NOTICE OF PRIVACY PRACTICES
James G. Scelfo, MD, PA and Katelyn Meade, DO {Personalized Primary Care}
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. Introduction
James G. Scelfo, MD, PA and Katelyn Meade, DO {DBA: Personalized Primary Care} are required by law to maintain the privacy and security of your health information and provide individuals with notice of its legal duties and privacy practices with respect to health information. James G. Scelfo, MD, PA and Katelyn Meade, DO {DBA: Personalized Primary Care} are required to abide by the terms of the Notice currently in effect. James G. Scelfo, MD, PA and Katelyn Meade, DO {DBA: Personalized Primary Care} reserve the right to change the terms of this Notice at any time and to make new Notice provisions effective for all health information that it maintains. Upon your request, we will provide you with a current copy of this Notice.
This Notice of Privacy Practices outlines our practices and legal duties to maintain the confidentiality of your protected health information (“PHI”) under the privacy and security regulations mandated by the Health Insurance Portability and Accountability Act (“HIPAA”) and further expanded by the Health Information Technology for Economic Clinical Health Act (“HITECH”).
PHI includes demographic information that can be used to identify you such as your name, address, and telephone number; information concerning your past, present, or future physical or mental health condition; information concerning the provision of health care to you; and information concerning the past, present, and future payment for health care. Your PHI may be maintained by us electronically and/or on paper.
This Notice describes uses and disclosures of PHI to which you have consented, that you may be asked to authorize in the future, and that are permitted or required by state or federal law. Also, it advises you of your rights to access and control your PHI.
We regard the safeguarding of your PHI as an important duty. The elements of this Notice and any authorizations you may sign are required by state and federal law for your protection and to ensure your informed consent to the use and disclosure of PHI necessary to support your relationship with James G. Scelfo, MD, PA and Katelyn Meade, DO {DBA: Personalized Primary Care}.
If you have any questions about James G. Scelfo, MD, PA or Katelyn Meade, DO {DBA: Personalized Primary Care}’s Notice of Privacy Practices, please contact Sabrina Carballo 407-566-2454.
2. Safeguarding Your PHI
We have in place appropriate administrative, technical, and physical safeguards to protect and secure the privacy and security of your PHI. We train our employees on the regulations and policies that are in place to protect the privacy and security of your PHI. Medical records are maintained in secure areas within our practice and electronic medical record systems are monitored and updated to address security risks in compliance with the HIPAA Security Rule. Only employees who have a legitimate “need to know” are permitted access to your medical records and PHI. Our employees understand their legal and ethical obligations to protect your PHI and that a violation of this Notice of Privacy Practices may result in disciplinary action.
3. Uses and Disclosures of PHI
As part of our registration materials, we will request your written consent for our practice to use and disclose your PHI for the following types of activities:
- Treatment. Treatment means the provision, coordination, or management of your health care and related services by James G. Scelfo, MD, PA or Katelyn Meade, DO {DBA: Personalized Primary Care} and health care providers involved in your care. It includes the coordination or management of health care by a provider with a third party insurance carrier, communication with lab or imaging providers for test results, consultation between our clinical staff and other health care providers relating to your care, or our referral of you to a specialist physician or facility.
- Payment. Payment means our activities to obtain reimbursement for the medical services provided to you, including billing, claims management, and collection activities. Payment also may include your insurance carrier’s efforts in determining eligibility, claims processing, assessing medical necessity, and utilization review. Payment may also include activities carried out on our behalf by one or more of our collection agencies or agents in order to secure payment on delinquent bills.
- Health Care Operations. Health care operations means the legitimate business activities of our practice. These activities may include quality assessment and improvement activities; fraud and abuse compliance; business planning and development; and business management and general administrative activities. These can also include telephoning, texting and emailing you to remind you of appointments, or using a translation service if we need to communicate with you in person, or on the telephone, in a language other than English. When we involve third parties in our business activities, we will have them sign a Business Associate Agreement obligating them to safeguard your PHI according to the same legal standards we follow.
4. Electronic Exchange of PHI
We may transfer your PHI to other treating health care providers electronically. We may also transmit your information to your insurance carrier electronically.
5. Uses and Disclosures of PHI Requiring Your Written Authorization
Uses and disclosures of your PHI made for purposes of psychotherapy, marketing, and disclosures that constitute a sale of PHI will be made only with your written authorization.
Other uses and disclosures of your PHI will be made only with your specific written authorization. This allows you to request that James G. Scelfo, MD, PA or Katelyn Meade, DO {DBA: Personalized Primary Care} disclose limited PHI to specified individuals or companies for a defined purpose and timeframe. For example, you may wish to authorize disclosures to individuals who are not involved in treatment, payment, or health care operations, such as a family member or a school physical education program. If you wish us to make disclosures in these situations, we will ask you to sign an authorization allowing us to disclose this PHI to the designated parties.
If James G. Scelfo, MD, PA or Katelyn Meade, DO {DBA: Personalized Primary Care} intend to engage in fundraising, you have the right to opt out of receiving such communications. If you authorize us to use or disclose your PHI for another purpose, you may revoke your authorization in writing at any time. If you revoke your authorization, we will no longer be able to use or disclose your PHI for the reasons contained within your authorization. However, we cannot take back disclosures already made with your permission.
6. Uses and Disclosures of PHI Permitted or Required by Law
In some circumstances, we may be legally permitted or required to use or disclose your PHI without your consent or authorization. State and federal privacy law permit or require such use or disclosure regardless of your consent or authorization in certain situations, including, but not limited to:
- Emergencies. If you are incapacitated and require emergency medical treatment, we will use and disclose your PHI to ensure you receive the necessary medical services. We will attempt to obtain your consent as soon as practical following your treatment.
- Others Involved in Your Healthcare. Upon your verbal authorization, we may disclose to a family member, close friend, or other person you designate only that PHI that directly relates to that individual’s involvement in your health care and treatment. We may also need to use PHI to notify a family member, personal representative, or someone else responsible for your care of your location and general condition.
- Communication Barriers. If we try but cannot obtain your consent to use or disclose your PHI because of substantial communication barriers and your physician, using his or her professional judgment, infers that you consent to such use or disclosure, or the physician determines that a limited disclosure is in your best interest, we may permit such use or disclosure.
- Required by Law. We may disclose your PHI to the extent that its use or disclosure is required by law. This disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law.
- Public Health/Regulatory Activities. We may disclose your PHI to an authorized public health authority to prevent or control disease, injury, or disability or to comply with state child or adult abuse or neglect law. We are obligated to report suspicion of abuse and neglect to appropriate regulatory agencies.
- Food and Drug Administration. We may disclose your PHI to a person or company as required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations as well as to track product usage, enable product recalls, make repairs or replacements, or to conduct post-marketing surveillance.
- Health Oversight Activities. We may disclose your PHI to a health oversight agency for audits, investigations, inspections, and other activities necessary for the appropriate oversight of the health care system and government benefit programs such as Medicare and Medicaid.
- Judicial and Administrative Proceedings. We may only disclose your PHI in the course of any judicial or administrative proceeding in response to a court order expressly directing disclosure, or in accordance with specific statutory obligations compelling us to do so, or with your permission.
- Law Enforcement Activities. We may disclose your PHI to a law enforcement official for purposes such as identifying or locating a suspect, fugitive, or missing person, or complying with a court order or other law enforcement purpose. Under some limited circumstances we will request your authorization prior to permitting disclosure.
- Coroners and Medical Examiners. We may disclose your PHI to a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other lawful purpose.
- Funeral Directors and Organ Donation Organizations. We may disclose your PHI to enable a funeral director to carry out his or her lawful duties. PHI may also be disclosed to organ banks for cadaveric organ, eye, bone, tissue, and other donation purposes.
- Research. We may disclose your PHI for certain medical or scientific research where approved by an institutional review board and where the researchers have a protocol to ensure the privacy and security of your PHI.
- Serious Threats to Health or Safety. We may disclose your PHI to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.
- Military and National Security Services. We may disclose the PHI of members of the armed forces for activities deemed necessary by appropriate military authorities to assure proper execution of military missions. We may also disclose your PHI to certain federal officials for lawful intelligence and other national security activities.
- Worker’s Compensation. We may disclose your PHI as authorized to comply with worker’s compensation laws.
- Inmates of a Correctional Facility. We may use or disclose PHI if you are an inmate of a correctional facility and our practice created or received your PHI in the course of providing care to you while in custody.
- US Department of Health and Human Services. We must disclose your PHI to you upon request and to the Secretary of the United States Department of Health and Human Services to investigate or determine our compliance with privacy and security laws.
- Disaster Relief Activities. We may disclose your PHI to local, state, or federal agencies engaged in disaster relief and to private disaster relief assistance organizations (such as the Red Cross if authorized to assist in disaster relief efforts).
7. Your Rights Regarding PHI
- Right to Request Restrictions for Certain Uses and Disclosures. You have the right to request that we not use or disclose your PHI unless such a use or disclosure is required by law. Such a request must be made in writing and include the specific PHI you wish to restrict as well as the individual(s) who should not receive the restricted PHI. If we agree to your request, we will not use or disclose the restricted PHI unless it is necessary for emergency treatment. However, we are not required to agree to your requested restriction except in the case of restricting disclosure of PHI to a health plan as described below. If you request a restriction on certain uses and disclosures of your PHI to a health plan for a particular health care item or service where said health care item or service is paid for out of pocket and in full, we will abide by your request. Such a request must be made in writing to the practice Privacy Officer. Your request must describe in a clear and concise fashion the health care item or service you wish restricted.
- Right to Access. You have the right to inspect and obtain a full copy of your PHI. You may request copies of your PHI in either paper or electronic form. In very limited circumstances, we may deny access to your PHI. To request access to your PHI, please submit a request in writing to the practice Privacy Officer including whether you want your copy in electronic or paper form. We will respond to your request as soon as possible, but no later than 30 days from the date of your request. If access is denied you will receive a denial letter within 30 days. If access is denied, an appeals process may be available in certain cases. We have the right to charge a reasonable fee for providing copies of your PHI (and for electronic media, if applicable). Furthermore, you may request that a copy of your PHI be transmitted directly to a third party provided such request is made in writing, signed by you and clearly identifies the designated third party and location to send your PHI.
- Right to Confidential Communications. You have the right to request to receive communication from PHI by alternative means or at alternative locations. For example, you may wish your bill to be sent to an address other than your home. Such requests must be made in writing to the practice Privacy Officer. We will not require an explanation of your reasons for the request, and will accommodate reasonable requests.
- Right to Amend. You have the right to request that we amend your PHI. Your request must be made in writing. We will respond to your request as soon as possible, but no later than 60 days from the date of your request. If we deny your request for an amendment, you have the right to submit a written statement disagreeing with the denial. James G. Scelfo, MD, PA and Kaeltyn Meade, DO {DBA: Personalized Primary Care} have the right to submit a rebuttal statement. A record of any disagreement regarding amendments will become part of your medical record and may be included in subsequent disclosures of your PHI.
- Right to an Accounting of Disclosures. Subject to certain limitations, you have the right to a written accounting of disclosures by us of your PHI for no more than 6 years prior to the date of your request. Your right to an accounting applies to disclosures other than those made for purposes of treatment, payment, or health care operations. Please make your request in writing to the practice Privacy Officer. We will respond to your request as soon as possible, but no later than 60 days from the date of your request. We will provide you with one accounting every 12 months free of charge. We will charge a reasonable fee based upon our costs for any subsequent accounting requests.
- Right to a Copy of our Notice of Privacy Practices. We will ask you to sign a written acknowledgement of receipt for our Notice of Privacy Practices. We may update this Notice of Privacy Practices at any time. Upon your request, we will provide you with a current copy of this Notice.
- Right to Notice of Breach. You have a right to receive notice if there has been a breach of your unsecured PHI.
8. Complaint Procedure
- Within our Practice. If you have a complaint about the denial of any of the specific rights listed above, about our Notice of Privacy Practices, or about our compliance with state and federal privacy laws you may receive more information about the complaint process by contacting the Privacy Officer at 407-876-0073 (Windermere) or 407-566-2454 (Celebration).
- Outside our Practice. If you believe that James G. Scelfo, MD, PA or Katelyn Mease, DO {DBA: Personalized Primary Care} are not complying with its legal obligations to protect the privacy of your PHI, you may file a complaint with the Secretary of the U.S. Department of Health and Human Services, Office for Civil Rights.
- We will not retaliate against you for filing a complaint.
9. Effective Date. This Notice is effective as of September 23, 2013.