This notice describes how medical information about you may be used and disclosed, as well as how you can get access to this information.
Please review it carefully.
Effective September 14, 2020
Stephanie Murphy DDS hereafter referred to as “Practice,” is committed to preserving the privacy and confidentiality of your health information. This Notice of Privacy Practices describes how we may use and disclose your protected health information, hereafter referred to as “PHI,” to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. 45 CFR§ 164.520.
This Notice has been revised to conform to HIPAA’s Final Rule referred to as the “Omnibus Rule” published on 01/25/13. This notice replaces previous versions of the Notice and is effective 09/23/2013. You may access or obtain a copy according to the following options: our website, contact the office and request a copy to be sent to you by mail or email, or request a copy at the time of your next appointment.
Uses and Disclosures of PHI
1. How we use your information
Your PHI may be used and disclosed by our Practice’s provider, administrative, and/or clinical staff, and others outside of our Practice who are involved in your care and treatment for the purpose of providing healthcare services to you.
A) Treatment: We will use and disclose your PHI to provide, coordinate, or manage your care and any related services. We may disclose PHI to other providers who may be treating you such as a specialist.
B) Payment: We will use your PHI to obtain payment for the services provided by this Practice. For example, if we are working with your insurance plan, we may verify eligibility or coverage for benefit determination. We may use or disclose your information so that a bill may be sent to you that may include services provided.
C) Healthcare Operations: The Practice may use or disclose, as needed, your PHI in order to support its business activities such as quality performance reviews regarding our services or the performance of our staff.
i) Business Associates: We may share your PHI with third-party business associates such as answering services, marketing agencies, transcriptionists, billing services, consultants, trainers, and legal counsel. We obtain a written agreement between our Practice and the business associate to assure the protection and privacy of your PHI.
Other Permitted and Required Uses and Disclosures That May Be Made Without Your Authorization or Opportunity to Agree or Object:
We may use or disclose your PHI in the following situations without your authorization or providing you the opportunity to agree or object as follows:
D) Required or Permitted by Law: We may use or disclose your PHI as required by law. This may include public health activities such as controlling a communicable disease or compliance with health oversight agencies authorized by law. We may disclose PHI to a public health authority authorized to receive reports of child abuse or neglect. We may disclose your PHI if we believe you have been a victim of abuse, neglect, or domestic violence to a governmental agency authorized to receive such information in compliance with state and federal law. We may disclose your PHI to the Food and Drug Administration for the quality, safety, or effectiveness of FDA-regulated products or activities. We may disclose your PHI in the course of a legal proceeding in response to a subpoena, discovery request, or other lawful processes. We may also disclose PHI to law enforcement providing applicable legal requirements that are satisfied. We may disclose PHI to a coroner or medical examiner for identification purposes. We may disclose PHI to researchers when the information does not directly identify you as the source of the information and such research has been approved by an institutional review board to ensure the privacy of the PHI. We may disclose PHI as authorized to comply with workers’ compensation laws. We may use and disclose your PHI if you are an inmate of a correctional facility and this information is necessary for your care.
Authorization for Other Uses and Disclosures of PHI
Use and disclosure of your PHI not addressed in this Notice of Privacy Practices will be made only with your written authorization. You may revoke this authorization in writing at any time. If you revoke this authorization, we will no longer use or disclose your PHI; however, we are unable to retrieve previous disclosures made with your prior authorization.
Other Permitted and Required Uses and Disclosures that Require Your Permission or Objection:
ii) Students: We may share PHI with students working in our Practice to fulfill their educational requirements. If you do not wish a student to observe or participate in your care, please notify your provider.
iii) Appointment Reminders: We may contact you as a reminder of your appointment. Only limited information is provided on an answering machine or an individual other than you answering the call. We may issue a postcard or letter notifying you that it is time to make an appointment. You may provide a preferred means of contact such as a mobile telephone number or email address. Reasonable requests will be accommodated.
iv) Family, Close Friends, Personal Representatives & Care Givers: Our staff may disclose to the person involved in your care your PHI relevant to that person’s involvement in your care or payment of the services providing you identify these individual(s) and authorize the release of information. If you are unable to agree or object to such disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. If a young adult age eighteen (18) requests that his or her information not be released to a parent or guardian, we must comply with this request in compliance with state law.
For minor children living in divided households, both parents (mother and father) have access to the PHI unless their parental rights have been terminated. Payment of services is addressed in your Final Divorce Decree; however, we obtain payment from the parent who brings the child in for treatment. We will provide you a statement to send to the other parent for your reimbursement.
v) Disaster Relief: If applicable, we may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your care.
2. Your Rights
The following is a statement of your rights regarding PHI we gather about you:
A) Copy of this Notice: You have the right to a copy of this notice including a paper copy.
B) Inspect and Copy PHI: You have the right to inspect and obtain a copy of PHI about you maintained by our Practice to include patient and billing records. You must submit a written request and indicate whether you prefer a paper or electronic copy. According to state and federal law, we may charge you a reasonable fee to copy your records. Our Practice does not transmit unsecure PHI via email. However, if you prefer this information emailed to you with encryption or security measures, we will comply with your request and will verify your email address. We suggest sending our Practice an email and we will reply with the attachment. (Note: Under federal law, you may not inspect or copy psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal or administrative action or proceeding. Please contact the Privacy Officer for more details).
C) Amendment: You have the right to have your provider amend your PHI about you in a designated record set. Please consult with the Privacy Officer. We may deny this request and you may respond with a statement. We may include a rebuttal statement in your record. Reasons we may deny amending such information, but not limited to these reasons, is if we did not create the information, or if the individual who created the information is no longer available to make the amendment or it is not part of the information maintained at our Practice.
D) Restrictions: You have the right to request a restriction of your PHI. If you paid out-of-pocket for a service or item, you have the right to request that information not be disclosed to a health plan for purposes of payment or health care operations and we are required to honor that request. You may request in writing to our Privacy Officer not to use or disclose any part of your PHI for the purposes of treatment, payment, or health care operations such as to family members or friends involved in your care or for notification purposes as described in this Notice of Privacy Practices. However, your provider is not required to agree to this restriction. You may discuss restrictions with the Privacy Officer.
E) Confidential Communications: You have the right to request to receive confidential communications from our Practice by alternative means or at an alternative location. For example, you may prefer our Practice to use your mobile telephone or email rather than a residential line. Please make this request in writing to the Privacy Officer. Our staff will not ask personal questions regarding your request.
F) Disclosures: You have the right to request an accounting of disclosures of your PHI including those made through a Business Associate as set forth in CFR 45 § 164.528. The HITECH Act removed the accounting of disclosures exception to PHI to carry out treatment, payment, and healthcare operations if such disclosures are made through the EHR. To request an accounting, you must submit your request in writing to the Privacy Officer.
G) Breach Notification: According to the HITECH Act, you have the right to be notified following a breach of unsecured PHI that affects you. “Unsecured” is information that is not secured through the use of technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the PHI unusable, unreadable and undecipherable to unauthorized users. Breach notification applies to our Business Associates who are obligated to notify our Practice if a breach of unsecured PHI occurs that affects you.
H) Fundraising: If PHI is used for fundraising which is considered “health care operations,” basic requirements must be satisfied to include notice to the individual and a process for individuals to opt-out. If the individual consents, only specific parts of PHI may be used for fundraising. Note: Your PHI will not be used in this manner at our Practice.
You have the right to file a complaint if you believe your privacy rights or that of other individuals’ have been violated. You may contact our Privacy Officer and your issue will be addressed. You may also file a complaint with the Secretary of Health and Human Services at U.S. Department of Health & Human Services, Office of Civil Rights, 200 Independence Avenue, SW, Washington, D.C. 20201.
Your complaint must be filed in writing, either on paper or electronically, by mail, fax, or e-mail; name the covered entity or business associate involved and describe the acts or omissions you believe violated the requirements of the Privacy, Security, or Breach Notification Rules; and be filed within 180 days of when you knew that the act or omission complained of occurred. You may visit the Office of Civil Rights website at www.hhs.gov/ocr/hipaa/ for more information.
If you have any questions, would like additional information, or want to report a problem regarding the handling of your PHI, you may contact the Privacy Officer at:
Stephanie Murphy DDS
7040 North Port Washington Road, Suite 410
Glendale, Wisconsin 53217
You will not be penalized for filing a complaint.