Privacy Policy
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Privacy Notice describes how we may use and disclose your protected health information (“PHI”) to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI. PHI means any written and oral health information about you that is created or received by your health care provider, including demographic data, that may identify you, and that relates to your past, present or future physical or mental health condition.
CIOFM is required to abide by the terms of this Privacy Notice. CIOFM may change the terms of the notice at any time. A new notice will be available to you at our office or on request and will be effective for PHI that we maintain from that time forward.
1. Uses and Disclosures of PHI
You will be asked by CIOFM to sign a Consent form. Once you have signed the form, your PHI may be used and disclosed by CIOFM and others outside of our office that are involved in your care and treatment for the purpose of providing healthcare services to you. CIOFM may use your PHI for purposes of providing treatment, obtaining payment for treatment, and conducting health care operations. Your PHI may be used or disclosed only for these purposes unless CIOFM has obtained your authorization, or the use or disclosure is otherwise permitted by law. Disclosures of your PHI for the purpose described in this Privacy Notice may be made in writing, orally, and electronically.
• Treatment. We may use and disclose your PHI to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third a party for treatment purposes. For example, we may disclose your PHI to a pharmacy to fill a prescription or to a laboratory to order a blood test. We may also disclose PHI to physicians who may be treating you or consulting with the facility with respect to your care. In some cases, we may also disclose your PHI to an outside treatment provider for purposes of the treatment activities of other providers.
• Payment. Your PHI may be used and disclosed, as needed, to obtain payment for the services that we provide, that third parties provide related to your care, and to demonstrate medical necessity for purposes of insurance coverage.
• Operations. We may use or disclose your PHI, as necessary, for our internal care operations to facilitate the function of CIOFM and to provide quality care to all the patients.
We may call you by name in the waiting room when your provider is ready to see you. We may use or disclose your PHI, as necessary, to contact you to remind you of your appointment.
We may share your PHI with third party “business associates” that perform various activities (including billing) for our internal practice. Whenever an arrangement between our office and a business associate involves the use or disclosure of your PHI, we will have a written contract that contains terms to protect the privacy of your PHI.
We may use or disclose your PHI, as necessary, to provide you with information about treatment alternatives or other health-related benefits and services.
• Independent Contractors. CIOFM uses independent contractors to provide many of its services (“Contractors”). Contractors are not employees of CIOFM and CIOFM does not control the manner in which they provide services or maintain PHI. However, Contractors are contractually obligated to comply with this Notice and CIOFM’s other policies and procedures regarding the use and disclosure of your PHI. CIOFM will take reasonable steps to monitor Contractors’ compliance with this Notice and CIOFM’s other policies and procedures regarding the use and disclosure of your PHI. If you have questions or concerns about a Contractor regarding the use or disclosure of your PHI, please contact CIOFM’s Privacy Officer as soon as possible.
• Use of AI. CIOFM may use artificial intelligence (“AI”) software to perform appropriate functions related to treatment, payment, and operations. CIOFM will, as reasonably possible, seek to use AI software that is HIPAA compliant. However, to the extent that such AI software is not reasonably available (including financial, hardware requirements, ease of use, etc.), you must be aware that: (1) CIOFM may still use such AI software to perform appropriate functions related to treatment, payment, and operations; and (2) your PHI may be transmitted to a third-party provider. CIOFM is not aware of, and has no way of knowing, if such third-party providers will maintain a record of any PHI transmitted by using the AI software, and accordingly, cannot guarantee that your PHI will not be disclosed. You have the right to “opt out” of CIOFM using AI software for treatment, payment, and operations as related to you. This “opt out” is included in the CIOFM’s Consent to Treat form and you may indicate to CIOFM that you opt out on that form. However, if you do not opt out on the Consent to Treat form, you consent to CIOFM using AI software for treatment, payment, and operations as related to you and your PHI.
The foregoing examples are not meant to be an exhaustive list, but are intended to describe the types of uses and disclosures that may be made by CIOFM once you have provided consent.
2. Uses and Disclosures Beyond Treatment, Payment, and Health Care Operations Permitted Without Authorization of Opportunity to Object.
• When Legally Required. We may disclose your PHI without your consent or authorization when we are required to do so by any federal, state or local law.
• When There Are Risks to Public Health. We may disclose your PHI without your consent or authorization for the following public activities and purposes:
· To prevent, control, or report disease, injury or disability as permitted by law.
· To report vital events such as birth or death as permitted by law.
· To conduct public health surveillance, investigations and interventions as permitted or required by law.
· To collect or report adverse events and product defects, track FDA regulated products, enable products recalls, repairs or replacements to the FDA and to conduct post marketing surveillance.
· To notify a person who has been exposed to a communicable disease or who may be at risk of contracting or spreading a disease as authorized by law.
· To report employer information about an individual who is member of the workforce as legally permitted or required.
• To Report Suspended Abuse, Neglect or Domestic Violence. We may disclose PHI without your consent or authorization to government authorities if we believe that a patient is a victim of abuse, neglect or domestic violence. We will make this disclosure only when specifically required by law or when the patient agrees to the disclosure.
• To Conduct Health Oversight Activities. We may disclose your PHI without your consent or authorization to a health oversight agency for activities including audits; civil, administrative, or criminal investigations, proceeding, or actions; inspections; licensure or disciplinary actions; or other activities necessary for appropriate oversight as authorized by law. We will not disclose your PHI under this authority if you are the subject of an investigation and your PHI is not directly related to your receipt of health care public benefits.
• In Connection With Judicial and Administrative Proceedings. We may disclose your PHI without your consent or authorization in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal as expressly authorized by such order, and in certain circumstances, in response to a subpoena, discovery requests, or other lawful process.
• For Law Enforcement Purposes. We may disclose your PHI without your consent or authorization to a law enforcement official for the law enforcement purposes as follows:
· As required by law for reporting of certain types of wounds or other physical injuries.
· Pursuant to court order, court ordered warrant, subpoena, summons or similar process, where applicable legal requirements are met.
· To identify or locate a suspect, fugitive, material witness, or missing person.
· Under certain limited circumstances, when you are the victim of a crime.
· To a law enforcement official if the facility has suspicion that your health condition was the result of a criminal conduct.
· In an emergency or to report a crime if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
• To Coroners, Funeral Directors, and for Organ Donation. We may disclose PHI without your consent or authorization to a coroner or medical examiner for medical examiner for identification purposes, to determine cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose PHI to a funeral director, as authorized by law and in reasonable anticipation of death, in order to permit the funeral director to carry out their duties. PHI may be used and disclosed for cadaveric organ, eye or tissue donation purposes.
• For Research Purposes. We may use or disclose your PHI without your consent or authorization for research when the use or disclosure for research has been approved by an institutional review board that has reviewed the research proposal and research protocols to address the privacy of your PHI.
• In the Event of a Serious Threat to Health or Safety. We may, consistent with applicable law and ethical standards of conduct, use or disclose your PHI without your consent or authorization if we believe that such use or disclosure is necessary to prevent or lessen a serious and imminent threat to your health or safety or to the health and safety of the public.
• For Specific Government Functions. In certain circumstances, federal regulations authorize the facility to use or disclose your PHI without your consent or authorization to facilitate specified government functions relating to military and veteran’s activities, national security and intelligence activities, protective services for the President and other, medical suitability determinations, correctional institutions, and law enforcement custodial situations.
• For Worker’s Compensation. The facility may release your PHI without your consent or authorization to comply with worker’s compensation laws or similar programs.
3. Uses and Disclosures Permitted without Authorization but with Opportunity to Object
We may disclose your PHI to your family member or a close personal friend if it is directly relevant to the person’s involvement in your care or payment related to your procedure. We can also disclose your PHI in connection with trying to locate or notify family members or others involved in your care, we may disclose your location, condition or death.
You may object to these disclosures. If you do not object to these disclosures or we can infer from the circumstances that you do not object or we determine, in the exercise of our professional judgment, that it is in your best interests for us to make disclosure of information that is directly relevant to the person’s involvement with your care, we may disclose your PHI as described.
4. Uses and Disclosures which you Authorize
Other uses and disclosures of your PHI will be made only with your written authorization, unless otherwise permitted or required by law as described below. You may revoke this authorization, at any time, in writing, except to the extent that CIOFM has acted in reliance on the authorization.
5. Your Rights
You have the following rights regarding your PHI:
• The right to inspect and copy your PHI. You may inspect and obtain a copy of your PHI that is contained in a designated record set as long as we maintain the PHI. A “designated record set” contains medical and billing records and any other records that your doctor and the facility uses for making decisions about you.
However, you may not inspect or copy the following records: psychotherapy notes; information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding; and PHI that is subject to a law that prohibits access to protected health information. Depending on the circumstances, you may have the right to have a decision to deny access reviewed.
We may deny your request to inspect or copy your PHI if, in our professional judgment, we determine that the access requested is likely to endanger your like or safety of that of another person, or that it is likely to cause substantial harm to another person referenced within the information. You have the right to request a review of this decision.
To inspect and copy your PHI, you must submit a written request for the Privacy Officer whose contact information is listed on the last page of this Privacy Notice. If you request a copy of your PHI, we may charge you a fee for the costs of copying, mailing or other costs incurred by us in complying with your request.
Please contact the Privacy Officer if you have any questions about access to your PHI.
• The right to request a restriction on uses and disclosures of your PHI. You may ask us not to use or disclose certain parts of your PHI for the purpose of treatment, payment, or health care operations. You may also request that we not disclose your PHI to family members or friends who may be involved in your care or for notification purposes as described in this Privacy Notice. Your request must state the specific requested and to whom you want the restriction to apply. We will consider your request but are not legally required to grant it.
You may request a restriction by contacting the Privacy Officer. We will notify you if we deny your request to a restriction.
• The right to request to receive confidential communications from us by alternative means or at an alternative location. You have the right to request that we communicate with you certain ways. We will accommodate reasonable requests. We may condition this accommodation by asking you for information as to how payment will be handled specification of alternative address or other method of contact. We will not require you to provide an explanation for your request. Requests must be made in writing to our Privacy Officer.
• The right to request amendments to your protected health information. You may request an amendment of PHI about you in a designated record set for as long as we maintain this information. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Requests for amendment must be in writing and must be directed to our Privacy Officer. In this written request, you must also provide a reason to support the requested amendments.
• The right to receive accounting. You have the right to request an accounting of certain disclosures of your PHI made by CIOFM. This right applies to disclosure for purposes other than treatment, payment, or health care operations as described in this Privacy Notice. We are not required to account for disclosures that you requested, disclosures that you agreed to by signing an authorization form, disclosures for a facility directory, to friends or family members involved in your care, or certain other disclosures we are permitted to make without your authorization. The request for an accounting must be made in writing to our Privacy Officer. The request should specify the time period sought for the accounting. We are not required to provide an accounting for disclosures that take place prior to April 14, 2003. Accounting requests may not be made for time periods more than six years. We will provide the first accounting your request during any 12-month period without charge. Subsequent accounting requests may be subject to a reasonable cost-based fee.
• The right to obtain a paper copy of this Privacy Notice. Upon request, we will provide you with a separate paper copy of this Privacy Notice even if you have already received a copy or have agreed to accept this Privacy Notice electronically.
6. Our Duties
CIOFM will take all reasonable steps to: (a) maintain the privacy of your PHI; (b) provide you with this Privacy Notice; and (c) follow the terms of this Privacy Notice as may be amended form time to time. We reserve the right to change the terms of this Privacy Notice and make new provisions effective for all future PHI that we maintain. If CIOFM changes this Privacy Notice, we will provide a copy of the revised Privacy Notice by sending a copy via regular U.S. mail or in person at your next appointment.
7. Complaints
You may contact our Privacy Officer for further information about the complaint process or other information in this Privacy Notice. You will not be retaliated against in any way for filing a complaint or contacting the Privacy Officer.
8. Contact Person
CIOFM’s Privacy Officer may be reached as follows:
CIOFM
6240 Hamilton Ave, Ste 1
Cincinnati, OH 45224
513-401-5331
Attn: Privacy Officer
9. Effective Date
The effective date of this Privacy Notice is July 18, 2024.
A physical copy of these policies is available here.