HIPAA Patient Privacy Policy

Ballenger Chiropractic, PA

9632 Deereco Road

Timonium, MD 21093

Ph. 410.252.1000 Fax 410.252.6809

www.ballengerchiropractic.com

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU

MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO

THAT INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

The Practice (the “Practice”), in accordance with the federal Privacy Rule, 45 CFR parts 160 and 164 (the “Privacy Rule”) and applicable state law, is committed to maintaining the privacy of your protected health information (“PHI”). PHI includes information about your health condition and the care and treatment you receive from the Practice and is often referred to as your health care or medical record. This Notice explains how your PHI may be used and disclosed to third parties. This Notice also details your rights regarding your PHI.

How the Practice May Use and

Disclose Your Protected Health Information

The Practice, in accordance with this Notice and without asking for your express consent or authorization, may use and disclose your PHI for the purposes of:

a)Treatment – To provide you with the health care you require, the Practice may use and disclose your PHI to those health care professionals, whether on the Practice’s staff or not, so that it may provide, coordinate, plan and manage your health care. For example, a chiropractor treating you for lower back pain may need to know and obtain the results of your latest physician examination or last treatment plan.

b)Payment – To get paid for services provided to you, the Practice may provide your PHI, directly or through a billing service, to a third party who may be responsible for your care, including insurance companies and health plans. If necessary, the Practice may use your PHI in other collection efforts with respect to all persons who may be liable to the Practice for bills related to your care. For example, the Practice may need to provide the Medicare program with information about health care services that you received from the Practice so that the Practice can be reimbursed. The Practice may also need to tell your insurance plan about treatment you are going to receive so that it can determine whether or not it will cover the treatment expense.

c)Health Care Operations – To operate in accordance with applicable law and insurance requirements, and to provide quality and efficient care, the Practice may need to compile, use and disclose your PHI. For example, the Practice may use your PHI to evaluate the performance of the Practice’s personnel inproviding care to you.

Other Examples of how the Practice May Use Your

Protected Health Information

  1. Advice of Appointment and Other Services – The Practice may, from time to time, contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. The following are ways we will communicate with you: a) telephoning your home and leaving a message on your answering machine or with the individual answering the phone; b) telephoning your mobile phone and either speaking with you directly or leaving a voice message; c) emailing you at the email address you provide; d) faxing you at a number you provide. You have the right to refuse such communications in writing.

  1. Appointment Log/Sign-In Log/Fee Slips – The Practice maintains a sign-in log at its reception desk for individuals seeking care and treatment in the office. The sign-in log is located in a position where staff can readily see who is seeking care in the office, as well as the individual’s location within the Practice’s office suite. This information may be seen by, and is accessible to, others who are seeking care or services in the Practice’s offices.

  1. Electronic Storage of PHI- In addition to paper files, The Practice utilizes computers, computer software, and a secure network server to electronically store PHI including all patient exam and treatment notes. In accordance with HIPAA regulations, The Practice’s network integrity is maintained by the use of several security and safeguard measures. The network and all patient information are backed-up nightly on a WD external hard drive, and the network is also protected by multiple firewalls.

  1. Family/Friends – The Practice may disclose to a family member, other relative, a close personal friend, or any other person identified by you, your PHI directly relevant to such person’s involvement with your care or the payment for your care. The Practice may also use or disclose your PHI to notify or assist in the notification (including identifying or locating) a family member, a personal representative, or another person responsible for your care, of your location, general condition or death. However, in both cases, the following conditions will apply:

(i)If you are present at or prior to the use or disclosure of your PHI, the Practice may use or disclose your PHI if you agree, or if the Practice can reasonably infer from the circumstances, based on the exercise of its professional judgment, that you do not object to the use or disclosure.

(ii)If you are not present, the Practice will, in the exercise of professional judgment, determine whether the use or disclosure is in your best interests and, if so, disclose only the PHI that is directly relevant to the person’s involvement with your care.

Other Use & Disclosures Which May

Be Permitted or Required by Law

The Practice is allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html

(a)De-identified Information – The Practice may use and disclose health information that may be related to your care but does not identify you and cannot be used to identify you.

(b)Business Associate – The Practice may use and disclose PHI to one or more of its business associates if the Practice obtains satisfactory written assurance, in accordance with applicable law, that the business associate will appropriately safeguard your PHI. A business associate is an entity that assists the Practice in undertaking some essential function, such as a billing company that assists the office in submitting claims for payment to insurance companies.

(c)Personal Representative – The Practice may use and disclose PHI to a person who, under applicable law, has the authority to represent you in making decisions related to your health care.

(d)Emergency Situations – The Practice may use and disclose PHI for the purpose of obtaining or rendering emergency treatment to you provided that the Practice attempts to obtain your Consent as soon as possible: The Practice may also use and disclose PHI to a public or private entity authorized by law or by its charter to assist in disaster relief efforts, for the purpose of coordinating your care with such entities in an emergency situation.

(e)Public Health Activities – The Practice may use and disclose PHI when required by law to provide information to a public health authority to prevent or control disease.

(f)Abuse, Neglect or Domestic Violence – The Practice may use and disclose PHI when authorized by law to provide information if it believes that the disclosure is necessary to prevent serious harm.

(g)Health Oversight Activities – The Practice may use and disclose PHI when required by law to provide information in criminal investigations, disciplinary actions, or other activities relating to the community’s health care system.

(h)Judicial and Administrative Proceeding – The Practice may use and disclose PHI in response to a court order or a lawfully issued subpoena.

(i)Law Enforcement Purposes – The Practice may use and disclose PHI, when authorized, to a law enforcement official. For example, your PHI may be the subject of a grand jury subpoena, or if the Practice believes that your death was the result of criminal conduct.

(j)Coroner or Medical Examiner – The Practice may use and disclose PHI to a coroner or medical examiner for the purpose of identifying you or determining your cause of death.

(k)Organ, Eye or Tissue Donation – The Practice may use and disclose PHI if you are an organ donor to the entity to whom you have agreed to donate your organs.

(l)Research – The Practice may use and disclose PHI subject to applicable legal requirements if the Practice is involved in research activities.

(m)Avert a Threat to Health or Safety – The Practice may use and disclose PHI if it believes that such disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and the disclosure is to an individual who is reasonably able to prevent or lessen the threat.

(n)Specialized Government Functions – The Practice may use and disclose PHI when authorized by law with regard to certain military and veteran activity.

(o)Workers’ Compensation – The Practice may use and disclose PHI if you are involved in a Workers’ Compensation claim to an individual or entity that is part of the Workers’ Compensation system.

(p)National Security and Intelligence Activities – The Practice may use and disclose PHI to authorized governmental officials with necessary intelligence information for national security activities.

(q)Military and Veterans – The Practice may use and disclose PHI if you are a member of the armed forces, as required by the military command authorities.

(r)How else can we use or share your health information?

Authorization

Uses and/or disclosures, other than those described above, will be made only with your written Authorization. This includes any marketing opportunities. We may contact you for fundraising efforts, but you can tell us not to contact you again.

Your Rights

You have the right to:

(a)Revoke any Authorization or consent you have given to the Practice, at any time. To request a revocation, you must submit a written request to the Practice’s Privacy Officer.

(b)Request special restrictions on certain uses and disclosures of your PHI as authorized by law. In general, this relates to your right to request special restrictions concerning disclosures of your PHI regarding uses for treatment, payment and operational purposes under Privacy Rule, Section 164.522(a) and restrictions related to disclosures to your family and other individuals involved in your care under Privacy Rule, Section 164.510(b). Except in certain instances, the Practice may not be obligated to agree to any requested restrictions. To request restrictions, you must submit a written request to the Practice’s Privacy Officer. In your written request, you must inform the Practice of what information you want to limit, whether you want to limit the Practice’s use or disclosure, or both, and to whom you want the limits to apply. If the Practice agrees to your request, the Practice will comply with your request unless the information is needed in order to provide you with emergency treatment. If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

(c)Choose someone to act for you If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.

(d)Receive confidential communications or PHI by alternative means or at alternative locations as provided by Privacy Rule Section 164.522(b). For instance, you may request all written communications to you marked “Confidential Protected Health Information” or be mailed to a different address. You must make your request in writing to the Practice’s Privacy Officer. The Practice will accommodate all reasonable requests.

(e)Get an electronic or paper copy of your medical record. You can ask to see or get an electronic or copy of your medical record and other health information we have about you. Please ask the office manager or Practice Privacy Officer. We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

(f)Amend your PHI as provided by federal law (including Privacy Rule, Section 164.526) and state law. To request an amendment, you must submit a written request to the Practice’s Privacy Officer. You must provide a reason that supports your request. The Practice may deny your request if it is not in writing, if you do not provide a reason in support of your request, if the information to be amended was not created by the Practice, if the information is not part of your PHI maintained by the Practice, if the information is not part of the information you would be permitted to inspect and copy, and/or if the information is accurate and complete. If you disagree, you may submit a statement of disagreement.

(g)Receive an accounting of disclosures of your PHI as provided by federal law (including Privacy Rule Section 164.528) and state law. To request an accounting, you must submit a written request to the Practice’s Privacy Officer. The request must state a time period, which may not be longer than six (6) years. The request should indicate in what form you want the list (such as a paper or electronic copy). The first list you request within a twelve (12) month period will be free, but the Practice may charge you for the cost of providing additional lists. The Practice will notify you of the costs involved and you can decide to withdraw or modify your request before any costs are incurred.

(h)Request a copy of this notice. Even if you have agreed to receive this notice electronically, you can ask for a paper copy of this Privacy Notice from the Practice (as provided by Privacy Rule Section 164.520(b)(1)(iv)(F)).

(i)File a complaint if you feel your rights are violated. You can complain to the Practice or to the Secretary of HHS (as provided by Privacy Rule Section 164.520(b)(1)(vi)) if you believe your privacy rights have been violated. To file a complaint with the Practice, you must contact the Practice’s Privacy Officer. All complaints must be in writing. You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.

Practice Responsibilities

We are required by law to:

(a)Maintain the privacy and security of your protected health information.

(b)Let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

(c)Follow the duties and privacy practices described in this notice and give you a copy of it.

(d)Not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html

To obtain more information about your privacy rights or if you have questions you want answered about your privacy rights (as provided by Privacy Rule Section 164.520(b)(2)(vii)), you may contact the Practice’s Privacy Officer as follows:

Name: David J. Ballenger, D.C.

Address: 9632 Deereco Rd., Timonium MD 21093

Telephone No.: 410-252-1000 Eff 9/23/13