×

PRIVACY POLICY

PIEDMONT RETINA SPECIALISTS

Patient Privacy Notice

As required by the privacy regulations created as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU (AS A PATIENT OF THIS PRACTICE) MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO YOUR INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

A. Our commitment to your privacy:
Our practice is dedicated to maintaining the privacy of your individually identifiable health information (also called protected health information, or PHI). In conducting our business, we will create records regarding you and the treatment and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We also are required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in our practice concerning your PHI.

By federal and state law, we must follow the terms of the Notice of Privacy Practices that we have in effect at the time.

We realize that these laws are complicated, but we must provide you with the following important information:

  • How we may use and disclose your PHI,
  • Your privacy rights in your PHI,
  • Our obligations concerning the use and disclosure of your PHI.

The terms of this notice apply to all records containing your PHI that are created or retained by our practice. We reserve the right to revise or amend this Notice of Privacy Practices. Any revision or amendment to this notice will be effective for all of your records that our practice has created or maintained in the past, and for any of your records that we may create or maintain in the future. Our practice will post a copy of our current Notice in our offices in a visible location at all times, and you may request a copy of our most current Notice at any time.

B. If you have questions about this Notice, please contact:
Piedmont Retina Specialists, 1132 N.Church Street, Ste. 103, Greensboro, NC 27401, 336-369-7100

C. We may use and disclose your PHI in the following ways:
The following categories describe the different ways in which we may use and disclose your PHI.

  1. Treatment. Our practice may use your PHI to treat you. For example, we may ask you to have laboratory tests (such as blood or urine tests), and we may use the results to help us reach a diagnosis. We might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when we order a prescription for you. Many of the people who work for our practice - including, but not limited to, our doctors and nurses - may use or disclose your PHI in order to treat you or to assist others in your treatment. Additionally, we may disclose your PHI to others who may assist in your care, such as your spouse, children or parents. Finally, we may also disclose your PHI to other health care providers for purposes related to your treatment.
  2. Payment. Our practice may use and disclose your PHI in order to bill and collect payment for the services and items you may receive from us. For example, we may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits), and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment. We also may use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, such as family members. Also, we may use your PHI to bill you directly for services and items. We may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.
  3. Health care operations. Our practice may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us, or to conduct cost-management and business planning activities for our practice. We may disclose your PHI to other health care providers and entities to assist in their health care operations.
  4. Optional: Appointment reminders. Our practice may use and disclose your PHI to contact you and remind you of an appointment.
  5. Optional: Treatment options. Our practice may use and disclose your PHI to inform you of potential treatment options or alternatives.
  6. Optional: Health-related benefits and services. Our practice may use and disclose your PHI to inform you of health-related benefits or services that may be of interest to you.
  7. Optional: Release of information to family/friends. Our practice may release your PHI to a friend or family member that is involved in your care, or who assists in taking care of you. For example, a parent or guardian may ask that a baby sitter take their child to the pediatrician's office for treatment of a cold. In this example, the baby sitter may have access to this child's medical information.
  8. Disclosures required by law. Our practice will use and disclose your PHI when we are required to do so by federal, state or local law.

D. Use and disclosure of your PHI in certain special circumstances:
The following categories describe unique scenarios in which we may use or disclose your identifiable health information:

  1. Public health risks. Our practice may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:
    • Maintaining vital records, such as births and deaths,
    • Reporting child abuse or neglect,
    • Preventing or controlling disease, injury or disability,
    • Notifying a person regarding potential exposure to a communicable disease,
    • Notifying a person regarding a potential risk for spreading or contracting a disease or condition,
    • Reporting reactions to drugs or problems with products or devices,
    • Notifying individuals if a product or device they may be using has been recalled,
    • Notifying appropriate government agency (ies) and authority (ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information,
    • Notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance.
  2. Health oversight activities. Our practice may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions; civil, administrative and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.
  3. Lawsuits and similar proceedings. Our practice may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.
  4. Law enforcement. We may release PHI if asked to do so by a law enforcement official:
    • Regarding a crime victim in certain situations, if we are unable to obtain the person's agreement
    • Concerning a death we believe has resulted from criminal conduct,
    • Regarding criminal conduct at our offices,
    • In response to a warrant, summons, court order, subpoena or similar legal process,
    • To identify/locate a suspect, material witness, fugitive or missing person,
    • In an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator).
  5. Optional: Deceased patients. Our practice may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their jobs.
  6. Optional: Organ and tissue donation. Our practice may release your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation banks, as necessary to facilitate organ or tissue donation and transplantation if you are an organ donor.
  7. Optional: Research. Our practice may use and disclose your PHI for research purposes in certain limited circumstances. We will obtain your written authorization to use your PHI for research purposes except when an Internal Review Board or Privacy Board has determined that the waiver of your authorization satisfies all of the following conditions:
    (A) The use or disclosure involves no more than a minimal risk to your privacy based on the following: (i) an adequate plan to protect the identifiers from improper use and disclosure; (ii) an adequate plan to destroy the identifiers at the earliest opportunity consistent with the research (unless there is a health or research justification for retaining the identifiers or such retention is otherwise required by law); and (iii) adequate written assurances that the PHI will not be re-used or disclosed to any other person or entity (except as required by law) for authorized oversight of the research study, or for other research for which the use or disclosure would otherwise be permitted;
    (B) The research could not practicably be conducted without the waiver,
    (C) The research could not practicably be conducted without access to and use of the PHI.
  8. Serious threats to health or safety. Our practice may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
  9. Military. Our practice may disclose your PHI if you are a member of U.S. or foreign military forces (including veterans) and if required by the appropriate authorities.
  10. National security. Our practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the president, other officials or foreign heads of state, or to conduct investigations.
  11. Inmates. Our practice may disclose your PHI to correctional institutions or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure for these purposes would be necessary: (a) for the institution to provide health care services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety of other individuals.
  12. Workers' compensation. Our practice may release your PHI for workers' compensation and similar programs.

E. Your rights regarding your PHI:
You have the following rights regarding the PHI that we maintain about you:

  1. Confidential communications. You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work. In order to request a type of confidential communication, you must make a written request to Piedmont Retina Specialists specifying the requested method of contact, or the location where you wish to be contacted. Our practice will accommodate reasonable requests. You do not need to give a reason for your request.
  2. Requesting restrictions. You have the right to request a restriction in our use or disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. We are not required to agree to your request; however, if we do agree, we are bound by our agreement except when otherwise required by law, in emergencies or when the information is necessary to treat you. In order to request a restriction in our use or disclosure of your PHI, you must make your request in writing to Piedmont Retina Specialists Your request must describe in a clear and concise fashion:
    • The information you wish restricted,
    • Whether you are requesting to limit our practice's use, disclosure or both,
    • To whom you want the limits to apply.
  3. Inspection and copies. You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, but not including psychotherapy notes. You must submit your request in writing to Piedmont Retina Specialists in order to inspect and/or obtain a copy of your PHI. Our practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. Another licensed health care professional chosen by us will conduct reviews.
  4. Amendment. You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by or for our practice. To request an amendment, your request must be made in writing and submitted to Piedmont Retina Specialists. You must provide us with a reason that supports your request for amendment. Our practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you ask us to amend information that is in our opinion: (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by our practice, unless the individual or entity that created the information is not available to amend the information.
  5. Accounting of disclosures. All of our patients have the right to request an "accounting of disclosures." An "accounting of disclosures" is a list of certain non-routine disclosures our practice has made of your PHI for purposes not related to treatment, payment or operations. Use of your PHI as part of the routine patient care in our practice is not required to be documented - for example, the doctor sharing information with the nurse; or the billing department using your information to file your insurance claim. In order to obtain an accounting of disclosures, you must submit your request in writing to Piedmont Retina Specialists. All requests for an "accounting of disclosures" must state a time period, which may not be longer than six (6) years from the date of disclosure and may not include dates before April 14, 2003. The first list you request within a 12-month period is free of charge, but our practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the costs involved with additional requests, and you may withdraw your request before you incur any costs.
  6. Right to a paper copy of this notice. You are entitled to receive a paper copy of our notice of privacy practices. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this notice, contact Piedmont Retina Specialists, 1132 N.Church Street, Ste. 103, Greensboro, NC 27401, 336-369-7100
  7. Right to file a complaint. If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint with our practice, contact Piedmont Retina Specialists, 1132 N.Church Street, Ste. 103, Greensboro, NC 27401, 336-369-7100 All complaints must be submitted in writing. You will not be penalized for filing a complaint.
  8. Right to provide an authorization for other uses and disclosures. Our practice will obtain your written authorization for uses and disclosures that are not identified by this notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please note: We are required to retain records of your care.

Again, if you have any questions regarding this notice or our health information privacy policies, please contact Piedmont Retina Specialists, 1132 N.Church Street, Ste. 103, Greensboro, NC 27401, 336- 369-7100.

POLICIES & PROCEDURES

IDENTITY THEFT PREVENTION & DETECTION

RED FLAGS RULE COMPLIANCE

Policy

It is the policy of Piedmont Retina Specialists to follow all federal and state laws and reporting requirements regarding identity theft. Specifically, this policy outlines how Piedmont Retina Specialists will (1) identify, (2) detect, and (3) respond to “red flags”. A “red flag” as defined by this policy include a pattern, practice, or specific account or record activity that indicates a possible identity theft.

It is the policy of Piedmont Retina Specialists, PA that this Identity theft prevention and detection and Red Flags Rule compliance program is approved by Jason B. Sanders, MD of Piedmont Retina Specialists, PA as of November 1, 2009, and that the policy is reviewed and approved no less than annually.

It is the policy of Piedmont Retina Specialists, PA that the Office Manager is assigned the responsibility of implementing and maintaining the Red Flags Rule requirements. Furthermore, it is the policy of Piedmont Retina Specialists, PA that the Office Manager will be provided sufficient resources and authority to fulfill these responsibilities. At a minimum, it is the policy of Piedmont Retina Specialists, PA that there will be one individual or job description designated as the privacy official.

It is the policy of Piedmont Retina Specialists, PA that, pursuant to the existing HIPAA Security Rule, appropriate physical, administrative and technical safeguards will be in place to reasonably safeguard protected health information and sensitive information related to patient identity from any intentional or unintentional use or disclosure.

It is the policy of Piedmont Retina Specialists, PA that its business associates must be contractually bound to protect sensitive patient information to the same degree as set forth in this policy. It is also the policy of Piedmont Retina Specialists, PA that business associates who violate their agreement will be dealt with first by an attempt to correct the problem, and if that fails, by termination of the agreement and discontinuation of services by the business associate.

It is the policy of Piedmont Retina Specialists, PA that all members of our workforce have been trained by the November 1, 2009 compliance date on the policies and procedures governing compliance with the Red Flags Rule. It is also the policy of Piedmont Retina Specialists, PA that new members of our workforce receive training on these matters within a reasonable time after they have joined the workforce.

It is the policy of Piedmont Retina Specialists, PA to provide training should any policy or procedure materially changes. Furthermore, it is the policy of Piedmont Retina Specialists; PA that training will be documented, indicating participants, date and subject matter.

Procedures

I. Identify red flags. In the course of caring for patients, Piedmont Retina Specialists, PA may encounter inconsistent or suspicious documents, information or activity that may signal identity theft. Piedmont Retina Specialists, PA identifies the following as potential red flags, and this policy includes procedures describing how to detect and respond to these red flags below:

  1. A complaint or question from a patient based on the patient’s receipt of: • A bill for another individual; • A bill for a product or service that the patient denies receiving; • A bill from a health care provider that the patient never patronized; or • A notice of insurance benefits (or explanation of benefits) for health care services never received.
  2. Records showing medical treatment that is inconsistent with examination or medical history as reported by the patient.
  3. A compliant or question from a patient about the receipt of a collection notice from a bill collector.
  4. Patient or health insurers report that coverage for legitimate hospital care is denied because insurance benefits have been depleted or a lifetime cap has been reached.
  5. A complaint or question from a patient about information added to a credit report by a health care provider or health insurer.
  6. A dispute of a bill by a patient who claims to be the victim of any type of identity theft.
  7. A patient who has an insurance number but never produces an insurance card or other physical documentation of insurance.
  8. A notice or inquiry from an insurance fraud investigator for a private health insurer or a law enforcement agency, including but not limited to Medicare or Medicaid fraud agency.

II. Detect red flags. Piedmont Retina Specialists, PA practice staff will be alert for discrepancies in documents and patient information that suggest risk of identity theft or fraud. Piedmont Retina Specialists, PA will verify patient identity, address and insurance coverage at the time of patient registration/check-in.

Procedure:

  1. When a patient calls to request an appointment, the patient will be asked to bring the following at the time of the appointment:
    • Driver's license or other photo ID;
    • Current health insurance card; and
    • Utility bills or other correspondence showing current residence if the photo ID does not show the patient’s current address. If the patient is a minor, the patient’s parent or guardian should bring the information listed above.
  2. When the patient arrives for the appointment the patient will be asked to produce the information listed above. This requirement may be waived for patients who have visited the practice within the last six months.
  3. If the patient has not completed the registration form within the last six months, registration staff will verify current information on file and, if appropriate, update the information.
  4. Staff should be alert for the possibility of identity theft in the following situations:
    • The photograph on a driver’s license or other photo ID submitted by the patient does not resemble the patient.
    • The patient submits a driver’s license, insurance card, or other identifying information that appears to be altered for forged.
    • Information on one form of identification the patient submitted is inconsistent with information on another form of identification or with information already in the practice’s records.
    • An address or telephone number is incorrect, non-existent or fictitious.
    • The patient fails to provide identifying information or documents.
    • The patient’s signature does not match a signature in the practice’s records.
    • The Social Security number or other identifying information the patient provided is the same as identifying information in the practice’s records provided by another individual, or the Social Security number is invalid.

III. Respond to Red Flags. If an employee of Piedmont Retina Specialists, PA detects fraudulent activity or if a patient claims to be a victim of identity theft, Piedmont Retina Specialists, PA will respond to and investigate the situation. If the fraudulent activity involves protected health information (PHI) covered under the HIPAA security standards, Piedmont Retina Specialists, PA will also apply its existing HIPAA security policies and procedures to the response.

Procedure

If potentially fraudulent activity (a red flag) is detected by an employee of Piedmont Retina Specialists, PA:

  1. The employee should gather all documentation and report the incident to the Office Manager.
  2. The Office Manager will determine whether the activity is fraudulent or authentic.
  3. If the activity is determined to be fraudulent, then Piedmont Retina Specialists, PA should take immediate action. Actions may include:
    • Cancel the transaction;
    • Notify the proper law enforcement;
    • Notify the affected patient;
    • Notify the affected physician; and
    • Assess impact to practice.

If a patient claims to be a victim of identity theft:

  1. The patient should be encouraged to file a police report for identity theft if he/she has not done so already.
  2. The patient should be encouraged to complete the ID Theft Affidavit developed by the FTC, along with supporting documentation.
  3. Piedmont Retina Specialists, PA will compare the patient’s documentation with personal information in the practice’s records.
  4. If following investigation, it appears that the patient has been a victim of identity theft, Piedmont Retina Specialists, PA will promptly consider what further remedial act/notifications may be needed under the circumstances.
  5. The physician will review the affected patient’s medical record to confirm whether the documentation was made in the patient’s medical record that resulted in inaccurate information in the record.
  6. The practice medical records staff will determine whether any other records and/or ancillary service providers are linked to inaccurate information. Any additional files containing information relevant to identity theft will be removed and appropriate action taken. The patient is responsible for contacting ancillary service providers.
  7. If following investigation, it does not appear that the patient has been a victim of identity theft, Piedmont Retina Specialists, PA will take whatever action it deems appropriate.

eCommerce Data Security

Web browsers (such as Chrome, Internet Explorer, Firefox, and Safari) support SSL technology to encrypt, or encode, your personal information before it is sent over the Internet. SSL versions 1.0 and 2.0 found in older browsers have known security weaknesses which could compromise your data. To ensure you're getting the best protection available, thecompanystore.com only allows secure transactions with browsers using SSL version 3.0 or higher. We recommend upgrading to the latest version of your browser software and downloading security updates as they become available.