TGS ENDODONTICS (A/K/A TISSURA, GREGORY & SHAPIRO, P.C.) HIPAA OMNIBUS NOTICE OF PRIVACY PRACTICESTHIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. THE PRIVACY OF YOUR HEALTH INFORMATION IS IMPORTANT TO US. OUR LEGAL DUTY- This Notice of Privacy Practices is NOT AN AUTHORIZATION. We are required by applicable federal and state law to maintain the privacy of your health information. We are also required to give you this Notice about our privacy practices, our legal duties, and your rights concerning your health information. We must follow the privacy practices that are described in this Notice under the Federal Health Insurance Portability & Accountability Act of 2013, HIPAA Omnibus Rule, (Formally HIPAA 1996 & HI TECH of 2004). The HIPAA Notice which took effect (04/14/2003) has been updated by the HIPAA Omnibus Rule of 2013 which takes effect (09/23/2013) and which will remain in effect until we replace it. We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. We reserve the right to make the changes in our privacy practices and the new terms of our Notice effective for all health information that we maintain, including health information we created or received before we made the changes. Before we make a significant change in our privacy practices, we will change this Notice and make the new Notice available upon request. You may request a copy of our Notice at any time, regardless of whether you have received this Notice electronically or otherwise. For more information about our privacy practices, or for additional copies of this Notice, please contact us using the information listed at the end of this form.
USES AND DISCLOSURES OF HEALTH INFORMATION: Your protected health information (PHI) may be used and disclosed by our doctors at TGS Endodontics, the staff at TGS Endodontics and others outside of our office who are involved in your care and treatment for the purpose of providing health care services to you. Your protected health information may also be used and disclosed to pay your health care bills and to support the operation of your dentist’s practice, and any other use required by law. We may use and disclose health information about you for treatment, payment, and health care operations. Treatment: We may use or disclose your protected health information to a dentist or other health care provider providing treatment to you. For example, we may consult with other doctors about your care, delegate tasks to our office staff, call in prescription(s) to your pharmacy, or disclose needed information to your family, or others so they may assist you with your care, etc. Payment: We may use and disclose your protected health information (PHI) to obtain payment for services we provide to you. Your PHI will be used and disclosed, as needed, to obtain payment for your health care services provided by us or by another provider. This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we recommend for you such as: making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for dental necessity, and undertaking utilization review activities. For example, obtaining approval for a dental treatment may require that your relevant protected health information be disclosed to the health plan to obtain approval for the dental treatment. If you pay in cash in full (out of pocket) for your treatment, you can instruct TGS Endodontics not to share information about your treatment with your health plan. We will disclose PHI to collection agencies and other subcontractors engaged in obtaining payment for care. Health care Operations: We may use and disclose your PHI in connection with our health care operations. Health care operations include quality assessment and improvement activities, reviewing the competence or qualifications of health care professionals, evaluating practitioner and provider performance, conducting training programs, accreditation, certification, licensing or credentialing activities. We will share your PHI with third party Business Associates and their subcontractors that perform various activities (for example, billing or transcription services) for our practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your PHI, we will have a written contract that contains terms that will protect the privacy of your PHI. We may use or disclose your PHI, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. You may contact our Privacy Official to request that these materials not be sent to you. We may contact you by telephone, mail or otherwise to remind you of scheduled appointments. We may call you after your start or completion of treatment to see how you are doing. We may leave messages with whomever answers your telephone or email to contact us. We may call you by name from the waiting room. If you prefer that we not contact you with appointment reminders, please notify us in writing at our address listed below and we will not use or disclose you PHI for these purposes. We may use or disclose your PHI in the following situations without your authorization. These situations include: as required by law, public health issues, communicable diseases, health oversight, abuse or neglect, food and drug administration requirements, legal proceedings, law enforcement, coroners, funeral directors, organ donation, research, criminal activity, military activity and national security, workers’ compensation, inmates, to avert a serious threat to health and safety of a person or the public and other required uses and disclosures. Under the law, we must make disclosures to you upon your request. Under the law, we must also disclose your PHI when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements under Section 164.500. Your Authorization for Other Uses and Disclosures: In addition to our use of your PHI for treatment, payment or health care operations, you may give us an authorization to use your PHI for other uses or to disclose it to anyone for any purpose. Such authorization must be in writing, dated and signed by you and must identify your protected health information which you are authorizing us to use or to disclose to anyone for any purpose. A more detailed description of what you must include in this request is under the “Patient Rights” section of our Notice of Privacy Practices. We may require you to provide us with identification for verification purposes prior to our disclosing your PHI. Please contact our Privacy Official if you have questions as to what Identification we may require. If you give us an authorization, you may revoke it in writing at any time. Your revocation will not affect any use or disclosures permitted by your authorization while it was in effect. Unless you give us a written authorization, we cannot use or disclose your PHI for any reason except those described in this Notice. You may also object to the use or disclosure of your PHI. Such objection must be in writing, dated and signed by you and must specifically list what you do not wish to be used or disclosed of your PHI and the persons to whom you do not want your PHI to be disclosed Communication from Offices: We may call your home or other designated location and leave a message on voice mail or by text, in reference to any times that assist TGS Endodontics in carrying out Treatment, Payment and Health Care Operations, such as appointment reminders, insurance items and any call pertaining to your dental care. We may mail to your home or other designated location any items that assist TGS Endodontics in carrying out Treatment, Payment and Health Care Operations. To Your Family and Friends: We may disclose your PHI to your family member(s), friends and others, but only if you are present and verbally give permission. Unless you object, we may disclose your PHI to a family member, other relative, close personal friend or any other person you identify, who are involved in your health care or who assist you in paying for your care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. When a family member(s) or a friend(s) accompany you into the exam or treatment room, it is considered implied consent on your part that a disclosure of your PHI is acceptable. We will also use our professional judgment and our experience with common practice to make reasonable inferences of your best interest in allowing a person to pick up written prescriptions, x-rays, or other similar forms of health information (i.e. to allow someone to pick up your written prescription because they knew you were our patient and you asked them in writing with your signature to do so). If there is an emergency situation involving you or another person (i.e. your minor child or ward) and, respectively, you cannot consent to your care because you are incapable of doing so or you cannot consent to the other person’s care because, after a reasonable attempt, we have been unable to locate you, then we may, based on our professional judgment and the surrounding circumstances, determine that disclosure is in the best interests of you or the other person, in which case, we will disclose your PHI, but only as it pertains to the dental care being provided and we will notify you of the disclosure as soon as possible after the dental care has been provided. Minors: We may disclose the PHI of minor children to their parents or guardians unless such disclosure is otherwise prohibited by law. Emancipated minor children may request restrictions of use and release of PHI. We reserve the right to require an emancipated minor to show legal documentation before we allow any restriction(s). Decedents, Disclosures to Your Family Member/Others Involved In Care: We may not use or disclose health information to notify, or assist in the notification of (including identifying or locating) a family member, your personal representative or another person responsible for your care, of your location, your general condition, or your death without your written authorization unless there is an emergency. If you are present, you will need to sign an Authorization for Release of Protected Health Information (PHI) before we can release or disclose your PHI. We will provide you with an opportunity to object to such uses or disclosures. In the event of your incapacity or emergency circumstances, we will disclose your protected health information based on a determination using our professional judgment disclosing only protected health information that is directly relevant to the person’s involvement in your health care. If a person has the authority by law (We may require a certified copy of such legal authority.) to make health care decision for you, we will treat that patient representative the same way we would treat you with respect to your health information. Appointment Reminders/Call Backs: We may use or disclose your health information to provide you with appointment reminders (such as voice-mail messages, postcards, or letters). Or we may call you after your start or completion of treatment to see how you are doing. We may leave messages with whomever answers your telephone or email to contact us; we may call you by name from the waiting room, etc. We may disclose such information to another entity to assist us in contacting you. Such an entity would be required to protect your information. If you prefer that we not contact you with appointment reminders or with call backs to check on you after start or completion of your treatment, please notify us in writing at our address listed below and we will try to accommodate your request. Data Breach Notification Purposes: We may disclose your PHI to provide legally required notices of unauthorized access to or disclosure of your health information. You may request a limited list of instances where we have disclosed your health information. The list of disclosures includes only those disclosures occurring after HIPAA, April 14, 2003, and not any of the above list of disclosures. See “Disclosure Accounting” listed below under PATIENT RIGHTS for further explanation. PATIENT RIGHTS- The following is a statement of your rights with respect to your protected health information (PHI). Access: You have the right to inspect and copy your protected health information (PHI). If you are 18 years of age or older or an emancipated adult and you are not incapacitated, you have the right as an individual to inspect and copy your PHI. You may inspect and copy your PHI for so long as we maintain the protected health information. Your PHI will be available for inspection only during our regular business hours and only if our Privacy Official is present at all times during your inspection. Your original record cannot be removed from under our immediate supervision or control. Per our policy to protect your PHI, we may require verification of your identity by your presentation of your current Driver’s License, U.S. Passport or other means to verify your identity. You may request that we provide you a copy in an alternative format (such as electronic format) other than photocopies. We will use the format you request unless we cannot practicably do so. You, as our patient, may designate yourself or third parties to receive your PHI. Before we will release your PHI, we must receive your request and it must be (1) in writing; (2) signed by you; and it must (3) clearly identify either yourself or the designated third party as recipient of your PHI and where we should send the PHI; and (4) clearly and concisely give description of the PHI to be released or shared; (5) and have an expiration date; and (6)clearly acknowledge your right to revoke your request. Upon your request, we can provide you with an “Authorization for Release of Protected Health Information (PHI)” form which you will need to fill out and submit to us. Upon our receipt of your signed written request, we will release your requested PHI to the designated person. We are not required to investigate each request to ensure the party seeking the records is doing so honestly. The HIPAA Omnibus Rule does, however, require us to implement reasonable procedures to verify the party’s identity when requesting release of PHI and the third party’s identity when they request access to the PHI, as well as to protect the PHI as it is shared. Any questions as to what our policies and procedures are in regard to verifying identity should be directed to our Privacy Official. Her contact information can be found at the end of this Notice. We may charge fees for our efforts in response to a request for information, but the fee must be based on the actual costs incurred to provide the information. For paper records, the fee can include the costs of supplies and labor, postage, certification fees, other direct administrative costs and preparation of a summary of the contents. For electronic records, the fee can include labor costs, and, where requested by the individual, the costs for the electronic media on which the records are transferred (such as a CD or a USB drive), postage (where the electronic media is mailed), certification fees, other direct administrative costs. If you want your Doctor to prepare a written summary or explanation of your dental record and/or x-ray(s), there will be an additional fee to cover his/her time and effort. You and your Doctor will need to agree in advance to the following: 1) that it is all right for the Doctor to give you a written summary or explanation (You will need to sign an Authorization for Release of PHI.) and 2) to the fee for writing the summary or explanation. This fee will need to be paid prior to the written summary or explanation being provided to you. We may request that any costs/fees be received by us prior to our releasing copies of your dental PHI or releasing the Doctor’s written summary or explanation. Under federal law, however, you may not inspect or copy the following records: information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and laboratory results that are subject to law that prohibits access to protected health information. We may deny your request in certain limited circumstances (i.e. we do not have the PHI, it came from a confidential source, it is prohibited under federal or state law, etc.). If we deny your request, you may ask for a review of that decision. Depending on the circumstances, a decision to deny access may be reviewable. Should you request our decision be reviewed, we would choose another licensed health care professional to conduct the review. We will follow his or her decision. You may need to pay for all costs and fees of that licensed health care professional. Please contact our Privacy Official if you have questions about access to your dental record. Disclosure Accounting: You have the right to receive a list of instances in which we or our Business Associates have made certain disclosures of your health information by submitting a “Request for Accounting of Disclosures” form to us. Your request must be written and must include the time period of accounting, which may be up to but not more than the last 6 years. We are not required to list certain disclosures, including 1) disclosures made for treatment, payment, and health care operation purposes, 2) disclosures made with your authorization, 3) disclosures made to create a limited data set, 4) disclosures made directly to you, 5) disclosures made for national security or intelligence purposes, 6) disclosures made to correctional institutions or law enforcement officials in custodial situations, 7) disclosures made prior to April 14, 2003, and 8) certain other activities. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost based fee for responding to these additional requests. Restriction/Limitation on Use, Disclosure of PHI: You have the right to request that we place additional restrictions on our use or disclosure of your protected health information (PHI) for treatment, payment, or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. We are not required to agree to these additional restrictions, but if we do, we will abide by our agreement (except in an emergency or where we are obligated by law to disclose your health information). In order to request a restriction(s) in our use or disclosure of your PHI, you must make your request in writing to Privacy Official, TGS Endodontics, 5555 Peachtree Dunwoody Road, Suite 275, The Medical Quarters, Sandy Springs 30342. Your request must also be signed and dated by you and must provide us a list of restriction(s) describing in a clear and concise fashion 1) the information you wish restricted; 2) whether you are requesting to limit our practice’s use, disclosure or both, and 3) to whom you want the limits to apply. We can provide you with a “Request for Limitations and Restrictions on Use, Disclosure of PHI” form for you to fill out and then submit to our Privacy Official. Out-of-Pocket-Payments: If you pay out-of-pocket (i.e., you have requested that we not bill your health plan) in full for the specific item or service, you have the right to ask that your PHI with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request. Your request must be in writing. You may make your request by submitting a “Request for Limitations and Restrictions on Use, Disclosure of PHI / OUT-OF-POCKET-PAYMENTS” form to us. We can provide you with the required form for you to fill out then submit to our PRIVACY OFFICER. Alternative Communication: You have the right to request that we communicate with you about your health information by alternative means or to alternative locations. You must make your request in writing. You may make your request by submitting a “Request for Alternative Communication” form to us. Your request must specify the alternative means or location you would like us to use to communicate with you and provide us with a satisfactory explanation as to how payments to us will be handled under the alternative means or location you request. For example, you may request that we only contact you at work or by mail. We will try to accommodate your request provided that you pay any additional costs related to such requests. Amendment/Correction: You have the right to request that we amend and/or correct your protected health information. (Your request must be in writing, dated and signed by you and it must explain why the information should be amended.) We may deny your request under certain circumstances. You may ask us to amend or correct your PHI by submitting a “Request to Amend” form to our PRIVACY OFFICER. Notice of Breach: We, our Business Associate and/or their subcontractor will notify you if your unsecured PHI has been breached. Electronic Notice: If you receive this Notice on our Web site or by electronic mail (e-mail), you are entitled to receive a hard copy of this Notice. Requiring Identity Verification: The HIPAA Omnibus Rule under 164.514 (h) requires us to implement policies & procedures to verify the identity of any person who requests PHI. Dependant on the circumstance, our office policy of requiring verification of identity before we use or release your protected health information is our attempt to assure you that we take the security of your health information very seriously. Though this additional precaution may cause some inconvenience, we know that you want your information to be protected. We appreciate your cooperation. Inactive Patient Records: We will retain your records for seven years from your last treatment or examination, at which point you will become an inactive patient in our practice and we may destroy your records at that time (but records of inactive minor patients will not be destroyed before the child’s eighteenth birthday). We will do so only in accordance with the law (i.e. in a confidential manner, with a Business Associate Agreement prohibiting re-disclosure if necessary). For More Information: You may contact our Privacy Official, Marge D Shapiro, at (404) 256-4772 or by email- [email protected] if you have any questions in reference to this form or for further information. Contact Information: TGS ENDODONTICS (a/k/a Tissura, Gregory & Shapiro, P.C.) 5555 Peachtree Dunwoody Rd., Suite 275 The Medical Quarters Sandy Springs, GA 30342 PHONE: (404) 256-4772 If you believe your privacy rights have been violated, you may file a written complaint with us and/or with the Secretary of Health and Human Services. The U.S. Department of Health & Human Services Office of Civil Rights 200 Independence Ave., S.W. Washington, DC 20201 PHONE: (877) 696-6775 You may file a complaint by notifying our Privacy Official at the Contact Information for TGS Endodontics. Please sign the accompanying “Acknowledgement” form. Please note that by signing the Acknowledgement form you are only acknowledging that you have received or been given the opportunity to receive a copy of our HIPAA Omnibus Notice of Privacy Practices.
(TGS Revised 2/7/2014)