be used and disclosed for cadaveric organ, eye or tissue donation purposes.

  • Research: We may disclose your PHI to researchers when their research has been approved by an Institutional Review Board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.

  • Criminal Activity or Threats to Health and Safety: Consistent with applicable federal and state laws, we may disclose your medical information if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose your medical information if it is necessary for law enforcement authorities to identify or apprehend an individual.

  • Military Activity and National Security: When the appropriate conditions apply, we may use or disclose PHI of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits; or (3) to foreign military authority if you are a member of that foreign military service. We may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.

  • Sponsors of Group Health Plans: We may disclose your PHI to the sponsor of a self-funded group health plan, as defined under ERISA. We may also give your employer information on whether you are enrolled in or have dis-enrolled from a health plan offered by the employer.

  • Workers’ Compensation: Your PHI may be disclosed by us as authorized to comply with workers’ compensation laws and other similar legally-established programs.

  • Inmates and Individuals in Police Custody: If you are an inmate of a correctional facility or in police custody, we may use or disclose your PHI to the correctional institution or a law enforcement official having lawful custody of you or other individual if the use or disclosure of PHI is necessary for providing healthcare to you or for protecting your health and safety or the health and safety of other inmates or correctional officers.

  • Fundraising. We may contact you to raise funds. We may use and disclose your PHI, including your demographic data, dates of health care provided, the department from which you received the services, the name of the treating physician, outcome information, and health insurance status to a business associate or institutionally related foundation for fundraising purposes with your authorization. You have the right to opt out of receiving fundraising communications from us, our business associates, and our institutionally related foundations. Each fundraising communication will provide you with a clear opportunity to elect not to receive further fundraising communications.

  • Required Uses and Disclosures: Under the law, we must make certain disclosures to you as described below and, when required by the Secretary of the Department of Health and Human Services, to investigate or determine our compliance with the requirements of the Health Insurance Portability and Accountability Act and its regulations.

Uses and Disclosures Based Upon Your Written Authorization: Other uses and disclosures of your PHI that are not described in this Notice will be made only with your written authorization, unless otherwise permitted or required by law. You may revoke this authorization, at any time, in writing, except to the extent that your physician or the Practice has already taken an action in reliance on the use or disclosure indicated in the authorization.

The following uses and disclosures will be made only with your written authorization: (i) most uses and disclosures of psychotherapy notes; (ii) uses and disclosures of PHI for marketing purposes, including subsidized treatment communications; (iii) uses and disclosures that constitute a sale of PHI; and (iv) other uses and disclosures not otherwise described in this Notice of Privacy Practices.

5. Your Rights. Following is a statement of your rights with respect to your medical information and a brief description of how you may exercise these rights:

  • You have the right to inspect and copy your PHI. You may inspect and obtain a copy of your PHI so long as we maintain the PHI. The information may contain medical and billing records and any other records that we use for making decisions about you. As permitted by federal and state law, we may charge you a reasonable copy fee for a copy of your records. However, under federal law, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action; and medical information that is subject to law that prohibits access to medical information in certain circumstances. We may deny your request to inspect your medical information. In some circumstances, you may have a right to have this decision reviewed. Please contact our Privacy Officer if you have questions about access to your medical record.

You have the right to request a restriction of your PHI. This means you may ask us not to use or disclose any part of your PHI for the purposes of treatment, payment, or health care operations. You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply. Except as provided below, we are not required to agree to a restriction that you request. All requests for restrictions of your PHI must be made in writing to our Privacy Officer.

We are required to agree to a request to restrict certain disclosures of your PHI to a health plan if you have paid in full out-of-pocket for the health care item or service; however, there may be Medicare, Medicaid, and other exemptions by law that apply.

  • You have the right to request to receive confidential communications from us by alternative means or at an alternative location. We will accommodate reasonable requests, but we may condition this accommodation by asking you for information as to how payment will be handled or other information necessary to honor your request. Please make this request in writing to our Privacy Officer.

  • You may have the right to ask us to amend your PHI. You may request an amendment of your PHI so long as we maintain the information. In certain cases, we may deny your request for an amendment. If we deny your request for an amendment, you have the right to file a disagreement with us, and we may respond with a written rebuttal to your statement and will provide you with a copy. Please contact our Privacy Officer if you have questions about amending your medical record.

  • You have the right to receive an accounting of certain disclosures we have made, if any, of your PHI. This right applies to disclosures for purposes other than treatment, payment, or health care operations as described in this Notice. It excludes disclosures we may have made directly to you, disclosures pursuant to a valid authorization, for a facility directory, to family members or friends involved in your care, or for appointment notification purposes. You have the right to receive specific information regarding these disclosures that occurred six (6) years prior to the date of the request. The right to receive this information is subject to certain exceptions, restrictions, and limitations.

  • You have the right to obtain a paper copy of this Notice from us. You have a right to obtain a paper copy of this Notice from us, upon request, even if you have agreed to accept this Notice electronically.

  • You have the right to receive notifications of a data breach. We are required to notify you upon a breach of any unsecured PHI. PHI is “unsecured” if it is not protected by a technology or methodology specified by the Secretary of Health and Human Services. A breach is the acquisition, access, use or disclosure not permitted by law that compromises the security or privacy of the PHI. The notice must be made within sixty (60) days from when we become aware of the breach. However, if we have insufficient contact with you, an alternative method (posting on a website, broadcast media, etc.) may be used.

6. Complaints. You may complain to us or to the Secretary of Health and Human Services if you believe your privacy rights have been violated by us. To file a complaint, please contact our Privacy Officer who will be happy to assist you. You may file a complaint with us by notifying our Privacy Officer of your complaint. If you do not wish to file a complaint with us directly, you may contact the Secretary of Health and Human Services. We will not retaliate against you for filing a complaint.

7. Privacy Officer Contact. If you have any questions about this Notice or require additional information, please ask a staff member for assistance or contact our Privacy Officer, Paul Lindner, MD, 757-455-8833.

8. Effective Date. This revised Notice became effective on September 23, 2013.