NOTICE OF PRIVACY POLICIES AND PRACTICES
NOTICE OF PRIVACY PRACTICES (HIPAA)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION
PLEASE REVIEW IT CAREFULLY
Our Legal Duty
Orange Coast Dermatology is committed to protecting your privacy and is required by applicable federal and state laws to maintain the privacy of your protected health information. “Protected health information” is your individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health plan, your employer, or a health care clearinghouse that relates to:
(1) your past, present, or future physical or mental health or condition;
(2) the provision of health care to you; or
(3) the past, present or future payment for the provision of health care to you. This notice describes our policies and practices for collecting, handling, and protecting our patients’ protected health information. We are required to provide you this notice about our privacy practices, our legal duties, and our rights concerning your protected health information. We suggest that you read these policies the first time you become an Orange Coast Dermatology patient. We must follow the privacy practices that are described in this notice while it is in effect. This notice takes effect on January 1, 2008, and will remain in effect until we replace it. We will continually review our privacy policies and practices and monitor our business practices to help ensure the security of our patients’ protected health information. Due to changing circumstances, it may become necessary to revise our privacy policies and practices and the terms of this notice at any time provided that such changes are permitted by applicable law. We reserve the right to make the changes in our privacy practices and the new terms of our notice effective for all protected health information that we maintain, including protected health information we created or received before we made the changes. Before we make a significant change in our privacy practices, we will change this notice and notify all affected patients in writing in advance of the change. You may print a copy of our notice at any time from our website. For more information about our privacy practices, please contact us using the information listed at the end of this notice.
Uses and Disclosures of Protected Health Information
Following are examples of permitted uses and disclosures of your protected health information. These examples are not exhaustive.
Required Uses and Disclosures
By law, we must disclose your health information to you unless it has been determined by a health care professional that it would be harmful to you. We must also disclose health information to the Secretary of the Department of Health and Human Services (DHHS) for investigations or determinations of our compliance with laws on the protection of your health information.
We will use and disclose your protected health information to provide, coordinate, or manage your healthcare and any related services. This includes the coordination or management of your healthcare with a third party. For example, we may disclose your protected health information to another physician or health care provider (e.g., a specialist, pharmacist, or laboratory) who, at the request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment. This includes pharmacists who may be provided information on other drugs you have been prescribed to identify potential interactions. In emergencies, we will use and disclose your protected health information to provide the treatment you require.
Your protected health information will be used, as needed, to obtain payment for your health care services. This may include certain activities we may need to undertake before your health care insurer approves or pays for the health care services recommended for you, such as determining eligibility or coverage for benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities. For example, obtaining approval for a surgical procedure might require that your relevant protected health information is disclosed to obtain approval to perform the procedure at a particular facility.
Health Care Operations
We may use or disclose, as needed, your protected health information to support our daily activities related to providing health care. These activities include, but are not limited to, billing, collection, quality assessment activities, investigations, oversight or staff performance reviews, licensing, communications about a product or service, and conducting or arranging for other health care related activities. For example, we may disclose your protected health information to an insurance company in order to process claims for reimbursement for the services we provide to you. We may call you by name in the waiting room when your provider is ready to see you. We may use or disclose your protected health information, as necessary, to contact you to remind you of your appointment. For example, we may contact you at your home telephone number to remind you of your next appointment and/or email or text an appointment reminder. We will share your protected health information with other persons or entities that perform various activities (e.g., a transcription service) for our Practice. These business associates of our practice will also be required to protect your health information. We may use or disclose your protected health information, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that might interest you. For example, your name and address may be used to send you a newsletter about our Practice and the services we offer. We may also send you information about products or services that we believe might benefit you.
Required by Law
We may use or disclose your protected health information if law or regulation requires the use or disclosure.
We may disclose your protected health information to a public health authority that is permitted by law to collect or receive the information. The disclosure may be necessary to do the following:
- Prevent or control disease, injury, or disability
- Report births and deaths
- Report child abuse or neglect
- Report reactions to medications or problems with products
- Notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
- Notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence
We may disclose your protected health information, if authorized by law, to a person who might have been exposed to a communicable disease or might otherwise be at risk of contracting or spreading the disease or condition.
We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. These health oversight agencies may include government agencies that oversee the healthcare system, government benefit programs, other government regulatory programs, and civil rights laws.
Food and Drug Administration
We may disclose protected health information to a person or company required by the Food and Drug Administration to do the following:
- Report adverse events, product defects, or problems and biologic product deviations
- Track products
- Enable product recalls
- Make repairs or replacements
- Conduct post-marketing surveillance as required
We may disclose protected health information for law enforcement purposes, including the following:
- Responses to legal proceedings
- Information requests for identification and location
- Circumstances pertaining to victims of a crime
- Death suspected from criminal conduct
- Crimes occurring on our premises
- Medical emergencies (not on our premises) believed to result from criminal conduct
Coroners, Funeral Directors, and Organ Donations
We may disclose protected health information to coroners or medical examiners for identification to determine the cause of death or for the performance of other duties authorized by law. We may also disclose protected health information to funeral directors as authorized by law. Protected health information may be used and disclosed for cadaveric organ, eye, or tissue donations.
We may disclose protected health information to researchers when authorized by law, for example, if their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information.
Under applicable federal and state laws, we may disclose your protected health information if we believe that its use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose protected health information if it is necessary for law enforcement authorities to identify or apprehend an individual.
Military Activity and National Security
When the appropriate conditions apply, we may use or disclose protected health information of individuals who are Armed Forces personnel (1) for activities believed necessary by appropriate military command authorities to ensure the proper execution of the military mission including determination of fitness for duty; or
(2) to a foreign military authority if you are a member of that foreign military service. We may also disclose your protected health information to authorized Federal officials for conducting national security and intelligence activities including protective services to the President or others.
We may disclose your protected health information to comply with compensation laws and other similar legally-established programs.
We may use or disclose your protected health information if you are an inmate of a correctional facility, and we created or received your protected health information while providing care to you. This disclosure would be necessary (1) for the institution to provide you with health care, (2) for your health and safety or the health and safety of others, or (3) for the safety and security of the correctional institution.
State laws concerning minors permit or require certain disclosure of protected health information to parents, guardians, and persons acting in a similar legal status. We will act consistently with the laws of this state and will make disclosures following such laws.
Uses and Disclosures of Protected Health Information Requiring Your Permission
In some circumstances, you have the opportunity to agree or object to the use or disclosure of all or part of your protected health information. Following are examples in which your agreement or objection is required.
Individuals Involved in Your Health Care
Unless you object, we may disclose to a member of your family, a relative, a close friend, or any other person you identify, your protected health information that directly relates to that person’s involvement in your health care. We may also give information to someone who helps pay for your care. Additionally, we may use or disclose protected health information to notify or assist in notifying a family member, personal representative, or any other person who is responsible for your care, of your location, general condition, or death. Finally, we may use or disclose your protected health information to an authorized public or private entity to assist in disaster relief efforts and coordinate uses and disclosures to family or other individuals involved in your health care.
You may exercise the following rights by submitting a written request to our Privacy Officer. Our Privacy Officer can guide you in pursuing these options. Please be aware that our Practice may deny your request; however, you may seek a review of the denial.
Right to Inspect and Copy
You may inspect and obtain a copy of your protected health information that is contained in a “designated record set” for as long as we maintain the protected health information. A designated record set contains medical and billing records and any other records that our Practice uses for making decisions about you. This right does not include inspection and copying of the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and protected health information that is subject to a law that prohibits access to protected health information.
Right to Request Restrictions
You may ask us not to use or disclose any part of your protected health information for treatment, payment, or health care operations. Your request must be made in writing to our Privacy Officer. In your request, you must tell us (1) what information you want to be restricted; (2) whether you want to restrict our use or disclosure, or both; (3) to whom you want the restriction to apply, for example, disclosures to your spouse; and (4) an expiration date. If we believe that the restriction is not in the best interest of either party or that we cannot reasonably accommodate the request, we are not required to agree to your request. If the restriction is mutually agreed upon, we will not use or disclose your protected health information in violation of that restriction, unless it is needed to provide emergency treatment. You may revoke a previously agreed upon restriction, at any time, in writing.
Right to Request Confidential Communications
You may request that we communicate with you using alternative means or at an alternative location. We will not ask you the reason for your request. We will accommodate reasonable requests, when possible.
Right to Request Amendment
If you believe that the information we have about you is incorrect or incomplete, you may request an amendment to your protected health information as long as we maintain this information. While we will accept requests for amendment, we are not required to agree to the amendment.
Right to an Accounting of Disclosures
You may request that we provide you with an accounting of the disclosures we have made of your protected health information. This right applies to disclosures made for purposes other than treatment, payment, or healthcare operations as described in this Notice of Privacy Practices. The disclosure must have been made after January 1, 2008, and no more than six (6) years from the date of the request. This right excludes disclosures made directly to you, to others pursuant to an authorization from you, to family members or friends involved in your care, or for notification purposes. The right to receive this information is subject to additional exceptions, restrictions, and limitations as described earlier in this Notice.
Right to Obtain a Copy of this Notice
You may obtain a paper copy of this notice from us by requesting one or view it or download it electronically at our Practice’s website.
This Notice of Privacy Practices is provided to you as a requirement of the Health Insurance Portability and Accountability Act (HIPAA). There are several other privacy laws that also apply to HIV-related information, mental health information, and substance abuse information. These laws have not been superseded and have been taken into consideration in developing our policies and this notice of how we will use and disclose your protected health information.
If you believe these privacy rights have been violated, you may file a written complaint with our Privacy Officer or with the Department of Health and Human Services. No retaliation will occur against you for filing a complaint.
The Privacy Officer is our Practice Administrator and can be contacted by calling our telephone number: (949)888-8500. You may contact our Privacy Officer for further information about our complaint process, or for further explanation of this Notice of Privacy Practices. You may also e-mail questions to firstname.lastname@example.org.
What type of information do we collect?
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.
How do we collect information?
We collect such Non-personal and Personal Information for the following purposes:
- To provide and operate the Services;
- To provide our Users with ongoing customer assistance and technical support;
- To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
- To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;
- To comply with any applicable laws and regulations.
How do we store, use, share and disclose your site visitors' personal information?
Our company is hosted on the Wix.com platform. Wix.com provides us with an online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases, and general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
How do we communicate with your site visitors?
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.
How can our site visitors withdraw their consent?
If you don’t want us to process your data anymore, please contact us at email@example.com or send us mail to our physical mailing address.
Questions and your contact information
If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at firstname.lastname@example.org or send us mail to our physical mailing address.