Notice of Privacy Practices
Notice of Privacy Practices of Protected Health Information
Effective April 14, 2003
Revised May 1, 2020
This practice uses and discloses health information about you for treatment, to obtain payment for treatment, for administrative purposes, and to evaluate the quality of care that you receive.
This Notice describes our privacy practices. We may change our policies and this Notice at any time and have those revised policies apply to all the protected health information we maintain. If or when we change our notice, we will post the new notice in the office and on our website www.houstoneye.com where it can be viewed. You can request a paper copy of this Notice, or any revised notice, at any time in the mail or by asking for one at the time of your next appointment.
A. Treatment, Payment, Health Care Operations
Treatment
We are permitted to use and disclose your medical information to those involved in your treatment. For example, the physicians in this practice are specialists. When we provide treatment, we may request that your primary care physician share your medical information with us. Also, we may provide your primary care physician information about your particular condition so that he or she can appropriately treat you for other medical conditions, if any. In addition, we may disclose your protected health information from time-to time to another physician or health care provider (e.g. another specialist, laboratory or home health agency) who may become involved in your care by providing assistance with your health care diagnosis or treatment.
Payment
We are permitted to use and disclose your medical information to bill and collect payment for the services we provide to you. For example, we may contact your health insurance plan to determine eligibility or coverage of insurance benefits. We may also complete a claim form to obtain payment from your health insurance plan. That form will contain medical information, such as a description of the medical services provided to you, that your insurance needs to approve payment to us.
Health Care Operations
We may use or disclose, as needed, your protected health information in order to support the business activities of our practice. These activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, marketing, and fundraising activities, and conducting or arranging for other business activities.
For example, we may disclose your protected health information to medical school or other health care students that see patients at our office. In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name. We may also call you by name in the waiting room when your physician is ready to see you. We may use or disclose your protected health information, as necessary, to contact you to remind you of your appointment.
Business Associates
We will share your protected health information with third party “business associates” that perform various activities (e.g., billing, collection, transcription services) for the practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your protected health information, we will have a written contract that contains terms that will protect the privacy of your protected health information.
Marketing
We may use or disclose your protected health information to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. We may also use and disclose your protected health information for other marketing activities. For example, your name and address may be used to send you a newsletter about our practice and the services we offer. We may also send you information about products or services that we believe may be beneficial to you. You may contact our Privacy Officer to request that these materials not be sent to you.
Fundraising
We may use or disclose your demographic information and the dates that you received treatment from your physician in order to send periodic materials from Houston Eye Associates Foundation. Materials may include, but are not limited to newsletters, upcoming fundraising events, direct mail pieces, surveys, and invitations to participate in annual events. There is no requirement that you agree to accept fundraising communication from us, and we will honor your request not to receive (opt-out) any fundraising communications from us after the date we receive your decision.
B. Disclosures That Can Be Made Without Your Authorization
There are situations in which we are permitted to disclose or use your medical information without your written authorization or an opportunity to object. In other situations, we will ask for your written authorization before using or disclosing any identifiable health information about you. If you choose to sign an authorization to disclose information, you can later revoke that authorization, in writing, to stop future uses and disclosures. However, any revocation will not apply to disclosures or uses already made or that rely on that authorization.
Public Health, Abuse or Neglect, and Health Oversight
We may disclose your medical information for public health activities. Public health activities are mandated by federal, state, or local government for the collection of information about disease, vital statistics, or injury by a public health authority. We may disclose medical information, if authorized by law, to a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition. We may disclose your medical information to report reactions to medications, problems with products, or to notify people of recalls of products they may be using.
Because Texas law requires physicians to report child abuse or neglect, we may disclose medical information to a public agency authorized to receive reports of child abuse or neglect. Texas law also requires a person having cause to believe that an elderly or disabled person is in a state of abuse, neglect, or exploitation to report the information to the state, and HIPAA privacy regulations permit the disclosure of information to report abuse or neglect of elders or the disabled.
We may disclose your medical information to a health oversight agency for those activities authorized by law. Examples of these activities are audits, investigations, licensure applications and inspections, which are all government activities undertaken to monitor the health care delivery system and compliance with other laws, such as civil rights laws.
Legal Proceedings and Law Enforcement
We may disclose your medical information in the course of judicial or administrative proceedings in response to an order of the court (or the administrative decision-maker) or other appropriate legal process. Certain requirements must be met before the information is disclosed.
If asked by a law enforcement official, we may disclose your medical information under limited circumstances provided:
- The information is released pursuant to legal process, such as a warrant or subpoena;
- The information pertains to a victim of crime and you are incapacitated;
- The information pertains to a person who has died under circumstances that may be related to criminal conduct;
- The information is about a victim of crime and we are unable to obtain the person’s agreement;
- The information is released because of a crime that has occurred on these premises; or
- The information is released to locate a fugitive, missing person, or suspect.
We also may release information if we believe the disclosure is necessary to prevent or lessen an imminent threat to the health or safety of a person.
Workers’ Compensation
We may disclose your medical information as required by workers’ compensation law.
Inmates
If you are an inmate or under the custody of law enforcement, we may release your medical information to the correctional institution or law enforcement official. This release is permitted to allow the institution to provide you with medical care, to protect your health or the health and safety of others, or for the safety and security of the institution.
Military, National Security and Intelligence Activities, Protection of the President
We may disclose your medical information for specialized governmental functions such as separation or discharge from military service, requests as necessary by appropriate military command officers (if you are in the military), authorized national security and intelligence activities, as well as authorized activities for the provision of protective services for the president of the United States, other authorized government officials, or foreign heads of state.
Research, Organ Donation, Coroners, Medical Examiners, and Funeral Directors
When a research project and its privacy protections have been approved by an institutional review board or privacy board, we may release medical information to researchers for research purposes. We may release medical information to organ procurement organizations for the purpose of facilitating organ, eye, or tissue donation if you are a donor. Also, we may release your medical information to a coroner or medical examiner to identify a deceased person or a cause of death. Further, we may release your medical information to a funeral director when such a disclosure is necessary for the director to carry out his duties.
Appointment Reminders
We may contact you by (telephone, text, and/or mail) to provide appointment reminders, emergency messages or other information about the practice that may be of interest to you.
Required by Law
We may release your medical information when the disclosure is required by law.
C. Your Rights Under Federal Law
The U. S. Department of Health and Human Services created regulations intended to protect patient privacy as required by the Health Insurance Portability and Accountability Act (HIPAA). Those regulations create several privileges that patients may exercise. We will not retaliate against patients who exercise their HIPAA rights.
You have the right to receive a copy of Houston Eye Associates’ Notice of Privacy Practices.
You may request a paper copy of this notice, or any revised notice, at any time in the mail or by asking for one at the time of your next appointment.
You have the right to request restrictions on protected health information.
You may request that we restrict or limit how your protected health information is used or disclosed for treatment, payment, or health care operations. We do NOT have to agree to this restriction, but if we do agree, we will comply with your request except under emergency circumstances.
You have the right to restrict disclosures to health plans for treatment or services paid for in full by the patient.
You have a right to have your designated record set be sent to a third party.
You also may request that we limit disclosure to family members, other relatives, or close personal friends who may or may not be involved in your care.
To request a restriction, submit the following in writing: (a) the information to be restricted, (b) what kind of restriction you are requesting (i.e., on the use of information, disclosure of information, or both), and (c) to whom the limits apply. Please send the request to the address and person listed at the end of this document.
You have the right to request alternative means of communicating protected health information.
You may request that we send communications of protected health information by alternative means or to an alternative location.
You have the right to obtain an electronic copy of your electronic health record.
This request must be made in writing to the person and address listed at the end of this document. We are required to accommodate only reasonable requests. Please specify in your correspondence exactly how you want us to communicate with you and, if you are directing us to send it to a particular place, the contact/address information.
You have the right to access your protected health information.
You may inspect and/or obtain a copy of your health information that is within the designated record set, which is information that is used to make decisions about your care. Texas law requires that requests for copies be made in writing, and we ask that requests for inspection of your health information also be made in writing. Please send your request to the person listed at the end of this document.
We may ask that a narrative of that information be provided rather than copies. However, if you do not agree to our request, we will provide copies.
We can refuse to provide some of the information you ask to inspect or ask to be copied for the following reasons:
- The information is psychotherapy notes.
- The information reveals the identity of a person who provided information under a promise of confidentiality.
- The information is subject to the Clinical Laboratory Improvements Amendments of 1988.
- The information has been compiled in anticipation of litigation.
We can refuse to provide access to or copies of some information for other reasons if we arrange for a review of our decision on your request. Any such review will be made by another licensed health care provider who was not involved in the prior decision to deny access.
Texas law requires us to provide copies or a narrative within 15 days of your request. We will inform you when the records are ready or if we believe access should be limited. If we deny access, we will inform you in writing.
You have the right to request an amendment of your protected health information.
You may request an amendment of your medical information in the designated record set. Any such request must be made in writing to the person listed at the end of this document. We will respond within 60 days of your request. We may refuse to allow an amendment for the following reasons:
- The information was not created by this practice or the physicians in this practice.
- The information is not part of the designated record set.
- The information is not available for inspection because of an appropriate denial.
- The information is accurate and complete.
Even if we refuse to allow an amendment, you are permitted to include a patient statement about the information at issue in your medical record. If we refuse to allow an amendment, we will inform you in writing.
If we approve the amendment, we will inform you in writing, allow the amendment to be made and tell others that we now have the correct information.
You have the right to an accounting of certain disclosures
HIPAA privacy regulations permit you to request, and us to provide, an accounting of disclosures that are other than for treatment, payment, health care operations, or made via an authorization signed by you or your representative. Please submit any request for an accounting to the person at the end of this document. Your first accounting of disclosures (within a 12-month period) will be free. For additional requests within that period we are permitted to charge for the cost of providing the list. If there is a charge, we will notify you, and you may choose to withdraw or modify your request before any costs are incurred.
You have the right to be notified of a breach
We are required to notify you by first class mail or by e-mail (if we offered and you have indicated a preference to receive information by e-mail), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of the breach. “Unsecured Protected Health Information” is information that is not secured via a methodology identified by the Secretary of the U.S. Department of Health and Human Services (HHS) that renders the protected health information unusable, unreadable, and indecipherable to unauthorized users. The notice is required to include the following information:
- A brief description of the breach, including the date of the breach and the date of its discovery, if known
- A description of the type of Unsecured Protected Health Information involved in the breach
- Steps you should take to protect yourself from potential harm resulting from the breach
- A brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches
- Contact information, including a toll-free telephone number, e-mail address, website, or postal address where you can ask questions or obtain additional information.
In the event the breach involves 10 or more patients whose contact information is out of date, we will post a notice on the home page of our website or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary. We also are required to submit an annual report to the Secretary detailing a list of breaches that involve more than 500 patients during the year and maintain a written log of breaches involving less than 500 patients.
You have the right to complain about Houston Eye Associates privacy practices.
If you are concerned that your privacy rights have been violated, you may complain to us or to the Health and Human Services, Office of Civil Rights at https://www.hhs.gov/hipaa/filing-a-complaint/index.html.
You may file a complaint with us by notifying our privacy officer of your complaint. We will not retaliate against you for filing a complaint.
D. Other Uses of Medical Information
Other uses and disclosures of medical information not covered by this Notice or the laws that apply to you will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.
E. Our Promise to You
We are required by law and regulation to protect the privacy of your medical information, to provide you with this Notice of our Privacy Practices with respect to protected health information, and to abide by the terms of the Notice of Privacy Practices in effect.
F. Questions and Contact Person for Requests
If you have any questions or want to make a request pursuant to the rights described above, please contact: Privacy Officer, in writing:
Houston Eye Associates
2855 Gramercy Street
Houston, TX 77025
The Privacy Officer can be contacted by phone at (713) 558-8755 or email at Privacy@HoustonEye.com for further information about the complaint process.
Puedes ver este documento en español, haz clic aquí.
Effective April 14, 2003
Revised May 1, 2020