HIPAA Privacy

Concern Notice of Privacy Practices

Effective July 1, 2017; rev: May 6, 2021

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

About This Notice

We understand that information about you is personal, and we are committed to protecting your privacy. In the normal course of business, we collect information and create records about you and the services we provide to you. We may collect information from other persons or entities, such as employers or health care providers, to provide our services to you. For example, we may collect enrollment information from your employer to determine eligibility for our services. The information that we collect and create about you includes Protected Health Information.

Protected Health Information is information that could be used to identify you, and relates to (1) your past, present, or future physical or mental health or conditions, (2) the provision of health care to you, or (3) the past, present, or future payment for your health care.

We are required by law to maintain the privacy of Protected Health Information and to give you this Notice explaining our privacy practices with regard to that information. You have certain rights – and we have certain legal obligations – regarding the privacy of your Protected Health Information, and this Notice also explains your rights and our obligations. We are required to abide by the terms of the current version of this Notice, and we are prohibited from any disclosure of Protected Health Information beyond the provisions of the law.

How We Protect Your Privacy 

To protect your privacy, we maintain physical, technical, and administrative safeguards. For example, only employees who are authorized and trained to handle Protected Health Information are given access to such information. Some other examples include password-protecting computers and locking filing cabinets that contain personal information.

How We May Use and Disclose Your Protected Health Information

We may use and disclose your Protected Health Information without your authorization in the following circumstances:

For Treatment: We may use your Protected Health Information to provide you with treatment or services and to manage and coordinate your medical care. We may also disclose your Protected Health Information for purposes of diagnosis and treatment to doctors, nurses, technicians, or other personnel who are involved in taking care of you, including people outside our practice, such as referring or specialist physicians. For example, we may share the problem that you wish to resolve with a provider to ensure an appropriate referral.

For Payment: We may use and disclose your Protected Health Information to obtain payment of premiums for your coverage and to pay providers for the covered services you receive. We may also use and disclose your Protected Health Information to make coverage determinations or to otherwise determine and fulfill our responsibility to provide benefits. For example, if you are covered by another health plan, we may use or disclose your Protected Health Information to the other health plan to coordinate benefits.

For Health Care Operations: We may use and disclose Protected Health Information for our health care operations. For example, we may use Protected Health Information for our general business management activities, for checking on the performance of our providers in caring for you, for our cost-management activities, for audits, or to get legal services. We may disclose Protected Health Information to other health care entities for purposes of reviewing provider competence and qualifications or the medical necessity, level of care, quality of care, or justification of charges of health care services.

Communications: We may use and disclose Protected Health Information to contact you with information about alternative treatments or health-related benefits and services, or to remind you that you have an appointment for care.

Minors: We may disclose the Protected Health Information of minor children to their parents or guardians unless such disclosure is otherwise prohibited by law.

Personal Representative: If you have a personal representative, such as a legal guardian (or an executor or administrator of your estate after your death), we will treat that person as if that person is you with respect to disclosures of your Protected Health Information.

As Required by Law: We will disclose Protected Health Information about you when required to do so by international, federal, state, or local law.

To Avert a Serious Threat to Health or Safety: We may use and disclose Protected Health Information when necessary to prevent a serious threat to your health or safety or to the health or safety of others. But we will only disclose the information to someone who may be able to help prevent the threat.

Business Associates: We may disclose Protected Health Information to our business associates who perform functions on our behalf or provide us with services if the Protected Health Information is necessary for those functions or services. For example, we may use another company to do our billing, or to provide other services for us. All of our business associates are obligated, under contract with us, to also protect the privacy of your Protected Health Information.

Military: If you are a member of the armed forces, we may use and disclose your Protected Health Information for activities deemed necessary by appropriate military command authorities to assure the proper execution of the military mission. We also may release Protected Health Information to the appropriate foreign military authority if you are foreign military.

Workers’ Compensation: We may use or disclose Protected Health Information for workers’ compensation or similar programs that provide benefits for work-related injuries or illness.

Public Health Risks: We may disclose Protected Health Information for public health activities. This includes disclosures to: (1) a person subject to the jurisdiction of the Food and Drug Administration (“FDA”) for purposes related to the quality, safety or effectiveness of an FDA-regulated product or activity; (2) prevent or control disease, injury or disability; (3) report births and deaths; (4) report the abuse or neglect of a child, elder, or dependent adult; (5) report reactions to medications or problems with products; (6) notify people of recalls of products they may be using; (7) a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and (8) the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence and the patient agrees or we are required or authorized by law to make that disclosure.

Health Oversight Activities: We may disclose Protected Health Information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, licensure, and similar activities that are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.

Employment-Related Health Care Services: We may disclose your Protected Health Information to your employer if the information was created as a result of employment-related health care services provided to you at the specific prior written request and expense of your employer, and it: (1) is relevant to and will be used only in a lawsuit, arbitration, grievance, or other claim or challenge to which you and your employer are parties and in which you have placed your medical history, condition, or treatment at issue; or (2) describes your functional limitations that may entitle you to leave work for medical reasons or limit your fitness to perform your present employment, provided that no statement of medical cause is disclosed.

Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may disclose Protected Health Information in response to a court or administrative order. We also may disclose Protected Health Information in response to a subpoena, discovery request, or other legal process from someone else involved in the dispute, but only if efforts have been made to tell you about the request or to get an order protecting the information requested. We may also use or disclose your Protected Health Information to defend ourselves if you sue us.

Law Enforcement: We may release Protected Health Information if asked by a law enforcement official for the following reasons: in response to a court order, subpoena, warrant, summons or similar process; to identify or locate a suspect, fugitive, material witness, or missing person; about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; about a death we believe may be the result of criminal conduct; about criminal conduct on our premises; and in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime.

National Security: We may release Protected Health Information to authorized federal officials for national security activities authorized by law. For example, we may disclose Protected Health Information to those officials so they may protect the President.

Coroners, Medical Examiners, and Funeral Directors: We may release Protected Health Information to a coroner, medical examiner, or funeral director so that they can carry out their duties. For example, disclosure of Protected Health Information may be necessary to identify a deceased person or determine cause of death.

Organ Donations: We may release Protected Health Information to organ-procurement organizations or tissue banks, as necessary to assist with organ or tissue donation.

Research: Under certain circumstances, we may use and disclose your Protected Health Information for research purposes, provided certain measures are taken to protect your privacy.

Uses and Disclosures That Require Us to Give You an Opportunity to Object and Opt Out

Individuals Involved in Your Care or Payment for Your Care: We may disclose Protected Health Information to a person who is involved in your medical care or helps pay for your care, such as a family member or friend, to the extent it is relevant to that person’s involvement in your care or payment related to your care. But before we do so, we will provide you with an opportunity to object to and opt out of such a disclosure whenever we practicably can do so.

Disaster Relief: We may disclose your Protected Health Information to disaster relief organizations that seek your Protected Health Information to coordinate your care, or notify family and friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to such a disclosure whenever we practicably can do so.

Fundraising: We do not use or disclose Protected Health Information for fundraising purposes, but we are required to inform you that you would have the right to opt out of receiving fund-raising communications.

Your Written Authorization is Required for Other Uses and Disclosures:

Your written authorization is required for:

  • Disclosures of any Protected Health Information for marketing purposes and disclosures that constitute the sale of Protected Health Information.
  • Use and disclosure of “therapy notes” that are maintained by us, except under certain circumstances. For example, we may use or disclose therapy notes without your authorization to defend ourselves in a legal action or other proceeding initiated by you.
  • Other uses and disclosures of Protected Health Information not covered by this Notice or the laws that apply to us will be made only with your written authorization. If you do give us an authorization, you may revoke it at any time by submitting a written revocation to our Privacy Officer and we will no longer disclose Protected Health Information under the authorization. But disclosure that we made in reliance on your authorization before you revoked it will not be affected by the revocation.

Special Protections for HIV, Alcohol and Substance Abuse, Mental Health, and Genetic Information

Special privacy protections apply to HIV-related information, alcohol and substance abuse, mental health, and genetic information. Some parts of this general Notice of Privacy Practices may not apply to these kinds of Protected Health Information. Please check with our Privacy Officer for information about the special protections that do apply.

Your Rights Regarding Your Protected Health Information 

You have the following rights, subject to certain limitations, regarding your Protected Health Information:

Right to Inspect and Copy: You have the right to inspect and copy Protected Health Information that may be used to make decisions about your care or payment for your care. We may charge you a fee for the costs of copying, mailing or other supplies associated with your request. We may not charge you a fee if you need the information for a claim for benefits under the Social Security Act or any other state or federal needs-based benefit program. We may deny your request in certain limited circumstances. If we do deny your request, you have the right to have the denial reviewed by a licensed healthcare professional who was not directly involved in the denial of your request, and we will comply with the outcome of the review.

Right to an Electronic Copy of Electronic Medical Records: If your Protected Health Information is maintained in an electronic format (known as an electronic medical record or an electronic health record), you have the right to request that an electronic copy of your record be given to you or transmitted to another individual or entity. We may charge you a reasonable, cost-based fee for the labor associated with transmitting the electronic medical record.

Right to Get Notice of a Security Breach: We are required to notify you by first class mail or by e-mail (if you have indicated a preference to receive information by e-mail), of any breach of your Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days after we discover the breach. “Unsecured Protected Health Information” is Protected Health Information that has not been made unusable, unreadable, and undecipherable to unauthorized users. The notice will give you the following information:

  • a short description of what happened, the date of the breach and the date it was discovered;
  • the steps you should take to protect yourself from potential harm from the breach;
  • the steps we are taking to investigate the breach, mitigate losses, and protect against further breaches; and
  • contact information where you can ask questions and get additional information.

If the breach involves 10 or more patients whose contact information is out of date we will post a notice of the breach in a major print or broadcast media.

Right to Request Amendments: If you feel that Protected Health Information we have is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for us. A request for amendment must be made in writing to the Privacy Officer at the address provided at the end of this Notice and it must tell us the reason for your request. We may deny your request if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that (1) was not created by us, (2) is not part of the medical information kept by or for us, (3) is not information that you would be permitted to inspect and copy, or (4) is accurate and complete. If we deny your request, you may submit a written statement of disagreement of reasonable length. Your statement of disagreement will be included in your medical record, but we may also include a rebuttal statement.

Right to an Accounting of Disclosures: You have the right to ask for an “accounting of disclosures,” which is a list of the disclosures we made of your Protected Health Information. We are not required to list certain disclosures, including (1) disclosures made for treatment, payment, and health care operations purposes, (unless the disclosures were made through an electronic medical record, in which case you have the right to request an accounting of those disclosures that were made during the 3 years before your request), (2) disclosures made with your authorization, (3) disclosures made to create a limited data set, and (4) disclosures made directly to you. You must submit your request in writing to our Privacy Officer. Your request must state a time period which may not be longer than 6 years before your request. Your request should indicate in what form you would like the accounting (for example, on paper or by e- mail). The first accounting of disclosures you request within any 12-month period will be free. For additional requests within the same period, we may charge you for the reasonable costs of providing the accounting. We will tell what the costs are, and you may choose to withdraw or modify your request before the costs are incurred.

Right to Request Restrictions: You have the right to request a restriction or limitation on the Protected Health Information we use or disclose for treatment, payment, or health care operations. You also have the right to request a limit on the Protected Health Information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. We are not required to agree to your request. If we agree, we will comply with your request unless we terminate our agreement or the information is needed to provide you with emergency treatment.

Out-of-Pocket-Payments: If you paid out-of-pocket in full for a specific item or service, you have the right to ask that your Protected Health Information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we will honor that request.

Right to Request Confidential Communications: You have the right to request that we communicate with you only in certain ways to preserve your privacy. For example, you may request that we contact you by mail at a special address or call you only at your work number. You must make any such request in writing and you must specify how or where we are to contact you. We will accommodate all reasonable requests. We will not ask you the reason for your request.

Right to a Paper Copy of This Notice: You have the right to a paper copy of this Notice, even if you have agreed to receive this Notice electronically. You may request a copy of this Notice at any time.

How to Exercise Your Rights

To exercise your rights described in this Notice, send your request, in writing, to our Privacy Officer at the address listed at the end of this Notice. We may ask you to fill out a form that we will supply. To exercise your right to inspect and copy your Protected Health Information, you may also contact your physician directly. To get a paper copy of this Notice, contact our Privacy Officer at the phone number or address listed at the end of this Notice.

Changes to This Notice

The effective date of the Notice is stated at the beginning. We reserve the right to change this Notice. We reserve the right to make the changed Notice effective for Protected Health Information we already have as well as for any Protected Health Information we create or receive in the future. A copy of our current Notice is posted in our office and on our website.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the United States Department of Health and Human Services.

To file a complaint with us, contact our Privacy Officer at the address listed below. All complaints must be made in writing and should be submitted within 180 days of when you knew or should have known of the suspected violation. There will be no retaliation against you for filing a complaint.

To file a complaint with the Secretary, mail it to: Secretary of the U.S. Department of Health and Human Services, 200 Independence Ave, S.W., Washington, D.C. 20201. Call (202) 619-0257 (or toll free (877) 696-6775) or go to the website of the Office for Civil Rights, www.hhs.gov/ocr/hipaa/, for more information. There will be no retaliation against you for filing a complaint.

Foreign Language Version

If you have difficulty reading or understanding English, you may request a copy of this Notice in you preferred language.

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICE: Concern Privacy Office, 2490 Hospital Drive, Suite 310; Mountain View, CA 94040; (800) 344-4222.