What is required under hipaa related to the medical office statement of privacy practices?

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY THE U.S. DEPARTMENT OF STATE (DOS) OFFICE OF MEDICAL SERVICES (MED) AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices is provided to you in keeping with guidance in the Privacy Act of 1974. MED is authorized to collect certain health information from you pursuant to section 904 of the Foreign Service Act, 22 U.S.C. § 4084. This notice describes how MED may use or disclose your protected health information, with whom that information may be shared, and the safeguards MED has in place to protect it. This notice also describes your rights to access and amend your protected health information. You have the right to approve or refuse the release of specific information outside of MED except when the release is required or authorized by law or regulation.

HOW WE MAY USE OR DISCLOSE YOUR PROTECTED HEALTH INFORMATION

The following are examples of permitted uses and disclosures of your protected health information. Additional information about the Routine Uses of your medical information can be found in the System of Records Notice State-24, Medical Records.

REQUIRED USES AND DISCLOSURES

By law, we must disclose your health information to you unless it has been determined by a competent medical authority that it would be harmful to you.

TREATMENT

We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. For example, we would disclose your protected health information, as necessary for provision of any diagnosis and prescriptions/medications in a DOS health unit/clinic. We will disclose your protected health information to another physician, or health care provider (for example, a specialist, pharmacist, or laboratory) who, at the request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment. This includes pharmacists who may be provided information on other drugs you have been prescribed to identify potential interactions.

In emergencies, we will use and disclose your protected health information to provide the treatment you require.

PAYMENT

Your protected health information will be used, as needed, to obtain payment for your health care services, including services recommended for determining eligibility for benefits, and utilization reviews. For example, obtaining approval for a hospital stay might require that some protected health information be disclosed to obtain approval for the hospital admission.

HEALTH CARE OPERATIONS AND OVERSIGHT

We may use or disclose your protected health information to support the daily activities related to health care. These activities include, but are not limited to, quality assessment activities, investigations of adverse events or complaints, medical suitability determinations for medical and security clearances, medical clearance of an individual for a specific post, oversight of staff performance, and conducting or arranging for other health care related activities.

We may disclose protected health information to a health oversight agency for activities such as audits, investigations, and inspections. These health oversight agencies might include government agencies that oversee the health care system, government benefit programs, other government regulatory programs, and civil rights laws.

REQUIRED BY LAW

We may use or disclose your protected health information if law or regulation requires the use or disclosure. These include the following:

• In a judicial or administrative proceeding in response to a court order or administrative tribunal and in certain conditions in response to a subpoena or similar document
• Information requests from law enforcement officials for identification and location of certain types of individuals
• Circumstances pertaining to victims of a possible crime
• Deaths or injuries suspected from criminal conduct
• Crimes occurring at a DOS facility
• Medical emergencies (not on the DOS premises) believed to result from criminal conduct
• If we believe that its use or disclosure is necessary to prevent or lessen a serious and imminent threat to your health or safety or that of another person or the public.
  

PUBLIC HEALTH

We may disclose your protected health information to a public health authority that is permitted by law to collect or receive the information. The disclosure may be necessary to do the following:

• Prevent or control disease, injury, or disability.
• Report births and deaths.
• Report reactions to medications or problems with products.
• Notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
• Notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect, or domestic violence.
• To a person who might have been exposed to a communicable disease or might otherwise be at risk of contracting or spreading the disease or condition.

FOOD AND DRUG ADMINISTRATION

We may disclose your protected health information to a person or company required by the Food and Drug Administration to do the following:

• Report adverse events, product defects, or problems and biologic product deviations.
• Track products.
• Enable product recalls.
• Make repairs or replacements.

CORONERS, FUNERAL DIRECTORS, AND ORGAN DONATIONS

We may disclose protected health information to coroners or medical examiners for identification, to determine the cause of death, or for the performance of other duties authorized by law. We may also disclose protected health information to funeral directors as authorized by law.

NATIONAL SECURITY

We may also disclose your protected health information to authorized Federal officials for conducting national security and intelligence activities and protective services to the President or others.

WORKERS’ COMPENSATION

We may disclose your protected health information to comply with workers’ compensation laws and other similar legally established programs.

PARENTAL ACCESS

Some state laws concerning minors permit or require disclosure of protected health information to parents, guardians, and persons acting in a similar legal status. Where care occurs in the U.S, we will act consistently with the law of the state where the treatment was provided. We may refuse to disclose information to a parent when we feel such disclosure might be harmful to the child.

CONSEQUENCES OF NON-DISCLOSURE

Providing this information is voluntary, however failure to disclose medical information needed from you by MED may affect MED’s ability to provide treatment or (in the case of medical clearances) may result in denial of medical clearance.

YOUR RIGHTS REGARDING YOUR HEALTH INFORMATION

Under the privacy rules, you have the right to do the following by submitting a written request or electronic message to the Medical Privacy Officer. Depending on your request, you may also have rights under the Privacy Act of 1974. Please be aware that MED may deny your request, and that you may seek a review of any such denial.

RIGHT TO INSPECT AND COPY

You may inspect and obtain a copy of your protected health information that is contained in a designated medical record for as long as we maintain the protected health information. A designated medical record contains medical and billing records and any other records that MED uses for making decisions about you.

This right does not include inspection and copying of the following records: some psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding; and protected health information that is subject to law that prohibits access to protected health information.

RIGHT TO REQUEST RESTRICTIONS

You may ask us not to use or disclose any part of your protected health information. Your request must be made in writing to MED Privacy Officer where you wish the restriction instituted. In your request, you must tell us (1) what information you want restricted; (2) whether you want to restrict our use, disclosure, or both; (3) to whom you want the restriction to apply,; and (4) an expiration date.

MED is not required to agree to a requested restriction. If the restriction is mutually agreed upon, we will honor your request, unless it is needed to provide emergency treatment. You may revoke a previously agreed upon restriction, at any time, in writing, though MED may continue to have access to the information as permissible under applicable laws. All disclosure restrictions expire in three years and must be renewed if you want them continued.

RIGHT TO REQUEST CONFIDENTIAL COMMUNICATIONS

You may request that MED communicate with you using alternative means or at an alternative location to further protect your privacy. We will not ask you the reason for your request. We will accommodate reasonable requests, when possible.

RIGHT TO REQUEST AMENDMENT

If you believe that the information we have about you is incorrect or incomplete, you may request an amendment to your protected health information as long as we maintain this information. While we will accept requests for amendment, we are not required to agree to the amendment. If there are factual errors (wrong birth date, wrong blood type, etc.) we will correct these. If you disagree with statements in the record, we will append/add your statement to the record, but the original document cannot be changed.

RIGHT TO OBTAIN A COPY OF THIS NOTICE

You may obtain a paper copy of this notice from MED or view it electronically on MED’s intranet website at http://med.m.state.sbu.

ACKNOWLEDGMENT OF RECEIPT OF THIS NOTICE

You will be asked to provide a signed acknowledgment of receipt of this notice. Our intent is to make you aware of the possible uses and disclosures of your protected health information and your privacy rights. The delivery of your health care services will in no way be conditioned upon your signed acknowledgment. If you decline to provide a signed acknowledgment, we will continue to provide your treatment, and will use and disclose your protected health information for treatment, payment, and health care operations when necessary.

• MED will abide by the terms of this privacy notice, currently in effect, but reserves the right to change the terms of the notice and to make new notice provisions effective for all maintained and protected healthcare information.
• If the privacy policies are changed, MED will publish the revised privacy notice and post it in the DOS/MED Health Units and Clinics and on the MED website. 

COMPLAINTS

If you believe your privacy rights have been violated, you may file a written complaint with the MED Privacy Officer. Please address your signed letter to:

MED Privacy Officer,
U.S. Department of State
The Bureau of Medical Services
M/MED/QI, SA-1
Washington DC. 20522-0102

CONTACT INFORMATION

You may email the Medical Privacy Officer for further explanation of this document at .

BREACH OR LOSS

We have instituted extensive precautions to protect your information from loss or inappropriate access. However, if your healthcare information is out of our control and we feel there is some risk to you as a result, we will notify you as soon as possible. Our first choice for notification is by email. If that is not possible, we will send a notice by U.S. Postal Service. If the data loss involves a significant number of individuals, we may also send a department notice or cable and/or place a notice on the MED website.

FEDERAL PRIVACY LAWS

Federal laws governing release of information, including the Privacy Act and the Freedom of Information Act, may apply and have been taken into consideration in developing MED’s policies and this notice.

ACKNOWLEDGMENT OF RECEIPT

I have received a copy of the MED Privacy Policy.

Name (print) ___________________ Date of Birth: ___ / ___ / ______

Agency: State (circle), Other (specify): __________

Signature: _______________________

Date: _____________

Return instructions:

• If there is a health unit at post, file this receipt (this page only) in the patient’s medical record.

• If no health unit at post, batch these receipts (this page only) and return annually to:
  Office of Medical Services / Medical Records.

What are the 5 provisions of the Hipaa privacy Rule?

What is considered PHI under Hipaa?

What must be included in an up to date NPP?

How is the information on a patient's insurance card usually recorded if the medical office uses an electronic health record EHR )?