These questions must be answered honestly under penalty of law. An answer of YES does not exclude you from treatment. Please answer YES or NO to each of the following questions.
If you are completing this form for another person, what is your relationship to that person?
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION under the HIPAA Omnibus Rule of 2013.
PLEASE REVIEW IT CAREFULLY
For purpose of this Notice "us" "we" and "our" refers to the name of this Healthcare Facility: Anthony J. Tisoncik, DDS, and "you" or "your" refers to our patients (or their legal representatives as determined by us in accordance with state informed consent law). When you receive healthcare services from us, we will obtain access to your medical information (i.e. your health history). We are committed to maintaining the privacy of your health information and we have implemented numerous procedures to ensure that we do so.
The Federal Health Insurance Portability & Accountability Act of 2013, HIPAA Omnibus Rule, (formerly HIPAA 1996 & HI TECH of 2004) require us to maintain the confidentiality of all your healthcare records and other identifiable patient health information (PHI) used by or disclosed to us any in any form, whether electronic, on paper, or spoken. HIPAA is a Federal Law that gives you significant new rights to understand and control how your health information is used. Federal HIPAA Omnibus Rule and state law provide penalties for covered entities, business associates, and their subcontractors and records owners, respectively that misuse or improperly disclose PHI.
Starting April 14, 2003, HIPAA requires us to provide you with the Notice of our legal duties and the privacy practices we are required to follow when you first come into our office for healthcare services. If you have any questions about this Notice, please ask to speak to our HIPAA Privacy Officer.
Our doctors, clinical staff, employees, Business Associates (outside contractors we hire), their subcontractors and other involved parties follow the policies and procedures set forth in this Notice. If at this facility, your primarily caretaker/ doctor is unavailable to assist you (i.e. illness, on-call coverage, vacation, etc.), we may provide you with the name of another healthcare provider outside our practice for you to consult with. If we do so, that provider will follow the policies and procedures set forth in this Notice or those established for his or her practice, so long as they substantially conform to those for our practice.
OUR RULES ON HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
Under the law, we must have your signature on a written, dated Consent Form and/or an Authorization Form of Acknowledgement of this Notice, before we will use or dislcose your PHI for certain purposes as detailed in the rules below.
Documentation - You will be asked to sign an Authorization/Acknowledgement form when you receive this Notice of Privacy Practices. If you do not sign such a form or need a copy of the one you signed, please contact our Privacy Officer. You may take back or revoke your consent or authorization at any time (unless we already have acted based on it) by submitting our Revocation Form in writing to us at our address listed above. Your revocation will take effect when we actually receive it. We cannot give it retroactive effect, so it will not affect any use or disclosure that occured in our reliance on your Consent or Authorization prior to recovation (i.e. if after we provide services to you, you revoke your authorization/acknowledgement in order to prevent us billing or collectiing for those services, your revocation will have no effect because we relied on your authorization/acknowledgement to provide services before your revoke it).
General Rule - If you do not sign our authorization/acknowledgement form or if you revoke it, as a general rule (subject to exceptions described below under "Healthcare Treatment, Payment and Operations Rule" and "Special Rules"), we cannot in any use or disclose to anyone (excluding you, but including payers & Business Asscociates) you PHI or any other information in your medical record. By law, we are unable to submit claims to payers under assignment of benefits without your signature on our authorization/acknowlegement form. You will however be able to restrict disclosures to your insurance carrier for services for which you wich to pay "out of pocket" under the new Omnibus Rule. We will not condition treatment on you signing an authorization/acknowledgement, but we may be forced to decline you as new patient or discontinue you as an active patient if you choose not to sign the authorization/acknowledgement or revoke it.
Healthcare Treatment, Payment and Operations Rule
With your signed consent, we may use or disclose your PHI in order:
Additionally you should be made aware of these protection laws on your behalf, under the new HIPAA Omnibus Rule:
Notwithstanding anything else contained in this Notice, only in accordance with applicable HIPAA Omnibus Rule, and other under strictly limited circumstances, we may use or disclose your PHI without your permission, consent or authorization for the following purposes:
Minimum Necessary Rule
Our staff will not use or access your PHI unless it is necessary to do their jobs (i.e. doctors uninvolved in your care will not access your PHI; ancilliary clinical staff caring for you will not access your billing information; billing staff will not access your PHI except as needed to complete the claim form for the latest visit; janitotial staff will not access your PHI). All of our team members are trained in HIPAA Privacy rules and sign strict confidentiality Contracts with regards to protecting and keeping private your PHI. So do our Business Associates and their Subcontractors. Know that your PHI is protected several layers deep with regards to our business relations. Also, we disclose to others outside our staff, only as much as your PHI as is necessary to accomplish the recipient's lawful purposes. Still in certain cases, we may use and disclose the entire contents of your medical record:
In accordance with HIPAA law, we presume that requests for disclosure of PHI from another Covered Entity (as defined in HIPAA) are for the minimum necessary amount of PHI to accomplish the requestor's purpose. Our Privacy Officer will individually review unusual or non-recurring requests for PHI to determine the minimum necessary amount of PHI and disclose only that. for non-routine requests or disclosures, our Privacy Officer will make a minimum necessary determination based on, but not limited to, the following factors:
If we believe that a request from other for disclosure of your entire medical record is unnecessary, we will ask the requestor for document why this is needed, retain that documentation and make it available to upon request.
Incident Disclosure Rule
We will take reasonable administrative technical and security safeguards to ensure the privacy of your PHI when we use or disclose it. (i.e. we shred all paper containing PHI, require employees to speak with privacy precautions when discussing PHI with you, we use computer passwords and change periodically (i.e. when an employee leaves us), we use firewall and router protection to the federal standard, we back up our PHI data off-site and encrypted to federal standard, we do not allow unauthorized access to areas where PHI is stored or filed and/or we have any unsupervised business associates sign Business Associate Confidentiality Agreements).
However, in the event that there is a breach in protecting your PHI, we will follow Federal Guide Lines to HIPAA Omnibus Rule Standard to first evaluate the breach situation using the Omnibus Rule, 4-Factor Formula for Breach Assesment. The we will document the situation, retain copies of the situation on file, and report all breaches (other than low probability as prescribed by the Omnibus Rule) to the US Department of Health and Human Services at:
We will also make proper notification to you and any other parties of significance as required by HIPAA Law.
Business Association Rule
Business Associates are defined as: an entity, (non-employee) that in the course of their work will directly / indirectly use, transmit, view, transport, hear interpret, process or offer PHI for this Facility.
Business Associates and other third parties (if any) that recieves your PHI from us will be prohibited from re-disclosing it unless required to do so by law or you give prior express written consent to the re-disclosure. Nothing in our Business Associate agreement will allow our Business Associate to violate this re-disclosure prohibition. Under Omnibus Rule, Business Associates will sign a strict confidentiality agreement binding them to keep your PHI protected and report any compromise of such information to us, you and the United States Department of Health and Human Services, as well as other required entities. Our business Associates will also follow Omnibus Rule and have any of their Subcontractors that may directly or indirectly have contact with your PHI, sign Confidentiality Agreements to Federal Omnibus Standard.
Super-confidential Information Rule
If we have PHI about you regarding communicable diseases, disease testing, alcohol or substance abuse diagnosis and treatment, or psychotherarpy and mental health records (super-confidential information under the law), we will not disclose it under the General or Healthcare Treatment, Payment and Operations Rules (see above) without you first signing and properly completing our Consent form (i.e. we are required by law to disclose it). If we disclose super-confidential information (either because you have initialed the consent form or the Special Rules authorizing us to do so), we will comply with state and federal law that requires us to warn the recipient in writing that re-disclosure is prohibited.
Changes to Privacy Policies Rule
We reserve the right to change our privacy practices (by changing the terms of this Notice) at any time as authorized by law. The changes will be effective immediately upos us making them. They will apply to all PHI we create or receive in the future, as well as to all PHI created or recieved by us in the past (i.e. to PHI about you that we had before the changes took effect). If we make changes, we will post the changed Notice, along with its effective date, in our office and on our website. Also, upon request, you will be given a copy of our current Notice.
We will not use or disclosure your PHI for any purpose or to any person other than as stated in the rules above without your signature on our specifically worded, written Authorization / Acknowledgement Form (not a Consent or an Acknowledgement). If we need your Authorization, we must obtain it via a specific Authorization Form, which may have obtained from you. We will not condition your treatment here on whether you sign the Authorization (or not).
Marketing and Fund Raising Rules
Limitations on the disclosure of PHI regarding Remuneration
The disclosure or sale of your PHI without authorization is prohibited. Under the new HIPAA Omnibus Rule, this would exclude disclosures for public health purposes, for treatment / payment for healthcare, for the sale, transfer, merger, or consolidation of all or part of this facility and for related due diligence, to any of our Business Associates, in connection with the business associate's performance of activities for this facility, to a patient or beneficiary upon request, and as required by law. In addition, the disclosure of your PHI for research purposes or for any other purpose permited by HIPAA will not be considered a prohibited disclosure if the only reimbursement received is "a reasonable, cost-based fee" to cover the cost to prepare and transmit your PHI which would be expressly permitted by law. Notably, under the Omnibus Rule, an authorization to disclose PHI must state that the disclosure will result in remuneration to the Covered Entity. Notwithstanding the changes in the Omnibus Rule, the disclosure of limited data sets (a form of PHI with a number of identifiers removed in accordance with specific HIPAA requirements) for remuneration pursuant to existing agreements is permissible until September 22, 2014, so long as the agreement is not modified within one year before that date.
Limitation on the Use of PHI for Paid Marketing
We will, in accordance with Federal and State Laws, obtain your written authorization to use or disclose your PHI for marketing purposes, (i.e.: to use your photo in ads) but not for activities that constitute treatment or healthcare operations. To clarify, Marketing is defined by HIPAA's Omnibus Rule, as "a communication about a product or service that encourages recipients. . . to purchase or use the product or service." Under the Omnibus Rule, we will obtain a written authorization from you prior to recommending you to an alternative therapist, or non-associated Healthcare Covered Entity.
Under Omnibus Rule we will obtain your written authorization prior to using your PHI or making any treatment or healthcare recommendations, should financial remuneration for making the communication be involved from a third-party whose product or service we might promote (i.e.: business offering this facility incentives to promote their products or services to you). This will also apply to our Business Associate who may receive such remuneration for making a treatment or healthcare recommendations to you. All such recommendations will be limited without your expressed written permission.
We must clarify to you that financial remuneration does not include "as in-kind payments" and payments for a purpose to implement a disease management program. Any promotional gifts of nominal value are subject to the authorization requirement, and we will abide by the set terms of the law to accept or reject these.
The only exclusion to this would include: "refill reminders", so long as the remuneration for making such a communication is "reasonably related to our cost" for making such a communication. In accordance with law, this facility and our Business Associates will only ever seek reimbursment from you for permissible costs that include: labor, supplies, and postage. Please note that "generic equivalents" , "adeherance to take medication as directed" and "self-administered drug or delivery system communications" are all considered to be "refill reminders."
Face-to-Face marketing communications, such as sharing with you, a written product brochure or pamphlet, is permissible under current HIPAA Law.
Flexibility on the Use of PHI for Fundraising
Under the HIPAA Omnibus Rule use of PHI is more flexible and does not require your authorization should we choose to include you in any fund raising efforts attempted at this facility? However, we will offer the opportunity for you to "opt out" of recieving future fundraising communications. Simply let us know that you want to "opt out" of such situations. There will be a statement on your HIPAA Patient Acknowledge Form where you can choose to "opt out". Our commitment to care and treat you will in no way effect your decision to participate or not participate in our fund raising efforts.
Improvements to Requirement for Authorization Related to Research
Under HIPAA Omnibus Rule, we may seek authorizations from you for the use for the use of your PHI for future research. However, we would have to make clear what those uses are in detail.
Also, if we request of you a compound authorization with regards to research, this facility would clarify that when a compound authorization is used, and research-related treatment is conditioned upon your authorization, the compound authorization will differentiate between the condition and and unconditioned components.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION
If you got this Notice via email or website, you have the right to get, at any time, a paper copy by asking our Privacy Officer. Also, you have the following additional rights regarding PHI we maintain about you:
To Inspect and Copy
You have the rights to see and get a copy of your PHI including, but not limited to, medical and billing records by submitting a written request to our Privacy Officer. Original records will not leave the premises, will be available for inspection only during our regular business hours, and only if our Privacy Officer is present at all times. you may ask us to give you the copies in a format other than photocopies (and we will do so unless we determine that it is impractical) or ask us to prepare a summary in lieu of the copies. We may charge you a fee not to exceed state law to recover our costs (including postage, supplies, and staff time as applicable, but excluding staff time for search and retrieval) to duplicate or summarize your PHI. We will not condition release of the copies on summary of payment of your outstanding balance for professional services if you have one). We will comply with Federal Law to provide your PHI in an electronic format within 30 days, to Federal specification, when you provide us with proper written request. Paper copy will also be made available. We will respond to requests in a timely manner, without delay for legal review, or, in less than thirty days if submitted in writing, and in ten business days or less if malpractice litigation or pre-suit production is involved. We may deny your request in certain limited circumstances (i.e. we do not have the PHI, it came from a confidential source, etc.). If we deny your request, you may ask for a review of that decision. If required by law, we will select a licensed health-care professional (other than the person who denied your request initially) to review the denial and we will follow his or her decision. If we select a licensed healthcare professional who is not affliated with us, we will ensure a Business Associate Agreement is executed that prevents re-disclosure of your PHI without your consent by that outside professional.
To Request Amendment / Correction
If another doctor involved in your care tells us in writing to change your PHI, we will do so as expeditiously as possible upon the request of the changes and will send you written confirmation that we have made the changes. If you think PHI we have about you is incorrect, or that something important is missing from your records, you may ask us to amend or correct it (so long as we have it) by submitting a "Request for Amendment / Correction" form to our Privacy Officer. We will act on your request within 30 days from receipt but we may may extend our response time (within the 30-day period) no more than once and by no more than 30 days, or as per Federal Law allowances, in which case we will let you know within five business days, make the changes language, and send the changes within 5 business days to persons you ask us to and persons we know may rely on incorrect or incomplete PHI to your detriment (or already have). We may deny your request under certain circumstances (i.e, it is not in writing, it does not give a reason why you want the change, we did not create the PHI you want changed (and the entity that did not can be contracted), it was compiled for use in litigation, or we determine it is accurate and complete). If we deny your request, we will (in writing withing 5 business days) tell you why and how to file a complaint with us if you disagree, that you may submit a written disagreement with our denial (and we may submit a written rebuttal and give you a copy of it), that you may ask us to disclose your initial request and our denial when we make future disclosure of PHI pertaining to your request, and that you may complain to us and the U.S. Department of Health and Human Services.
To an Accounting of Disclosures
You may ask us for a list of those who got your PHI from us by submitting a "Request for Accounting of Disclosures" form to us. The list will not cover some disclosures (i.e. PHI given to you, given to your legal representative, given to others for treatment, payment or health-care-operations purposes). Your request must state in what form you want to the list (i.e. paper or electronically) and the time period you want us to cover, may be up to but not more than the last six years (excluding dates before April 14, 2003). If you ask us for this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee to respond, in which case we will tell you the cost before we incur it and let you choose if you want to withdraw or modify your request to avoid the cost.
To Request Restrictions
You may ask us to communicate with you in a different way or at a different place by submitting a written "Request for Alternative Communication" Form to us. We will not ask you why and we will accomodate all reasonable requests (which may include: to send appointment reminders in closed envelopes rather than by postcards, to send your PHI to a post office box instead of your home number). You must tell us the alternative means or location you want us to use and explain to our satisfaction how payment to us will be made if we communicate with you as you request.
To Complain or Get More Information
We will follow our rules as set forth in this Notice. If want more information or if you believe your privacy rights have been violated (i.e. you disagree with a decision of ours about inspection/copying, amendment/correction, accounting of disclosures, restrictions or alternative communications), we want to make it right. We never will penalize you for filing a complaint. To do so, please file a formal, written complaint within 180 days with:
The U.S. Department of Health & Human Services Office of Civil Rights200 Independence Ave., S.W.Washington, DC 20201877.696.6775
Or, submit a written Complaint form to us at the following address:
Our Privacy Officer: Anthony J. Tisoncik, DDSOffice Name: Palos Hills DentalOffice Address: 9700 South Roberts Road, Palos Hills, IL 60465Office Phone: (708) 505-8838Email Address:
You may get your "HIPAA Complaint" form by calling our Privacy officer.
These privacy practices are in accordance with the original HIPAA enforcement effective April 14, 2003, and undated to Omnibus Rule effective March 26, 2013 and will remain in effect until we replace them as specified by Federal and/or State Law.
OPTIONAL RULES FOR NOPP
Faxing and Emailing Rule
When you request us to fax or email your PHI as an alternative communication, we may agree to do so, but only after having our Privacy Officer or treating doctor review that request. For this communication, our Privacy Officer will confirm that the fax number or email address is correct before sending the message and ensure that the intended recipient has sole access to the fax machine or computer before sending the message; confirm receipt, locate our fax machine or computer in a secure location so unauthorized access and viewing is prevented; use a fax cover sheet so the PHI is not the first page to print out (because unauthorized persons may view the top page); and attach an appropriate notice to the message. Our emails are all encrypted per Federal Standard for your protection.
Practice Transition Rule
If we sell our practice, our patient records (including but not limited to your PHI) may be disclosed and physical custody may be transferred to the purchasing healthcare provider, but only in accordance with the law. The healthcare provider who is the new records owner will be solely responsible for ensuring privacy of your PHI after the transfer and you agree that we will have no responsibility for (or duty associated with) transferred records. If all the owners of our practice die, our patient records (including but not limited to your PHI) must be transferred to another healthcare provider within 90 days to comply with State & Federal Laws. Before we transfer records in either of these two situations, our Privacy Officer will obtain a Business Associate Agreement from the purchaser and review your PHI for super-confidential information (i.e. communicable disease records), which will not be transferred without your express written authorization (indicated by your initials on our Consent form).
Inactive Patient Records
We will retain your records for seven years from your last treatment or examination, at which point you will become an inactive patient in our practice and we may destroy your records at that time (but records of inactive minor patients will not be destroyed before the child's eighteenth birthday). We will do so only in accordance with the law (i.e. in a confidential manner, with a Business Associate Agreement prohibiting re-disclosure if necessary).
If we use or disclose your PHI for collections purposes, we will do so only in accordance with the law.
You may refuse to sign this acknowledgement & authorization. In refusing we may not be allowed to process your insurance claims.
PLEASE LIST ANY OTHER PARTIES WHO ARE ACTIVELY INVOLVED IN YOUR HEALTH CARE AND WHO CAN HAVE ACCESS TO YOUR HEALTH INFORMATION: (This includes step parents, grandparents and any care takers who can have access to this patient's records):
In signing this HIPAA Patient Acknowledgement Form, you acknowledge and authorize, that this office may recommend products or services to promote your improved health. This office may or may not receive third party remuneration from these affiliated companies. We, under current HIPAA Omnibus Rule, provide you this information with your knowledge and consent.
The undersigned acknowledges receipt of a copy of the currently effective Notice of Privacy Practices for this healthcare facility. A copy of this signed, dated document shall be as effective as the original.
MY SIGNATURE WILL ALSO SERVE AS A PHI DOCUMENT RELEASE SHOULD I REQUEST TREATMENT OR RADIOGRAPHS BE SENT TO OTHER ATTENDING DOCTOR / FACILITIES IN THE FUTURE.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN OBTAIN ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We respect our legal obligation to keep health information that identifies you private. We are obligated by law to give notice of our privacy practices. This Notice describes how we protect your health information and what rights you have regarding it.
TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS
The most common reason why we use or disclose your health information is for treatment, payment, and health care operations. Examples of how we disclose information for treatment purposes are: setting up an appointment for you; examining your teeth; prescribing medications and faxing them to be filled; referring you to another doctor or clinic for other health care or services; or getting copies of your health information from another professional that you may have seen before us. Examples of how we disclose your health information for payment purposes are: asking about your health or dental plans, or other sources of payment; preparing and sending bills or claims; and collecting unpaid amounts (either ourselves or through collecting agency or attorney). "Health are operations"means those administrative and managerial functions that we have to do in order to run our office. Examples of how we use or disclose your health information for health care operations are: financial or billing audits; internal quality assurance; personnel decisions; participation in managed care plans; defense of legal matters; business planning; and outside storage of our records.
We routinely use your health information inside our office for these purposes without any special permission. If we need to disclose your health information outside of our office for these reasons, we will ask you for special written permission.
USES AND DISCLOSURES FOR OTHER REASONS WITHOUT PERMISSION
In some limited situations, the law allows or requires us to use or disclose your information without your permission. Not all of these situations will apply to us; some may never come up at our office at all. Such cases or disclosures are:
Unless you object, we will also share relevant information about your care with your family or friend who are helping you with your dental care.
We may call or write to remind you of scheduled appointments, or that is time to make a routine appointment. We may also call or write to notify you of other treatments or services available at our office that might help you. Unless you tell us otherwise, we may mail you an appointment reminder on a post card, and/or leave you a reminder message on your home answering machine or with someone who answers your phone if you are not home.
OTHER USES AND DISCLOSURES
We will not make any other uses or disclosures of your health information unless you sign a written "authorization form." The content of an "authorization form" is determined by federal law. Sometimes, we may initiate the authorization process if the use or disclosure is our idea. Sometimes you may initiate the process if it's your idea for us to send your information to someone else. Typically, in this situation you will give us a properly completed authorization form, or you can use one of ours. If we initiate the process and ask you to sign an authorization form, you do not have to sign it. If you do not sign the authorization, we cannot make the use of disclosure. If you do sign one, you may revoke it at any time unless we have already acted in reliance upon it. Revocations must be in writing, Send them to the office contact person named at the beginning of this Notice.
YOUR RIGHTS REGARDING YOUR HEALTH INFORMATON
The law gives you many rights regarding your health information. You can:
OUR NOTICE OF PRIVACY PRACTICES
By law, we must abide by the terms of this Notice of Privacy Practices until we choose to change it. We reserve the right to change this notice at any time as allowed by law. If we change this Notice, the new privacy practices will apply to your health information that we may generate in the future. If we change our Notice of Privay Practices, we will post the new notice in our office, have copies available in our office, and post it in our Website.
If you think that we have not properly respected the privacy of your health information, you are free to complain to us the U.S. Department of Health and Human Resources, Office for Civil Rights. We will not retaliate against you if you make a complaint. If you want to complain to us, send a written complaint to the office contact person at the address, fax or E mail shown at the beginning of this Notice. If you prefer, you can discuss your complaint in person or by phone.
FOR MORE INFORMATION
If you want more information about our privacy practices, please contact the office.