HIPAA Notice of Privacy Practices


THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

KabaFusion Holdings and its Affiliates (“Company”) is required by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), to provide you with this Notice of Privacy Practices (the “Notice”), which is intended to help you understand the privacy protections that apply to information concerning you and your health (“Personal Information”). The company is dedicated to maintaining the privacy of Personal Information in compliance with the requirements of HIPAA and all other applicable federal and state laws.

Special Note Regarding Individual State Law

In cases where individual State law is more restrictive than federal law, we are required to follow the more restrictive state law. Under more restrictive State laws, your prior authorization may be required for the use or disclosure of Personal Information that includes information relating to any of the following: (a) infection with or exposure to HIV, or the results of HIV tests, except if you are an injured worker claiming to be infected with or exposed to HIV due to a work-related incident; (b) mental health, or (c) diagnosis and treatment for substance abuse.

Permitted Uses and Disclosures of Personal Information

The company is generally permitted under HIPAA to use and disclose Personal Information without your authorization for purposes of treatment, payment, and our health care operations. However, your prior authorization may be required under other more stringent laws if Personal Information includes information relating to any of the following: (a) infection with or exposure to HIV, or the results of HIV tests, except if you are an injured worker claiming to be infected with or exposed to HIV due to a work-related incident; (b) mental health, or (c) diagnosis and treatment for substance abuse. The following are examples of how personal Information may be used for treatment, payment and health care operations:

Treatment:

Personal Information will be used and disclosed to coordinate, provide and manage the medical care and services that are provided to you by the company, or by another licensed health care practitioner or facility, such as your treating physician. Unless you inform us that you object, we also may disclose your Personal Information to others who may be assisting in your care, such as your spouse, children or parents. We also may use or disclose Personal Information when we contact you regarding appointments, or information about treatment alternatives or other health-related benefits and services that may be of interest to you. However, we will get a written authorization from you prior to using your Personal Information for generalized marketing purposes.

Payment:

Personal Information will be used and disclosed to obtain payment for the medical care and services that the company provides to you. This may include communicating with your health insurance plan to confirm your eligibility, or obtain approval of or payment for medical care and services, reviewing the services that were provided to you for medical necessity, and undertaking quality assurance and utilization review activities.

Health Care Operations:

Personal Information will be used and disclosed in order to support the health care operations of the company. These activities include, but are not limited to, licensing and certification reviews, compliance activities, quality assurance activities, employee training and review, and other similar business activities. These activities also may include disclosures of Personal Information with other “business associates” that perform various activities (e.g. billing, transcription services) on behalf of the company. All business associates will be required to sign a written agreement with the company that requires the business associate to protect the privacy of your Personal Information.

Other Uses and Disclosures of Personal Information

In addition to the use and disclosure of Personal Information for purposes of treatment, payment, and health care operations, other uses and disclosures of Personal Information also may be permitted or required without your authorization. These include, but are not necessarily limited to each of the following:

Emergencies:

The disclosure of Personal Information in a medical emergency. If this happens, you will be allowed to object to future disclosures as soon as reasonably practicable after the delivery of emergency medical care.

Required by Law:

The disclosure of Personal Information in order to comply with federal or state laws, the orders of a court, or the orders of a governmental agency.

Public Health:

The disclosure of Personal Information to public health authorities for preventing or controlling disease, or reporting vital information (for example, reporting abuse, fire-arm injuries, certain sexually transmitted diseases, deaths, etc.)

Government Regulation:

The disclosure of Personal Information to a governmental agency having responsibility for oversight of health care activities as authorized by law (for example, to the Secretary of the United States Department of Health and Human Services as required under HIPAA, or to state regulators as part of the regular inspection of our pharmacy facilities to ensure compliance with state laws).

Legal Proceedings:

The disclosure of Personal Information to courts, parties to a lawsuit, or government agencies as may be required during the course of a judicial or administrative proceeding (for example in response to a subpoena).

Law Enforcement:

The disclosure of Personal Information to law enforcement officials relating to crimes and other law enforcement purposes.

Research:

The disclosure of Personal Information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your Personal Information.

Threats to Health or Safety:

The disclosure of Personal Information to others, consistent with law, to prevent a serious threat to personal health or safety (for example, in the course of an investigation of a physician’s license).

Specialized Government Functions:

The disclosure of Personal Information to military command authorities, veterans’ administration, and national security and intelligence officials for activities deemed necessary to carry out their respective missions, or to law enforcement officials having custody of an inmate.

Workers Compensation:

The disclosure of Personal Information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or similar programs established by law.

When Your Authorization is Required

Uses and disclosures of Personal Information other than the uses and disclosures that are generally described above, will be made only with your written authorization, which you may revoke according to the company’s policies and as provided in the authorization form. For example, your Personal Information will not be used for marketing without your written authorization, unless the product or service is directly related to treatment, discussed face to face with you, or given as a promotional gift of nominal value.

Your Rights Concerning Personal Information

Although the records containing your Personal Information are the property of the company or the healthcare practitioner or facility that compiled it, you have certain rights relating to your Personal Information, which is explained below.

Restrictions on Disclosures of Personal Information:

You have the right to request that we place restrictions on certain uses and disclosures of your Personal Information, although we are not required to agree to your request.

Confidential Communications:

You have the right to request that we send your Personal Information to an alternate address or by alternate means. Although we are not required to agree to your request, we will accommodate reasonable requests. You do not need to give a reason for your request.

Access to Personal Information:

You and your personal representative have the right to inspect and copy your Personal Information. However, in cases where state law is more restrictive than federal law, we are required to follow the more restrictive state law.

Amendment of Personal Information:

You have the right to request amendments to your Personal Information, although we are not required to make the requested amendments. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.

Accounting of Disclosures of Personal Information:

You have the right to obtain an accounting of disclosures of your Personal Information for purposes other than treatment, payment or health care operations, disclosures to you or authorized by you, incidental disclosures and certain other excluded disclosures. Your request must be in writing. The accounting provided to you will be limited to the covered disclosures that occurred after April 14, 2003, up to a six-year timeframe. The right to receive this information is subjective to certain exceptions, restrictions and limitations.

Breach Notification:

You have the right to be informed following the discovery of a breach of unsecured protected health information. We will notify each individual whose unsecured protected health information has been, or is reasonably believed to have been, accessed, acquired, used, or disclosed as a result of such breach.

Notice of Privacy Practices:

You have the right to request a paper copy of this Notice, even if you have already agreed to receive an electronic copy.

Complaints:

If you believe your privacy rights have been violated, you have the right to register a complaint with the company or the Secretary of the U.S. Department of Health and Human Services. The company will not retaliate against any individual for filing a complaint. You may file a complaint by writing to us at the address located at the end of this Notice.

How to Exercise Your Rights

Write to us at the address located at the end of this Notice with your specific written request and be sure to include sufficient information for us to identify all of your records. The company will consider your request and provide you a response within a reasonable timeframe. Should we deny your request, you may have the right in some circumstances to ask for the denial to be reviewed by another healthcare professional designated by the company. For additional details, or for further instructions regarding how to exercise these rights, please contact us.

Our Obligations Concerning Personal Information

The company is required by law (a) to maintain the privacy of Personal Information (b) to provide individuals with notice of its legal duties and privacy practices with respect to Personal Information; and (c) to abide by the terms of this Notice as currently in effect. The company reserves the right to change the terms of this Notice, which will be effective for all Personal Information that it maintains, upon the provision of the revised Notice to all affected individuals.

Obtaining a Copy of Your Medical Record

Company employees are responsible for maintaining the confidentiality of your medical records. It is your right to request a release of information from your medical records. The following are guidelines you may use to request the release of your medical records:

  • Call the Company and ask for a Patient Authorization to Release Information Form.Forward the form, signed by the patient (or designee with power of attorney), or a Court Subpoena to the Pharmacy Manager or designee.
  • Or write a letter to the Pharmacy Manager or designee. Include the following information:
    1. Your full name at time of treatment
    2. Date of birth
    3. Date of treatment
    4. Name and address of the person or facility to which disclosure is to be provided.
    5. The specific kind and amount of information to be disclosed, such as laboratory results or clinical notes on your chart.
    6. The purpose of the request, for example “continuing care” or “insurance.”
    7. Your signature and date