NOTICE OF PRIVACY PRACTICES
For Next Step Bionics & Prosthetics, Inc.
THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
If you have any questions about this Notice, please contact our policy officer at internalcontrols@bcpgroup.net.
I. OUR COMMITMENT TO PROTECTING YOUR HEALTH INFORMATION
This Notice of Privacy Practices describes how we may use and disclose your Protected Health Information (“PHI”) to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI. Your PHI means any of your written or oral health information, including demographic data that can be used to identify you. This is health information that is created or received by your health care provider and that relates to your past, present or future physical or mental health or condition. If your PHI is de-identified in accordance with HIPAA standards, it is no longer PHI.
We are strongly committed to protecting your PHI. We create a medical record about your care because we need the record to provide you with appropriate treatment and to comply with various legal requirements. We transmit some medical information about your care to obtain payment for the services you receive, and we use certain information in our day-to-day operations. This Notice will let you know about the various ways we use and disclose your medical information and describe your rights and our obligations with respect to the use or disclosure of your PHI. We will also ask that you acknowledge receipt of this Notice the first time you come to or use any of our facilities because the law requires us to make a good faith effort to obtain your acknowledgment.
We are required by law to:
· Maintain the privacy of your PHI;
· Notify you in the event of a breach of your unsecured PHI;
· Give you this Notice of our legal duties and our privacy practices with respect to your PHI; and
· Abide by the terms of the Notice of Privacy Practices that is currently in effect.
II. YOUR RIGHTS REGARDING YOUR PHI
The following is a statement of your rights with respect to your PHI and a brief description of how you may exercise these rights.
Right to Request Access to Your PHI: You have the right to inspect and copy your PHI. You have the right to see or obtain an electronic or paper copy of the PHI that we maintain about you.
· To inspect and/or copy your medical information, you must submit a written request to the Privacy Officer listed on the first page of this Notice. If you request a copy of your information, we may charge you a reasonable, cost-based fee for the costs of copying, mailing or other costs associated with your request.
· We may deny your request for access in certain limited circumstances, however, if we deny your access request, we will provide a written denial with the basis for our decision and explain your rights to appeal or file a complaint.
Please contact our Privacy Officer if you have questions about access to your medical records.
Right to Request Restrictions: You have the right to request that we limit our uses and disclosures of your PHI for treatment, payment, and health care operations purposes. Your request must be in writing and state the specific restriction requested and to whom you want the restriction to apply. However, your care provider(s) is not required to agree to a restriction that you may request. If the care provider(s) believes it is in your best interest to permit use and disclosure of your PHI, your PHI will not be restricted. We are not required to agree to your request, except to the extent that you request a restriction on disclosures to a health plan or insurer for payment or health care operations purposes and the items or services have been paid for out of pocket in full. With this in mind, please discuss any restriction you wish to request with your care provider(s). Your request for a restriction must be in in writing and submitted to our Privacy Officer listed on the first page of this Notice.
Request Confidential Communications: You have the right to request to receive confidential communications from us by alternative means or at an alternate location. For example, you can ask that we only contact you at work or at a specific address. For these requests, we will not ask for the reason; you must specify how or where you wish to be contacted; and we will accommodate reasonable requests. Please make this request in writing to our privacy officer listed on the first page of this Notice.
Make Amendments: You may ask us to correct or amend PHI that we maintain about you that you believe is incorrect or inaccurate. You must submit these requests in writing to our Privacy Officer and specify the inaccurate or incorrect PHI and provide a reason that supports your request. We will generally decide to grant or deny your request within 60 days. If we cannot act within 60 days, we will give you a reason for the delay in writing and include when you can expect us to complete our decision, which will be no longer than an additional 30 days. We will only ask for an extension once in response to a request.
We may deny any request that is not in writing or does not state a reason supporting the request. We may deny your request for an amendment of any PHI that: (1) Was not created by us, unless the person that created the information is no longer available to amend the information; (2) Is not part of the designated record set; (3) Is not part of the information you would be permitted to inspect or copy; or (4) Is accurate and complete.
If we deny your request for amendment, we will do so in writing and explain the basis for the denial. You have the right to file a written statement of disagreement with us. You must clearly tell us in writing if you want us to include your statement in future disclosures we make of that part of your record. We may include a summary instead of your statement. We may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Please contact our privacy officer if you have questions about amending your medical record.
Request an Accounting of Disclosures: You have the right to receive an accounting of certain disclosures we have made, if any, of your PHI. This right only applies to disclosures for purposes other than treatment, payment, or healthcare operations as described in this Notice. It also excludes disclosures we may have made to you, to family members or friends involved in your care, or for notification purposes. The right to receive this information is subject to certain exceptions, restrictions, and limitations.
You must submit a request for disclosures in writing to our Privacy Officer listed on the first page of this Notice. You must specify a time period, which may not be longer than six years. You may request a shorter timeframe. Your request should indicate the form in which you want the list (i.e., on paper, etc). You have the right to one free request within any 12-month period, but we may charge you for any additional requests in the same 12-month period. We will notify you about the charges you will be required to pay, and you are free to withdraw or modify your request in writing before any charges are incurred. We will respond to your request no later than 60 days after receiving the request. We may ask for an additional 30 days during this 60-day period, but if we do, we will only do it once, provide a written statement of why, and indicate the date by which we intend to send the response
Right to a Copy of This Notice: You have the right to obtain a paper copy of this notice from us, upon request to our Privacy Officer, or in person at our office, at any time, even if you have agreed to accept this notice electronically.
III. HOW WE MAY USE AND DISCLOSE YOUR PHI
The following are examples of the types of uses and disclosures of your PHI that this facility is permitted to make. We have provided some examples of the types of each use or disclosure we may make, but not every use or disclosure in any of the following categories will be listed.
Treatment: We may use and disclose your PHI to provide, coordinate, or manage your health care and any related treatment. This includes the coordination or management of your health care with a third party that has already obtained your permission to have access to your PHI. For example, we would disclose your PHI, as necessary, to the physician that referred you to us. We may also disclose PHI to other health care providers who may be treating you when we have the necessary permission from you to disclose your PHI.
Payment: We may use and disclose your PHI, as needed, to obtain payment for your health care services. For example, we share your PHI with your health insurance plan so it will pay for the services you receive. This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services, we recommend for you such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities. We may also tell your health plan about a health care item or service you are going to receive to obtain prior approval or to determine whether your plan will cover the device. However, we will not provide PHI pertaining solely to a health care item or service for which you, or a person other than the health plan, on your behalf, have paid us in full.
Healthcare Operations: Your PHI may be used and disclosed by your care provider(s), our office staff and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you. We may use or disclose, as needed, your PHI to support the business activities of this facility and improve your care. For example, we may use your PHI to manage the services you receive or to monitor the quality of our health care services. These activities include, but are not limited to, quality assessment activities, employee review activities, legal services, licensing, and conducting or arranging for other business activities.
Business Associates: We may share your PHI with third party entities (“Business Associates”) that perform various activities on our behalf, such as for payment and health care operations. These Business Associates must agree to safeguard your PHI in the same way we do.
Treatment Alternatives: We may use or disclose your PHI, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you.
Appointment Reminders: We may use or disclose your PHI, as necessary, to contact you to remind you of your appointment.
Sign-In Sheets: We may use a sign-in sheet at the registration desk where you will be asked to sign your name. We may also call you by name in the waiting room when your care provider(s) is ready to see you.
Others Involved in Your Healthcare: Sometimes a family member or other person involved in your care will be present when we are discussing your PHI with you. If you object, please tell us and we will not discuss your PHI or we will ask the person to leave. We may give information to those you identify as responsible for payment of your care, a family member, friend or any other person involved in your medical care. There may be times when it is necessary to disclose your PHI to a family member or other person involved in your care because there is an emergency, you are not present, or you lack the decision-making capacity to agree or object. In those instances, we will use our professional judgment to determine if it is in your best interest to disclose your PHI.
Required by Law: We may use or disclose your PHI to the extent that federal, state, or local law requires the use or disclosure. For example, the Secretary of the Department of Health and Human Services may review our compliance efforts, which may include seeing your PHI. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.
Public Health: We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. For example, we may disclose your PHI as part of our obligation to report to public health authorities certain diseases, injuries, conditions, and vital events.
Communicable Diseases: We may disclose your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health Oversight: We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
Abuse or Neglect: By law, we may disclose PHI to the appropriate authority to report suspected child abuse or neglect or to identify suspected victims of abuse, neglect, or domestic violence.
Serious Threat to Health or Safety: We may use and disclose your PHI if we believe it is necessary to avoid a serious threat to your health or safety or to someone else's.
Military and Veterans: If you are a member of the military, we may release PHI about you as required by military command authorities.
Food and Drug Administration: We may disclose your PHI to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations, track products, to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance, as required.
Legal Proceedings: We may disclose your PHI in responding to a court or administrative order, a subpoena, or a discovery request. We may also use and disclose PHI to the extent permitted by law without your authorization, for example, to defend a lawsuit or arbitration.
Law Enforcement: We may also disclose your PHI, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes might include (1) legal processes and otherwise required by law, (2) limited information requests for identification and location purposes, (3) pertaining to victims of a crime, (4) suspicion that death has occurred as a result of criminal conduct, (5) in the event that a crime occurs on the premises of the practice, and (6) medical emergency (not on the facility’s premises) and it is likely that a crime has occurred.
Coroners and Funeral Directors: We may disclose your PHI to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose PHI to a funeral director, as authorized by law, to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death.
Organ Donation: We may use or disclose PHI to organ-procurement organizations to assist with organ, eye, or other tissue donations.
Research: Under certain circumstances, we may disclose your PHI to researchers when an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI has approved their research.
Criminal Activity: We may disclose your PHI to authorized officials for law enforcement purposes, for example, to respond to a search warrant, report a crime on our premises, or help identify or locate someone.
Military Activity and National Security: When the appropriate conditions apply, we may use or disclose PHI of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits, or (3) to foreign military authority if you are a member of that foreign military service. We may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
Disaster Relief: Unless you object, we may disclose your name, city of residence, age, gender, and general condition to a public or private disaster relief organization to assist disaster relief efforts, unless you object at the time.
Workers’ Compensation: We may disclose your PHI as authorized to comply with workers’ compensation laws and other similar legally established programs that provide benefits for work-related illnesses and injuries.
Inmates: We may use or disclose your PHI if you are an inmate of a correctional facility to the correctional institution or law enforcement officials for certain purposes, for example, to protect your health or safety or someone else's.
Required Uses and Disclosures: Under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of the final rule on Standards for Privacy of Individually Identifiable Health Information.
Fundraising: We may contact you for fundraising efforts, but you can tell us not to contact you again.
Sale of the Practice: If we decide to sell this practice or merge or combine with another practice, we may share your PHI with the new owners.
IV. USES AND DISCLOSURES OF PHI THAT REQUIRE YOUR WRITTEN AUTHORIZATION
Except for those uses and disclosures described above, we will not use or disclose your PHI without your written authorization. You may revoke your authorization, at any time, in writing, but it will not affect information that we already used and disclosed. The authorization is a separate document, and you will have the opportunity to review any authorization before you sign it. We will not condition your treatment in any way on whether you sign an authorization.
Marketing: We may ask for your authorization in order to provide information about products and services that you may be interested in purchasing or using. Note that marketing communications do not include our contacting you with information about treatment alternatives or health-related products or services that we offer. Marketing also does not include any face-to-face discussions you may have with your providers about products or services.
V. HOW TO CONTACT US ABOUT THIS NOTICE OR TO COMPLAIN ABOUT OUR PRIVACY PRACTICES
Complaints: You have the right to complain if you feel we have violated your rights. We will not retaliate against you for filing a complaint. You may file a complaint with us by notifying our Privacy Officer listed on the first page of this Notice of your complaint. You may also file a complaint with the Office for Civil Rights at the US Department of Health and Human Services.
You may contact us at internalcontrols@bcpgroup.net for further information about the complaint process.
VI. CHANGES TO THIS NOTICE
We reserve the right to change the terms that are described in this Notice of Privacy Practices and the changes will apply to all information we have about you. We also reserve the right to apply these changes retroactively to PHI received before the change in terms. You may obtain a revised Notice of Privacy Practices by calling the office and requesting a revised copy be sent in the mail, asking for one at the time of your next appointment, or accessing our website.
VII. EFFECTIVE DATE OF THIS NOTICE
This notice was published and becomes effective on 9/28/2022.