HIPAA Privacy Policy: Omnibus Rule
For the Healthcare Facility of: Center for Oral Surgery + Dental Implants
Address: 4349 Sawkaw Dr. NE, Grand Rapids, MI 49525
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION UNDER THE HIPAA OMNIBUS RULE OF 2013. PLEASE REVIEW IT CAREFULLY.
For purposes of this Notice, "us," "we," and "our" refer to the Center for Oral Surgery + Dental Implants, and "you" or "your" refers to our patients (or their legal representatives as determined by us in accordance with state informed consent law). When you receive healthcare services from us, we will obtain access to your medical information (i.e., your health history). We are committed to maintaining the privacy of your health information and have implemented numerous procedures to ensure that we do so.
The Federal Health Insurance Portability & Accountability Act of 2013, HIPAA Omnibus Rule (formally HIPAA 1996 & HI TECH of 2004) requires us to maintain the confidentiality of all your healthcare records and other identifiable patient health information (PHI) used by or disclosed to us in any form, whether electronic, on paper, or spoken. HIPAA is a Federal Law that gives you significant new rights to understand and control how your health information is used. Federal HIPAA Omnibus Rule and state law provide penalties for covered entities, business associates, and their subcontractors and records owners, respectively, that misuse or improperly disclose PHI.
Starting April 14, 2003, HIPAA requires us to provide you with the Notice of our legal duties and the privacy practices we are required to follow when you first come into our office for healthcare services. If you have any questions about this Notice, please ask to speak to our HIPAA Privacy Officer.
Our doctors, clinical staff, employees, Business Associates (outside contractors we hire), their subcontractors, and other involved parties follow the policies and procedures set forth in this Notice. If your primary caretaker/doctor at this facility is unavailable to assist you (i.e., illness, on-call coverage, vacation, etc.), we may provide you with the name of another healthcare provider outside our practice for you to consult with. If we do so, that provider will follow the policies and procedures set forth in this Notice or those established for his or her practice, so long as they substantially conform to those for our practice.
Our Rules on How We May Use and Disclose Your Protected Health Information
Under the law, we must have your signature on a written, dated Consent Form and/or an Authorization Form of Acknowledgement of this Notice before we will use or disclose your PHI for specific purposes, as detailed in the rules here.
Documentation and Revocation
Documentation: You will be asked to sign an Authorization / Acknowledgement form when you receive this Notice of Privacy Practices. You may take back or revoke your consent or authorization at any time (unless we have already acted based on it) by submitting our Revocation Form in writing to us at our address listed above.
Effect of Revocation: Your revocation will take effect upon our receipt. We cannot give it retroactive effect, so it will not affect any use or disclosure that occurred in our reliance on your Consent or Authorization before revocation.
General Rule: If you do not sign our authorization/acknowledgement form or if you revoke it, we generally cannot in any manner use or disclose to anyone (excluding you, but including payers and Business Associates) your PHI or any other information in your medical record (subject to exceptions described in the "Healthcare Treatment, Payment and Operations Rule" and "Special Rules"). We will not condition treatment on your signing an authorization/acknowledgement, but we may be forced to decline you as a new patient or discontinue you as an active patient if you choose not to sign or revoke it.
Healthcare Treatment, Payment, and Operations Rule
With your signed consent, we may use or disclose your PHI for the following reasons:
Treatment: To provide you with or coordinate healthcare treatment and services (e.g., reviewing history, consulting with other doctors, arranging appointments, calling in prescriptions).
Payment: To bill or collect payment from you, an insurance company, or another third party (e.g., verifying insurance, submitting claim forms).
Note: You will be able to restrict disclosures to your insurance carrier for services for which you wish to pay "out of pocket" under the new Omnibus Rule.
Operations: To run our office, assess the quality of care, and provide customer service (e.g., appointment reminders, discussing treatment alternatives, and staff performance evaluation).
If you prefer that we not contact you with appointment reminders or information about treatment alternatives or health-related products, please notify us in writing at our address listed above.
Special Rules
Notwithstanding anything else contained in this Notice, and only in accordance with the applicable HIPAA Omnibus Rule, we may use or disclose your PHI without your permission, consent, or authorization for the following purposes:
When required under federal, state, or local law.
When necessary in emergencies to prevent a serious threat to your health and safety or the health and safety of other persons.
For public health reasons (e.g., reporting disease, injury, abuse, or domestic violence).
For federal or state government health-care oversight activities (e.g., investigations, audits, licensure).
For judicial and administrative proceedings and law enforcement purposes (e.g., in response to a warrant, subpoena, or to coroners/medical examiners).
For Worker’s Compensation purposes.
For intelligence, counterintelligence, or other national security purposes (e.g., U.S. military command).
For organ and tissue donation.
For research projects approved by an Institutional Review Board or a privacy board (if the researcher will have access to your PHI because they are involved in your clinical care, we will ask you to sign an authorization).
To create a collection of information that is "de-identified".
To family members, friends, and others, but only if you are present and verbally give permission, we reasonably assume, based on professional judgment, that you do not object, or it is an emergency situation.
Specific Disclosure Rules
Minimum Necessary Rule
Our staff will not use or access your PHI unless it is necessary to do their jobs. We disclose to others outside our staff only as much of your PHI as is necessary to accomplish the recipient’s lawful purposes.
Still, in some instances, we may use and disclose the entire contents of your medical record:
To you (and your legal representatives) and anyone else you list on a Consent or Authorization.
To healthcare providers for treatment purposes.
To the U.S. Department of Health and Human Services (in connection with a HIPAA complaint).
To others as required under federal or state law.
Incidental Disclosure Rule
We will take reasonable administrative, technical, and security safeguards to ensure the privacy of your PHI when we use or disclose it.
In the event of a breach, we will follow Federal Guidelines to HIPAA Omnibus Rule Standard to evaluate the situation, document it, and report all breaches (other than low probability) to the U.S. Department of Health and Human Services. We will also make proper notification to you as required by HIPAA Law.
Business Associate Rule
Business Associates and other third parties that receive your PHI from us will be prohibited from re-disclosing it unless required to do so by law or you give prior express written consent. Under the Omnibus Rule, Business Associates will sign a strict confidentiality agreement binding them to keep your PHI protected and report any compromise of such information.
Super-Confidential Information Rule
If we have PHI about you regarding communicable diseases, substance abuse diagnosis and treatment, or psychotherapy records (super-confidential information under the law), we will not disclose it without your first signing and properly completing our Consent form (i.e., you specifically must initial the type of super-confidential information we are allowed to disclose).
Marketing and Fundraising Rules
Limitation on Use for Paid Marketing: We will obtain your written authorization to use or disclose your PHI for marketing purposes (e.g., using your photo in ads). This applies if financial remuneration is involved from a third party whose product or service we might promote.
Fundraising: Under the HIPAA Omnibus Rule, use of PHI for fundraising efforts does not require your authorization. However, we will offer the opportunity for you to "opt out" of receiving future fundraising communications.
Your Rights Regarding Your Protected Health Information
To Inspect and Copy
You have the right to see and get a copy of your PHI (including medical and billing records) by submitting a written request to our Privacy Officer.
We will comply with Federal Law to provide your PHI in an electronic format within 30 days, in accordance with Federal specifications, upon your proper written request.
To Request Amendment / Correction
If you think PHI we have about you is incorrect, or that something important is missing, you may ask us to amend or correct it by submitting a “Request for Amendment / Correction” form to our Privacy Officer.
To an Accounting of Disclosures
You may ask us for a list of those who got your PHI from us by submitting a “Request for Accounting of Disclosures” form. The list will not cover some disclosures (e.g., PHI given to you or provided for treatment, payment, or health-care-operations purposes).
To Request Restrictions
You may ask us to limit how your PHI is used and disclosed by submitting a written “Request for Restrictions on Use, Disclosure” form to us. If we agree to these additional limitations, we will follow them except in an emergency.
To Request Alternative Communications
You may ask us to communicate with you in a different way or at a different place by submitting a written “Request for Alternative Communication” Form to us. We will not ask you why, and we will accommodate all reasonable requests.
To Complain or Get More Information
If you want more information or if you believe your privacy rights have been violated, please file a formal, written complaint within 180 days with:
The U.S. Department of Health & Human Services Office of Civil Rights 200 Independence Ave., S.W. Washington, DC 20201 877.696.6775
Or, submit a written Complaint form to us at the following address:
Our Privacy Officer: Albert Chavez
Office Name: Center for Oral Surgery + Dental Implants Office
Address: 4349 Sawkaw Dr. NE, Grand Rapids, MI 49525
Office Phone: 616-361-7327 Office Fax: 616-361-9882
Email Address: info@grandrapidsoralsurgery.com
These privacy practices are in accordance with the original HIPAA enforcement effective April 14, 2003, and updates to the Omnibus Rule of 2013.