Notice of Privacy Practices
of
CANCER CARE GROUP, P.C.
Effective Date: 04/14/03
THIS NOTICE
DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW
YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
A. WE HAVE A LEGAL DUTY TO PROTECT
HEALTH INFORMATION ABOUT YOU.
We are required by law to
maintain the privacy of your health information and to provide you with notice
of our legal duties and privacy practices.
This Notice of Privacy Practices describes how we may use and disclose
your protected health information to carry out treatment, payment or health
care operations and for other purposes that are permitted or required by
law. It also describes your rights to
access and control you protected health information. “Protected health information” (PHI) is
information about you, including demographic information, that may identify you
and that relates to your past, present or future physical or mental health or
condition and related health care services.
We are required to follow the
procedures in this Notice. We reserve
the right to change the terms of this notice and to make the new notice
provisions effective for medical information we already have about you as well
as any information we receive in the future.
We will provide you with any revised Notice of Privacy Practices by
posting a copy on our website (www.cancercaregroup.com). In addition, each time you register at or are
admitted for treatment or health care services we will make a copy of the
current notice available to you. All
copies of the Notice of Privacy Practices will contain the effective date,
which will not be earlier than the date on which the Notice is printed or
published.
B. WE MAY USE AND DISCLOSE PHI ABOUT YOU
WITHOUT YOUR AUTHORIZATION IN THE
FOLLOWING CIRCUMSTANCES.
Your PHI may be used and disclosed
by your physician, our office staff and others outside of our office that are
involved in your care and treatment for the purpose of providing health care
services to you. Your PHI may also be
used and disclosed to pay your health care bills and to support the operation
of the physician’s practice.
The following categories
describe different ways that we use and disclose medical information. Not every use or disclosure in a category
will be listed. Information may be
disclosed in writing, orally, or electronically.
Treatment: We may use and disclose PHI about you to
provide, coordinate or manage your health care and related services. This may include communicating with other
health care providers regarding your treatment and coordinating and managing
your health care with others. We may
disclose your medical information to doctors, nurses, technicians, medical
students, or other personnel who are involved in your care.
EXAMPLE: Your protected health information may be
provided to a physician to whom you have been referred to ensure that the
physician has the necessary information to diagnose or treat you.
EXAMPLE: Your doctor may share PHI about you with a
pharmacy when calling in a prescription.
Payment: Your protected health information will be
used, as needed, to obtain payment for you health care services. This may include certain activities that your
health insurance plan may undertake before it approves or pays for the health
care services we recommend for you such as: making a determination of
eligibility or coverage for insurance benefits, reviewing services provided to
you for medical necessity, and undertaking utilization review activities. We may also share portions of your medical
information with billing departments, collection departments or agencies,
insurance companies, health plans, and consumer reporting agencies (e.g.,
credit bureaus).
EXAMPLE: Your protected health information may be
given to our billing department and your insurance company (or health plan) so
we can be paid or you can be reimbursed.
EXAMPLE: We may tell your insurance about treatment
you are going to receive to obtain prior approval for the services.
Healthcare Operations: We may use and
disclose your PHI in order to support our business activities. These activities include, but are not limited
to, quality assessment activities, employee review activities, training of
medical students, licensing, marketing and fundraising activities, and
conducting or arranging for other business activities.
EXAMPLE: We may use medical information to review our
treatment and services and to evaluate our performance. We may combine medical information about many
patients to decide what additional services we should offer, what services are
not needed, and whether certain new treatments are effective.
EXAMPLE: We may disclose information to doctors,
nurses, technicians, medical students, and other personnel for review and
learning purposes. We may combine the
medical information we have with medical information from other hospitals to
compare how we are doing and see where we can make improvements in the care and
services we offer.
EXAMPLE: We may remove information that identifies you
from this set of medical information so others may use it to study health care
and health care delivery without learning who the specific patients are.
Business Associates: We contract
with outside organizations, called business associates, to perform some of our
operational tasks on our behalf.
Examples would include billing agencies and a copy service we use when
making copies of your health record.
When these services are performed, we disclose the necessary health
information to these companies so that they can perform the tasks we have asked
them to do and bill you or your third-party payor for services rendered. To protect your health information, however,
we require the business associate to appropriately safeguard your information.
Appointment Reminders: We may use and
disclose your medical information to remind you of appointments, annual exams,
or prescription refills.
Treatment Alternatives: We may use and
disclose medical information to tell you about or recommend possible treatment
options or alternatives that you may be of interest to you.
Others Involved in Your Healthcare: Unless you
object, we may disclose to a member of your family, a relative, a close friend
or any other person you identify, your PHI that directly relates to that
person’s involvement in your health care.
If you are unable to agree or object to such a disclosure, we may
disclose such information as necessary if we determine that it is in your best
interest based on our professional judgement.
We may use or disclose protected health information to notify or assist
in notifying a family member, personal representative or any other person that
is responsible for your care of your location, general condition or death. Finally, we may use or disclose your
protected health information to an authorized public or private entity to
assist in disaster relief efforts and to coordinate uses and disclosures to
family or other individuals involved in your health care.
Other Permitted and Required Uses and
Disclosures That May Be Made Without Your Consent, Authorization or Opportunity to Object
Are Listed Below
Medical Research: Under certain
circumstances, we may disclose PHI about you for medical research.
EXAMPLE: We may release information about you to
researchers preparing to conduct a research project who need to know how many
patients have a specific health problem.
EXAMPLE: We may also use and disclose medical
information about you for research purposes if the research has been subjected
to a careful review process conducted by a specially selected and trained
committee and received this committee’s approval. This process evaluates a proposed research
project and its use of medical information, and balances the potential benefit
of the research against individual patients’ need for privacy of their medical
information.
EXAMPLE: A research project may involve comparing the
health and recovery of all patients who received one medication to those who
received another for the same condition.
In that situation, you would not be identified or contacted, but your
medical information may be used but kept confidential.
EXAMPLE: In other studies, if a doctor caring for you
believes you may be interested in, or benefit from, a research study, your
doctor and the committee will approve someone to contact you to see if you are
interested in the study. At that time,
you would be contacted with more information and you would have the right to
authorize continued contact or refuse further contact.
Avert Threat to Health or Safety: We may
disclose PHI about you to prevent or lessen a serious and eminent threat to the
health or safety of a person or the public.
Cadaveric Organ/Tissue Donation: If you are an
organ donor, we may release medical information to organizations that handle
organ procurement or organ, eye or tissue transplantation or to an organ
donation bank, as necessary to facilitate organ or tissue donation and
transplantation.
Military and Veterans: We may use or
disclose PHI of individuals who are Armed Forces personnel (1) for activities
deemed necessary by appropriate military command authorities; (2) for the
purpose of a determination by the Department of Veterans Affairs of your
eligibility for benefits, or (3) to foreign military authority if you are a
member of that foreign military services.
National Security and Intelligence Activities: We may also
disclose your PHI to authorized federal officials for conducting national
security and intelligence activities, including the provision of protective
services to the President or others legally authorized.
Workers’ Compensation: We may release
medical information about you for workers’ compensation or similar
programs. These programs provide
benefits for work-related injuries or illness.
Legal Proceedings: We may
disclose PHI in the course of any judicial or administrative proceeding, in
response to an order of a court or administrative tribunal (to the extent such
disclosure is expressly authorized), in certain conditions in response to a
subpoena, discovery request or other lawful process.
Health Oversight Activities: We may
disclose PHI about you to a state or federal health oversight agency which is
authorized by law to oversee our operations. These oversight activities include audits,
investigations, inspections, and licensure.
Law Enforcement: We may also
disclose protected health information, so long as applicable legal requirements
are met, for law enforcement purposes.
These law enforcement purposes include (1) legal processes and otherwise
required by law, (2) limited information requests for identification and
location purposes, (3) pertaining to victims of a crime, (4) suspicion that
death has occurred as a result of criminal conduct, (5) in the event that a
crime occurs on the premises of the practice, and (6) medical emergency (not on
the Practice’s premises) and it is likely that a crime has occurred.
Inmates: We may use or
disclose your PHI to a correctional institution having lawful custody of
you.
Coroners, Medical Examiners and
Funeral Directors: We may release medical information to a
coroner or medical examiner. This may be
necessary, for example, to identify a deceased person or to determine the cause
of death. We may also release medical
information about patients of the hospital to funeral directors as necessary to
carry out their duties.
Public Health: We may
disclose your PHI for public health activities and purposes to a public health
authority that is permitted by law to collect or receive the information. The disclosure will be made for the purpose
of controlling disease, injury or disability.
We may also disclose your protected health information, if directed by
the public health authority, to a foreign government agency that is
collaborating with the public health authority.
Abuse or Neglect: We may
disclose your PHI to a public health authority that is authorized by law to
receive reports of child abuse or neglect.
In addition, we may disclose your protected health information if we
believe that you have been a victim of abuse, neglect or domestic violence to
the governmental entity or agency authorized to receive such information.
C. YOU HAVE SEVERAL RIGHTS
REGARDING PHI ABOUT YOU.
You
have the right to request restrictions on uses and disclosures of PHI about you. You also have
the right to request a limit on the medical information we disclose about you
to someone who is involved in your care or the payment for your care, like a
family member or friend. In your
request, you must tell us (1) what information you want to limit; (2) whether
you want to limit our use, disclosure or both; and (3) to whom you want the
limits to apply. Requests must be made
in writing and submitted to the Privacy Officer.
We
are not required to agree to your request.
If we do agree, we will comply with your request unless the information
is needed to provide you emergency treatment.
You
have the right to request confidential communications. You have the
right to request that we communicate with you about medical matters in a
certain way or at a certain location. We
will not request an explanation from you as to the basis for the request. We must accommodate reasonable requests. But we may also condition this accommodation
by asking you for information as to how payment will be handled or
specification of an alternative address or other method of contact. Your request must be in writing and can be
submitted to the Privacy Officer.
You have the right to inspect and copy
your protected health information. You have the right to request to see and
receive a copy of medical information that may be used to make decisions about
your care. This includes medical and
billing records, but does not include psychotherapy notes. Your request must be in writing and can be
submitted to the Office Manager of the treatment site (clinic). If you request a copy of the information, we
may charge a fee for the costs of copying, mailing or other supplies associated
with your request.
There are certain situations
in which we are not required to comply with your request. In such an instance, we will respond to you
in writing stating why we will not grant your request. In some circumstances, you may have a right
to have this decision reviewed. Please
contact the Privacy Officer if you have questions about access to your medical
record.
You have the right to request an
amendment of protected health information about you. You have the
right to request that we make amendments to clinical, billing and other records
used to make decisions about you. To
request an amendment, your request must be made in writing and submitted to the
Privacy Officer. In addition, you must
provide a reason that supports your request.
We may deny your request if:
1) the information was not created by us (unless you proved the creator of the
information is no longer available to amend the record); 2) the information is
not part of the records used to make decisions about you; 3) we believe the
information is correct; or 4) the information is not part of the information
which you would be permitted to inspect and copy. If we deny your request for amendment, you
have the right to file a statement of disagreement with us and we may prepare a
rebuttal to your statement and will provide you with a copy of any such
rebuttal.
You have the right to receive an
accounting of certain disclosures we have made of your PHI. This right
applies to disclosures for purposes other than treatment, payment or healthcare
operations as described in this Notice of Privacy Practices. It excludes disclosures we may have made to
you, for a facility directory, to family members or friends involved in your
care, or for notification purposes. You
may ask for disclosures made up to six (6) years before your request (not
including disclosures made prior to April 14, 2003). The list
will include the date of the disclosure, the name (and address, if available)
of the person or organization receiving the information, a brief description of
the information disclosed, and the purpose of the disclosure. If you request a list of disclosures more
than once in 12 months, we can charge you a reasonable fee. Your request for an accounting of disclosures
must be made in writing and submitted to the Privacy Officer.
You have the right to receive a paper
copy of this Notice from us upon request. We will provide a copy of this
Notice no later than the date you first receive service from us (except for
emergency services, and then we will provide the Notice to you as soon as
possible). You may ask us to give you a
copy of this notice at any time. Even if
you have agreed to receive this notice electronically, you are still entitled
to a paper copy of this notice.
D. YOU MAY FILE A COMPLAINT ABOUT OUR
PRIVACY PRACTICES.
If you believe your privacy
rights have been violated, you may file a complaint with us by contacting the
person listed below:
Portia Frecker, Privacy Officer
950 N. Meridian Street, Suite 920
Indianapolis, Indiana 46204
317/925-7730 (Phone)
317/921-4109 (Fax)
Portia.Frecker@ccg.meddir.com
All complaints must be
submitted in writing. You may also send
a written complaint to the United States Secretary of the Department of Health
and Human Services. You will not be
penalized or retaliated against for filing a complaint.
This notice was published and becomes effective on
April 14, 2003.
