Notice of Privacy Practices

Our practice understands that medical information about you and your health is personal. We are committed to preserving and protecting the privacy of your health information. In fact, we are required by law to do so for certain kinds of identifiable information created or kept by us. We are also required to provide you with this Notice of Privacy Practices describing our legal duties and our practices concerning your health information.

This Notice of Privacy Practices describes how Anesthesia of Associates of Boise, P.A. (AAB) may use and disclose your Protected Health Information (PHI) to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI. PHI is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services.

AAB is required to abide by federal and state law, and by the terms of the Notice of Privacy Practices (NPP). We may change the terms of our NPP at anytime. The new NPP will be effective for all PHI that we maintain at that time. Upon your request, we will provide you with any revised NPP. We will maintain a copy of the current NPP with an effective date at the office of AAB and on our website at http://www.anesthesiaboise.com. You may also obtain a copy by calling the AAB office at 208-336-0895 and requesting that a revised copy be sent to you in the mail.

1) How may AAB use and disclose your personal health information?

We will use your PHI for the purposes of treatment, payment and health care operations.

Treatment includes the disclosure of PHI to other providers who have referred you for services or are involved in your care. This may include physicians, nurses, surgeons and other health care providers. As an example, if you have an unusual medical condition that might affect your anesthesia, we may want to consult with another Anesthesiologist or medical specialist. Your PHI may be further used by or released to other health professionals to assist in your care, and to ensure that they are fully informed about your medical condition and treatment needs.

Payment includes the disclosure of PHI to your health insurance company, including Medicare and Medicaid, so payment can be obtained for our services. Your insurance company may make a request to review your medical record to determine that your care was necessary.

Health Care Operations includes the utilization of medical information to monitor the quality of care being given at our facility. For example, we may use your PHI to monitor the record-keeping practices of AAB physicians, or to ensure that AAB is complying with state and federal laws. We are also permitted to disclose your PHI to other health care providers or health plans for their healthcare operations concerning quality assurance, the qualifications of health care professionals or quality improvement programs. For example, the quality assurance department of a hospital may use your PHI to assess the quality of care provided in your case.

Uses and Disclosures Required by Law

The federal health information privacy regulations either permit or require us to use or disclose your PHI in the following ways: we may share some of your PHI with a family member or friend involved in your care if you do not object; we may use your PHI in an emergency situation when you may not be able to express yourself; we may use your PHI for appointment reminders and to inform you of alternative procedures and we may use or disclose your PHI for research purposes if we are provided with very specific assurances that your privacy will be protected. We may also disclose your PHI when we are required to do so by law. An example would be by court order or subpoena. Disclosures to health oversight agencies are sometimes required by law to report certain diseases or adverse drug reactions and for other public health purposes.

Uses and Disclosures that Do Not Require Your Authorization

We may use and disclose your PHI to avert a serious threat to your health or safety or the health or safety of the public or others. We may use and disclose your PHI to organ procurement organizations, for purposes of organ and tissue donation. If you are in the Armed Forces, we may release your PHI when it is determined to be necessary by the appropriate military command authorities. We may also release your PHI for workers’ compensation or other similar programs that provide benefits for work-related injury or illness.

Disclosures to Business Associates

We contract with outside companies that provide services for and to us such as management consultants, accountants or attorneys, Quality Management programs, collection agencies, etc. Such companies are classified as “Business Associates” of which we maintain a list. In certain circumstances, we may need to share your PHI with a business associate so it can perform a service on your behalf. We will limit the disclosure of your information to a business associate to the amount of information that is the minimum necessary to perform services for us. In addition, we will have a written contract in place with the business associate requiring it to protect the privacy of your PHI as described in this Notice of Privacy Practices and as required by law.

2) Your Privacy Rights

Restrictions

You have the right to request restrictions on how your PHI is used; however, we are not required to agree with your request. If we do agree, we must abide by your request. Additionally, you may request that we restrict disclosures of PHI to health plans for payment of health care operations purposes if the PHI pertains solely to items and services paid for by you in full.

Limited Data Sets

We may disclose limited PHI to third parties for purposes of research, public health and health care operation purposes; provided, however, that we may disclose only the “minimum necessary” to accomplish that purpose. This limited information includes only the following identifiers: service dates, dates of birth, age and five-digit zip codes or any other geographic subdivision such as state, county, city, precinct and their equivalent geocodes (except street address). Before disclosing this information we must enter into an agreement with the recipient of the information that limits who may use or receive the data and requires the recipient to agree not to re-identify the data or contact you. The agreement must contain assurances that the recipient of the information will use appropriated safeguards to prevent inappropriate use or disclosure of the information.

Confidential Communications

You have the right to request confidential communication from us at a location of your choosing. This request must be in writing.

Access to PHI

You have the right to request a copy of your medical record. You must make this request in writing and we may charge a fee to cover the costs of copying and mailing. If any of your PHI is contained in an electronic health record, we are required to provide you with a copy of your information in electronic format, upon request.

Amendments

You have the right to request an amendment be made to your PHI, if you disagree with what it says about you. This request must be made in writing. If we disagree with you, we ware not required to make the change. You do have the right to submit a written statement about why you disagree that will become part of your record. We may not amend parts of your medical record that we did not create.

Accounting of Disclosures

You have the right to request an accounting of the disclosures made by us in the previous six years. These disclosures will not include those made for treatment, payment, or health care operations or for which we have obtained authorization.

Marketing and Fundraising

We must also obtain your authorization prior to receiving, directly or indirectly, any remuneration in exchange for PHI or prior to using PHI for any marketing purposes. If we intend to use your PHI for any fundraising communications, we must provide you with and opportunity to opt-out of receiving further communications. Such opportunity must be provided to you in a clear and conspicuous manner.

Complaints

If you feel that your privacy rights have been violated, you have the right to make a complaint to us in writing without fear of retaliation. Your complaint should contain enough specific information so that we may adequately investigate and respond to your concerns. If you are not satisfied with our response, you may complain directly to the Secretary of Health and Human Services.

Our Duty to Protect Your Privacy

We are required to comply with the federal health information privacy regulations by maintaining the privacy of your PHI. These rules require us to provide you with this document, our Notice of Privacy Practices. We reserve the right to update this NPP if required by aw. If we do update this NPP at any time in the future, you will receive revised NPP when you next see treatment from us.

Breach Notification

We must report to the U.S. Department of Health and Human Services (HHS) breaches of “unsecured PHI”, defined as PHI that is not secured through the use of a technology or methodology specified by HHS. To comply with this requirement, we have created and implemented policies and procedures for identifying, tracking and reporting breaches of “unsecured PHI”. If we discover that a breach of your unsecured PHI has occurred, we are obligated to notify you within 60 days of that breach. The notification will include: 1) a brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known; 2) a description of the types of unsecured PHI that were involved in the breach (such as whether full name, social security number, date of birth); 3) any steps you should take to protect yourself from potential harm resulting from the breach; 4) a brief description of what we are doing to investigate the breach, to mitigate harm, and to protect against any further breaches.

Privacy Contact

If you would like more information about our privacy practices or to file a complaint you may contact:

Julie Lindsey
Office Manager and Compliance Officer
Office: 208-336-0895

AAB reserves the right to change its practices and this notice.

We reserve the right to change our health information practices and the terms of this notice, and to make the new provisions effective for all PHI AAB maintains, including PHI created or received prior the effective date of any such revised notice. Should our health information practices change AAB will post the revised notice at our delivery sites and make the revised notice available to you at your request.

If you believe your privacy rights have been violated, you may file a complaint with Julie Lindsey, Compliance Officer at 208-336-0895 to obtain information on how to file a complaint with AAB. You may also file a complaint with Secretary of the Department of Health and Human Services, 200 Independent Avenue SW., Washington DC. The DHHS toll-free number is 1-877-696-6775. There will be no retaliation for filing a complaint.