top of page

HIPPA and Your Privacy

 

 

 

 

Notice of Privacy Practices for Protected Health Information

45 CFR 164.520   (Download a copy in PDF - PDF)

Background 

The HIPAA Privacy Rule gives individuals a fundamental new right to be informed of the privacy practices of their health plans and of most of their health care providers, as well as to be informed of their privacy rights with respect to their personal health information. Health plans and covered health care providers are required to develop and distribute a notice that provides a clear explanation of these rights and practices. The notice is intended to focus individuals on privacy issues and concerns, and to prompt them to have discussions with their health plans and health care providers and exercise their rights. 

How the Rule Works

General Rule. The Privacy Rule provides that an individual has a right to adequate notice of how a covered entity may use and disclose protected health information about the individual, as well as his or her rights and the covered entity’s obligations with respect to that information. Most covered entities must develop and provide individuals with this notice of their privacy practices. The Privacy Rule does not require the following covered entities to develop a notice: 

  •  Health care clearinghouses, if the only protected health information they create or receive is as a business associate of another covered entity. See 45 CFR 164.500(b)(1). 

  •  A correctional institution that is a covered entity (e.g., that has a covered health care provider component). 

  • A group health plan that provides benefits only through one or more contracts of insurance with health insurance issuers or HMOs, and that does not create or receive protected health information other than summary health information or enrollment or disenrollment information. See 45 CFR 164.520(a). 

Content of the Notice. Covered entities are required to provide a notice in plain language that describes:  

  • How the covered entity may use and disclose protected health information about an individual. 

  • The individual’s rights with respect to the information and how the individual may exercise these rights, including how the individual may complain to the covered entity. 

  • The covered entity’s legal duties with respect to the information, including a statement that the covered entity is required by law to maintain the privacy of protected health information. 

  • Whom individuals can contact for further information about the covered entity’s privacy policies. 

The notice must include an effective date. See 45 CFR 164.520(b) for the specific requirements for developing the content of the notice. A covered entity is required to promptly revise and distribute its notice whenever it makes material changes to any of its privacy practices. See 45 CFR 164.520(b)(3), 164.520(c)(1)(i)(C) for health plans, and 164.520(c)(2)(iv) for covered health care providers with direct treatment relationships with individuals. 

Providing the Notice.

  • A covered entity must make its notice available to any person who asks for it. 

  • A covered entity must prominently post and make available its notice on any web site it maintains that provides information about its customer services or benefits. 

  • Health Plans must also:

    • Provide the notice to individuals then covered by the plan no later than April 14, 2003 (April 14, 2004, for small health plans) and to new enrollees at the time of enrollment. 

    • Provide a revised notice to individuals then covered by the plan within 60 days of a material revision. 

    • Notify individuals then covered by the plan of the availability of and how to obtain the notice at least once every three years.

  • Covered Direct Treatment Providers must also:

    • Provide the notice to the individual no later than the date of first service delivery (after the April 14, 2003 compliance date of the Privacy Rule) and, except in an emergency treatment situation, make a good faith effort to obtain the individual’s written acknowledgment of receipt of the notice. If an acknowledgment cannot be obtained, the provider must document his or her efforts to obtain the acknowledgment and the reason why it was not obtained. 

    • When first service delivery to an individual is provided over the Internet, through e-mail, or otherwise electronically, the provider must send an electronic notice automatically and contemporaneously in response to the individual’s first request for service. The provider must make a good faith effort to obtain a return receipt or other transmission from the individual in response to receiving the notice. 

    • In an emergency treatment situation, provide the notice as soon as it is reasonably practicable to do so after the emergency situation has ended. In these situations, providers are not required to make a good faith effort to obtain a written acknowledgment from individuals. 

    • Make the latest notice (i.e., the one that reflects any changes in privacy policies) available at the provider’s office or facility for individuals to request to take with them, and post it in a clear and prominent location at the facility. 

  • A covered entity may e-mail the notice to an individual if the individual agrees to receive an electronic notice. See 45 CFR 164.520(c) for the specific requirements for providing the notice. 

Organizational Options.

  • Any covered entity, including a hybrid entity or an affiliated covered entity, may choose to develop more than one notice, such as when an entity performs different types of covered functions (i.e., the functions that make it a health plan, a health care provider, or a health care clearinghouse) and there are variations in its privacy practices among these covered functions. Covered entities are encouraged to provide individuals with the most specific notice possible. 

  • Covered entities that participate in an organized health care arrangement may choose to produce a single, joint notice if certain requirements are met. For example, the joint notice must describe the covered entities and the service delivery sites to which it applies. If any one of the participating covered entities provides the joint notice to an individual, the notice distribution requirement with respect to that individual is met for all of the covered entities. See 45 CFR 164.520(d). 

Please review the Frequently Asked Questions about the Privacy Rule.

OCR HIPAA Privacy
December 3, 2002 Revised April 3, 2003

Back to Top

Notices of Privacy Practices

Notice of Privacy Practices

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Dobbie Wellness, PLLC is committed to providing you with the highest quality of care in an environment that protects a health participant’s privacy and the confidentiality of your health information.  This notice explains our privacy practices, as well as your rights, with regard to your health information.

We want you to know how your Protected Health Information (PHI) is going to be used in our coaching program and your rights concerning those records.  Before we will begin any health coaching we require you to read and sign this consent form stating that you understand and agree with how your records will be used. 

 

Some of the terms of uses include:

 

  1. The health participant understands that Dobbie Wellness, PLLC and partnering laboratories transmit health information (such as lab results) electronically via a secure internet connection. Dobbie wellness, PLLC has taken the necessary precautions to enhance all security; Dobbie Wellness, PLLC cannot be held liable if there is any security breach on the part of the laboratories.

  2. A health participant’s written consent need only be obtained one time for all subsequent coaching given to the health participant.

  3. For your security and right to privacy, we have taken all precautions that we know of to assure that your records are not readily available to those who do not need access to them.

  4. If the health participant refuses to sign this consent for the purpose of health coaching operations, Dobbie Wellness, PLLC reserves the right to refuse acceptance of the health participant.

  5. Every effort is made to ensure cyber-security of you information, including password protection of computers, HIPAA-compliant email servers, and other means. No system is 100% secure and there are potential risks notwithstanding. The health participant agrees to hold Dobbie Wellness, PLLC harmless for information lost due to technical failures.

  6. Consultations can be conducted either by audio via phone, Facetime, Whatsapp, PracticeBetter , Telehealth or similar, or through video conferencing via Skype, Zoom, G-Suite’s ‘Meet’, PracticeBetter Telehealth or similar.  If the transmission fails during your consultation, every reasonable effort will be made to help you get reconnected. There are risks associated with using tele-coaching, including, but may not be limited to a breach of privacy and or PHI due to failure in security protocols.

 

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and how to exercise them. Specifically, you have the right to:

  1. Get an electronic or paper copy of your medical record

  • You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you.

  • We will provide a copy or a summary of your health information, usually within 30 days of your request.

  • We may charge a reasonable, cost-based fee.

 

  1. Ask us to correct or amend your medical record

  • You can ask us to correct health information about you that you think is incorrect or incomplete.

  • We may say “no” to your request, but we will tell you why in writing, usually within 60 days of your request.

 

  1. Request confidential communications

  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. We will say “yes” to all reasonable requests.

  • Ask us to limit what we use or share.

  • You can ask us not to use or share certain health information for treatment, payment, or our operations.  We are not required to agree to these requests. For example, we may say “no” if it would affect your care.

  • If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.

  • Obtain a list of those with whom we have shared your information.

  • You can ask us for a list (accounting) of the instances we have shared your health information for six years prior to the date you ask, with whom we shared it, and why.

  • We will include all the disclosures except for those about treatment, payment, or health care operations, and certain other disclosures (such as any you asked us to make). We will provide one accounting per year for free but may charge a reasonable, cost-based fee if you ask for another one within 12 months.

 

  1. Get a copy of this privacy notice

  • You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically.

  • We will provide you with a paper copy promptly.

 

  1. Choose someone to act for you

  • If you have given someone health care power of attorney or if someone is your legal guardian, that person (your “personal representative”) can exercise your rights and make choices about your health information.

  • If someone has been appointed to act for you, a copy of the document appointing that person must be provided to us. We will make reasonable efforts to ensure the person has this authority and can act for you before we take any action.

 

  1. File a complaint if you feel your rights are violated

  • Protecting your confidential information is important to us. If you feel we have violated your rights, please contact us using the information at the end of this Notice.

  • You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, SW, Washington, DC 20201, calling 1.877.696.6775, or visiting hhs.gov/ocr/privacy/hipaa/complaints/.

  • We will not retaliate against you for filing a complaint either to NM or to the Office for Civil Rights.

 

Please ask us how to accomplish any of the above items by contacting us using the information at the end of this Notice. You may have to complete a form and submit your request in writing. For example, to obtain a copy, amend or restrict your medical records, or to receive a listing of

disclosures you must fill out a form. The forms are available on our website.

 

Your Choices

 

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.  In these cases, you have both the right and choice to tell us to:

 

  1. Share information with your family, close friends or others involved in your care.

  2. Share information in a disaster relief situation.

  3. Include your information in a hospital directory.

If you are not able to tell us your preference (for example, if you are unconscious), we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

We never share your information unless you give us written authorization:

  1. Marketing purposes

  2. Sale of your information

  3. Most, but not all, sharing of psychotherapy notes

 

How We May Use and Share Your Health Information

 

We may, without your written permission, use your health information within our organization and share or disclose your health information to others outside our organization for treatment, payment, and healthcare operations.  We may use and disclose your health information without your written authorization for treatment, payment and health care operations.

 

  1. Treatment

 

  • We may use your health information and share it with other professionals who are treating you. For example, a physician treating you for an injury may ask another physician about your overall health condition. Note, however, that we may ask for your written permission if certain kinds of information are being disclosed (such as mental health information).

  • We may keep your information electronically using and electronic medical record (“EMR”).  In some cases, you may be asked to give permission to allow the sharing of your health information.

 

  1. Payment

 

  • We may use and share your health information to bill and get payment from health plans or other entities. For example, we may send health information about you to your health insurance plan so it will pay for your services.

  • We may also disclose your information to other providers for their payment activities.

 

  1. Healthcare operations

 

  • We may use and disclose your health information to run our organization, improve your care, and contact you when necessary. For example, we use health information to manage your treatment and services, including to contact you to remind you that you have an appointment for medical care. We may also disclose information to clinicians, residents and fellows, medical students, and other authorized personnel for educational and learning purposes.

  • Those instances that require the use or disclosure of your health information we may disclose your health information without your written permission:

  • With some limited exceptions, to you or someone who has the legal right to act on your behalf (your personal representative).

  • To the Secretary of the Department of Health and Human Services, if necessary, to make sure your privacy is protected.

  • When required by law.

 

  1. Other purposes for which we are allowed or required to use or disclose your health information:

 

  • We may use or disclose your health information to others without your written permission in other ways, usually in ways that contribute to the public good, such as public health and research. We must meet many conditions in the law before we can share your information for these purposes. For more information see: hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

Examples include:

  1. To help with public health and safety issues we may share health information about you for certain situations such as:

 

  • Preventing disease

  • Helping with product recalls

  • Reporting adverse reactions to medications

  • Reporting suspected abuse, neglect or domestic violence

  • Preventing or reducing a serious threat to anyone’s health or safety

 

  1.  For research

Your medical information may be used for research purposes in accordance with state and federal law. For example, researchers may look at your medical information for the following research purposes:

  • To plan future research studies. For example, your information could be viewed by researchers trying to determine how often heart disease occurs in individuals of a certain age.

  • To identify and contact you regarding your interest in taking part in a specific research study. Your part in that study can only start after you have been told about the study, are given a chance to ask questions and have shown your willingness to be in the study by signing a consent form. If you prefer not to be contacted by a researcher not involved in your clinical care, you can contact Dobbie Wellness, PLLC to be removed from the contact registry,

  • To remove information that identifies you.

  • To gather information that might be used to publish an article—although your identity or identifiable information will never be released in the article without your authorization.

  • All research projects for which we share health information are carefully reviewed by an institutional review board or privacy board to protect the safety, welfare and confidentiality of our patients. If you have questions regarding the above, please call Dobbie Wellness, PLLC.

  1. To respond to organ and tissue donation requests we may share patient information with organ procurement organizations for the purpose of facilitating a patient’s organ, eye or tissue donation and transplantation.

  2. To work with a coroner, medical examiner or funeral director we may share health information with a coroner, medical examiner or funeral director when an individual dies.

  3. To address workers’ compensation, law enforcement, and other government requests we may use or share health information about you:

  • For workers’ compensation claims

  • For law enforcement purposes or with a law enforcement official

  • With health oversight agencies for activities authorized by law

  • For special government functions such as military, national security, and presidential protective services.

  1. To respond to lawsuits and legal actions, we may disclose health information about you in response to a court or administrative order, or non-sensitive information in response to a subpoena if there is a qualified protective order or satisfactory assurances.

  2. To business associates

We may disclose your health information to our “business associates,” or individuals or companies that provide services to us. For example, a business associate would include the company that administers the billing claims for us, a software vendor, a telehealth or other digital health solutions company, and other service providers. We require that business associates keep your information safe.

  1. For immunization purposes

We may disclose immunization records to schools to support public health efforts if we obtain and document an oral or written agreement from the parent, guardian or other person acting in loco parentis.

  1. To parents and legal guardians of minors

We may share a minor’s health information with his or her parents or guardians unless such disclosure is otherwise prohibited by law. For example, a minor’s parents may discuss medical treatment with the care team. Note, however, that if a minor is emancipated, married, pregnant or a parent, we will not share information with the minor’s parents or guardians. Also, if a minor is receiving certain types of treatment (such as genetic or HIV testing; testing for sexually transmitted diseases; mental health, or drug or alcohol abuse counseling; or other certain types of treatments), we will not disclose information to the minor’s parents or guardians except in certain situations as required or allowed by law (including, but not limited to, if doing so is necessary to protect the minor’s safety or that of a family member or other individual or if, in the professional judgment of the health care provider, notification would be in the minor’s best interest and we have first sought unsuccessfully to persuade the minor to notify his or her parents).

Additional State and Federal Requirements

Some State and federal laws provide additional privacy protection of your health information. These include:

  1. Sensitive health information. Some types of health information are particularly sensitive, and the law, with limited exceptions, may require that we obtain your written permission or in some instances, a court order, to use or disclose that information. Sensitive health information includes information dealing with mental health and developmental disabilities, HIV/AIDS, alcohol and drug abuse treatment, genetic testing and genetic counseling.

  2. Prior to receiving care from us, a patient signs, where required by law, a consent to allow us to use and disclose sensitive health information in the same way that the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) allows us to use and share non-sensitive health information for treatment, payment and healthcare operations as described in this Notice. For example, we may use and share sensitive health information in order to better coordinate care for our patients.

  3. Information used in certain disciplinary proceedings.  State law may require your written permission if certain health information is to be used in various review and disciplinary proceedings by state health oversight boards (such as the Department of Professional Regulation).

  4. Information used in certain litigation proceedings.  State law may require your written permission for certain providers to disclose information in certain legal proceedings.

  5. Disclosures to certain registries.  Some laws require your written permission if we disclose your health information to certain state-sponsored registries.

We are committed to following all applicable state and federal legal requirements.

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.

  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

  • We must follow the duties and privacy practices described in this Notice and offer you a written copy of it.

  • We will not use or share your information other than as described here unless you tell us we can do so in writing.  If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

Changes to This Notice

We can change the terms of this Notice, and the changes will apply to all information we have about you. The new Notice will be available upon request and on our website. However, any changes to the terms will not change our commitment to complying with applicable laws and ensuring the privacy of patient information.

Who Will Follow This Notice

This Notice will be followed by all locations that provide health related services to health participants.

Who To Contact For Information or With a Complaint

If you have any questions about this Notice, or any complaints, please contact Dobbie Wellness, PLLC.

EFFECTIVE DATE OF THIS NOTICE

This Notice is effective as of April 1 2024.

bottom of page