-
OMNIBUS Rule HIPAA NOTICE OF PRIVACY PRACTICES
for the Healthcare Facility of: Name of Facility : Mroz-Baier
Breast Care Clinic P.C. Address: 6005 Park Avenue, Ste 700 Memphis,
TN 38119
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE
USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION
under the HIPAA Omnibus Rule of 2013.
PLEASE REVIEW IT CAREFULLY
For purposes of this Notice us we and our refers to the Name of
this Healthcare Facility: Mroz-Baier Breast Care Clinic, P.C. and
you or your refers to our patients (or their legal representatives
as determined by us in accordance with state informed consent law).
When you receive healthcare services from us, we will obtain access
to your medical information (i.e. your health history). We are
committed to maintaining the privacy of your health information and
we have implemented numerous procedures to ensure that we do so.
The Federal Health Insurance Portability & Accountability Act
of 2013, HIPAA Omnibus Rule, (formally HIPAA 1996 & HI TECH of
2004) require us to maintain the confidentiality of all your
healthcare records and other identifiable patient health
information (PHI) used by or disclosed to us in any form, whether
electronic, on paper, or spoken. HIPAA is a Federal Law that gives
you significant new rights to understand and control how your
health information is used. Federal HIPAA Omnibus Rule and state
law provide penalties for covered entities, business associates,
and their subcontractors and records owners, respectively that
misuse or improperly disclose PHI. Starting April 14, 2003, HIPAA
requires us to provide you with the Notice of our legal duties and
the privacy practices we are required to follow when you first come
into our office for health-care services. If you have any questions
about this Notice, please ask to speak to our HIPAA Privacy
Officer. Our doctors, clinical staff, employees, Business
Associates (outside contractors we hire), their subcontractors and
other involved parties follow the policies and procedures set forth
in this Notice. If at this facility, your primary caretaker /
doctor is unavailable to assist you (i.e. illness, on-call
coverage, vacation, etc.), we may provide you with the name of
another healthcare provider outside our practice for you to consult
with. If we do so, that provider will follow the policies and
procedures set forth in this Notice or those established for his or
her practice, so long as they substantially conform to those for
our practice. OUR RULES ON HOW WE MAY USE AND DISCLOSE YOUR
PROTECTED HEALTH INFORMATION Under the law, we must have your
signature on a written, dated Consent Form and/or an Authorization
Form of Acknowledgement of this Notice, before we will use or
disclose your PHI for certain purposes as detailed in the rules
below. Documentation You will be asked to sign an Authorization /
Acknowledgement form when you receive this Notice of Privacy
Practices. If you did not sign such a form or need a copy of the
one you signed, please contact our Privacy Officer. You may take
back or revoke your consent or authorization at any time (unless we
already have acted based on it) by submitting our Revocation Form
in writing to us at our address listed above. Your revocation will
take effect when we actually receive it. We cannot give it
retroactive effect, so it will not affect any use or
HIPAA made EASY All Rights Reserved
-
disclosure that occurred in our reliance on your Consent or
Authorization prior to revocation (i.e. if after we provide
services to you, you revoke your authorization / acknowledgement in
order to prevent us billing or collecting for those services, your
revocation will have no effect because we relied on your
authorization/ acknowledgement to provide services before you
revoked it). General Rule If you do not sign our authorization/
acknowledgement form or if you revoke it, as a general rule
(subject to exceptions described below under Healthcare Treatment,
Payment and Operations Rule and Special Rules), we cannot in any
manner use or disclose to anyone (excluding you, but including
payers and Business Associates) your PHI or any other information
in your medical record. By law, we are unable to submit claims to
payers under assignment of benefits without your signature on our
authorization/ acknowledgement form. You will however be able to
restrict disclosures to your insurance carrier for services for
which you wish to pay "out of pocket under the new Omnibus Rule. We
will not condition treatment on you signing an authorization /
acknowledgement, but we may be forced to decline you as a new
patient or discontinue you as an active patient if you choose not
to sign the authorization/ acknowledgement or revoke it. Healthcare
Treatment, Payment and Operations Rule With your signed consent, we
may use or disclose your PHI in order:
To provide you with or coordinate healthcare treatment and
services. For example, we may review your health history form to
form a diagnosis and treatment plan, consult with other doctors
about your care, delegate tasks to ancillary staff, call in
prescriptions to your pharmacy, disclose needed information to your
family or others so they may assist you with home care, arrange
appointments with other healthcare providers, schedule lab work for
you, etc.
To bill or collect payment from you, an insurance company, a
managed-care organization, a health benefits plan or another third
party. For example, we may need to verify your insurance coverage,
submit your PHI on claim forms in order to get reimbursed for our
services, obtain pre-treatment estimates or prior authorizations
from your health plan or provide your x-rays because your health
plan requires them for payment; Remember, you will be able to
restrict disclosures to your insurance carrier for services for
which you wish to pay "out of pocket under this new Omnibus
Rule.
To run our office, assess the quality of care our patients
receive and provide you with customer service. For example, to
improve efficiency and reduce costs associated with missed
appointments, we may contact you by telephone, mail or otherwise
remind you of scheduled appointments, we may leave messages with
whomever answers your telephone or email to contact us (but we will
not give out detailed PHI), we may call you by name from the
waiting room, we may ask you to put your name on a sign-in sheet,
(we will cover your name just after checking you in), we may tell
you about or recommend health-related products and complementary or
alternative treatments that may interest you, we may review your
PHI to evaluate our staffs performance, or our Privacy Officer may
review your records to assist you with complaints. If you prefer
that we not contact you with appointment reminders or information
about treatment alternatives or health-related products and
services, please notify us in writing at our address listed above
and we will not use or disclose your PHI for these purposes.
New HIPAA Omnibus Rule does not require that we provide the
above notice regarding Appointment Reminders, Treatment Information
or Health Benefits, but we are including these as a courtesy so you
understand our business practices with regards to your (PHI)
protected health information.
-
Additionally you should be made aware of these protection laws
on your behalf, under the new HIPAA Omnibus Rule:
That Health Insurance plans that underwrite cannot use or
disclose genetic information for underwriting purposes (this
excludes certain long-term care plans). Health plans that post
their NOPPs on their web sites must post these Omnibus Rule changes
on their sites by the effective date of the Omnibus Rule, as well
as notify you by US Mail by the Omnibus Rules effective date. Plans
that do not post their NOPPs on their Web sites must provide you
information about Omnibus Rule changes within 60 days of these
federal revisions.
Psychotherapy Notes maintained by a healthcare provider, must
state in their NOPPs that they can allow use and disclosure of such
notes only with your written authorization.
Special Rules Notwithstanding anything else contained in this
Notice, only in accordance with applicable HIPAA Omnibus Rule, and
under strictly limited circumstances, we may use or disclose your
PHI without your permission, consent or authorization for the
following purposes:
When required under federal, state or local law When necessary
in emergencies to prevent a serious threat to your health and
safety or
the health and safety of other persons When necessary for public
health reasons (i.e. prevention or control of disease, injury
or
disability, reporting information such as adverse reactions to
anesthesia, ineffective or dangerous medications or products,
suspected abuse, neglect or exploitation of children, disabled
adults or the elderly, or domestic violence)
For federal or state government health-care oversight activities
(i.e. civil rights laws, fraud and abuse investigations, audits,
investigations, inspections, licensure or permitting, government
programs, etc.)
For judicial and administrative proceedings and law enforcement
purposes (i.e. in response to a warrant, subpoena or court order,
by providing PHI to coroners, medical examiners and funeral
directors to locate missing persons, identify deceased persons or
determine cause of death)
For Workers Compensation purposes (i.e. we may disclose your PHI
if you have claimed health benefits for a work-related injury or
illness)
For intelligence, counterintelligence or other national security
purposes (i.e. Veterans Affairs, U.S. military command, other
government authorities or foreign military authorities may require
us to release PHI about you)
For organ and tissue donation (i.e. if you are an organ donor,
we may release your PHI to organizations that handle organ, eye or
tissue procurement, donation and transplantation)
For research projects approved by an Institutional Review Board
or a privacy board to ensure confidentiality (i.e. if the
researcher will have access to your PHI because involved in your
clinical care, we will ask you to sign an authorization)
To create a collection of information that is de-identified
(i.e. it does not personally identify you by name, distinguishing
marks or otherwise and no longer can be connected to you)
To family members, friends and others, but only if you are
present and verbally give permission. We give you an opportunity to
object and if you do not, we reasonably assume, based on our
professional judgment and the surrounding circumstances, that you
do not object (i.e. you bring someone with you into the operatory
or exam room during treatment or into the conference area when we
are discussing your PHI); we
-
reasonably infer that it is in your best interest (i.e. to allow
someone to pick up your records because they knew you were our
patient and you asked them in writing with your signature to do
so); or it is an emergency situation involving you or another
person (i.e. your minor child or ward) and, respectively, you
cannot consent to your care because you are incapable of doing so
or you cannot consent to the other persons care because, after a
reasonable attempt, we have been unable to locate you. In these
emergency situations we may, based on our professional judgment and
the surrounding circumstances, determine that disclosure is in the
best interests of you or the other person, in which case we will
disclose PHI, but only as it pertains to the care being provided
and we will notify you of the disclosure as soon as possible after
the care is completed. As per HIPAA law 164.512(j) (i) (A) Is
necessary to prevent or lessen a serious or imminent threat to the
health and safety of a person or the public and (B) Is to person or
persons reasonably able to prevent or lessen that threat.
Minimum Necessary Rule Our staff will not use or access your PHI
unless it is necessary to do their jobs (i.e. doctors uninvolved in
your care will not access your PHI; ancillary clinical staff caring
for you will not access your billing information; billing staff
will not access your PHI except as needed to complete the claim
form for the latest visit; janitorial staff will not access your
PHI). All of our team members are trained in HIPAA Privacy rules
and sign strict Confidentiality Contracts with regards to
protecting and keeping private your PHI. So do our Business
Associates and their Subcontractors. Know that your PHI is
protected several layers deep with regards to our business
relations. Also, we disclose to others outside our staff, only as
much of your PHI as is necessary to accomplish the recipients
lawful purposes. Still in certain cases, we may use and disclose
the entire contents of your medical record:
To you (and your legal representatives as stated above) and
anyone else you list on a Consent or Authorization to receive a
copy of your records
To healthcare providers for treatment purposes (i.e. making
diagnosis and treatment decisions or agreeing with prior
recommendations in the medical record)
To the U.S. Department of Health and Human Services (i.e. in
connection with a HIPAA complaint)
To others as required under federal or state law To our privacy
officer and others as necessary to resolve your complaint or
accomplish
your request under HIPAA (i.e. clerks who copy records need
access to your entire medical record)
In accordance with HIPAA law, we presume that requests for
disclosure of PHI from another Covered Entity (as defined in HIPAA)
are for the minimum necessary amount of PHI to accomplish the
requestors purpose. Our Privacy Officer will individually review
unusual or non-recurring requests for PHI to determine the minimum
necessary amount of PHI and disclose only that. For non-routine
requests or disclosures, our Privacy Officer will make a minimum
necessary determination based on, but not limited to, the following
factors:
The amount of information being disclosed The number of
individuals or entities to whom the information is being disclosed
The importance of the use or disclosure The likelihood of further
disclosure Whether the same result could be achieved with
de-identified information The technology available to protect
confidentiality of the information The cost to implement
administrative, technical and security procedures to protect
-
confidentiality If we believe that a request from others for
disclosure of your entire medical record is unnecessary, we will
ask the requestor to document why this is needed, retain that
documentation and make it available to you upon request. Incidental
Disclosure Rule We will take reasonable administrative, technical
and security safeguards to ensure the privacy of your PHI when we
use or disclose it (i.e. we shred all paper containing PHI, require
employees to speak with privacy precautions when discussing PHI
with you, we use computer passwords and change them periodically
(i.e. when an employee leaves us), we use firewall and router
protection to the federal standard, we back up our PHI data
off-site and encrypted to federal standard, we do not allow
unauthorized access to areas where PHI is stored or filed and/or we
have any unsupervised business associates sign Business Associate
Confidentiality Agreements).However, in the event that there is a
breach in protecting your PHI, we will follow Federal Guide Lines
to HIPAA Omnibus Rule Standard to first evaluate the breach
situation using the Omnibus Rule, 4-Factor Formula for Breach
Assessment. Then we will document the situation, retain copies of
the situation on file, and report all breaches (other than low
probability as prescribed by the Omnibus Rule) to the US Department
of Health and Human Services at:
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
We will also make proper notification to you and any other parties
of significance as required by HIPAA Law. Business Associate Rule
Business Associates are defined as: an entity, (non-employee) that
in the course of their work will directly / indirectly use,
transmit, view, transport, hear, interpret, process or offer PHI
for this Facility. Business Associates and other third parties (if
any) that receive your PHI from us will be prohibited from
re-disclosing it unless required to do so by law or you give prior
express written consent to the re-disclosure. Nothing in our
Business Associate agreement will allow our Business Associate to
violate this re-disclosure prohibition. Under Omnibus Rule,
Business Associates will sign a strict confidentiality agreement
binding them to keep your PHI protected and report any compromise
of such information to us, you and the United States Department of
Health and Human Services, as well as other required entities. Our
Business Associates will also follow Omnibus Rule and have any of
their Subcontractors that may directly or indirectly have contact
with your PHI, sign Confidentiality Agreements to Federal Omnibus
Standard. Super-confidential Information Rule If we have PHI about
you regarding communicable diseases, disease testing, alcohol or
substance abuse diagnosis and treatment, or psychotherapy and
mental health records (super-confidential information under the
law), we will not disclose it under the General or Healthcare
Treatment, Payment and Operations Rules (see above) without your
first signing and properly completing our Consent form (i.e. you
specifically must initial the type of super-confidential
information we are allowed to disclose). If you do not specifically
authorize disclosure by initialing the super-confidential
information, we will not disclose it unless authorized under the
Special Rules (see above) (i.e. we are required by law to disclose
it). If we disclose super-confidential information (either because
you have initialed the consent form or the Special Rules
authorizing us to do so), we will comply with state and federal law
that requires us to warn the recipient in writing that
re-disclosure is prohibited.
-
Changes to Privacy Policies Rule We reserve the right to change
our privacy practices (by changing the terms of this Notice) at any
time as authorized by law. The changes will be effective
immediately upon us making them. They will apply to all PHI we
create or receive in the future, as well as to all PHI created or
received by us in the past (i.e. to PHI about you that we had
before the changes took effect). If we make changes, we will post
the changed Notice, along with its effective date, in our office
and on our website. Also, upon request, you will be given a copy of
our current Notice. Authorization Rule We will not use or disclose
your PHI for any purpose or to any person other than as stated in
the rules above without your signature on our specifically worded,
written Authorization / Acknowledgement Form (not a Consent or an
Acknowledgement). If we need your Authorization, we must obtain it
via a specific Authorization Form, which may be separate from any
Authorization / Acknowledgement we may have obtained from you. We
will not condition your treatment here on whether you sign the
Authorization (or not). Marketing and Fund Raising Rules
Limitations on the disclosure of PHI regarding Remuneration The
disclosure or sale of your PHI without authorization is prohibited.
Under the new HIPAA Omnibus Rule, this would exclude disclosures
for public health purposes, for treatment / payment for healthcare,
for the sale, transfer, merger, or consolidation of all or part of
this facility and for related due diligence, to any of our Business
Associates, in connection with the business associate's performance
of activities for this facility, to a patient or beneficiary upon
request, and as required by law. In addition, the disclosure of
your PHI for research purposes or for any other purpose permitted
by HIPAA will not be considered a prohibited disclosure if the only
reimbursement received is a reasonable, cost-based fee to cover the
cost to prepare and transmit your PHI which would be expressly
permitted by law. Notably, under the Omnibus Rule, an authorization
to disclose PHI must state that the disclosure will result in
remuneration to the Covered Entity. Notwithstanding the changes in
the Omnibus Rule, the disclosure of limited data sets (a form of
PHI with a number of identifiers removed in accordance with
specific HIPAA requirements) for remuneration pursuant to existing
agreements is permissible until September 22, 2014, so long as the
agreement is not modified within one year before that date.
Limitation on the Use of PHI for Paid Marketing We will, in
accordance with Federal and State Laws, obtain your written
authorization to use or disclose your PHI for marketing purposes,
(i.e.: to use your photo in ads) but not for activities that
constitute treatment or healthcare operations. To clarify,
Marketing is defined by HIPAAs Omnibus Rule, as "a communication
about a product or service that encourages recipients . . . to
purchase or use the product or service." Under the Omnibus Rule, we
will obtain a written authorization from you prior to recommending
you to an alternative therapist, or non-associated Healthcare
Covered Entity. Under Omnibus Rule we will obtain your written
authorization prior to using your PHI or making any treatment or
healthcare recommendations, should financial remuneration for
making the
-
communication be involved from a third party whose product or
service we might promote (i.e.: businesses offering this facility
incentives to promote their products or services to you). This will
also apply to our Business Associate who may receive such
remuneration for making a treatment or healthcare recommendations
to you. All such recommendations will be limited without your
expressed written permission. We must clarify to you that financial
remuneration does not include as in-kind payments and payments for
a purpose to implement a disease management program. Any
promotional gifts of nominal value are not subject to the
authorization requirement, and we will abide by the set terms of
the law to accept or reject these. The only exclusion to this would
include: "refill reminders", so long as the remuneration for making
such a communication is "reasonably related to our cost" for making
such a communication. In accordance with law, this facility and our
Business Associates will only ever seek reimbursement from you for
permissible costs that include: labor, supplies, and postage.
Please note that generic equivalents , adherence to take medication
as directed and self-administered drug or delivery system
communications are all considered to be "refill reminders."
Face-to-face marketing communications, such as sharing with you, a
written product brochure or pamphlet, is permissible under current
HIPAA Law. Flexibility on the Use of PHI for Fundraising Under the
HIPAA Omnibus Rule use of PHI is more flexible and does not require
your authorization should we choose to include you in any fund
raising efforts attempted at this facility? However, we will offer
the opportunity for you to opt out of receiving future fundraising
communications. Simply let us know that you want to opt out of such
situations. There will be a statement on your HIPAA Patient
Acknowledgement Form where you can choose to opt out. Our
commitment to care and treat you will in no way effect your
decision to participate or not participate in our fund raising
efforts. Improvements to Requirements for Authorizations Related to
Research Under HIPAA Omnibus Rule, we may seek authorizations from
you for the use of your PHI for future research. However, we would
have to make clear what those uses are in detail. Also, if we
request of you a compound authorization with regards to research,
this facility would clarify that when a compound authorization is
used, and research-related treatment is conditioned upon your
authorization, the compound authorization will differentiate
between the conditioned and unconditioned components. YOUR RIGHTS
REGARDING YOUR PROTECTED HEALTH INFORMATION If you got this Notice
via email or website, you have the right to get, at any time, a
paper copy by asking our Privacy Officer. Also, you have the
following additional rights regarding PHI we maintain about you: To
Inspect and Copy You have the right to see and get a copy of your
PHI including, but not limited to, medical and billing records by
submitting a written request to our Privacy Officer. Original
records will not leave the premises, will be available for
inspection only during our regular business hours, and only if our
Privacy Officer is present at all times. You may ask us to give you
the copies in a format other than photocopies (and we will do so
unless we determine that it is impractical) or ask us to prepare a
summary in lieu of the copies. We may charge you a fee not to
exceed state law to recover our costs (including postage, supplies,
and staff time as applicable, but
-
excluding staff time for search and retrieval) to duplicate or
summarize your PHI. We will not condition release of the copies on
summary of payment of your outstanding balance for professional
services if you have one). We will comply with Federal Law to
provide your PHI in an electronic format within the 30 days, to
Federal specification, when you provide us with proper written
request. Paper copy will also be made available. We will respond to
requests in a timely manner, without delay for legal review, or, in
less than thirty days if submitted in writing, and in ten business
days or less if malpractice litigation or pre-suit production is
involved. We may deny your request in certain limited circumstances
(i.e. we do not have the PHI, it came from a confidential source,
etc.). If we deny your request, you may ask for a review of that
decision. If required by law, we will select a licensed health-care
professional (other than the person who denied your request
initially) to review the denial and we will follow his or her
decision. If we select a licensed healthcare professional who is
not affiliated with us, we will ensure a Business Associate
Agreement is executed that prevents re-disclosure of your PHI
without your consent by that outside professional. To Request
Amendment / Correction If another doctor involved in your care
tells us in writing to change your PHI, we will do so as
expeditiously as possible upon receipt of the changes and will send
you written confirmation that we have made the changes. If you
think PHI we have about you is incorrect, or that something
important is missing from your records, you may ask us to amend or
correct it (so long as we have it) by submitting a Request for
Amendment / Correction form to our Privacy Officer. We will act on
your request within 30 days from receipt but we may extend our
response time (within the 30-day period) no more than once and by
no more than 30 days, or as per Federal Law allowances, in which
case we will notify you in writing why and when we will be able to
respond. If we grant your request, we will let you know within five
business days, make the changes by noting (not deleting) what is
incorrect or incomplete and adding to it the changed language, and
send the changes within 5 business days to persons you ask us to
and persons we know may rely on incorrect or incomplete PHI to your
detriment (or already have). We may deny your request under certain
circumstances (i.e. it is not in writing, it does not give a reason
why you want the change, we did not create the PHI you want changed
(and the entity that did can be contacted), it was compiled for use
in litigation, or we determine it is accurate and complete). If we
deny your request, we will (in writing within 5 business days) tell
you why and how to file a complaint with us if you disagree, that
you may submit a written disagreement with our denial (and we may
submit a written rebuttal and give you a copy of it), that you may
ask us to disclose your initial request and our denial when we make
future disclosure of PHI pertaining to your request, and that you
may complain to us and the U.S. Department of Health and Human
Services. To an Accounting of Disclosures You may ask us for a list
of those who got your PHI from us by submitting a Request for
Accounting of Disclosures form to us. The list will not cover some
disclosures (i.e. PHI given to you, given to your legal
representative, given to others for treatment, payment or
health-care-operations purposes). Your request must state in what
form you want the list (i.e. paper or electronically) and the time
period you want us to cover, which may be up to but not more than
the last six years (excluding dates before April 14, 2003). If you
ask us for this list more than once in a 12-month period, we may
charge you a reasonable, cost-based fee to respond, in which case
we will tell you the cost before we incur it and let you choose if
you want to withdraw or modify your request to avoid the cost. To
Request Restrictions
HIPAA made EASY All Rights Reserved
-
You may ask us to limit how your PHI is used and disclosed (i.e.
in addition to our rules as set forth in this Notice) by submitting
a written Request for Restrictions on Use, Disclosure form to us
(i.e. you may not want us to disclose your surgery to family
members or friends involved in paying for our services or providing
your home care). If we agree to these additional limitations, we
will follow them except in an emergency where we will not have time
to check for limitations. Also, in some circumstances we may be
unable to grant your request (i.e. we are required by law to use or
disclose your PHI in a manner that you want restricted, you signed
an Authorization Form, which you may revoke, that allows us to use
or disclose your PHI in the manner you want restricted; in an
emergency). To Request Alternative Communications You may ask us to
communicate with you in a different way or at a different place by
submitting a written Request for Alternative Communication Form to
us. We will not ask you why and we will accommodate all reasonable
requests (which may include: to send appointment reminders in
closed envelopes rather than by postcards, to send your PHI to a
post office box instead of your home address, to communicate with
you at a telephone number other than your home number). You must
tell us the alternative means or location you want us to use and
explain to our satisfaction how payment to us will be made if we
communicate with you as you request. To Complain or Get More
Information We will follow our rules as set forth in this Notice.
If you want more information or if you believe your privacy rights
have been violated (i.e. you disagree with a decision of ours about
inspection / copying, amendment / correction, accounting of
disclosures, restrictions or alternative communications), we want
to make it right. We never will penalize you for filing a
complaint. To do so, please file a formal, written complaint within
180 days with: The U.S. Department of Health & Human Services
Office of Civil Rights 200 Independence Ave., S.W. Washington, DC
20201 877.696.6775 Or, submit a written Complaint form to us at the
following address:
Our Privacy Officer: Nanci Jennings Office Name: Mroz-Baier
Breast Care Clinic P.C. Office Address: 6005 Park Avenue, Ste 700
Memphis, TN 38119 Office Phone: 901-527-3391 Office Fax:
901-578-3969 Email Address: mrozbaier @aol.com
You may get your HIPAA Complaint form by calling our privacy
officer. These privacy practices are in accordance with the
original HIPAA enforcement effective April 14, 2003, and undated to
Omnibus Rule effective March 26, 2013 and will remain in effect
until we replace them as specified by Federal and/or State Law.
HIPAA made EASY All Rights Reserved
-
OPTIONAL RULES FOR NOPP Faxing and Emailing Rule When you
request us to fax or email your PHI as an alternative
communication, we may agree to do so, but only after having our
Privacy Officer or treating doctor review that request. For this
communication, our Privacy Officer will confirm that the fax number
or email address is correct before sending the message and ensure
that the intended recipient has sole access to the fax machine or
computer before sending the message; confirm receipt, locate our
fax machine or computer in a secure location so unauthorized access
and viewing is prevented; use a fax cover sheet so the PHI is not
the first page to print out (because unauthorized persons may view
the top page); and attach an appropriate notice to the message. Our
emails are all encrypted per Federal Standard for your protection.
Practice Transition Rule If we sell our practice, our patient
records (including but not limited to your PHI) may be disclosed
and physical custody may be transferred to the purchasing
healthcare provider, but only in accordance with the law. The
healthcare provider who is the new records owner will be solely
responsible for ensuring privacy of your PHI after the transfer and
you agree that we will have no responsibility for (or duty
associated with) transferred records. If all the owners of our
practice die, our patient records (including but not limited to
your PHI) must be transferred to another healthcare provider within
90 days to comply with State & Federal Laws. Before we transfer
records in either of these two situations, our Privacy Officer will
obtain a Business Associate Agreement from the purchaser and review
your PHI for super-confidential information (i.e. communicable
disease records), which will not be transferred without your
express written authorization (indicated by your initials on our
Consent form). Inactive Patient Records We will retain your records
for seven years from your last treatment or examination, at which
point you will become an inactive patient in our practice and we
may destroy your records at that time (but records of inactive
minor patients will not be destroyed before the childs eighteenth
birthday). We will do so only in accordance with the law (i.e. in a
confidential manner, with a Business Associate Agreement
prohibiting re-disclosure if necessary). Collections If we use or
disclose your PHI for collections purposes, we will do so only in
accordance with the law.
HIPAA made EASY
All Rights Reserved
-
HIPAA OMNIBUS RULE PATIENT ACKNOWLEDGEMENT OF RECEIPT OF NOTICE
OF PRIVACY PRACTICES
AND CONSENT/ LIMITED AUTHORIZATION & RELEASE FORM You may
refuse to sign this acknowledgement & authorization. In
refusing we may not be allowed to process your insurance
claims.
Date: __________________ The undersigned acknowledges receipt of
a copy of the currently effective Notice of Privacy Practices for
this healthcare facility. A copy of this signed, dated document
shall be as effective as the original. MY SIGNATURE WILL ALSO SERVE
AS A PHI DOCUMENT RELEASE SHOULD I REQUEST TREATMENT OR RADIOGRAPHS
BE SENT TO OTHER ATTENDING DOCTOR / FACILITIES IN THE FUTURE.
_________________________________ ________________________________
Please print name of Patient Please sign for Patient / Guardian of
Patient ________________________________
________________________________ Legal Representative / Guardian
Relationship of Legal Representative / Guardian Your comments
regarding Acknowledgements or Consents:
_______________________________________
_________________________________________________________________
HOW DO YOU WANT TO BE ADDRESSED WHEN SUMMONED FROM THE RECEPTION
AREA: First Name Only Proper Sir Name Other
___________________________
PLEASE LIST ANY OTHER PARTIES WHO CAN HAVE ACCESS TO YOUR HEALTH
INFORMATION: (This includes step parents, grandparents and any care
takers who can have access to this patients records): Name:
__________________________ Relationship:
______________________________ Name: __________________________
Relationship: ______________________________
---------------------------------------------------------------------------------------------------------------------------------
I AUTHORIZE CONTACT FROM THIS OFFICE TO CONFIRM MY APPOINTMENTS,
TREATMENT & BILLING INFORMATION VIA: Cell Phone Confirmation
Text Message to my Cell Phone Home Phone Confirmation Email
Confirmation Work Phone Confirmation Any of the Above I AUTHORIZE
INFORMATION ABOUT MY HEALTH BE CONVEYED VIA:
Cell Phone Confirmation Text Message to my Cell Phone Home Phone
Confirmation Email Confirmation Work Phone Confirmation Any of the
Above
I APPROVE BEING CONTACTED ABOUT SPECIAL SERVICES, EVENTS, FUND
RAISING EFFORTS or NEW HEALTH INFO on behalf of this Healthcare
Facility via:
Phone Message Any of the Above Text Message None of the above
(opt out) Email
In signing this HIPAA Patient Acknowledgement Form, you
acknowledge and authorize, that this office may recommend products
or services to promote your improved health. This office may or may
not receive third party remuneration from these affiliated
companies. We, under current HIPAA Omnibus Rule, provide you this
information with your knowledge and consent.
---------------------------------------------------------------------------------------------------------------------------------
Office Use Only As Privacy Officer, I attempted to obtain the
patients (or representatives) signature on this Acknowledgement but
did not because:
It was emergency treatment _____ I could not communicate with
the patient _____ The patient refused to sign _____ The patient was
unable to sign because _____ Other (please describe) ____
____________________________________________
Signature of Privacy Officer
HIPAA made EASY All Rights Reserved
-
CONSENT FOR RELEASE OF MEDICAL RECORDS AND USE AND
DISCLOSURE OF PROTECTED HEALTH INFORMATION TO A THIRD PARTY
I, _______________________________________, (print name of
Patient making Request), hereby authorize
____________________________________________ (hereafter
collectively referred to as the Practice) to use
and disclose:
My entire medical or record
Test Results only
Portions of my Medical Record, specifically: _____Films and
Reports; _________________________________
Date specific Portions of my Medical Record, From Date:
_________________ To Date: __________________
I acknowledge that this Healthcare Facility, in accordance with
their Notice of Privacy Practices (NOPP)
and Omnibus HIPAA Law will release my specified medical records
to the party listed above. I have reviewed this Practices Notice of
Privacy Practices (NOPP) and have been given an opportunity to
ask
questions about it, understand it, and do hereby agree to its
terms. A copy of this signed, dated Consent
shall be as effective as the original. I release, hold harmless
and agree to indemnify this Practice, its
employees and agents for any and all liability (including but
not limited to negligence) arising out of or
occurring under this Consent. I specifically authorize this
Practice to use and disclose verbally, by mail, fax
or unencrypted email, the following types of super-confidential
information as stated in the NOPP (initial
where appropriate):
HIV records (including HIV test results) and sexually
transmissible diseases
Alcohol and substance abuse diagnosis and treatment records
Psychotherapy records
Not Applicable
REQUIRED TO COMPLETE:
In accordance with HIPAA Omnibus Rule of 2013, I understand that
I need to provide the specifics of this
release request:
1. Date of this Request: ____________________
2. Please Release my records to: Mroz Baier Breast Care Clinic,
P.C.
6005 Park Ave, Ste 700, Memphis, TN 38119
3. The Records will be obtained by:
Please allow _____________________________ to pick up a copy of
my records (including
Third Party will pick up a copy of my records on or after this
date: ______________________
Send Third Party a copy of my records to this address:
_________________________________
_________________________________
_________________________________
---------------------------------------------------------------------------------------------------------------------------------------------------------
Patient Sign: ___________________________ DOB: __________ Date:
______________
or
By Patients Representative ____________________________ Date:
__________________
(Print name, sign, and describe authority)
----------------------------------------------------------------------------------------------------------------------------------------------------------
OFFICE USE ONLY
Describe what alternative communications were denied this
__________ day of _______________, 20________
_____________________________________________________________________________________
Describe what alternative communications were accepted this
__________ day of ____________, 20_________
_____________________________________________________________________________________
HIPAA made EASY
All Rights Reserved
-
Discrimination is Not Tolerated in This Medical Practice
In accordance with the ethical standards of the medical
profession, Mroz Baier Breast Care Clinic, PC
complies with applicable Federal civil rights laws and does not
discriminate on the basis of race, color,
national origin, age, disability, or sex. Our practice also does
not exclude people or treat them
differently due to race, color, national origin, age,
disability, or sex. We offer the following:
Complimentary aids and services to people with disabilities to
communicate effectively with us, such as:
o Qualified sign language interpreters
o Written information in other formats (large print, audio,
accessible electronic formats, other formats)
Complimentary language services to people whose primary language
is not English, such as:
o Qualified interpreters
o Information written in other languages
If you need these services, please let our practice know.
If you believe that our practice has failed to provide these
services or discriminated in another way on
the basis of race, color, national origin, age, disability, or
sex, you can file a grievance in writing with:
Region IV District Office
U.S. Department of Health & Human Services
Office for Civil Rights
101 Marietta Tower, Rm. 1502
Atlanta, GA 30323
(404) 331-2779 (Voice)
(404) 331-2867 (TDD)
You may also contact the Office of Civil Rights by phone at
800-368-1019, or [800-537-7697- if
covered entity has a TDD phone], fax at (202) 619-3818, or by
email at [email protected].
You may file a grievance in person or by mail, fax, or email. If
you need help filing a grievance,
Joseph L. Baier, Jr., Owner, is available to help you.
You can also file a civil rights complaint with the U.S.
Department of Health and Human Services,
Office for Civil Rights, electronically through the Office for
Civil Rights Complaint Portal, available at
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf , or by mail
or phone at:
U.S. Department of Health and Human Services
200 Independence Avenue, SW
Room 509F, HHH Building
Washington, D.C. 20201
(800) 368-1019, or 800-537-7697 (TDD)
Complaint forms are available at
http://www.hhs.gov/ocr/office/file/index.html
mailto:[email protected]://ocrportal.hhs.gov/ocr/smartscreen/main.jsfhttp://www.hhs.gov/ocr/office/file/index.html
-
TAGLINES TOP 15 LANGUAGES
Spanish:
ATENCIN: si habla espaol, tiene a su disposicin servicios
gratuitos de asistencia lingstica. Llame al 1-800-268-1019 (TTY:
1-800-537-7697).
Vietnamese:
CH : Nu bn ni Ting Vit, c cc dch v h tr ngn ng min ph dnh cho
bn. Gi s 1-800-268-1019 (TTY: 1-800-537-7697).
Tagalog:
PAUNAWA: Kung nagsasalita ka ng Tagalog, maaari kang gumamit ng
mga serbisyo ng tulong sa wika nang walang bayad. Tumawag sa
1-800-
268-1019 (TTY: 1-800-537-7697).
Chinese:
1-800-268-1019 (TTY: 1-800-537-7697).
Korean:
: , . 1-800-268-1019 (TTY: 1-800-537-7697).
.
Russian:
: , . 1-800-268-1019 (: 1-
800-537-7697).
Farsi:
: . 1-800-268-1019 (TTY: 1-800-
537-7697) .
Armenian:
,
: 1-800-268-1019 () 1-800-537-7697)
Japanese:
1-800-268-1019TTY:1-800-537-7697
Arabic:
: . -18002681019 ( : 1-
8005377697).
Panjabi: : , 1-800-268-1019 (TTY: 1-800-537-7697) '
Mon-khmer, Cambodian: ,
1-800-268-1019 (TTY: 1-800-537-7697)
Hmong:LUS CEEV: Yog tias koj hais lus Hmoob, cov kev pab txog
lus, muaj kev pab dawb rau koj. Hu rau 1-800-268-1019 (TTY:
1-800-537-
7697).
Hindi: : 1-800-268-1019 (TTY: 1-800-537-7697)
-
Thai:: 1-800-268-1019 (TTY: 1-800-537-7697).
-
Christine T. Mroz, M.D. Jane G. Sugar, M.D. Rose Sinclair, MSN,
FNP Date: ________________________
Name______________________________________________Sex___Age___Race___Birthday_______________________________
Home Address _________________________________________________
Apt #___ Marital Status: M ___ S ___ D ___W ___
City________________________ State________ Zip____________
Social Security #_______________________________________
Home Phone (____) __________________ Cell Phone (____)
____________________ Work Phone (____) ______________________
(Only if you can receive calls at work)
Employed by _____________________________________________
Address_____________________________________________
Spouse/Parent Name______________________________________ Social
Security #_______________________________________
Spouses Birthday________________________ Spouses
Employer______________________________________________________
Employer Address ______________________________________ Phone
Number (____) _____________________________________
Emergency contact _____________________________________ Phone
Number (____) _____________________________________
OB/GYN Name/
Address_________________________________________________________________________________________
Primary Care
Physician/Address___________________________________________________________________________________
INSURANCE INFORMATION (May we please make a copy of your card
and Drivers License?)
Primary Insurance ________________________________________
Address ______________________________________________
City, State, Zip____________________________________________
Phone Number (______) _________________________________
Policy Number____________________________________________ Group
Number or Name _________________________________
Policy Holders Name AND Date of
Birth_____________________________________________________________________________
Is Pre-certification required for IN patient and OUT patient
services?
______________________________________________________
If so, telephone
number__________________________________________________________________________________________
Secondary Insurance ______________________________________
Address _______________________________________________
City, State, Zip ___________________________________________
Phone Number (_____) ___________________________________
Policy Number ___________________________________________ Group
Number or Name ___________________________________
Policy Holders Name AND Date of Birth
______________________________________________________________________________
Is Pre-certification required for IN patient and OUT patient
services?
_______________________________________________________
If so, telephone
number____________________________________________________________________________________________
I authorize release of any medical information necessary to
process this claim. I also authorize Medicare and/or other
insurance payment of medical benefit to Mroz-Baier Breast Care
Clinic for services provided to me. I understand that I am
financially and totally responsible to Mroz-Baier Breast Care
Clinic for charges not covered by this assignment. I understand
all payments are due in full at the time of service. If any
balance remains I understand payment is due in full 30 days
from
first statement date. I authorize refund of overpaid insurance
benefits where my coverages are subject to coordination of
benefits. I authorize Mroz-Baier and its collections agency to
contact me by telephone at any telephone number associated
with my account, including wireless numbers which could result
in charges to me. I authorize Mroz-Baier and its collection
agencies to contact me by text message and/or emails, using any
email address I may provide. Methods of contact may
include pre-recorded/artificial voice messages and/or use of an
automatic dialing device, if applicable. In the event of
default, I agree to pay all collection fees up to 33.3% and/or
court fees including reasonable attorneys fees. I also agree to
give Medical Insurance Filing Services authorization to complete
any credit investigation necessary for the processing of this
claim.
PATIENT
SIGNATURE___________________________________________DATE______________________________________________
-
CONCERNING INSURANCE INFORMATION
PLEASE READ THE FOLLOWING AND SIGN THIS FORM
1. In order to meet the needs of our patients, we have enrolled
in various managed care programs. As you can imagine, keeping up
with all of the individual requirements for
each of these insurance companies can be practically impossible.
Each program may have
different requirements or stipulations that can dictate which
service can be provided, how
often they can be provided and who may provide them. These rules
can vary even in the
same company with varied programs being offered.
2. At Mroz Baier Breast Care Clinic, providing the highest
quality in health care to our patients in the atmosphere of genuine
care is our primary concern. It would be a big help
to us if you could please let us know what requirements your
insurance carrier may have
for the subscriber (you), and of the provider (us).With your
cooperation and assistance,
we will be in a better position to meet our goals of better
healthcare.
3. Your insurance may not cover every service we provide in our
office. This disallowed service may include:
-Diagnostic Mammogram (Know how often your carrier will pay for
them)
(77055/77056)
-Office visits (99212, 99214, 99215, 99204, 99205, 99244, 99245)
without a referral
through your insurance carrier on file. If your insurance
carrier requires a referral, it is
your responsibility to make sure one is obtained from your
primary care physician.
Please contact your insurance carrier at the number on the back
of your insurance card if
you are uncertain if your policy requires a referral.
4. It is possible that your insurance carrier may not cover
everything we do, and in these cases, we will have no choice but to
bill you for these services provided.
5. Our office billing practices: It is our offices policy to
verify all insurance benefits at the time of service. All unmet
deductibles as well as co-pays and/or co-insurance will
be collected at the time of service. If for any reason your
insurance carrier leaves
any additional balance as your responsibility, our billing
office will send you a
statement by mail. Payment is due in full within 30 days of the
statement date.
Partial payments will incur a $5 service charge to the account
balance. In the event
of a default of this agreement you will be responsible for
collections fees, court costs,
reasonable attorney fees and/or any other fees related to the
collection of this debt.
6. Lastly, in the event that you are unable to keep your
appointment, we ask that you please contact our office 24
(business) hours prior to your appointment time. For
appointments cancelled or rescheduled within 24 (business) hours
of your
appointment, there will be a $50.00 penalty fee charged to you.
For no show/no call
appointments, the penalty fee will apply.
If we cooperate together, each one doing their part, you should
be able to receive the benefits
offered by your provider, and then we will be able to do what we
do to best take care of you.
I understand that my insurance company may disallow and not pay
fees related to yearly or
diagnostic examinations, or other services that I may receive in
this office. If these charges are
disallowed, I understand that I am responsible for the payment
of these fees. I have read and fully
understand this policy. Obviously, this does not include
discounts, if any, that we have
contractually obligated ourselves to accept from your insurance
carrier. In no case will we bill
balance you for those discounted charges.
__________________________________________________________________
Name Date
HIPAA_info_and_releases.pdfmbprivacyandacknowldgmnt.pdfmbprivacystmnt.pdfprivacyfrontprivacyback
Acknowledgment of Receipt of Privacy Practices
Release_of_Pers_Hlth_Info[1]authorizationtoreleasemedicalrecords
patient_information_and_insurance_formInformationSheet[1].pdfCONCERNING_INSURANCE_INFORMATION[1]