NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
At DISC Sports & Spine Center (“DISC”), we understand that medical information about you and your health is personal, and we are committed to protecting that information. This Notice of Privacy Practices describes how we and the medical staff and personnel who provide you with care or services at this facility may use and disclose your Protected Health Information (“PHI”) to carry out treatment, payment or healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI, which is information about you, including demographic information that may identify you and that relates to your past, present or future physical or mental health or condition and related healthcare services. We are required by law to maintain the privacy of your PHI, to provide notice of our legal duties and privacy practices with respect to your PHI, to notify affected individuals following a breach of unsecured PHI, and to abide by the terms of this Notice of Privacy Practices.
We may change the terms of our notice at any time. The new notice will be effective for all PHI that we maintain at that time. Upon your request, you can receive any revised Notice of Privacy Practices by accessing our website www.discmdgroup.com, contacting the facility where you received services, or by contacting the Privacy Officer: firstname.lastname@example.org.
1. How We May Use and Disclose Your PHI.
We may use or disclose your PHI as described in this section. The following are examples of the types of uses and disclosures of your PHI that DISC is permitted to make without your specific authorization. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by our facility. Where State or federal law restricts one of the described uses or disclosures, DISC will follow the requirements of such State or federal law. The following are general descriptions only. They do not cover every example of disclosure within a category. However, all of the ways DISC is permitted to use and disclose your PHI will fall within one of the categories in this Notice of Privacy Practices.
Treatment. We may use PHI about you to provide you with medical treatment or services. We may disclose medical information about you to doctors, nurses, technicians, medical students or other personnel who are involved in your care to, for example, plan a course of treatment for you. We also may disclose PHI about you to individuals outside of DISC who may be involved in your medical care, such as family members or others we use to provide services that are part of your care.
Payment. Your PHI will be used, as needed, to obtain payment for your healthcare services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the healthcare services we recommend for you, such as making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity and undertaking utilization review activities. For example, obtaining approval for a surgery may require that your relevant PHI be disclosed to your health plan.
Healthcare Operations. We may use or disclose your PHI as needed to support our business activities. These activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, and conducting or arranging for other healthcare operations. For example, your health information may be disclosed to members of the medical staff, risk or quality improvement personnel and others to:
• Evaluate the performance of our staff;
• Assess the quality of care and outcomes in your case and similar cases;
• Learn how to improve our facilities and services; or
• Determine how to continually improve the quality and effectiveness of the health care we provide.
In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician. We may also call you by name in the waiting room when your healthcare provider is ready to see you. We may use or disclose your PHI, as necessary, to contact you to remind you of your appointment.
We will share your PHI with third party “business associates” that may perform various activities (e.g., billing or transcription services) for DISC. Whenever an arrangement between our facility and a business associate involves the use or disclosure of your PHI, we will require the business associate to appropriately safeguard it.
2. Other Permitted and Required Uses and Disclosures That May Be Made With Your Authorization or Opportunity to Object. You have the opportunity to authorize or object to the use or disclosure of all or part of your PHI. You may revoke your authorization at any time, but your revocation will only be effective for future uses and disclosures and will not affect any use or disclosure made in reliance on your authorization. If you are not present or able to authorize or object to the use or disclosure of the PHI, then your healthcare provider may, using professional judgment, determine whether the disclosure is in your best interest. In this case, only the PHI that is relevant to your healthcare will be disclosed. We may use and disclose your PHI in the following instances. Other uses and disclosures not described in this Notice of Privacy Practices will be made only with your written authorization.
Facility Directories. Unless you object, we will use and disclose in our facility directory your name, the location at which you are receiving care, your condition (in general terms) and your religious affiliation. All of this information, except religious affiliation, will be disclosed to people that ask for you by name. Members of the clergy will be told of your religious affiliation.
Others Involved in Your Healthcare. Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your healthcare. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose PHI to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, about your general condition or death. Finally, we may use or disclose your PHI to an authorized public or private entity to assist in disaster relief efforts and to coordinate uses and disclosures to family or other individuals involved in your healthcare.
In addition, with few exceptions, unless you provide written authorization, we will not use or disclose your PHI for marketing purposes and we will not sell your PHI.
3. Other Permitted and Required Uses and Disclosures That May Be Made Without Your Authorization or Opportunity to Object. We may use or disclose your PHI without your authorization in the following situations:
Required By Law. We may use or disclose your PHI to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.
Public Health. We may disclose your PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose of controlling disease, injury or disability. We may also disclose your PHI, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
Communicable Diseases. We may disclose your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health Oversight. We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations and inspections. Oversight agencies seeking this information include government agencies that oversee the healthcare system, government benefit programs, other government regulatory programs and civil rights laws.
Abuse or Neglect. We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your PHI to the governmental entity or agency authorized to receive such information if we believe that you have been a victim of abuse, neglect or domestic violence. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.
Food and Drug Administration (“FDA”). We may disclose your PHI to a person or company required by the FDA to report information such as adverse events and product defects, to enable product recalls, to make repairs or replacements, or to conduct post marketing surveillance.
Legal Proceedings. We may disclose PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request, or other lawful process, but only if a reasonable effort has been made to tell you about the request or to obtain an order protecting the information requested.
Law Enforcement. We may release PHI for certain law enforcement purposes including, for example, reports required by law, to comply with a court order or warrant, or to report or answer questions about a crime.
Coroners, Funeral Directors and Organ Donation. We may disclose PHI to a coroner, funeral director or medical examiner as necessary to permit them to carry out their duties.
Research. We may disclose your PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
Criminal Activity. Consistent with applicable federal and state laws, we may disclose your PHI if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.
Military Activity and National Security. When the appropriate conditions apply, we may use or disclose PHI of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits or (3) to foreign military authority if you are a member of that foreign military services. We may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President of the United States or other officials.
Workers’ Compensation. Your PHI may be disclosed by us as authorized to comply with workers compensation laws and other similar legally established programs.
Required Uses and Disclosures. Under the law, we must make disclosures to you and to the U.S. Department of Health and Human Services when required to determine our compliance with the requirements of the Federal Privacy Standards.
4. Your Rights. Following is a statement of your rights with respect to your PHI and a brief description of how you may exercise these rights. We have the right to deny your request in certain circumstances. We will inform you if your request is denied.
Right to Access Your PHI. You may inspect and obtain a copy of PHI about you that is contained in a designated record set for as long as we maintain the PHI. A “designated record set” contains medical and billing records and any other records that your healthcare provider and SCA use for making decisions about you. Under federal law, however, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal or administrative action or proceeding; and, PHI that is subject to law that prohibits access to PHI. Depending on the circumstances, a decision to deny access may be reviewable. If the information you request is maintained electronically, and you request an electronic copy, we will provide a copy In the electronic form and format you request, if the information can be readily produced in that form and format. If the information cannot be readily produced in that form and format, we will work with you to come to an agreement on form and format.
Please contact the facility’s Medical Records Department if you have questions about access to your PHI. If you request a copy of the information, we may charge a fee for the costs of retrieving, copying, mailing and any other supplies associated with your request. Your records remain the property of DISC.
Right to Request a Restriction on the Use or Disclosure of Your PHI. You may ask us not to use or disclose any part of your PHI for the purposes of treatment, payment or healthcare operations. You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in the Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply. Except as provided in the following paragraph, we are not required to agree to your request. However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you.
We will comply with any restriction request if (1) except as otherwise required by law, the disclosure is to a health plan for purposes of carrying out payment or health care operations (and is not for purposes of carrying out treatment); and (2) the PHI pertains solely to a health care item or service for which the health care provider involved has been paid out-of-pocket in full. DISC is not responsible for notifying subsequent health care providers of your request for restrictions on disclosures to health plans for those items and services, so you will need to notify other providers if you want them to abide by the same restriction.
To request restrictions, you must make your request in writing to DISC. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply (for example, disclosures to your spouse).
Right to Request to Receive Confidential Communications From Us. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. We will attempt to accommodate reasonable requests. We will not request an explanation from you as to the basis for the request. Please make this request in writing to the facility’s Medical Records Department.
Right to Request Amendment. If you think that the PHI we have about you is wrong or incomplete, you may ask us to amend the information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Please contact the facility’s Medical Records Department if you have a question about amending your medical record.
Right to Request an Accounting of Certain Disclosures. You may request a list of our disclosures of your PHI, subject to several exceptions and limitations. For example, this right does not apply to disclosures for purposes other than treatment, payment or healthcare operations, and it excludes disclosures we may have made to you, to family members or friends involved in your care, or for notification purposes. You have the right to receive specific information regarding these disclosures. To request this list or accounting of disclosures, you must submit your request in writing to SCA’s Privacy Officer. Your request must state a time period that may not be longer than six years prior to the request date and may not include dates before April 14, 2003. The first list you request within a 12-month period will be free. For additional lists during the same 12-month period, we may charge you for the cost of providing the list. We will notify you of the cost Involved and you may choose to withdraw or modify your request at the time before any costs are incurred.
Right to Be Notified of a Breach. You have a right to be notified in the event that we discover a breach of unsecured PHI, as defined under federal law.
Right to Obtain a Paper Copy of This Notice. You have the right to obtain a paper copy of this notice, even if you agreed to receive such notice electronically. You may ask us to give you a copy of this notice at any time. To request a copy of this notice, you can make your request in writing to SCA’s Privacy Officer (contact information is below).
5. Questions and Complaints.
You may file a complaint with us or with the Secretary of the Department of Health and Human Services if you believe your privacy rights have been violated by us. You may file a complaint with us by notifying our Privacy Officer of your complaint. We will not retaliate against you for filing a complaint. For further information about the complaint process, or to make any requests or inquiries, you may contact our Privacy Officer at:
DISC Sports & Spine Center
3501 Jamboree Rd. Suite 1200
Newport Beach, CA 92660
This notice was effective on April 14, 2003 and revised on April 28, 2015.