Partners In Women’s Healthcare, PC Health Commitment Statement:

Partners In Women’s Healthcare is committed to complying with all HIPAA Privacy regulations to ensure practice staff never use patient Protected Health Information (PHI) in an unauthorized or illegal manner.

The use and disclosure of all confidential patient information will be secured through the revision and creation of practice privacy policies, procedures and authorization forms.

Internal reviews will be conducted by the Privacy Officer to ensure proper adherence to these privacy regulations and address any potential violations.

1. Protected Health Information

Partners In Women’s Healthcare is required by law to maintain the privacy of certain health information (“protected health information”) and to provide patients with notice of our legal duties and privacy practices with respect to their protected healthcare information. We are required to abide by the terms of the notice currently in effect.

Generally speaking, a patient’s protected health information is any information:

• Created or maintained by us,
• That relates to the patient’s past, present or future physical or mental health or condition, the provision of healthcare to the patient, or payment for healthcare provided to the patient, and
• Individually identifies the patient or reasonably can be used to identify the patient.

A patient’s medical and billing records at our practice are examples of information that usually will be regarded as protected health information.

Employees of Partners In Women’s Healthcare such as; physicians, nurses, medical assistants, scheduling specialists, etc, require routine access to patient protected health information in order to provide treatment, receive payment and conduct healthcare operations.

2. Patient permission to use protected health information – Authorizations

We are required to obtain a patient’s permission to internally use or externally disclose the patient’s protected health information – with limited exceptions. The permission generally must be in the form of a written authorization.

Authorization

A patient signed authorization form is required to use and disclose protected health information for non-routine purposes. In general, Partners In Women’s Healthcare is required to obtain a patient’s authorization for uses and disclosures for purposes other than routine treatment, payment or healthcare operations.

In addition, certain types of health information are subject to specific disclosure rules, even when the disclosure for a treatment, payment, or healthcare operations purpose. For example, in certain circumstances, an authorization rather than a patient consent will be required for disclosure of psychotherapy notes or HIV test results and other IV – related information. Exceptions to the patient authorization requirements are discussed in section 4.

3. Uses and disclosures for treatment, payment, and operations

This section describes treatment, payment, and healthcare operations purposes. Not every possible use or disclosure for treatment, payment, and healthcare operation purposes will be listed. Some listed examples fall into more than one category – not just the category under which they are listed.

Treatment

We may use and disclose your protected health information for our treatment purposes as well as the treatment purposes of other healthcare providers. Treatment includes the provision, coordination, or management of healthcare services to you by one or more healthcare providers. Some examples of treatment uses and disclosures include:

• During an office visit, practice physicians and other staff involved in your care may review your medical record and share and discuss your medical information with each other.
• We share and discuss your medical information with an outside physician to whom we have referred you for care.
• We may share and discuss your medical information with an outside physician to whom we are consulting regarding you.
• We share and discuss your medical information with an outside home health agency, durable medical equipment agency or other healthcare providers to whom we have referred you for healthcare services and products.
• We may share and discuss your medical information with a hospital or healthcare facility where we are admitting or treating you.
• We may share and discuss your medical information with another healthcare provider who seeks this information for the purpose of treating you.
• We may share and discuss your medical information with another healthcare provider who seeks this information for the purpose of treating you.
• We may use a patient sign-in sheet in the waiting area, which is accessible to all patients
• We may page patients in the waiting room when it is time for them to go to an examining room.
• Leaving messages with answering machines and/or other persons at home phone number, as well as patients' personal business voice mail.
• Mailing test results in an envelope with our practice name and return address.
• Mailing appointment reminder by postcard.
• Displaying pictures provided by patients in the office.
• Displaying physician daily appointment schedules in work area.
• Patient medical records may be accessible throughout the practice to provide patient healthcare.
• All employees of the practice have access to medical/financial/billing records to perform duties.

Payment

We may use and disclose your protected health information for our payment purposes as well as the payment purposes of other healthcare providers and health plans. Payment uses and disclosures include activities conducted to obtain payment for the care provided to you or so that you can obtain reimbursement for that care, for example, from your health insurer. Some examples of payment uses and disclosures include:

• Sharing information with your health insurer to determine whether you are eligible for coverage or whether proposed treatment is a covered service.
• Submission of a claim form to your health insurer.
• Providing supplemental information to your health insurer so that your health insurer can obtain reimbursement from another health plan under a coordination of benefits clause in your subscriber agreement.
• Sharing your demographic information (for example, your address) with other healthcare providers who seek this information to obtain payment for healthcare services provided to you.
• Mailing you bills in envelopes with our practice name and return address.
• Provision of a bill to a family member or other person designated as responsible for payment for services rendered to you.
• Providing medical records and other documentation to you health insurer to support the medical necessity of a health service.
• Allowing your health insurer access to your medical record for a medical necessity or quality review audit.
• Providing medical records and other documentation to your health insurer to support the medical necessity of a health service.
• Allowing your health insurer access to your medical record for a medical necessity or quality review audit.
• Providing consumer-reporting agencies with credit information (your name and address, date of birth, social security number, payment history, account number, and our name and address).
• Providing information to a collection agency or our attorney for purposes of securing payment of a delinquent account.
• Disclosing information in a legal action for purposes of securing payment of a delinquent account.

Healthcare Operations

We may use and disclose your protected health information for our healthcare operation purposes as well as certain healthcare operation purposes of other healthcare providers and health plans. Some examples of healthcare operations purposes include:

• Quality assessment and improvement activities.
• Population based activities relating to improving health or reducing healthcare cost.
• Reviewing the competence, qualifications, or performance of healthcare professionals.
• Conducting training programs for medical and other students.
• Accreditation, certification, licensing, and credentialing activities.
• Healthcare fraud and abuse detection and compliance programs.
• Conducting other medical review, legal services, and auditing functions.
• Business planning and development activities, such as conducting cost management and planning related analyses.
• Sharing information regarding patients with entities that are interested in purchasing our practice and turning over patient records to entities that have purchased our practice.
• Review and analysis of the medical care provided to our patients for purposes of evaluating the quality of care provided by our practice.
• Sharing medical information about a patient with our attorneys to defend a legal action brought by a patient.
• Other business management and general administrative activities, such as compliance with the federal privacy rule and resolution of patient grievances.

4. Uses and disclosures without authorization

This section describes ways in which we may use and disclose a patient’s protected health information without the patient’s permission in the form of a consent or authorization. Not every use or disclosure in a category will be listed. Some listed examples fall into more than one category – not just the category under which they are listed.

Disclosure to the patient without authorization

We do not need a patient’s authorization to disclose the patient’s protected health information to the patient or the patient’s personal representative (power of attorney).

Individuals involved in patient’s care or payment for patient’s care

We may disclose a patient’s protected health information to someone involved in a patient’s care or payment for a patient’s care, such as a spouse, a family member, or close friend. For example, when a patient has had surgery, we may discuss the patient’s physical limitations with a family member assisting in the patient’s postoperative care.

In such situations we are required to limit the disclosure to information that is directly relevant to the recipient’s involvement with the patient’s care or payment for the patient’s care. In addition if the patient is present for, or otherwise available prior to the disclosure, and has the capacity to make health care decisions, we must provide the patient with the opportunity agree or object to the disclosure and we may not make the disclosure if the patient objects.

Notification purposes

We may disclose a patient’s protected health information to notify, or to assist in the notification of, a family member, a personal representative, or another person responsible for the patient’s care regarding a patient’s location, general condition, or death. For example, if a patient collapses in our office and is taken to the emergency room, we may notify the patient’s spouse. In addition, we may disclose a patient’s protected health information to a disaster relief entity, such as Red Cross, so that it can notify a family member, a personal representative, or another person involved in the patient’s care regarding the patient’s location, general condition, or death.

Required by law

We may disclose protected health information when required by federal, state or local law. For example, we may disclose a patient’s protected health information to comply with mandatory reporting requirements for births and deaths, child abuse, disease prevention and control, vaccine-related injuries, medical device related deaths and serious injuries, gunshot and other injuries by a deadly weapon or criminal act, driving impairments, and blood alcohol testing. In such situations, we are required to only disclose protected health information to the extent necessary to comply with the legal requirement.

Other public health activities

Earlier, we mentioned some mandatory reporting requirements for public health purposes. In limited situations, we may voluntarily assist in public health activities in other ways that involve the disclosure of a patient’s protected health information. These activities include, but are not limited to:

• Adverse event reports regarding drugs and medical devices and assistance with medical product recalls, repairs, and replacements.
• Notification to a person who could have been exposed to a communicable disease or is otherwise at risk for contracting or spreading a disease or condition in situations where we are authorized by law to make the notification as part of a public health intervention or investigation. In the case of HIV – related information, we must comply with state law limitations on HIV contact tracing and disclosure.

Victims of abuse, neglect or domestic violence

Above, we mentioned our mandatory child abuse and other reporting, requirements. When we believe a patient to be the victim of abuse, neglect, or domestic violence, we also may voluntarily disclose protected health information regarding the patient in a report to a government authority authorized to receive such reports, such as the Department of Aging in the case of an elderly patient or the Department of Public Welfare in the case of a nursing home patient. In such a case we must obtain the patient’s agreement with limited exceptions.

Health oversight activities

We may disclose protected health information to a health oversight agency for oversight Activities authorized by law. These activities could include audits, inspections, investigations, licensure actions, and legal proceedings.

Judicial and administrative proceedings

We may disclose protected health information in the course of any judicial or administrative proceeding pursuant to a court order. In addition, we may disclose protect health information about the patient in response to a subpoena issued in connection with a judicial or administrative proceeding if we either have the patient’s permission or we are required by law to respond to the subpoena.

Law enforcement purposes

We may use and disclose protected health information for certain law enforcement purposes including to:

• Comply with legal process, for example, a search warrant.
• Comply with a legal requirement, for example, mandatory reporting of gun shot wounds.
• Respond to a request for information for identification/location purposes.
• Respond to a request for information about a crime victim
• Report a death suspected to have resulted from criminal activity.
• Provide information regarding a crime on the premises.
• Report a crime in an emergency.

Funeral directors

We may also disclose protected health information to funeral directors as necessary to carry out their duties. This includes HIV – related information.

Organ and tissue donation

We may use protected health information for the purpose of facilitating donation and transplantation. We may disclose protected health information to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of cadaveric organs, eyes, or tissue for the purpose of facilitating donation and transplantation.

Threat to public safety

We may use and disclose protected health information for purposes involving a threat to public safety, including protection of a third party from harm and identification and apprehension of a criminal. For example, in certain circumstances, we are required by law to disclose information to protect someone from imminent serious harm.

Protection of others from harm

In limited circumstances, we may disclose protected health information about a patient to Protect another person form being harmed. For example, we may warn that a patient has threatened another identifiable person with imminent serious bodily harm if we have reason to believe that the treat is real.

Military activities

In certain circumstances, we may disclose protected health information regarding patients in the military at the request of the military command authorities.

National security and intelligence activities

In certain circumstances, we may disclose protected health information to federal officials for the conduct of legally authorized intelligence, counterintelligence, and other national security activities.

Protective services for the President and others

In certain circumstances, we may disclose protected health information to federal officials for the provision or protective services to the President and others.

Correctional institutions and other law enforcement custodial situations

We may disclose protected health information to a correctional institution or a law enforcement official having custody of a patient when they request the information for a purpose such as health care, safety, or security.

Workers’ compensation and similar programs

We may disclose a patient’s protected health information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or similar programs, established by law, that provide benefits for work – related injuries or illness without regard to fault. For example, this would include submitting a claim for payment to a patient’s employers’ workers’ compensation carrier when we treat the patient for a work injury.

Business associates

Certain functions of the practice are performed by a business associate such as a billing company, an accountant firm, or a law firm. We may disclose protected health information to our business associates and allow them to create and receive protected health information on our behalf. Whenever we have a business associate arrangement that involves the use or disclosure of protected health information we are required to have a written agreement that protects the privacy of the protected health information.

Other possible categories not generally applicable to physician practices: laundry, housekeeping, medical waste etc.

Creation of de-identified information

We may use protected health information about you in the process of de-identifying the information. For example, we may use your protected health information in the process of removing those aspects, which could identify you so that the information can be disclosed to a researcher without your authorization.

Incidental disclosures

We may disclose protected health information as by-product of an otherwise permitted use or disclosure. For example, other patients may overhear your name being paged in the waiting room.

5. Uses and disclosures with authorization

In all other situations, which do not fall under a category listed under section, 3 or 4 Partners in Women’s Healthcare will obtain a written patient authorization to use or disclose protected health information. A patient authorization can be revoked at any time except to the extent that we have relied on the authorization.

6. Patient privacy rights regarding protected health information

Restriction on use or disclosure

Your right

Patients have the right to request that we restrict uses and disclosures of their protected health information:

• To carry out treatment, payment, or health care operations
• To someone who is involved in their care or the payment for their care, or
• For notification purposes.

Limitations on your right

We are not required to agree to any request for a restriction. If we do agree, Partners in Women’s Healthcare must comply with the request unless the information is needed for emergency care.

If the information is released for emergency treatment to the patient, Partners in Women’s Healthcare must request that the person (s) providing the treatment not further use or disclosed the protected health information.

We can terminate our agreement to a requested restriction, if the patient agrees to or requests this action. We also can terminate our agreement without the patient’s consent, if Partners in Women’s Healthcare informs the patient that the agreement to restrict protected health information is terminated. Information gathered during the terms of the restriction will continue to be restricted. Information fathered after the termination of the agreement will not be restricted.

How to exercise your right

To request a restriction, a patient must submit a written request to our privacy officer. The request must tell us: (a) what information the patient wants restricted; (b) how the patient wants the information restricted; and (c) to whom the patient wants the restriction to apply.

Confidential communication

Your rights

Patients have the right to request that we communicate their protected health information to them by a certain means or a certain location. For example, the patient might request that we only contact the patient by mail or at work

Limitations on your right

We are not required to accommodate a request that is unreasonable.

How to exercise your right

To make a request for confidential communications, a patient must submit a written request to our privacy officer. The request must tell us how or where the patient wants to be contacted. In addition, if another individual or entity is responsible for payment, the request must explain how payment will be submitted.

A patient is not required to provide us with any explanation of the basis for a request for confidential communications.

Accounting of disclosures

Your right

Patients have the right to obtain, upon request, an "accounting" of certain disclosures of their protected health information by us.

A requested accounting generally will list for each covered disclosure:

• The date of release
• The name and address of the recipient
• A brief description of the disclosed information
• A brief statement of the purpose of the disclosure

Limitations on your right

A patient’s right to an accounting does not apply to all disclosures. For example, an accounting does not need to list disclosures:

• Provided to the patient or the patient’s personal representative,
• To carry out treatment, payment, or healthcare operations
• Provided to Practice employees responsible for the patient’s care.
• To someone who is involved in the patient’s care or the payment for the patient’s care
• For national security or intelligence purposes
• To correctional institutions or law enforcement purposes

In addition, a patient’s right to an accounting is limited to disclosures that occurred on or after April 14, 2003 and within six years of the request for an accounting.

In certain situations, a patient’s right to an accounting of disclosures to health oversight agency or law enforcement official can be temporarily suspended.

How to exercise your right

To request an accounting, a patient must submit a written request to our privacy officer. The request should designate the applicable time period.

Timely action

We generally are required to act on a request for an accounting by providing the information within 60 days after receipt. If we cannot comply with this time period, we must notify the patient in writing of the reason for the delay and when we will comply. (request will be completed within a 30-day extension)

Fees

The Practice must provide the patient with the first request for a list in any 12-month period with no charge. The Practice may charge the patient a reasonable, cost-based fee for each future request within a 12-month period. We must notify the patient of the cost involved and the patient may choose to withdraw or modify the request to avoid or reduce the cost. We further reserve the right to require advance payment of any accounting fee.

Inspection and copying

Your right

As a general rule, patients have the right to inspect and obtain a copy of their protected health information. Usually, patients will have a right of access to their medical and billing records at our practice.

Limitations on your right

A patient’s right of access does not apply to all of the patient’s protected health care information. For example, it does not apply to:

• Psychotherapy notes
• Information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding

In addition, we may deny patients access to their protected health information in certain circumstances, such as when:

• The information was obtained from someone other than the health care provider under a promise of confidentiality and the requested access would be reasonably likely to reveal the source of information.
• A licensed health care professional determines that the requested access would endanger the life or physical safety of the patient or another person.
• A licensed health care professional determines that the requested access is likely to cause substantial harm to a non-health care provider named in the information.
• The access is requested by a personal representative and a licensed health care professional determines that the requested access is reasonably likely to cause substantial harm to the patient or another person.

How to exercise your right

To exercise the right of access, a patient must submit a written request to our privacy officer. The request must: (a) describe the health information to which access is requested, (b) state how the patient wants to access information, such as inspection, pick up a copy, mailing of copy, (c) specify a paper copy (d) include the mailing address, if applicable.

Timely action

We generally are required to act on a request for access by providing the information (or a written notice of denial) within 30 days after receipt of the request. If the information is not maintained on the Practice site, the information will be provided within 60 days after receipt of the request. If we cannot comply within these time periods, we must notify the patient in writing of the reason for the delay and when we will comply (which will be within a 30 day extension).

Provision of access

In the case of access by inspection or pick-up, we will arrange a convenient time and place with the patient.

We are only required to comply with a form or format specified by the patient if the covered protected health information is readily producible in that form. Otherwise, we only need to provide the information in a readable hard copy form or such other form as is mutually agreed.

The Practice may provide the patient with a summary of the requested protected health information instead of the actual information providing the patient agrees in advance.

Fees

We reserve the right to charge patients a reasonable cost-based fee for copying their health information. Patients can ascertain our current copying rates by contacting our privacy officer.

We reserve the right to charge patients for a summary of requested protected health information, but will advise them of any fees in advance of their agreement.

We reserve the right to charge patients for a summary of requested protected health information, but will advise them of any fees in advance of their agreement.

We reserve the right to charge patients a reasonable fee for providing the information if the fee is for the costs of copying the material, labor, supplies, postage or preparing a summary of information if requested.

We reserve the right to require advance payment of any copying or mailing charges.

Right to request amendment

Your right

Upon review of their protected health information, patients have the right to request changes to their information. If patients believe that protected health information, which the Practice maintains, is incorrect or incomplete they may request that we amend the information. Patients have a right to request an amendment for as long as we maintain the information.

Limitations on your right

We may deny a request for an amendment if the request asks that we amend information that:

• Was not created by the Practice.
• Was created by an individual who is no longer an employee of the Practice
• Is not part of the health information maintained by us
• Is not part of the health information that the patient would be permitted to inspect and copy
• Is not related to the patient’s current diagnosis
• Is inaccurate or incomplete.

How to exercise your right

To request an amendment, patients must submit a written request to our privacy officer. The request must specify each change that the patient wants and provide a reason to support each requested change.

Timely action

We generally are required to act on a request for an amendment by making the amendment (or providing a written denial) within 60 days after receipt. If we cannot comply with this time period, we must notify the patient in writing of the reason for the delay and when we will comply (request will be completed within a 30-day extension).

Paper copy of your privacy notice

Your right

Patients have a right to receive, upon request, an additional paper copy of our Notice of Privacy Practices. Patients may ask for a paper copy of the current notice at anytime.

How to exercise your right

To obtain a paper copy, contact our privacy officer.

7. Minors, incompetent, and deceased patients

In the case of minors who lack legal capacity to make their own health care decisions, a parent, legal guardian, or other personal representative must provide any required consent, authorization, or other permission to use and disclose the patient’s protected health care information and exercises the patient’s privacy rights.

A patient’s protected health information remains protected even after the patient’s death. In the case of a deceased patient, a personal representative for the patient such as an executor of the patient’s estate, generally provides any required consent, authorization, or other permission to use and disclose the patient’s protected health care information and exercises the patient’s privacy rights.

8. Changes to this notice

We reserve the right to change this notice at any time. We further reserve the right to make any change effective for all protected health information that we maintain at the time of the change – including information that we created or received prior to the effective date of the change.

We will post a copy of our current notice in the waiting room for the practice. At any time, patients may review the current notice by contracting our privacy officer.

9. Complaints

It is the policy of Partners in Women’s Healthcare to address all complaints with regard to protecting the privacy of confidential patient information. If patients believe that we have violated their privacy rights, they may submit a complaint to the Practice or the Office of Civil Rights. To file a complaint with Partners in Women’s Healthcare, please complete the HIPAA "complaint" form and submit this form to our privacy officer. HIPAA "complaint" forms can be obtained at the front desk of the Practice site. The Practice will not retaliate against patients for filing a complaint.

10. Legal effect of this notice

This notice is not intended to create a contractual or other rights independent of the Standards for Privacy of Individually Identifiable Health Information ("privacy rule") issued by the Department of Health and Human Services pursuant to the Health Insurance Portability and Accountability Act (HIPAA).

Effective: April 14, 2003
Revised: March 1, 2004 (Changed Named of Practice)