SleepMed Incorporated and affiliates notice of privacy practices
EFFECTIVE DATE: September 10, 2013
This notice describes how medical information about you may be used and disclosed and
how you can get access to this information. Please review it carefully.
Who will follow this notice
- SleepMed incorporated (“SleepMed”)
- DigiTrace Care Services, Inc. (“DigiTrace”)
- Sleep Center Services, Inc. (“Sleep Center”)
- SleepMed Therapies, Inc. (“Therapies”)
- SleepMed of California, incorporated (“California”)
- All employees, staff and physicians of SleepMed, DigiTrace, Sleep Center, Therapies and California.
Purpose of this notice
Pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), we are required to maintain the privacy of health information that can be specifically identified as yours (“protected health information”) and to provide you with notice of our legal duties and privacy practices with respect to your protected health information (the “Privacy Practices”), as set forth below. “Protected health information” refers to information about you (including demographic and billing information) that we create or receive in providing services to you and that relates to your past, present, or future physical or mental health or condition and related health care services.
We are committed to protecting the privacy of your protected health information. This Notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. This Notice of Privacy of Practices also describes your rights and certain obligations we have regarding the use and disclosure of your protected health information. At all times we are required to abide by the terms of our most current Notice of Privacy Practices.
HOW WE MAY USE AND DISCLOSE PROTECTED HEALTH INFORMATION ABOUT YOU:
The following categories describe different ways that we use and disclose your protected health information. For each category of uses or disclosures, we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.
For Treatment, Payment and Health Care Operations. We may use and disclose your protected health information, without your authorization or providing you the opportunity to agree or object, in the following circumstances:
For Treatment. We may record your protected health information in your medical record and we may use this protected health information to provide you with medical treatment or services. We may disclose your protected health information to your personal doctors, hospitals, nurses, technicians, medical students, or other health care personnel who are involved in taking care of you. This information is necessary for these health care providers to determine what medical treatment you should receive.
For Payment. We may use and disclose your protected health information so that the treatment and services you receive from us may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about tests we provided to you so your health plan will pay us or reimburse you for the test. We may also tell your health plan about a test or treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the test or treatment.
For Health Care Operations. We may use and disclose your protected health information for our operations. These uses and disclosures are necessary to run SleepMed, DigiTrace, Sleep Center, Therapies and California and make sure that all of our patients receive quality care. For example, we may use your protected health information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine protected health information about many patients to decide what additional services we should offer, what services are not needed, and whether certain new tests or treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students, and other personnel for quality review and learning purposes. We may also combine the protected health information we have with the protected health information maintained by other medical providers to compare how we are doing and see where we can make improvements in the quality of care and services we offer.
Appointment Reminders. We may use and disclose your protected health information in order to contact you as a reminder that you have an appointment for a test or treatment at SleepMed, DigiTrace, Sleep Center, Therapies or California. We usually will call you at home the day before your appointment and leave a message for you on your answering machine or with an individual who responds to our telephone call. We also may send appointment reminders via e-mail if you provide an e-mail address by which to contact you. However, you may request that we provide such reminders only in a certain way or only at a certain place. We will endeavor to accommodate all reasonable requests.
Treatment Alternatives and Health-Related Services. We may use and disclose your protected health information to tell you about or recommend possible treatment options or alternatives or health-related benefits or services that may be of interest to you.
Other Permitted and Required Uses and Disclosures Without Your Authorization or Opportunity to Agree or Object. We may also use or disclose your protected health information in the following situations without your authorization or providing you the opportunity to agree or object:
Workers’ Compensation. We may release your protected health information for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
Organ and Tissue Donation. If you are an organ donor, we may release your protected health information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Coroners and Medical Examiners. We may release your protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death.
Research. Under certain circumstances, we may use and disclose your protected health information for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one test or treatment to those who received another, for the same condition. All research projects, however, must be approved by a privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information. We may also disclose your protected health information to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the protected health information they review does not leave our offices.
Public Health Risks. We may disclose your protected health information for public health activities. These activities generally include the following:
to prevent or control disease, injury or disability;
to report deaths;
to report child abuse or neglect;
to report reactions to medications or problems with products;
to notify people of recalls of products they may be using;
to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Health Oversight Activities. We may disclose your protected health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
To Avert a Serious Threat to Health or Safety. We may use and disclose your protected health information when necessary to prevent a serious threat to the health and safety of you or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
As Required By Law. We will disclose your protected health information when required to do so by federal, state or local law.
Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose your protected health information in response to a court or administrative order. We may also disclose your protected health information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement. We may release your protected health information if asked to do so by a law enforcement official:
In response to a court order, subpoena, warrant, summons or similar process;
To identify or locate a suspect, fugitive, material witness, or missing person;
About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
About a death we believe may be the result of criminal conduct;
About criminal conduct at our offices; and
In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Military and Veterans. If you are a member of the armed forces, we may release your protected health information as required by military command authorities. We may also release protected health information about foreign military personnel to the appropriate foreign military authority.
National Security, Intelligence Activities and Protective Services. We may release your protected health information to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law and for protective services for certain public and foreign officials.
Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release your protected health information to the correctional institution or law enforcement official. This release would be necessary (1) for the correctional institution to provide you with health care; (2) to protect the health and safety of you or other inmates; or (3) for the safety and security of the correctional institution.
Other Permitted and Required Uses and Disclosures That Require Providing You the Opportunity to Agree or Object. You have the opportunity to agree or object to the use or disclosure of all or part of your protected health information in the following instances:
Individuals Involved in Your Care or Payment for Your Care. Unless you object, we may disclose to a family member, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your medical care. We may also give information to someone who helps pay for your care. We may also tell your family or friends your condition. However, if you are unavailable or otherwise unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment.
Other uses of protected health information
Other uses and disclosures of your protected health information not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you provide us written authorization to use or disclose your protected health information, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose your protected health information for the reasons covered by your written authorization, except to the extent that action has already been taken by us.
Your rights regarding your protected health information
You have the following rights regarding the protected health information that we maintain about you:
Right to Inspect and Copy. You have the right to inspect and copy protected health information that may be used to make decisions about your care as provided for in 45 C.F.R. §164.524. Usually, this includes medical and billing records. To inspect and copy protected health information that may be used to make decisions about you, you must submit your request in writing to the Privacy Officer. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to your protected health information, you may request that the denial be reviewed. We will choose another licensed health care professional who was not directly involved in the denial to conduct the review. We will comply with the outcome of the review.
If your protected health information is maintained in an electronic health record, you also have the right to request an electronic copy of your record be sent to you or to another individual or entity. We may charge you a reasonable fee limited to the labor costs associated with transmitting the electronic health record.
Right to Amend. If you feel that protected health information we have about you is incorrect or incomplete, you may ask us to amend the information as provided in 45 C.F.R. §164.526. You have the right to request an amendment of protected health information about you in a designated record set for as long as the information is kept by us.
To request an amendment, your request must be made in writing and submitted to the Privacy Officer. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
Is not part of the protected health information kept by or for SleepMed, DigiTrace, Sleep Center, Therapies or California;
Is not part of the information which you would be permitted to inspect and copy; or
Is accurate and complete.
If we deny your request for amendment, you may submit a statement of disagreement. We may reasonably limit the length of this statement. Your letter of disagreement will be included in your medical record, but we may also include a rebuttal statement.
Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures we made of your protected health information. In your accounting, we are not required to list certain disclosures, including:
Disclosures made for treatment, payment and health care operation purposes or disclosures made incidental to treatment, payment and health care operations, however, if the disclosures were made through an electronic health record, you have the right to request an accounting of such disclosures that were made during the previous 3 years;
Disclosures made pursuant to your authorization;
Disclosures made to create a limited data set; and
Disclosures made directly to you.
To request this accounting of disclosures, you must submit your request in writing to the Privacy Officer. Your request must state a time period which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the accounting (for example, on paper, electronically by e-mail). The first accounting you request within a 12 month period will be free. For additional accountings, we may charge you for the costs of providing the accounting. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred. Under limited circumstances mandated by federal and state law, we may temporarily deny your request for an accounting of disclosures.
Right to Request Restrictions. You have the right to request a restriction or limitation on the protected health information we use or disclose about you for treatment, payment or health care operations as provided in 45 C.F.R. §164.522. You also have the right to request a limit on the protected health information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a procedure you had. If you paid out-of-pocket for a specific item or service, you have the right to request that protected health information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we are required to honor that request. Except as noted directly above, we are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
To request restrictions, you must make your request in writing to the Privacy Officer. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.
Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location as provided in 45 C.F.R. §164.522. For example, you can ask that we only contact you at work or by mail.
To request confidential communications, you must make your request in writing to the Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
Right to Receive Notice of a Breach. We are required to notify you by first class mail or e-mail (if you have indicated a preference to receive information by e-mail), of any breaches of “unsecured protected health information” as soon as possible, but in any event, no later than 60 days following the discovery of the breach. “Unsecured protected health information” is information that is not secured through the use of technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the protected health information unusable, unreadable, and undecipherable to unauthorized users. The notice is required to include the following information:
A brief description of the brief, including the date of the breach and the date of its discovery, if known;
A description of the type of unsecured protected health information involved in the breach;
Steps you should take to protect yourself from potential harm resulting from the breach;
A brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches; and
Contact information, including a toll-free telephone number, e-mail address, Web site or postal address to permit you to ask questions or obtain additional information.
In the event the breach involves 10 or more patients whose contact information is out of date, we will post a notice of the breach on the home page of our Web site or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary of the Department of Health and Human Services. We are also required to submit an annual report to the Secretary of a breach that involved less than 500 patients during the year and will maintain a written log of breaches involving less than 500 patients.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy. You may obtain a copy of this Notice at our website, www.sleepmed.md, or by contacting our Privacy Officer.
Changes to this notice
We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for protected health information we already have as well as any protected health information we receive in the future. We will post a copy of the current Notice in all SleepMed, DigiTrace, Sleep Center, Therapies and California offices. The Notice will contain on the first page, under the title of this document, the effective date. In addition, each time you register or receive treatment or healthcare services at SleepMed, DigiTrace, Sleep Center, Therapies or California, we will offer you a copy of the current Notice in effect.
Complaints and contact information
If you have any questions about this Notice or wish to request further information, contact the Privacy Officer listed below.
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, contact the Privacy Officer listed below. All complaints must be submitted in writing. You will not be retaliated against for filing a complaint.
1117 Perimeter Center West
Atlanta, GA 30338
Phone – 470-299-9952
Fax – 678-217-8610
Partner with us
call us 1800-SLEEPMED