Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU
The Health Insurance Portability & Accountability Act of 1996 (“HIPAA”) is a Federal program that requests that all medical records and other individually identifiable health information used or disclosed by us in any form, whether electronically, on paper, or orally are kept properly confidential. This Act gives you, the patient, the right to understand and control how your protected health information (“PHI”) is used. HIPAA provides penalties for covered entities that misuse personal health information.
As required by HIPAA, we prepared this explanation of how we are to maintain the privacy of your health information and how we may disclose your personal information.
We may use and disclose your medical records only for each of the following purposes: treatment, payment and health care operation.
- Treatment means providing, coordinating, or managing health care and related services by one or more healthcare providers. An example of this is a primary care doctor referring you to a specialist doctor.
- Payment means such activities as obtaining reimbursement for services, confirming coverage, billing or collections activities, and utilization review. An example of this would include sending your insurance company a bill for your visit and/or verifying coverage prior to a any treatment.
- Health Care Operations include business aspects of running our practice, such as conducting quality assessments and improving activities, auditing functions, cost management analysis, and customer service. An example of this would be new patient survey cards
- The practice may also be required or permitted to disclose your PHI for law enforcement and other legitimate reasons. In all situations, we shall do our best to assure its continued confidentiality to the extent possible.
We may also create and distribute de-identified health information by removing all reference to individually identifiable information.
We may contact you, by phone or in writing, to provide appointment reminders or information about treatment alternatives or other health-related benefits and services, in addition to other fundraising communications, that may be of interest to you. You do have the right to “opt out” with respect to receiving fundraising communications from us.
The following use and disclosures of PHI will only be made pursuant to us receiving a written authorization from you:
• Most uses and disclosure of psychotherapy notes;
• Uses and disclosure of your PHI for marketing purposes, including subsidized treatment and health care operations;
• Disclosures that constitute a sale of PHI under HIPAA; and
• Other uses and disclosures not described in this notice.
You may revoke such authorization in writing and we are required to honor and abide by that written request, except to the extent that we have already taken actions relying on your prior authorization.
You may have the following rights with respect to your PHI:
• The right to request restrictions on certain uses and disclosures of PHI, including those related to disclosures of family members, other relatives, close personal friends, or any other person identified by you. We are, however, not required to honor a request restriction except in limited circumstances which we shall explain if you ask. If we do agree to the restriction, we must abide by it unless you agree in writing to remove it.
• The right to reasonable requests to receive confidential communications of Protected Health Information by alternative means or at alternative locations. • The right to inspect and copy your PHI.
• The right to amend your PHI.
• The right to receive an accounting of disclosures of your PHI.
• The right to obtain a paper copy of this notice from us upon request.
• The right to be advised if your unprotected PHI is intentionally or unintentionally disclosed.
If you have paid for services “out of pocket”, in full and in advance, and you request that we not disclose PHI related solely to those services to a health plan, we will accommodate your request, except where we are required by law to make a disclosure
We are required by law to maintain the privacy of your PHI and to provide you the notice of our legal duties and our privacy practice with respect to PHI.
This notice if effective as of December 19, 2014 and it is our intention to abide by the terms of the Notice of Privacy Practices and HIPAA Regulations currently in effect. We reserve the right to change the terms of our Notice of Privacy Practice and to make the new notice provision effective for all PHI that we maintain. We will post a copy and you may request a written copy of the revised Notice of Privacy Practice from our office.
You have recourse if you feel that your protections have been violated by our office. You have the right to file a formal, written complaint with the practice and with the Department of Health and Human Services, Office of Civil Rights. We will not retaliate against you for filing a complaint.
Information Collected and Received
Actively Submitted Data: When you use the Application or otherwise actively send data to MyDerm Portal, you are providing, and MyDerm Portal collects, data such as your name, email address(es), mailing address(es), telephone number(s), and certain health/medical information about your patients, such as symptoms, diagnoses, and treatments. In each instance, you will know what data is collected through the Applications, because you actively submit it. MyDerm Portal collects actively submitted data primarily for the purpose for which you originally submitted the data (for example, registering for a user account on the Application, utilizing the MyDerm Portal services, and requesting email, telephone, fax, or short message service (“SMS”) communications from MyDerm Portal. MyDerm Portal may also use this data internally as research data to improve service offerings, and for purposes of advertising, promoting, and informing you of services and initiatives. For further clarification, MyDerm Portal may use certain health/medical information to provide data aggregation services. Aggregation is defined as combining certain health/medical information received from multiple sources to produce data analysis for marketing and/or any other legal purpose, provided an individual cannot be personally identified.
Passively Collected Data: When you use the Application, information regarding your Device and Internet connection, such as the IP address of your Device and/or Internet service provider, the date and time you access the Application, and the Device technology you are using, are passively collected. We may utilize technology, such as cookies, to collect such information. We may also use such cookies to collect information in connection with future uses of the Application, to recognize you as a previous user and to track your activity on the Application. We reserve the right to use other technologies and navigational data collection tools (log files, server logs, or click stream). MyDerm Portal passively collects this data primarily for purposes of administering, protecting and improving the Application and systems, to better understand the preferences of Application users, to identify server problems, to compile aggregated statistics about Application usage, and to help personalize your experience when using the Application.
We do not knowingly collect or solicit personal information from children under 13 years of age. If you are under the age of 18, you should use this website only with the involvement of a parent or guardian and should not submit any personal information to us. If we discover that a person under the age of 13 has provided us with any personal information, we will use commercially reasonable efforts to delete such person’s personal information from all MyDerm Portal systems.
Global Positioning System
Global Positioning System (GPS) tracking technology may need to be enabled in MyDerm Portal products and services in order to determine the location (latitude and longitude) of users of the MyDerm Portal products and services. This information is transmitted to MyDerm Portal, MyDerm Portal’s users, and temporarily stored by MyDerm Portal. MyDerm Portal does not provide this information to any other third party.
Uses of Information
Except as described in this section, we will not disclose your personal information to any third party without notifying you of our intent to share the information and giving you an opportunity to prevent your information from being shared.
We may use your information to do the following:
Enable Your Use
§ Enhance, customize and personalize your MyDerm Portal experiences and communications;
Operate, Improve and Analyze
§ Operate, provide, improve and maintain the Application, including analyzing user behavior and trends;
§ Send you administrative messages and other information about MyDerm Portal. Communicate with you about your account information or to provide you with customer service.
MyDerm Portal reserves the right to disclose information when required by law.
MyDerm Portal uses industry-standard technologies when transferring and receiving consumer data exchanged between MyDerm Portal and other companies to help ensure its security. These third parties have security measures in place to protect the loss, misuse and alteration of the information under MyDerm Portal control. MyDerm Portal’s servers are backed up regularly and protected by security systems.
The Application may link to third party web sites. MyDerm Portal will make reasonable efforts to link only to sites that meet similar standards for maintaining each individual’s right to privacy.
Successors and Assigns
INFORMED CONSENT FOR TELEMEDICINE SERVICES
Telemedicine involves the use of electronic communications to enable health care providers to
treat patients over the internet. The information exchanged may be used for diagnosis, therapy, follow-up and/or education, and may include any of the following:
- Patient medical records
- Medical images
Electronic systems used will incorporate network and software security protocols to protect the confidentiality of patient identification and imaging data and will include measures to safeguard the data and to ensure its integrity against intentional or unintentional corruption.
- Improved access to medical care by enabling a patient to remain in his/her residence while the physician assesses and provides treatment.
- More efficient medical evaluation and management.
As with any medical procedure, there are potential risks associated with the use of telemedicine.
These risks include, but may not be limited to:
- In some cases, even with optimal resolution images and accurate assessment questionnaires, the physician’s assessment, diagnosis, and treatment decisions may differ from that of an in-person exam and thus result in a different diagnosis and treatment plan.
- In rare cases, information transmitted may not be sufficient (e.g. poor resolution of images) to allow for appropriate medical decision making by the physician;
- Delays in medical evaluation and treatment could occur due to deficiencies or failures of the equipment;
- In very rare instances, security protocols could fail, causing a breach of privacy of personal medical information;
- In rare cases, a lack of access to complete medical records may result in adverse drug interactions or allergic reactions or other judgment errors;
By using this telemedicine application, I understand and agree to the following:
1. I understand that the laws that protect privacy and the confidentiality of medical information also apply to telemedicine, and that no information obtained in the use of telemedicine which identifies me will be disclosed to researchers or other entities without my consent.
2. I understand that I have the right to withhold or withdraw my consent to the use of telemedicine in the course of my care at any time, without affecting my right to future care or treatment.
3. I understand that I have the right to inspect all information obtained and recorded in the course of a telemedicine interaction, and may receive copies of this information for a reasonable fee.
4. I understand that a variety of alternative methods of medical care may be available to me, and that I may choose one or more of these at any time.
5. I understand that telemedicine may involve electronic communication of my personal medical information.
6. I understand that it is my duty to inform my physician of electronic interactions regarding my care that I may have with other healthcare providers.
7. I understand that I may expect the anticipated benefits from the use of telemedicine in my care, but that no results can be guaranteed or assured.
8. I understand that even with the best resolution images a telemedicine visit may not provide the same assessment and diagnostic accuracy that an in-person visit can provide.
You agree that you have read and understand the information provided above regarding telemedicine, have discussed it with my physician or such assistants as may be designated, and all of my questions have been answered to my satisfaction. By proceeding, you hereby agree to give your informed consent for the use of telemedicine in my medical care.