Laser Spine Institute, LLC
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Laser Spine Institute, LLC (“LSI”) and its affiliates and subsidiaries understand the importance of privacy, and are committed to maintaining the confidentiality of your medical information. We make a record of the medical care we provide, and may receive such records from others. We use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and to enable use to meet our professional and legal obligations to operate this medical practice properly.
We are required by law to provide you with this Notice explaining LSI’s Privacy Practices with regard to your medical information and how we may use and disclose your protected health information (“PHI”) for treatment, payment, and for health care operations, as well as for other purposes that are permitted or required by law. You have certain rights regarding the privacy of your protected health information and we also describe those rights in this Notice.
We are required by law to make sure that medical information about you is kept private. We are required to give you this Notice of our legal duties and privacy practices with respect to medical information about you. We are required to abide by the terms of the Notice currently in effect; and LSI reserves the right to change the provisions of our Notice and make new provisions effective for all PHI we maintain. If LSI makes a material change to our Notice, we will post the changes promptly on our website at https://www.laserspineinstitute.com.
What is Protected Health Information?
PHI consists of individually identifiable health information, which may include demographic information LSI collects from you or creates or receives by a health care provider, a health plan, your employer, or a health care clearinghouse and that relates to: (a) your past, present or future physical or mental health or condition; (b) the provision of health care to you; or (c) the past, present or future payment for the provision of health care to you.
This Notice of Privacy Practices became effective on April 14, 2003 and was amended on March 14, 2014.
Ways in Which We May Use and Disclose Your Protected Health Information
We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. We will also disclose your health information to other providers who may be treating you. Additionally we may from time to time disclose your health information to another provider who has been requested to be involved in your care. For example, we may share information about you with referring physicians, your primary care physician, a medical specialist, or a pharmacy.
We will use and disclose your protected health information to obtain payment for the health care services we provide you. For example, we may include information with a bill to a third-party payer that identifies you, your diagnosis, procedures performed, and supplies used in rendering the service.
Health Care Operations
We will use and disclose your protected health information to support the business activities of our facilities. For example, we may use medical information about you to review and evaluate our treatment and services or to evaluate our staff’s performance while caring for you. In addition, we may disclose your health information to third party business associates who perform billing, consulting, or transcription, or other services for our facility.
Other Ways We May Use and Disclose Your Protected Health Information
As Required by Law
We will use and disclose your protected health information when required to by federal, state, or local law.
We may use and disclose protected health information to remind you about appointments. If you are not home, we may leave this information with the person answering the phone or on your answering machine.
There are some services provided in our organization through contracts with business associates. Examples include Radiography services, laboratory tests, billing clearinghouses, attorney/legal services. When these services are contracted, we may disclose your health information so that they can perform the job we’ve asked them to do and bill you or your third party payer for services rendered. We require the business associate to appropriately safeguard your information.
Lawsuits and Disputes
We may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain a court order protecting the information requested.
Health Oversight Activities
When authorized by law, we may disclose your protected health information to a health oversight agency for purposes of audits, civil or criminal investigations, licensure, and other inspections.
Victims of Abuse, Neglect, or Domestic Violence
When required by law or if you agree to the report and if we believe that you have been a victim of abuse, neglect, or domestic violence, we may use and disclose your protected health information to notify a government agency.
To Avert a Serious Threat to Public Health or Safety
We may disclose your health information to (a) a public health authority that is authorized by law to collect information for the purpose of preventing or controlling disease, injury, or disability, including, but not limited to, the reporting of disease, injury, vital events such as birth or death, and the conduct of public health surveillance, public health investigations, and public health interventions; or, at the direction of a public health authority, to an official of a foreign government agency that is acting in collaboration with a public health authority, (b) a public health authority or other appropriate government authority authorized by law to receive reports of child abuse or neglect, (c) to a person subject to the jurisdiction of the Food and Drug Administration (“FDA”) with respect to an FDA-regulated product or activity for which that person has responsibility, for the purpose of activities related to the quality, safety or effectiveness of such FDA-regulated product or activity such as the collection or reporting of adverse events, product defects or problems, the tracking of FDA-regulated products, to enable product recalls, repairs, or replacement, or to conduct post-marketing surveillance or (d) in relation to a public health investigation into whether a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition so long as the investigating health authority is authorized by law to notify such person as necessary in the conduct of a public health intervention or investigation.
We may disclose information to researchers when their research has been approved by an Institutional Review Board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
We will use and disclose your protected health information for workers’ compensation or similar programs that provide benefits for work-related injuries or illness.
Uses and Disclosures that Require LSI to Give the Opportunity to Object or Opt-Out
Others Involved in Your Care
We may provide relevant portions of your PHI to a family member, a relative, a close friend, or any other person you identify as being involved in your medical care or payment for care. In an emergency or when you are not capable of agreeing or objecting to these disclosures, we will disclose PHI as we determine is in your best interest, but will tell you about it after the emergency, and give you the opportunity to object to future disclosures to family and friends.
Unless you object, we may use and disclose certain limited information about you in our directory while you are in our facilities. This information may include your name and your location within our facility, but will not include specific medical information about you and we may disclose directory information to people who ask for you by name.
Uses or Disclosures Not Covered by this Notice
Uses or disclosures of your health information not covered by this Notice or the laws that apply to us may only be made with your written authorization. You may revoke such authorization in writing at any time and we will no longer disclose health information about you for the reasons stated in your revocation. Disclosures made in reliance on the authorization prior to the revocation are not affected by the revocation.
Patient Rights Related to Protected Health Information
Although your health record is the physical property of the facility that compiled it, the information belongs to you. You have the right to:
Request an Amendment
You have the right to request that we amend your medical information if you feel that it is incomplete or inaccurate. You must make this request in writing to the Health Information Management Department, stating what information is incomplete or inaccurate and the reasoning that supports your request.
We are permitted to deny your request if it is not in writing or does not include a reason to support the request. We may also deny your request if:
- The information was not created by us, or the person who created it is no longer available to make the amendment.
- The information is not part of the record which you are permitted to inspect and copy.
- The information is not part of the designated record set kept by this facility or if it is the opinion of the healthcare provider that the information is accurate and complete.
You have the right to request a restriction of how we use or disclose your medical information for treatment, payment or health care operations. For example, you could request that we not disclose information about a prior treatment to a family member or friend who may be involved in your care or payment for care. Your request must be made in writing to the Health Information Management Department. We are not required to agree to your request if we feel it is in your best interest to use or disclose that information. If we do agree, we will comply with your request except for emergency treatment.
As stated later in this Notice, under the Health Information Technology for Economic and Clinical Health Act (“HITECH”), if a patient pays in full for their services out of pocket they can demand that the information regarding the service not be disclosed to the patient’s third party payer since no claim is being made against the third party payer.
Inspect and Copy
You have the right to inspect and copy the protected health information that we maintain about you in our designated record set for as long as we maintain that information. This designated record set includes your medical and billing records as well as any other records we use for making decisions about you. We may charge you a fee for the costs of copying, mailing or other supplies used in fulfilling your request.
If you wish to inspect or copy your medical information, you must submit your request in writing to LSI’s Medical Records Department:
Laser Spine Institute, LLC
Attention: Medical Records
3001 N. Rocky Point Drive E., Suite 300
Tampa, Florida 33607
You may mail your request, or bring it to the Health Information Management office. We will have thirty (30) days to respond to your request for information that we maintain at our facility. If the information is stored off-site, we are allowed up to sixty (60) days to respond but must inform you of this delay.
As stated later, HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct LSI to send the e-health record directly to a third party. LSI may only charge for labor costs under electronic transfers of e-health records.
An Accounting of Disclosures
You have the right to request a list of the disclosures of your health information we have made outside of our facility that were not for treatment, payment, or health care operations. Your request must be in writing and must state the time period for the requested information. You may not request information for any dates prior to April 14, 2003, nor for a period of time greater than six (6) years (our legal obligation to retain information).
Your first request for a list of disclosures within a twelve (12) month period will be free. If you request an additional list within twelve (12) months of the first request, we may charge you a fee for the costs of providing the subsequent list. We will notify you of such costs and afford you the opportunity to withdraw your request before any costs are incurred.
Request Confidential Communications
You have the right to request how we communicate with you to preserve your privacy. For example, you may request that we call you only at your work number, e-mail or by mail at a special address or postal box. Your request must be made in writing and must specify how or where we are to contact you. We will accommodate all reasonable requests.
File a Complaint
If you believe we have violated your medical information privacy rights, you have the right to file a complaint with our facility or directly to the Secretary of the United States Department of Health and Human Services:
U.S. Department of Health & Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
Phone: (202) 690-7000; Toll-Free: (877) 696-6775
To file a complaint with our facility, you must make it in writing. Provide as much detail as you can about the suspected violation and send it to:
Laser Spine Institute, LLC
3031 N. Rocky Point Drive W., Suite 300
Tampa, Florida 33607
You will not be retaliated against for filing a complaint.
A Paper Copy of This Notice
You have the right to receive a paper copy of this Notice, even if you agreed to receive this Notice electronically. You may request a copy of this Notice at any time by contacting our office in writing or by phone.
LSI is including HITECH Act provisions to its Notice as follows:
HITECH Notification Requirements
Under HITECH, LSI is required to notify patients whose PHI has been breached. Notification must occur by first class or certified mail within sixty (60) days of the event. A breach occurs when an unauthorized use or disclosure that compromises the privacy or security of PHI poses a significant risk for financial, reputational, or other harm to the individual. This notice must:
- Contain a brief description of what happened, including the date of the breach and the date of discovery;
- The steps the individual should take to protect themselves from potential harm resulting from the breach;
- A brief description of what LSI is doing to investigate the breach, mitigate losses, and to protect against further breaches.
LSI’s Business Associate Agreements have been amended to provide that all Health Insurance Portability and Accountability Act (“HIPAA”), security administrative safeguards, physical safeguards, technical safeguards and security policies, procedures, and documentation requirements apply directly to the business associate.
HITECH states that if a patient pays in full for their services out of pocket they can demand that the information regarding the service not be disclosed to the patient’s third party payer since no claim is being made against the third party payer.
Access to E-Health Records
HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct LSI to send the e-health record directly to a third party. LSI may only charge for labor costs under the new rules.
Accounting of E-Health Records for Treatment, Payment, and Health
Beginning with January 1, 2014, LSI is required to provide an accounting of disclosures through an e-health record to carry out treatment, payment, and health care operations. This new accounting requirement is limited to disclosures within the three-year period prior to the individual’s request.
LSI must either (a) provide an individual with an accounting of such disclosures it made and all of its business associates’ disclosures; or (b) provide an individual with an accounting of the disclosures made by LSI and a list of business associates, including their contact information, who will be responsible for providing an accounting of such disclosures upon request.