HIPAA Compliance

1. WHAT IS PHI?

Protected Health Information (PHI) consists of past and present medical records, office notes, billing and accounting information which is used by our office for treatment and payment purposes. The HIPAA guidelines require us to provide you with this notice to explain how, when and why we must use your PHI and the extent to which it is to be used. Our office strictly adheres to the privacy practices which will be described below. We do reserve the right to revise the terms of this notice and our privacy practices at any time. In the event of any changes, a revised notice will be displayed in our office and copies will be available to our patients. Copies of this notice may also be requested in person, by mail, or by phone (865) 482-2129 during regular business hours.

2. HOW DO WE USE YOUR PHI?

We have the right to use and disclose your PHI for the purposes of treatment, seeking payment and in the daily business operation of Dermatology Associates of Oak Ridge. Any other uses of your PHI will require your written permission unless the law permits the use or disclosure without patient authorization. Some examples of how we use your PHI during standard operations are described below:

*Treatment. We may disclose your PHI to doctors, nurses and other health care personnel involved in providing your care. The PHI may also be shared with outside facilities such as laboratories and hospitals providing services relating to your treatment.

*Billing and Payment. We may disclose your PHI for billing and collection purposes for services and treatment provided by our practice. PHI is provided to our Billing Department and then released to your health insurer for payment. It may also be necessary for your employer to be contacted for the purpose of determining benefits and/or coverage.

*Standard Operating Procedures. PHI may be used for quality assurances purposes in the course of operating Dermatology Associates of Oak Ridge. This information may be shared with our accountants, attorneys, consultants or other contracted entities to make sure we are in compliance with all current laws and regulations which we are required to follow. PHI may also be disclosed to an outside entity performing a function on our behalf. In this instance, we must have an agreement with the entity stating it will extend the same privacy to your PHI as we do. Under the HIPAA Privacy Rule, our practice does not have to obtain patient authorization to disclose information for the following reasons:

*As Required By Law. PHI may be disclosed when required by local, federal or government law in the following instances:

• In response to a court order, court-ordered warrant, subpoena or summons;
• To social or protective services regarding victims of abuse, neglect or domestic violence;
• To law enforcement for the purpose of identifying or locating a suspect, fugitive, material witness,
  missing person (e.g. disclosing a deceased individual’s PHI if suspicion persists that death
  possibly resulted from criminal conduct);
• To authorized federal officials for the conduct of lawful intelligence or counter-intelligence as authorized by the National Security Act;
• To authorized federal officials as it relates to protecting the President of the United States, to foreign heads of state, or other authorized persons;
• To the United States Department of State as it relates to obtaining a security clearance, service abroad and
  other provisions of the Foreign Service Act;
• To correctional institutions/law enforcement as it relates to inmates’ healthcare or the health and safety of individuals treating and transferring inmates;
• To Armed Forces personnel for activities deemed to assure proper execution of military missions;
• To the proper authorities if deemed it can prevent a serious threat to the health and safety of a person or
  the public.

*For Medical and Health Related Reasons

• To a provider who has an indirect treatment relationship with the patient;
• To a health oversight agency with respect to audits, civil, administrative, and/or criminal investigations, proceedings or actions, inspections, licensure or disciplinary actions;
• To organ procurement organizations to assist with organ, eye, and tissue donation and transplantation;
• As required by law for public health activities and the prevention or control of disease, injury, or disability including, but not limited to, communicable disease and product defects or problems (e.g. with food/dietary supplements and product labeling issues);
• to a person who may have been exposed to a communicable disease, if the practice is authorized by law to notify such persons in the conduct of a public health intervention or investigation;
• To an employer, if the practice is a covered provider who is a member of the workforce of the employer or who provides healthcare to the patient at the request of the employer: to conduct an evaluation relating to medical surveillance of the workplace; or evaluate whether the patient has a work-related illness or injury;
• To provide you with appointment reminders or to provide you with information about available
  treatment alternatives or services.

3. YOUR RIGHTS REGARDING YOUR PHI.

We may share PHI with family members, friends, or other individuals you have authorized to receive information. In the event of an emergency, it may not be possible for you to object until the emergency has resolved. Some examples of instances needing your authorization to release PHI would include disclosure.