Notice of HIPAA Privacy Practices
Original Effective Date: November 20, 2020
Last updated: July 6, 2023
Please review carefully:
This notice describes how medical information about you may be used and disclosed and how you can get access to this information.
When it comes to your health information, you have certain rights. This section explains your privacy rights and some of our responsibilities to help you. We are required to maintain the privacy of your health information and to provide you with this Notice, which describes our legal duties. We are required to follow the terms of this Notice currently in effect. In the event of a Breach involving unsecured health information, we will follow HIPAA to notify affected individuals.
See or get an electronic or paper copy of your medical record:
- You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.
- We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee. If we deny your request, you have the right to have our denial reviewed as permitted by HIPAA.
- You can also ask us to transmit a copy of your health information directly to another person designated by you, if certain criteria are met.
However, you may not see or copy the following records:
- Psychotherapy notes
- Information compiled in reasonable anticipation of or used in, a civil, criminal, or administrative action or proceeding
- Protected health information restricted by law, information that is related to medical research in which you have agreed to participate
- Information whose disclosure may result in harm or injury to you or to another person
- Information that was obtained under a promise of confidentiality
Ask us to correct your medical record:
- You can ask us to correct health information about you that you believe is incorrect or incomplete.
- We may say “no” to your request, but we will tell you why in writing within 60 days. If we deny your request to change your health information, we will provide you with a written reason for the denial and, if appropriate, provide additional information regarding further steps you may take regarding the denial consistent with HIPAA. Any agreed upon amendment will be included as an addition to, and not a replacement (or deletion) of, already existing records.
Request confidential communications:
- You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
- We will say “yes” to all reasonable requests.
Ask us to limit what we use or share:
- You can ask us not to use or share certain health information by stating in writing the specific restriction requested and to whom you want the restriction to apply.
- We are not required to agree to your request, and we may say “no” if it would affect your care.
- You may not request that we restrict your health information for treatment, payment, or our health care operations.
- If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information with your health insurer for the purpose of payment or our health care operations; we have to agree to that request unless such use or disclosure is not required by law.
- We will say “yes” unless a law requires us to share that information.
Get a list of those with whom we have shared information
- You can ask for a list (accounting) of the certain disclosures of your health information for six years prior to the date you ask.
- Consistent with HIPAA, an accounting includes disclosures except for those about treatment, payment, and health care operations, as required by law, that occurred prior to April 14, 2003, and certain other disclosures (such as any you asked us to make).
- We will provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice:
- You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically.
Choose someone to act for you:
- If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your HIPAA rights and make choices about your health information.
File a complaint if you feel your privacy rights are violated:
- You can complain if you feel we have violated your rights by contacting us. We will strive to address your concern.
- You can file a complaint with the U.S. Department of Health and Human Services.
- We will not retaliate or take action against you or any individual for filing a complaint.
For certain health information, you can tell us your choices about what we share.
If you have a clear preference for how we share your information in the situations described below, talk to us.
In these cases, you have both the right and choice to tell us to:
- Share information with your family, close friends, or others involved in your care
- Share information in a disaster relief situation
- Contact you for fundraising efforts; you can opt out of fundraising communications.
If you are not able to tell us your preference, for example, if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
Subject to limited HIPAA exceptions, we will not use or disclose your health information for “Marketing” or “Sale” (as defined by HIPAA) of your health information or for release of “Psychotherapy Notes” unless you have signed an Authorization. You may revoke a HIPAA Authorization you sign at any time. If you revoke your Authorization, we will no longer use or disclose your health information for the reasons stated in your Authorization, except to the extent we have already taken action based on your Authorization. Once we receive your written revocation, it will only be effective for future uses or disclosures of your health information. We are unable to undo any disclosures of health information we already made based on your Authorization or where we are required by applicable law to retain your health information.
We may also use or disclose health information as otherwise permitted by HIPAA, which includes creating or disclosing a Limited Data Set, if certain assurances are provided to us. We may also “de-identify” health information that we receive from you or others by removing certain identifiers. De-identified information is no longer subject to HIPAA. Additionally, incidental uses or disclosures of health information sometimes occur and are not considered to be a violation of your rights; they are limited in nature and cannot reasonably be prevented.
How do we typically use or share your health information?
We typically use or share your health information in the following ways (not every use or disclosure for every category is listed but these are the most common):
To Treat you:
- For example, we can use your health information and share it with other professionals who are involved in treating you.
- We may also call you by name in the waiting room when your health care provider is ready to see you.
- We may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your health care provider.
To run our practice:
- For example, we can use and share your health information to run our practice and improve your care.
- We can also use and share your health information for quality assessments, credentialing, compliance, employee and peer reviews, training, and licensing activities as needed.
- We may use or disclose your health information to remind you of your appointment, and inform you about treatment alternatives or other health-related benefits and services that may be of interest to you, by text, fax, phone, and email provided by you and to leave voice messages as necessary.
- We can also share your health information with our business associates, including billing, claims processing, collections, and others involved in health care operations. Business associates are vendors which provide services to us or assist us in providing services.
To bill for your services:
- For example, we can use and share your health information to bill and get payment from health plans or other entities.
How else can we use or share your health information?
As permitted by HIPAA, we are allowed or required by law to share your information in other ways:
Help with public health and safety issues:
We can share health information about you for certain situations such as:
- Preventing or controlling disease
- Helping with product recalls
- Reporting adverse reactions to medications
- Reporting suspected abuse, neglect, or domestic violence
- Preventing or reducing a serious threat to health or safety
- We can use or share your information for research purposes.
- We may establish databases of health information and other data for research and other purposes as permitted by applicable law.
Comply with the law:
- We will share information about you if state or federal laws require it.
- Note: HIV or AIDS related information, genetic information, alcohol and substance abuse records, mental health records, and other specially protected health information may have certain protections under applicable state and federal law; disclosures of these types of records will be subject to those special protections as applicable.
Address workers’ compensation, law enforcement, and other government requests:
We can use or share health information about you:
- For workers’ compensation claims
- As permitted by law, we may disclose your health information to your employer if we are retained to conduct an evaluation relating to medical surveillance of your workplace or to evaluate whether you have a work-related illness or injury.
- For law enforcement purposes or with a law enforcement official
- With health oversight agencies for activities authorized by law such as inspections and licensure
- For special government functions such as military, veterans, correctional institutions, national security, and protective services
Respond to lawsuits and legal actions:
- We can share health information about you in response to a court or administrative order, or in response to a subpoena, if certain criteria are met.
Respond to organ and tissue donation requests:
- We can share health information about you with organ procurement organizations.
Work with a coroner, medical examiner or funeral director:
- We can share health information with a coroner, medical examiner, or funeral director following the death of an individual.
Have any questions?
Changes To This Notice
We reserve the right to revise the terms of this Notice to reflect changes in our privacy practices, and to have those revisions apply to all health information we maintain about you, including health information created or received before the effective date of this Notice’s revision. This Notice is displayed on our website at aylohealth.com (go to the bottom of the main page and click on “Privacy Notice”). You should periodically review our website to confirm you are aware of any such updates. You can also receive an updated paper copy of this Notice upon request.