HIPAA PRIVACY INFORMATION
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices is adopted to ensure that EYE SPECIALISTS OF LOUISIANA, L.L.C., “ESLA”, fully complies with all federal and state privacy protection laws and regulations, in particular, the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Protection of patient privacy is of utmost importance to ESLA. ESLA is required by law to maintain the privacy of protected health information and to provide its patients with a copy of its Notice of Privacy Practices outlining its legal duties and privacy practices with respect to protected health information. Violations of any of these provisions will result in disciplinary action which may include termination of employment and possible referral for criminal prosecution.
This Notice of Privacy Practices shall become effective as of September 1, 2012, and shall remain in effect until it is either amended or cancelled.
You have a right to receive a paper copy of this Notice of Privacy Practices. If you have any questions or comments concerning this notice, you should contact the Chief Privacy Officer, Eye Specialists of Louisiana, L.L.C.7777 Hennessy Blvd., Suite 3001,Baton Rouge,Louisiana70808, by mail or by telephone at No. 225-768-7777.
For the purposes of this notice, the following defined terms shall have the following definitions.
a. “HHS” shall mean the United States Department of Health and Human Services.
b. “Health Information”, “Protected Health Information” or “PHI”, shall mean, certain Individually Identifiable Health Information, as defined in 45 C.F.R. § 164.501 of the Privacy Standards.
I. Information Collected
In the ordinary course of business ESLA may receive personal information such as:
▪ Patient’s name, address, and telephone number;
▪ Information relating to treatment, diagnosis or other medical information concerning a patient;
▪ Patient’s insurance information and coverage.
In addition, other information will be gathered about a patient and we will create a record of the care and/or services provided to the patient by ESLA. Some of the information also may be provided to us by other individuals or organizations that are part of the patient’s “circle of care”- such as a patient’s referring physician, other doctors, health plan, family members, hospitals or other health care providers.
II. How ESLA May Use or Disclose a Patient’s PHI
ESLA collects PHI from the patient and stores it in an account file. This is the patient’s medical record. The medical record is the property of ESLA, but the information in the medical record belongs to the patient. ESLA protects the privacy of the patient’s PHI. It is the policy of ESLA that all PHI may not be used or disclosed unless it meets one of the following conditions:
1. The use or disclosure is for treatment, payment or health care operations.
a. Treatment. ESLA collects information from the patient regarding the patient’s past medical history, present medical problems and/or complaints, as well as any diagnosis and or medical treatment at ESLA. This information may be transmitted to various departments within our organization, the patient’s referring physician and other entities associated or involved in the patient’s treatment. This information may also be disclosed to the patient’s physicians in association with the patient’s treatment including but not limited to any physical therapy or home health entities.
b. Payment. ESLA will collect billing information from the patient such as the patient’s present address, social security number, date of birth, health insurance carrier, policy number and any other related billing information. ESLA may disclose to the patient’s health insurance provider, Medicare, Medicaid, or other payor of health care claims the minimum amount necessary of the patient’s PHI in order to process the patient’s health insurance claim.
c. Regular Health Care Operations. ESLA may disclose the patient’s healthcare information to physicians, medical assistants, nurses, nurse practitioners, physician assistants, radiology personnel, MRI technologists, billing clerks, administrative staff and other employees involved in the patient’s healthcare treatment.
2. The patient, who is the subject of the information, through a written authorization has authorized the use or disclosure of the information. This authorization may be revoked by the patient providing ESLA with a written revocation of said authorization.
3. The patient, who is the subject of the information, does not object to the disclosure of their PHI to persons involved in the health care of the individual or for facility directory purposes.
a. Notification and communication with family. We may disclose the patient’s PHI to notify or assist in notifying a family member, the patient’s personal representative or another person responsible for the patient’s care about the patient’s location, their general condition, or in the event of the patient’s death. If the patient is able and available to agree or object, we will give the patient the opportunity to object prior to making this notification. If the patient is unable or unavailable to agree or object, our health professionals will use their best judgment in communication with the patient’s family and others.
4. Voice Mail Message. It is the policy of ESLA that a voice mail or answering machine message may be left at a patient’s home or other number the patient provides to ESLA regarding appointments, billing or payment issues, or other PHI, related to treatment, payment or health care operations.
5. As Required by Law. It is the policy of ESLA that we may use and disclose a patient’s PHI as required by law.
a. Public health. As required by law, we may disclose a patient’s PHI to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure.
b. Health oversight activities. We may disclose a patient’s PHI to health agencies during the course of audits, investigations, inspections, licensure and other proceedings.
c. Judicial and administrative proceedings. We may disclose a patient’s PHI in the course of any administrative or judicial proceeding.
d. Law enforcement. We may disclose a patient’s PHI to a law enforcement official for purposes such as identifying or locating a suspect, fugitive, material witness or missing person, complying with a court order or subpoena, and/or for other law enforcement purposes.
e. Decedent information. We may disclose a patient’s PHI to coroners, medical examiners and funeral directors.
f. Organ donation. We may disclose a patient’s PHI to organizations involved in procuring, banking or transplanting organs and tissues.
g. Research. We may disclose a patient’s PHI to researchers conducting research that has been approved by an Institutional Review Board or ESLA’s Board of Directors.
h. Public safety. We may disclose a patient’s PHI to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
i. Specialized government functions. We may disclose a patient’s PHI for military, national security and prisoner purposes.
j. Worker’s compensation. We may disclose a patient’s PHI as necessary to comply with worker’s compensation laws.
k. Marketing. We may contact a patient to provide appointment reminders or to give the patient information about other treatments or health-related benefits and services that may be of interest to the patient.
l. Change of Ownership. In the event that ESLA is sold or merges with another organization, the patient’s PHI will become the property of the new owner.
III. Other Policies, Uses and Disclosures
2. Deceased Individuals. It is the policy of ESLA that privacy protections extend to information concerning deceased individuals.
4. Minimum Necessary Disclosure. It is the policy of ESLA that it shall make reasonable efforts to limit the disclosure to the minimum amount of information needed to accomplish the purpose of the disclosure. It is also the policy of ESLA that all requests for PHI must be limited to the minimum amount of information needed to accomplish the purpose of the request.
5. Access to Information. It is the policy of ESLA that the patient has the right to inspect and copy their PHI. It is ESLA’s policy that access to PHI must be granted to a patient when such access is requested. Such request shall be submitted in writing by completing ESLA’s request form entitled “Request for Inspection and/or Copy of Protected Health Information”. Costs associated with the copying of any PHI shall be in accordance with applicable state and federal law.
6. Designation of Personal Representative. It is the policy of ESLA that access to PHI must be granted to a patient’s designated personal representative as specified by the patient when such access is requested and authorized by the patient. This designation of a personal representative must be made in writing by completing ESLA’s form entitled “Designation of Personal Representative.”
7. Confidential Communications Channels. It is the policy of ESLA that the patient has the right to receive their PHI through a reasonable alternative means or at an alternative location. Confidential communication channels can be used within the reasonable capability of ESLA, (i.e. do not call me at work, call me at home) as requested by the patient. Such request shall be made in writing by completing ESLA’s form entitled “Confidential Channel Communication Request.”
8. Amendment of Incomplete or Incorrect Protected Health Information. It is the policy of ESLA that a patient has a right to request that ESLA amend their PHI that is incorrect or incomplete. ESLA is not required to change a patient’s PHI and will provide the patient with information about ESLA’s denial and how the patient can disagree with the denial. A request to amend a patient’s PHI shall be made in writing by completing ESLA’s form entitled “Request for Amendment of Health Information.”
9. Accounting of Disclosures. It is the policy of ESLA that an accounting of disclosures of PHI made by ESLA is given to the patient whenever such an accounting is requested in writing. The patient has a right to receive an accounting of disclosures of their PHI made by ESLA. Such written request for an accounting shall be made by completing ESLA’s form entitled “Request for Accounting of Disclosures”.
10. Complaints. It is the policy of ESLA that all complaints by employees, patients, providers or other entities relating to PHI be investigated and resolved in a timely fashion. Complaints about this Notice of Privacy Practices or how ESLA handles a patient’s PHI should be directed to:
Chief Privacy Officer
Eye Specialists ofLouisiana, L.L.C.
7777 Hennessy Blvd., Suite 3001
If a patient is not satisfied with the manner in which this office handles a complaint, the patient may submit a formal complaint to:
Department of Health and Human Services
Office of Civil Rights
Hubert H. Humphrey Bldg.
200 Independence Avenue, S.W.
11. Prohibited Activities. It is the policy of ESLA that no employee may engage in any intimidating or retaliatory acts or actions against any person who files a complaint or otherwise exercises their rights under HIPAA regulations. It is also the policy of ESLA that no disclosure of PHI will be withheld as a condition for payment for services from the patient or from an entity.
12. Responsibility. It is the policy of ESLA that the responsibility for designing and implementing procedures related to this policy lies with the Chief Privacy Officer.
13. Mitigation. It is the policy of ESLA that the effects of any unauthorized use or disclosure of PHI be mitigated (to decrease the damage caused by the action) to the extent possible.
14. Business Associates. It is the policy of ESLA that business associates must be contractually bound to protect a patient’s PHI to the same degree as set forth in this policy.
15. Preemption of State Law. It is the policy of ESLA that the federal privacy regulations are the minimum standard to be used regarding the privacy of a patient’s PHI. If the laws of the State ofLouisiana are more stringent in certain areas, the state laws in these areas shall prevail. In all other areas, the federal privacy regulations shall prevail.
16. Cooperation with Privacy Oversight Authorities. It is the policy of ESLA that oversight agencies, such as the Office for Civil Rights of the Department of Health and Human Services be given full support and cooperation in their efforts to ensure the protection of PHI within this organization. It is also the policy of ESLA that all personnel cooperate fully with all privacy compliance review and investigations.
If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, contact the Chief Privacy Officer of ESLA.
IV. Changes to this Notice of Privacy Practices
ESLA reserves the right to amend this Notice of Privacy Practices at any time in the future and will provide a copy of such amendment to the patient upon request or upon the patient’s next visit. Until such amendment is made, ESLA is required by law to comply with this notice.