HIPAA stands for the Health Insurance Portability and Accountability Act. This act, approved by Congress in 1996, provides patients with uniform access to their medical records and more control over how their personal health information is used and disclosed. It also requires health care providers to safeguard the security and confidentiality of medical records. Full information about the Act is provided on the US Department of Health & Human Services web site.
Doctors DeNicola and Morano, and Kim Yue. APN-C; have taken all required steps to be in compliance with HIPAA regulations. We have adopted a privacy plan and trained our employees on it's procedures. We have identified an employee who is responsible for ensuring that the procedures are implemented and up-to-date with current regulations. We have adopted an Electronic Medical Records (EMR) system that is certified in compliance with the Act. In short, we take our obligations very seriously.
An important aspect of HIPAA is patient notification. When you first visit our offices, you will be asked to read and acknowledge receiving a copy of the following guidelines. Please read them carefully and feel free to ask any questions about how your child's medical records will be maintained.
NOTICE OF PRIVACY POLICIES AND PRACTICES (effective Sep. 1, 2004)
Doctors DeNicola and Morano, and Kim Yue. APN-C are committed to protecting our patients' privacy. The confidentiality of our patients is of greatest concern to our physician and employees alike. This notice details how our practice collects, handles, and protects personal information about our patients. This policy will be distributed to all patients and will also be available for viewing at our web site. We will review this policy on an annual basis and monitor our compliance with this policy. Should it be necessary to revise this policy more often due to circumstances, we will do so in a timely fashion.
Information we collect and maintain
We collect non-public personal information about:
- Past medical history
- Review of Systems
- History of the present illness/complaint
- Family and social history
- Medications and allergies
- Insurance and billing information
- Patient demographics
How we protect your information
Our staff is trained to adhere to the following privacy measures with regards to Protected Health Information (PHI):
- There are only three (3) reasons why an employee needs to access a patient's chart or computer information: to treat or care for the patient, to process billing for services, or to respond to a medical records request.
- Patient medical information is located in a staff business area, out of the patient flow area. Patients do not have access to this area.
- Computer display terminals are exited out to a screensaver when the operator leaves a station. Entry into the system is password protected. Passwords are not to be shared.
- Confidential patient information is not placed anywhere but in the patient's chart.
- Appointment schedules are not posted in the exam rooms, but rather in the physician's private office.
- Employees will not discuss any patient in a public area. We will not make inquiries or access the chart of a friend or relative out of curiosity unless we have permission of the patient.
- PHI transmitted over the Internet is encrypted, and all access is protected by passwords.
Information we may disclose and purpose
No PHI will be released without proper written consent from the patient or parent or guardian of the minor patient, unless the request is during an emergency. Occasions for release of PHI are the following:
- Workman's compensation - The patient signs a record release at the time of the visit, as the chart notes must accompany the insurance billing.
- Legal pursuit - Attorney request (also includes medical record service) or subpoena
- Patient request – Moving or transferring records to another physician
- Disability Documentation
- Auto Accident
- Insurance company chart audit
- Driver's Form
- Insurance Claim adjudication
Our patients have the following rights to privacy and respect regarding their personal information:
- The right to access and copy health records with reasonable notice.
- The right to request amendment or correction.
- The right to an accounting of disclosures.
- The right to specify how confidential information is communicated.
- The right to request restriction on how health information is disclosed or used.
- The right to file a complaint if they believe that our safeguards and procedures have not been followed.
Any privacy issue complaints should be directed to the Privacy Officer. If satisfaction is not received, the patient may notify the Department of Health & Human Services.