THIS NOTICE OF PRIVACY PRACTICES (THE “NOTICE”) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.
This Notice applies to the Central Ohio Surgical Associates, Inc. (“COSA”). The purpose of this Notice is to describe how COSA may use and disclose your protected health information (“PHI”) in accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”) and the HIPAA Omnibus Final Rule (the “Final Rule”). This Notice also describes the obligations of COSA with respect to your protected health information, describes how your protected health information may be used or disclosed to carry out treatment, payment or healthcare operations, and describes your rights to control and access your protected health information. COSA has agreed to the provisions set forth in this Notice.
We are required to provide this Notice to you pursuant to HIPAA.
The HIPAA Privacy Rule protects only certain medical information known as “protected health information.” Generally, protected health information is health information, including demographic information, collected from you or created or received by a health care provider, a health care clearinghouse, a health plan, or your employer on behalf of a group health plan, from which it is possible to individually identify you and that relates to:
- Your past, present, or future physical or mental health or condition;
- The provision of health care to you; or the past, present, or future payment for the provision of health care to you.
Responsibilities of COSA.
COSA is required under HIPAA to maintain the privacy of your protected health information. Protected health information includes all individually identifiable health information transmitted or maintained by COSA that relates to your past, present or future health, treatment or payment for health care services. COSA must abide by the terms of this Notice, and must provide you with a copy of this Notice upon request.
How COSA May Use and Disclose Your Protected Health Information.
The following categories describe the different situations in which COSA is permitted or required to use or disclose your protected health information:
- For Treatment. COSA may use or disclose your protected health information to facilitate medical treatment or services by providers. COSA may disclose medical information about you to providers, including doctors, nurses, technicians, medical students, or other hospital personnel who are involved in taking care of you.
For Payment Purposes. COSA has the right to use and disclose your protected health information to satisfy their responsibilities with respect to the billing and payment collected from you, an insurance company or a third party, for treatment and services you receive from COSA. For example, COSA may need to give your health plan information about therapy or nursing services you receive in order to receive reimbursement from your health plan for those services. COSA may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
- Health Care Operations. COSA has the right to use and disclose your protected health information to perform functions necessary for the operation of COSA. For example, COSA may use health care information to review COSA’s treatment and services and to evaluate the performance of our staff in caring for you. COSA may combine health care information about many of our patients to decide what additional services we should offer, what services are not needed, and whether certain new treatments are effective. COSA may also disclose information to doctors, nurses, therapists, technicians, aides, students and other COSA personnel for review and learning purposes. COSA may remove information that identifies you from the health care information so others may use it to study health care and health care delivery without learning the identity of any specific patient.
- Appointment Reminders. COSA may use and disclose health care information to contact you as a reminder that you have an appointment with COSA.
- Treatment Alternatives. COSA may use and disclose health care information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
- Health-Related Benefits and Services. COSA may use and disclose health care information to tell you about health-related benefits or services that may be of interest to you.
- To the Individual. COSA may disclose protected health information, which you are the subject of, to you.
- Individuals Involved in Your Care or Payment for Your Care. COSA may release health care information about you to a friend or family member who is involved in your health care. COSA may also give information to someone who helps pay for your care. In addition, we may disclose health care information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location. This release requires written or oral consent from you.
- Under certain circumstances, COSA may use and disclose health care information about you for research purposes. For example, a research project may involve comparing the health and recovery of all parties who received one type of treatment to those who received another for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of health care information, trying to balances the research needs with patients’ need for privacy of their health care information. Before we use or disclose health care information for research, the project will be approved through this research approval process, but COSA may, however, disclose health care information about you to people preparing to conduct a research project, for example, to help them look for patients with specific health care needs, so long as the health care information they review does not leave our control. We will almost always ask for your specific permission if the researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care with us.
Business Associates. COSA may contract with certain service providers (“Business Associates”) to perform various functions on behalf of COSA. To provide these services, the Business Associates may receive, create, maintain, use or disclose protected health information. COSA and each Business Associate will enter into, or have already entered into, an agreement requiring the Business Associate to safeguard your protected health information as required by law and in accordance with the terms of this Notice.
Required By Law. COSA may use or disclose your protected health information to the extent required by federal, state or local law. For example, COSA may disclose your protected health information when required by national security laws or public health disclosure laws.
- Lawsuits and Disputes. COSA may disclose your protected health information in response to a court or administrative order. Your protected health information may also be disclosed in response to a subpoena, discovery request or other lawful process if efforts have been made to tell you about the request or to obtain an order protecting your protected health information.
- Certain Government Agencies and Officials. COSA may disclose your protected health information to (i) government agencies involved in oversight of the health care system, (ii) government authorities authorized to receive reports of abuse, neglect or domestic violence, (iii) law enforcement officials for law enforcement purposes, (iv) military command authorities, if you are or were a member of the armed forces, (v) correctional institutions, if you are an inmate or in under the custody of a law enforcement official and (vi) federal officials for intelligence, counterintelligence, and other national security activities.
- Public Health and Research Activities; Medical Examiners. COSA may also disclose your protected health information (i) for public health activities or to prevent a serious threat to health and safety, (ij) to organizations that handle organ donations, if you are an organ donor, (iii) to coroners, medical examiners and funeral directors as necessary, and (iv) to researchers, if certain conditions regarding the privacy of your protected health information have been met.
- Workers’ Compensation. COSA may disclose your protected health information to comply with workers’ compensation laws and other similar programs that provide benefits for work-related injuries or illnesses.
Military and Veterans. If you are a member of the armed forces, COSA may release health care information about you as required by military command authorities. We may also release health care information about foreign military personnel to the appropriate foreign military authority.
- Disclosures to the Secretary of the U.S. Department of Health and Human Services. COSA may be required to disclose your protected health information to the Secretary of the U.S. Department of Health and Human Services to investigate or determine COSA’s compliance with the HIPAA Privacy Rules.
- Other Uses and Disclosures With Written Authorization. Disclosures and uses of your protected health information that are not described above may be made by COSA with your written authorization. If COSA is authorized to use or disclose your protected health information, you may revoke that authorization, in writing, at any time, except to the extent that COSA has taken action relying on the authorization. COSA will not be able to take back any disclosures of your protected health information that have already been made with your authorization.
Your Rights With Respect to Your Protected Health Information.
The following summarizes your rights with respect to your protected health information:
- Right to Request a Restriction on Uses and Disclosures of Protected Health Information. You have the right to request a restriction or limitation on the protected health information used or disclosed about you by COSA for treatment, payment or health care operations. You also have the right to request a limit on the disclosure of your protected health information to someone who is involved in your care or the payment for your care, such as a family member, friend or other person you have identified as responsible for your care. In your request, you must tell COSA (i) what information you want to limit; (ii) whether you want to limit COSA’s use, disclosure, or both; and (iii) to whom you want the limits to apply, for example, disclosures to your spouse. COSA will comply with any restriction request if (iv) except as otherwise required by law, the disclosure is to the health plan for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (v) the protected health information pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full. If COSA agrees to your request, COSA will honor the restriction until you revoke it or we notify you.
- Right to Request Confidential Communications. You have the right to request that COSA communicate with you about your protected health information in a certain way or at a certain location. For example, you can request that COSA only contact you at work or by mail. COSA will accommodate all reasonable requests.
Right to Inspect and Copy Your Protected Health Information. You have the right to inspect and copy your protected health information. Under certain limited circumstances, we may deny your access to a portion of your records. For example, you do not have a right to inspect and copy psychotherapy notes or information that COSA have collected in connection with, or in reasonable anticipation of, any legal claim or proceeding. If you request copies, we may charge you reasonable copying and mailing costs.
- Right to Amend Your Protected Health Information. You have the right to request an amendment of your protected health information that is maintained by COSA if you believe that the information is inaccurate or incomplete. COSA may deny your request if your protected health information is accurate and complete or if the law does not permit COSA to amend the requested information. COSA cannot amend information created by your doctor or any person other than COSA.
- Right to Receive an Accounting of Disclosures of Your Protected Health Information. You have the right to request an accounting of disclosures COSA has made of your protected health information during the six (6) years prior to the date of your request. However, you will not receive an accounting of (i) disclosures made prior to April 14, 2003, (ii) disclosures made to you, (iii) disclosures made pursuant to your authorization, (iv) disclosures for purposes of treatment, payment or health care operations and (v) disclosures made to friends or family in your presence or because of an emergency. Certain other disclosures are also excepted from the HIPAA accounting requirements. If you request more than one accounting in any twelve (12) month period, COSA will charge you a reasonable fee for each accounting after the first accounting statement.
- Uses and Disclosures that Require Your Authorization. The following uses and disclosures will be made by COSA only with your authorization:
- uses and disclosures for marketing purposes, including subsidized treatment communications;
- uses and disclosures that constitute the sale of PHI;
If COSA maintains psychotherapy notes, the use and disclosure of such notes wilt only be made upon the authorization from you; and
- Other uses and disclosures not described in this Notice.
You may revoke your authorization at any time, so long as the revocation js in writing. Once we receive your written revocation, it will only be effective for future uses and disclosures. It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation.
- Right to Opt-Out of Fundraising Communications. If COSA conducts or engages in fundraising communications, you shall have the right to opt-out of such fundraising communications.
Right to Receive a Paper Copy of this Notice. You have the right to receive a paper copy of this Notice upon request, even if you agreed to receive this Notice electronically. To obtain a paper copy of this Notice, contact Kathy Snoke, Privacy Officer at 750 Mt. Carmel Mall, Suite 330, Columbus Ohio 43222, 614-222-8000.
- Right to Be Notified of a Breach. You have the right to be notified in the event that COSA (or a Business Associate) commits or discovers a breach of unsecured protected health information.
To Exercise Your Individual Rights. To exercise any of your rights listed above, you must complete the appropriate form. To obtain the required form, please contact Kathy Snoke, Privacy Officer, Central Ohio Surgical Associates, 750 Mt Carmel Mall, Suite 330, Columbus, Ohio 43222 614-2228000.
Filing a Complaint With COSA or the U.S. Dept. of Health and Human Services.
If you believe that COSA has violated your HIPAA privacy rights, you may complain to COSA or to the Secretary of the U.S. Department of Health and Human Services. Complaints to COSA should be sent to: Kathy Snoke, Privacy Officer, Central Ohio Surgical Associates, 750 Mt Carmel Mall, Suite 330, Columbus, Ohio 43222. Complaints to the Secretary should be sent to the U.S. Department of Health and Human Services, Hubert H. Humphrey Building, 200 Independence Ave. S.W., Washington, D.C. 20201. COSA will not penalize you or retaliate against you for filing a complaint.
Changes to this Notice.
COSA reserves the right to change the provisions of this Notice and to apply the changes to all protected health information received and maintained by COSA. If COSA makes a material change to this Notice, a revised version of this Notice will be provided to you within thirty (30) days of the effective date of the change at your address of record.
This Notice becomes effective on September 23, 2013.
If you have any questions regarding this Notice or would like to exercise any of your rights described in this Notice, please contact:
Central Ohio Surgical Associates, Inc.
Attention: Melinda Ridgeway
750 Mt Carmel Mall, Suite 200
Columbus, Ohio 43222
Telephone: (614) 222-8000