On Thursday March 29th, 2018, Rousso Aesthetic Medical Spa is hosting our Spring Into Great Skin event from 8:30 a.m.
Notice of Privacy Practices
“THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.”
(Effective Date: April 14, 2003; Amended April 1, 2012 and September 23, 2013)
Russo Facial Plastic Surgery Clinic, P.C. (“Practice”) is dedicated to protecting your health information. This Notice of Privacy Practices describes how we and the medical staff and personnel who provide you with care or services may use and disclose your Protected Health Information (“PHI”) to carry out treatment, payment or healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI, which is information about you, including demographic information that may identify you and that relates to your past, present or future physical or mental health or condition and related healthcare services. We are required by law to maintain the privacy of your PHI, to provide notice of our legal duties and privacy practices with respect to your PHI, to notify affected individuals following a breach of unsecured PHI, and to abide by the terms of this Notice of Privacy Practices.
We may change the terms of our notice at any time. The new notice will be effective for all PHI that we maintain at that time. Upon your request, you can receive any revised Notice of Privacy Practices by accessing our website https://www.drrousso.com or by contacting the Practice’s Privacy Officer (contact information is below).
1. How We May Use and Disclose Your PHI. We may use or disclose your PHI as described in this section. The following are examples of the types of uses and disclosures of your PHI that our Practice is permitted to make without your specific authorization. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by our Practice. Where state or federal law restricts one of the described uses or disclosures, we will follow the requirements of such state or federal law. The following are general descriptions only. They do not cover every example of disclosure within a category. However, all of the ways we are permitted to use and disclose your PHI will fall within one of the categories in this Notice of Privacy Practices.
Treatment. We may use PHI about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, medical students or other personnel who are involved in your care to, for example, plan a course of treatment for you. We also may disclose PHI about you to individuals outside of the Practice who may be involved in your medical care, such as family members or others we use to provide services that are part of your care.
Payment. We may use and disclose your PHI as needed to obtain payment for the healthcare services we provide. This may include certain activities that your health insurance plan may undertake before it approves or pays for the healthcare services we recommend for you, such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity and undertaking utilization review activities. For example, obtaining approval for a surgery may require that your relevant PHI be disclosed to your health plan.
Healthcare Operations. We may use or disclose your PHI as needed to support our business activities. These activities include, but are not limited to, quality assessment activities, employee review activities, training of staff and conducting or arranging for other healthcare operations. For example, your health information may be disclosed to members of the medical staff, risk or quality improvement personnel and others to:
• Evaluate the performance of our staff;
• Assess the quality of care and outcomes in your case and similar cases;
• Learn how to improve our facility and services; or
• Determine how to continually improve the quality and effectiveness of the health care we provide.
In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician. We may also call you by name in the waiting room when your healthcare provider is ready to see you. We may use or disclose your PHI, as necessary, to contact you to remind you of your appointment. Please let us know if you do not wish to have us contact you concerning your appointment, or if you wish to have us use a different telephone number or address to contact you for this purpose.
We will share your PHI with third party “business associates” that may perform various activities (e.g., billing or transcription services) for the Practice. Whenever an arrangement between our Practice and a business associate involves the use or disclosure of your PHI, we will require the business associate to appropriately safeguard it.
2. Other Permitted and Required Uses and Disclosures That May Be Made Without Your Authorization or Opportunity to Object. We may use or disclose your PHI without your authorization in the following situations:
As Required By Law. We may use or disclose your PHI to the extent that the use or disclosure is required by applicable law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by applicable law, of any such uses or disclosures.
Public Health. We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability.
Communicable Diseases. We may disclose your PHI, if authorized by applicable law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health Oversight Activities. We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations and inspections. Oversight agencies seeking this information include government agencies that oversee the healthcare system, government benefit programs, other government regulatory programs and civil rights laws.
Abuse or Neglect. We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your PHI to the governmental entity or agency authorized to receive such information if we believe that you have been a victim of abuse, neglect or domestic violence. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration (“FDA”). We may disclose your PHI to a person or company required by the FDA to report information such as adverse events and product defects, to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance.
Legal Proceedings. We may disclose PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or other lawful process, but only if a reasonable effort has been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement. We may release PHI for certain law enforcement purposes including, for example, reports required by law, to comply with a court order or warrant, or to report or answer questions about a crime.
Coroners, Funeral Directors and Organ Donation. We may disclose PHI to a coroner,funeral director or medical examiner asnecessary to permit them to carry out theirduties.
Research. We may disclose your PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
Criminal Activity. Consistent with applicable federal and state laws, we may disclose your PHI if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.
Military Activity and National Security. When the appropriate conditions apply, we may use or disclose PHI of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits or (3) to foreign military authority if you are a member of that foreign military services. We may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President of the United States or other officials.
Workers’ Compensation. Your PHI may be disclosed by us as authorized to comply with workers compensation laws and other similar legally established programs.
Required Uses and Disclosures.Under the law, we must make disclosures to you and to the U.S. Department of Health and Human Services when required to determine our compliance with the requirements of the Federal Privacy Standards.
3. Other Permitted and Required Uses and Disclosures That May Be Made With Your Consent. Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your healthcare. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose PHI to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, about your general condition or death. Finally, we may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your healthcare.
4. Other Permitted and Required Uses and Disclosures That May Be Made With Your Authorization. Other uses and disclosures not described in this Notice of Privacy Practices will be made only with your written authorization. For example, unless you provide written authorization, we will not use or disclose your PHI for marketing purposes and we will not sell your PHI. You may revoke your authorization at any time, but your revocation will only be effective for future uses and disclosures and will not affect any use or disclosure made in reliance on your authorization.
5. Your Rights. Following is a statement of your rights with respect to your PHI and a brief description of how you may exercise these rights. We have the right to deny your request in certain circumstances. We will inform you if your request is denied.
Right to Access Your PHI. You may inspect and obtain a copy of PHI about you that is contained in a designated record set for as long as we maintain the PHI. A “designated record set” contains medical and billing records and any other records that your healthcare provider and the Practice use for making decisions about you. Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal or administrative action or proceeding; and, PHI that is subject to law that prohibits access to PHI. Depending on the circumstances, a decision to deny access may be reviewable. If the information you request is maintained electronically, and you request an electronic copy, we will provide a copy In the electronic form and format you request, if the information can be readily produced in that form and format. If the information cannot be readily produced in that form and format, we will work with you to come to an agreement on form and format. IF YOU REQUEST AN ELECTRONIC COPY, PROVIDER HEREBY EXPRESSLY DISCLAIMS ALL DUTIES AND RESPONSIBILITY FOR THE SECURITY AND PROTECTION OF SUCH INFORMATION ONCE TRANSMITTED TO YOU AND HAS NO CONTROL OVER ACCESS TO THAT INFORMATION AFTER THE TRANSMISSION TO YOU THEREOF.
Please contact the Practice’s Medical Records Department if you have questions about access to your PHI. If you request a copy of the information, we may charge a fee for the costs of retrieving, copying, mailing and any other supplies associated with your request. Your records remain the property of the Practice.
Right to Request a Restriction on the Use or Disclosure of Your PHI. You may ask us notto use or disclose any part of your PHI for thepurposes of treatment, payment or healthcareoperations. You may also request that any partof your PHI not be disclosed to family membersor friends who may be involved in your care orfor notification purposes as described in theNotice of Privacy Practices. Your request muststate the specific restriction requested and towhom you want the restriction to apply. Except as provided in the following paragraph, we are not required to agree to your request. However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you.
We will comply with any restriction request if (1) except as otherwise required by applicable law, the disclosure is to a health plan for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (2) the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full. The Practice is not responsible for notifying subsequent health care providers of your request for restrictions on disclosures to health plans for those items and services, so you will need to notify other providers if you want them to abide by the same restriction.
To request restrictions, you must make your request in writing to the Practice. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply (for example, disclosures to your spouse).
Right to Request to Receive Confidential Communications From Us. You have the rightto request that we communicate with you aboutmedical matters in a certain way or at a certainlocation. We will attempt to accommodatereasonable requests. We will not request anexplanation from you as to the basis for therequest. Please make this request in writing tothe Practice’s Medical Records Department.
Right to Request Amendment. If you think that the PHI we have about you is wrong or incomplete, you may ask us to amend the information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Please contact the Practice’s Medical Records Department if you have a question about amending your medical record.
Right to Request an Accounting of Certain Disclosures. You may request a list of our disclosures of your PHI, subject to severalexceptions and limitations. For example, thisright does not apply to disclosures for purposesother than treatment, payment or healthcareoperations, and it excludes disclosures wemay have made to you, to family members orfriends involved in your care, or for notificationpurposes. You have the right to receive specificinformation regarding these disclosures. To request this list or accounting of disclosures, you must submit your request in writing to Practice’s Privacy Officer. Your request must state a time period that may not be longer than six years prior to the request date and may not include dates before April 14, 2003. The first list you request within a 12-month period will be free. For additional lists during the same 12-month period, we may charge you for the cost of providing the list. We will notify you of the cost Involved and you may choose to withdraw or modify your request at the time before any costs are incurred.
Right to Be Notified of a Breach. You have a right to be notified in the event that we discover a breach of unsecured PHI, as defined under federal law.
Right to Obtain a Paper Copy of This Notice. You have the right to obtain a paper copy ofthis notice, even if you agreed to receive suchnotice electronically. You may ask us to give youa copy of this notice at any time. To request acopy of this notice, you can make your request in writing to the Practice’s Privacy Officer (contactinformation is below).
6. Questions and Complaints.
You may file a complaint with us or with the Secretary of the Department of Health and Human Services if you believe your privacy rights have been violated by us. You may file a complaint with us by notifying our Privacy Officer of your complaint. We will not retaliate against you for filing a complaint. For further information about the complaint process, or to make any requests or inquiries, you may contact our Privacy Officer at:
Rousso Facial Plastic Surgery Clinic, P.C.
2700 Highway 280
Birmingham, AL 35223
Telephone: (205) 930-9595
This notice was effective on April 14, 2003, amended on April 1, 2012 and further revised effective on September 23, 2013.