Chevy Chase ENT Associates, LLC
Private Surgical Suite, L.L.C.
Privacy Notice Statements
Our Privacy Notice informs you of our use and disclosure of your Protected Health Information (PHI), defined as: “any information, whether oral or recorded in any medium, that is either created or received by a health care provider, health plan, public health authority, employer, life insurance company, school or university or clearinghouse and that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.”
Our office will use or disclose your PHI for purposes of treatment, payment, and other health care purposes (TPO) as required to provide you the healthcare services that we offer. It is our policy to control access to your PHI and, even in cases where access is permitted, we exercise a “minimum necessary information” restriction to that access. We define minimum necessary information as the minimum necessary to accomplish the intent of the request.
An Authorization differs from this Privacy Notice in that it is very specific with regard to the information allowed to be disclosed or used, the individual or entity to which the information may be disclosed, the intent for which it may be disclosed, and the date that it was initiated which may include the duration of the authorization. This is a form, separate from the Privacy Notice, and usually used only for one specific request for information. In the event of a non-health care-related request for personal health information, this office will request you to sign an Authorization Form. Inquiries of a non-medical or non-routine nature will be recorded and maintained for a period of six years from the date of the last request and can be viewed by you, the patient, at your written request. Inquiries resulting from your Authorization may not be tracked under the assumption that you are already aware of them.
You, as our patient, may revoke your Authorization or restrict the disclosure of your healthcare information in writing at any time and our use and disclosure will be revised accordingly, with the exception of matters already in process as a result of prior use of your PHI. To revoke either the Consent or the Authorization, you will have to provide this office with a written request with your signature and date and your specific instructions regarding an existing Authorization. Any revocation will not apply to information previously used or disclosed.
If you had a “personal representative” initiate your Authorization, you may revoke the authorization at any time. You, the patient, have access to your healthcare information and may request to see your information, may request copies of your information, and under the law, you may request amendments to your information. The physician or principal will exercise professional judgment with regard to requests for amendments and is not bound by law to make any changes to the information. If the physician or professional agrees with the request to amend the information, the covered entity is bound by law to abide by the changes.
In limited circumstances, The Privacy Standard permits, but does not require, covered entities to continue certain existing disclosures of health information without individual authorization for specific public responsibilities. These permitted disclosures include: emergency circumstances, identification of the body of a deceased person, or to assist in determining the cause of death; public health needs; research, generally limited to when a waiver of authorization is independently approved by a privacy board or Institutional Review Board; oversight of the healthcare system; judicial and administrative proceedings; limited law enforcement activities; and activities related to national defense and security. There are specific state laws that require the disclosure of health care information related to Hepatitis C and AIDS. Where the state laws are more stringent than HIPAA Privacy Standard, the state laws will prevail.
In some occasions, this office may furnish your PHI to a third party, such as an insurance company for the purpose of payment, or another healthcare provider for further treatment or additional services. Although we will institute a “chain of trust” contract and monitor our business associates’ contracts with us, we cannot absolutely guarantee that they will not re-disclose your PHI.
Although the law requires a signed and dated Privacy Notice, this office does not demand that you sign the agreement as a condition of receiving care. It is the law that your rights are communicated in this manner. We seek only to obtain your signature and date to affirm that you have received the Privacy Notice, not that you have read it or agree with it. It is an expression of our practices and your rights.
In complying with the Privacy Standard, we have appointed a Privacy Officer, trained our Privacy Officer and the staff in HIPAA Privacy Standard requirements, and implemented policies to protect your PHI. We have instituted privacy and security processes to guard and protect your PHI. This office is taking steps and continues to monitor and improve processes for the protection of your information and to remain in compliance with the Law.