THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices describes how John Hilinski, M.D. (“the practice,” “we,” “us,” or “our”) may use and disclose your protected health information (PHI) and how you can obtain access to this information. We are required by law to maintain the privacy of your PHI, to provide you with this Notice of our legal duties and privacy practices with respect to your PHI, to notify you following a breach of unsecured PHI, and to abide by the terms of the Notice currently in effect.
How We May Use and Disclose Your Health Information
The following categories describe the ways we may use and disclose your protected health information without a separate written authorization. Not every use or disclosure within a category is listed, but all of the ways we are permitted to use and disclose information fall within one of these categories.
Treatment.
We may use your PHI to provide, coordinate, or manage your medical care and related services. We may disclose your PHI to physicians, nurses, surgical and aesthetic staff, anesthesia providers, technicians, or other personnel involved in your care, including providers outside our office to whom we refer you. For example, we may share information with an anesthesia provider prior to a surgical procedure or with another physician from whom we have requested a consultation.
Payment.
We may use and disclose your PHI so that the services you receive may be billed and payment collected from you, an insurance company, or a third party. For example, we may provide information about a procedure to your health plan so that it will reimburse us or determine your eligibility and coverage.
Health Care Operations.
We may use and disclose your PHI to support the business activities of our practice. These activities include, but are not limited to, quality assessment, staff training and evaluation, licensing, accreditation, business planning, and general administration. For example, we may use your information to review the care you received or to train members of our staff.
Appointment Reminders, Treatment Alternatives, and Health-Related Services.
We may contact you to remind you of an upcoming appointment by telephone, text message, e-mail, or mail. We may also contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you.
Individuals Involved in Your Care or Payment for Your Care.
Unless you object, we may disclose to a family member, relative, friend, or other person you identify the PHI directly relevant to that person’s involvement in your care or payment for your care. We may also use or disclose your PHI to notify, or assist in notifying, such a person of your location or general condition.
Business Associates.
We may disclose your PHI to third parties, known as business associates, that perform services on our behalf, such as billing, transcription, or information technology services. We require our business associates to appropriately safeguard your information through written agreements.
As Required by Law.
We will use or disclose your PHI when required to do so by federal, state, or local law.
Public Health Activities.
We may disclose your PHI for public health activities, such as preventing or controlling disease, reporting adverse events related to medications or products, or notifying persons of recalls of products they may be using.
Victims of Abuse, Neglect, or Domestic Violence.
We may disclose your PHI to the appropriate government authority if we reasonably believe you are a victim of abuse, neglect, or domestic violence, to the extent permitted or required by law.
Health Oversight Activities.
We may disclose your PHI to a health oversight agency for activities authorized by law, such as audits, investigations, inspections, and licensure.
Judicial and Administrative Proceedings.
We may disclose your PHI in response to a court or administrative order, or in response to a subpoena, discovery request, or other lawful process, under the conditions specified by law.
Law Enforcement.
We may disclose your PHI to a law enforcement official for purposes permitted by law, such as complying with a court order or identifying or locating a suspect, fugitive, witness, or missing person.
Coroners, Medical Examiners, and Funeral Directors.
We may disclose PHI to a coroner, medical examiner, or funeral director as necessary to permit them to carry out their duties.
Serious Threat to Health or Safety.
We may use or disclose your PHI when necessary to prevent or lessen a serious and imminent threat to your health and safety or to the health and safety of the public or another person.
Specialized Government Functions.
We may disclose PHI for specialized government functions, including military and veterans’ activities, national security and intelligence activities, and protective services for the President and others, as authorized by law.
Workers’ Compensation.
We may disclose your PHI as authorized by and to the extent necessary to comply with workers’ compensation laws and similar programs.
Uses and Disclosures That Require Your Written Authorization
Other uses and disclosures of your protected health information not described above will be made only with your written authorization. The following uses and disclosures will be made only with your written authorization:
Marketing and Use of Photographs or Images.
We will not use or disclose your PHI for marketing purposes without your written authorization. As a cosmetic practice, this specifically includes the use of your photographs, images, or video — including before-and-after images — on our website, on social media, in advertising, or in any other promotional material. Any such use requires your separate written authorization, which is entirely voluntary and is not a condition of receiving treatment.
Sale of Protected Health Information.
We will not sell your PHI without your written authorization.
Revoking an Authorization.
You may revoke a written authorization at any time, in writing. Upon receipt of your written revocation, we will stop using or disclosing your PHI for the purposes covered by the authorization, except to the extent that we have already relied on it.
Your Rights Regarding Your Protected Health Information
You have the following rights regarding the protected health information we maintain about you:
Right to Inspect and Copy.
You have the right to inspect and obtain a copy of the PHI we maintain about you in a designated record set, such as medical and billing records. To inspect or obtain a copy, submit a written request to our Privacy Officer. We may charge a reasonable, cost-based fee. We may deny your request in certain limited circumstances, and in some cases you may request that the denial be reviewed.
Right to Request an Amendment.
If you believe information in your records is incorrect or incomplete, you have the right to request that we amend it. Submit your request in writing to our Privacy Officer, including a reason that supports the request. We may deny your request under certain circumstances and will provide a written explanation if we do.
Right to an Accounting of Disclosures.
You have the right to request a list of certain disclosures we have made of your PHI. This accounting does not include disclosures made for treatment, payment, or health care operations, or certain other disclosures permitted by law. Submit your request in writing to our Privacy Officer.
Right to Request Restrictions.
You have the right to request a restriction on the PHI we use or disclose for treatment, payment, or health care operations, or to a person involved in your care. We are not required to agree to your request, except that we must agree to a request to restrict disclosure to a health plan for purposes of payment or health care operations if you have paid for the item or service in full, out of pocket.
Right to Request Confidential Communications.
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location — for example, by mail to a specified address or by a particular telephone number. We will accommodate reasonable requests.
Right to a Paper Copy of This Notice.
You have the right to receive a paper copy of this Notice upon request, even if you have agreed to receive it electronically.
Right to Be Notified of a Breach.
You have the right to be notified in the event of a breach of your unsecured protected health information.
Changes to This Notice
We reserve the right to change this Notice and to make the revised Notice effective for PHI we already have about you as well as any information we receive in the future. The current Notice will be posted in our office and on our website and will contain its effective date. You may obtain a copy of the current Notice at any time.
More Protective State Law
Where California law or other applicable law provides greater privacy protection than HIPAA, we will follow the more protective standard. Certain categories of information, such as HIV/AIDS status, mental health information, and genetic information, may receive additional protection under state and federal law.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with our practice by contacting our Privacy Officer. You may also file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights. You will not be penalized or retaliated against in any way for filing a complaint.
For More Information or to File a Complaint, Contact:
Privacy Officer
John Hilinski, M.D.
11199 Sorrento Valley Road, Suite 202, San Diego, CA 92121
(619) 296-3223