Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The covered entities, and its employees, who are involved in providing and coordinating health care, are bound to follow the terms of this Notice of Privacy Practices (“Notice”). The members of the covered entities will share PHI with each other for the treatment, payment and health care operations of the covered entities and as permitted by HIPAA and this Notice. For a complete list of the members of covered entities, please contact the Privacy Office. PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care products and services to you or payment for such services. This Notice describes how we may use and disclose PHI about you, as well as how you obtain access to such PHI. This Notice also describes your rights with respect to your PHI. We are required by HIPAA to provide this Notice to you. Covered entities are required to follow the terms of this Notice or any change to it that is in effect. The covered entities reserve the right to change our practices and this Notice and to make the new Notice effective for PHI we maintain. If we do so, the updated Notice will be posted on our website and will be available at our covered entity locations where you receive health care products and services from us. Upon request, we will provide any revised Notice to you.
Understanding Your Health Record/Information
A record is created each time you receive services from the covered entity. Typically, this record may contain information like your symptoms, examination and test results, diagnoses, treatment, medications, and a plan for future care or treatment. This information often referred to as your health or medical record, serves as a basis for planning your care and treatment. It is communicated among the many health professionals who contribute to your care and enables you or a third-party payer to verify that services billed were actually provided. Your medical record is a legal document describing the care you received. It is a tool we use to educate health professionals and to assess and continually work to improve the care we provide and the outcomes we achieve. Your medical record may be a source of data for medical research, public health initiatives and facility planning.
The purpose of this Notice of Privacy Practices is to assist you in understanding what is in your medical record and who, what, when, where and why others may access your health information. This document will assist you in making more informed decisions when authorizing disclosures of your health information.
Your Health Information Rights
Although your health record is the physical property of the covered entity that compiled it, the information belongs to you. You have rights afforded to you by The Health Insurance Portability and Accountability Act of 1996 (HIPAA), a federal regulation (42 CFR Part 164). These rights include:
- The right to request a restriction on certain uses and disclosures of your information. The covered entity is not required to agree to a requested restriction. Requests for restrictions should be sent to the specific department within the covered entity that is maintaining your health information.
- The right to obtain a paper copy of our Notice of Privacy Practices upon request. The Notice of Privacy Practices may be obtained from any covered entity registration area or from the website.
- The right to inspect and obtain a copy of your medical record. The covered entity charges a fee for copying medical records in accordance with South Carolina law. Copies may be obtained by contacting the specific department within the covered entity that maintains your health information or by contacting the HIPAA Privacy Officer.
- The right to amend or correct your medical record. However, the covered entity is not required to agree to the requested amendment under certain circumstances. Requests for amendments should be sent to the specific department within the covered entity maintaining your health information or to the HIPAA Privacy Officer.
- The right to obtain an accounting of certain disclosures of your health information. An accounting of disclosures can be obtained from covered entity that maintains your record or from the HIPAA Privacy Officer. The covered entity will provide you with one free accounting each year; for subsequent requests, there is a $25 fee per request.
- The right to request communication of your health information by alternative means or at alternative locations. Requests for alternative communications should be made to the specific department within the covered entity maintaining your health information or to the HIPAA Privacy Officer.
The covered entity is required to:
- maintain the privacy of your health information
- provide you with a Notice of Privacy Practices describing our legal duties and practices with respect to information we collect and maintain about you
- abide by the terms of the Notice of Privacy Practices
- notify you if we are unable to agree to a requested restriction or if there is any unauthorized acquisition, access, use or disclosure of PHI that compromises the privacy and/or security of the information
- accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations.
The covered entity reserves the right to change our health information practices, policies and procedures at any time and make the new provisions effective for all protected health information we maintain. You will be informed of such changes at the time of your next visit when you receive our Notice of Privacy Practices. The most recent version of our Notice of Privacy Practices will be posted in each location’s registration/waiting area.
We may use and disclose your health information for purposes of Treatment, Payment and Health Care Operations.
“Treatment” generally means the provision, coordination, or management of health care and related services among health care providers or by a health care provider with a third party, consultation between health care providers regarding a patient, or the referral of a patient from one health care provider to another.
“Payment” encompasses the various activities of the covered entities to obtain payment or be reimbursed for their services and to obtain or provide reimbursement for the provision of health care. In addition to the general definition, examples of common payment activities include, but are not limited to:
- Determining eligibility or coverage under a plan and adjudicating claims;
- Billing and collection activities;
- Reviewing health care services for medical necessity, coverage, justification of charges, and the like;
- Utilization review activities; and
- Disclosures to consumer reporting agencies (limited to specified identifying information about the individual, his or her payment history, and identifying information about the covered entity).
Health Care Operations
“Health care operations” are certain administrative, financial, legal, and quality improvement activities of a covered entity that are necessary to run its business and to support the core functions of treatment and payment. These activities, which are limited to the activities listed in the definition of “health care operations” at 45 CFR 164.501, include:
- Conducting quality assessment and improvement activities, population-based activities relating to improving health or reducing health care costs, and case management and care coordination;
- Reviewing the competence or qualifications of health care professionals, evaluating provider and health plan performance, training health care and non-health care professionals, accreditation, certification, licensing, or credentialing activities;
- Conducting or arranging for medical review, legal, and auditing services, including fraud and abuse detection and compliance programs;
- Business planning and development, such as conducting cost-management and planning analyses related to managing and operating the entity; and
- Business management and general administrative activities, including those related to implementing and complying with the Privacy Rule and other Administrative Simplification Rules, customer service, resolution of internal grievances, sale or transfer of assets, creating de-identified health information or a limited data set, and fundraising for the benefit of the covered entity. General Provisions at 45 CFR 164.506.
Other Permitted or Required Uses and Disclosures of your Health Information
Appointments: Covered entity may call or send information to remind you of an upcoming appointment or to reschedule an appointment. When appropriate, a message will be left on your answering machine. The content of that message will be kept as generic as possible so as to protect your privacy.
Business Associates: Some services are provided through contracts with business associates, such as on-call answering services, collection agencies, medical record storage, and copy services used to make copies of medical records. When these services are contracted, we may disclose your health information to our business associate so that they can perform services and bill you or your third-party payer. To protect your health information, however, we require the business associate to appropriately safeguard your information.
Communication with Family: Health professionals, using their best judgment, may disclose to a family member, other relative, close personal friend or any other person whom you identify, health information relevant to that person’s involvement in your care or payment related to your care. Generally, we will provide you the opportunity to object to such disclosures; however, in certain circumstances, we may use and disclose your health information for these purposes without providing you the opportunity to object.
Coroner: We may disclose health information to coroners, consistent with applicable law, to carry out their duties.
Correctional Institution: If you are an inmate of a correctional institution, we may disclose to the institution or agents thereof health information necessary for your health and the health and safety of other individuals.
Decedent Information: Protected Health Information is no longer protected after a period of Fifty (50) years; and information about the care and services rendered (prior to death) may be provided without authorization unless prohibited by the patient in advance. To prohibit such releases, please call (888)344-1810.
Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs or replacement.
Fundraising: Patients have the right to opt out of fundraising communications by contacting (888)344-1810.
Funeral Directors: We may disclose health information to funeral directors, consistent with applicable law, to carry out their duties.
Government Functions: Your health information may be disclosed for the purpose of protecting public officials, national security and intelligence activities and other specialized government functions, as necessary.
Marketing: We may use your information to contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you. From time to time, your health care provider or designee may contact you to request your permission to participate in health education and/or promotion.
Military and Veterans: If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We also may release medical information about foreign military personnel to the appropriate foreign military authority.
Notification: We may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, and inform them of your location and general condition.
Organ Procurement: Consistent with applicable law, we may disclose health information to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant. This is to facilitate a patient or family’s request to be an organ or tissue donor.
Post-Treatment Follow-up: The covered entity may contact you to check on your health status or to ensure we have answered all of your questions. If you participate in post-treatment groups, you may be given tools for your convenience that contain information pertinent to your diagnosis and/or treatment.
Private Payment Restrictions: Patients may request to restrict disclosure of PHI to a health plan if paying in full out of pocket at the time services are rendered.
Public Health: As required by federal, state and local law, we may disclose your health information to public health or legal authorities charged with preventing, reporting or controlling disease, injury, disability or for other health oversight activities.
Required by Law or Law Enforcement: The covered entity may use and disclose information about you as required by law. Your information also may be used and disclosed for law enforcement purposes, as required by law or in response to a valid subpoena. For example, we may disclose information for the following purposes:
- for judicial and administrative proceedings pursuant to legal authority,
- to report information related to victims of abuse, neglect and/or domestic violence,
- to assist law enforcement officials in their law enforcement duties and
- for purposes of governmental investigation.
Research: We may disclose information to researchers when their research has been approved by an Institutional Review Board and/or Privacy Board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
Serious Threat to Health or Safety: To avert a serious threat to health or safety, we may use and disclose medical information about you when necessary. Any disclosure, however, would only be to someone able to help prevent such a threat.
Telephone Contacts: We may contact you by telephone to provide you with test results, return your call, answer questions or obtain additional information.
Workers’ Compensation: We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to Workers’ Compensation or other similar programs established by law.
Other uses and disclosures of your health information will be made only with your written authorization. You may revoke your authorization to use or disclose health information at any time except to the extent that action already has been taken.
For More Information or to Report a Problem
If you have questions or concerns about the covered entity’s health information policies or practices, or you believe your privacy rights have been violated, you may contact the HIPAA Privacy Officer/Compliance hotline 1(888)344-1810 (toll free). There will be no retaliation for filing a complaint.