It is the policy of our practice that all physicians and staff preserve the integrity and the confidentiality of protected health information (PHI) pertaining to our patients. The purpose of this policy is to ensure that our practice and its physicians and staff have the necessary medical and PHI to provide the highest quality medical care possible while protecting the confidentiality of the PHI of our patients to the highest degree possible. Patients should not be afraid to provide information to our practice and its physicians and staff for purposes of treatment, payment and healthcare operations (TPO). To that end, our practice and its physicians and staff will:
- Adhere to the standards set forth in the Notice of Privacy Practices.
- Collect, use and disclose PHI only in conformance with state and federal laws and current patient covenants and/or authorizations, as appropriate. Our practice and its physicians and staff will not use or disclose PHI for uses outside of practice’s TPO, such as marketing, employment, life insurance applications, etc. without an authorization from the patient.
- Use and disclose PHI to remind patients of their appointments unless they instruct us not to.
- Recognize that PHI collected about patients must be accurate, timely, complete, and available when needed. Our practice and its physicians and staff will:- Implement reasonable measures to protect the integrity of all PHI maintained about patients.
- Recognize that patients have a right to privacy.
- Our practice and its physicians and staff respect the patient’s individual dignity at all times.
- Our practice and its physicians and staff will respect patient’s privacy to the extent consistent with providing the highest quality medical care possible and with the efficient administration of the facility.
- Act as responsible information stewards and treat all PHI as sensitive and confidential. Consequently, our practice and its physicians and staff will:- Treat all PHI data as confidential in accordance with professional ethics, accreditation standards, and legal requirements.
- Not disclose PHI data unless the patient (or his or her authorized representative) has properly authorized the release or the release is otherwise authorized by law. — Recognize that, although our practice “owns” the medical record, the patient has a right to inspect and obtain a copy of his/her PHI. In addition, patients have a right to request an amendment to his/her medical record if he/she believes his/her information is inaccurate or incomplete. Our practice and its physicians and staff will:- Permit patient’s access to their medical records when their written requests are approved by our practice. If we deny their request, then we must inform the patients that they may request a review of our denial. In such cases, we will have an on-site healthcare professional review the patients’ appeals.
- Provide patients an opportunity to request the correction of inaccurate or incomplete PHI in their medical records in accordance with the law and professional standards.
- All physicians and staff of our practice will maintain a list of certain disclosures of PHI for purposes other than TPO for each patient and those made pursuant to an authorization as required by HIPAA rules.
We will provide this list to patients upon request, so long as their requests are in writing.
- All physicians and staff of our practice will adhere to any restrictions concerning the use or disclosure of PHI that patients have requested and have been approved by our practice.
- All physicians and staff of our practice must adhere to this policy. Our practice will not tolerate violations of this policy. Violation of this policy is grounds for disciplinary action, up to and including termination of employment and criminal or professional sanctions in accordance with our practice’s personnel rules and regulations.