Notice of Privacy Practices
This notice describes information about disclosure of your medical information and how you can obtain access to that information. Please review this notice carefully.
Nutritiously Simple is committed to maintaining the privacy of your protected health information (PHI), which includes electronic protected health information, as well as information about your condition and the care and treatment you receive from the practice and other health care providers. This notice details the use and disclosure of your PHI to third parties for purposes of your care, payment for your care, health care operations of the practice, and other purposes permitted or required by law. This notice also details your rights regarding your PHI.
USE OR DISCLOSURE OF PHI
Nutritiously Simple may use and/or disclose your PHI for purposes related to your care, payment for your care, and health care operations of the practice. The following are examples of the types of uses and/or disclosures of your PHI that may occur, and are not meant to include all possible types of use and/or disclosure.
In order to provide your care, Nutritiously Simple will provide your PHI to those health care professionals, whether on the practice’s staff or not, directly involved in your care, so that they may understand your condition and needs, and provide advice or treatment. This includes communication with your primary physician and electronic interactions with you (eg, e-mail) or your caregiver concerning your nutritional care.
HEALTH CARE OPERATIONS
In order for the practice to operate, in accordance with applicable law and insurance requirements, and in order for the practice to provide quality and efficient care, the practice may need to compile, use, and/or disclose your PHI. For example, the practice may use your PHI in order to evaluate the performance of the practice’s personnel in providing care to you.
AUTHORIZATION NOT REQUIRED
Nutritiously Simple may use and/or disclose your PHI without a written authorization from you in the following instances:
- De-identified information: Your PHI is altered so that it does not identify you. Even without your name, it cannot identify you.
- To a business associate: The practice will obtain satisfactory written assurance, in accordance with applicable law, that business associates will appropriately safeguard your PHI. A business associate is someone who the practice contracts with to provide a service necessary for your treatment or payment for your treatment and health care operations (eg, billing service or transcription service).
- To a personal representative: This person, under applicable law, has the authority to represent you in making decisions related to your health care.
- For public health activities: These activities include information collected by a public health authority, as authorized by law, to prevent or control disease, injury, or disability. This includes reports of child abuse or neglect.
- To the US Food and Drug Administration (FDA): The FDA may require this information in the reporting of adverse events, product defects or problems, or biological product deviations; for tracking of products; for enabling of product recalls, repairs, or replacements; or when conducting post-marketing surveillance.
- Abuse, neglect, or domestic violence: If the practice is required by law, it may need to make such a disclosure to a government authority. If the practice is authorized by law to make such a disclosure, it will do so if it believes that the disclosure is necessary to prevent serious harm or if the practice believes that you are the victim of abuse, neglect, or domestic violence. Any such disclosure is made in accordance with the requirements of law, which also may involve notice to you of the disclosure. Health oversight activities: These activities are required by law, and involve government agencies with oversight into activities that are related to the health care system, government benefit programs, government regulatory programs, and civil rights law. These activities include criminal investigations, audits, disciplinary actions, or general oversight activities related to the community’s health care system.
- Judicial and administrative proceedings: The practice may need to disclose your PHI in response to a court order or a lawfully issued subpoena.
- Law enforcement purposes: In certain instances, it may become necessary to disclose your PHI to a law enforcement official for law enforcement purposes, including:
- Compliance with a legal process (ie, subpoena) or as required by law
- Information for identification and location purposes (eg, suspect or missing person)
- Information regarding a person who is or is a suspected crime victim
- In situations where the death of an individual may have resulted from criminal conduct
- In the event of a crime occurring on the premises of the practice
- An occurrence of a medical emergency not on the practice’s premises, where it appears that a crime has occurred
- Coroner or medical examiner: The practice may disclose your PHI to a coroner or medical examiner for the purpose of identifying you or determining your cause of death, or to a funeral director as permitted by law and as necessary to carry out related duties.
- Organ, eye, or tissue donation: If you are an organ donor, the practice may disclose your PHI to the entity to whom you have agreed to donate your organs.
- Research: If the practice is involved in research activities, the practice may use your PHI, but such use is subject to numerous governmental requirements intended to protect the privacy of your PHI, such as approval of the research by an institutional review board and a requirement that protocols are followed.
- A threat to health or safety: The practice may disclose your PHI if it believes that such disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public. The disclosure is to an individual who is reasonably able to prevent or lessen the threat.
- Specialized government functions: When the appropriate conditions apply, the practice may use the PHI of individuals who are armed forces personnel for activities deemed necessary by appropriate military command authorities, for the purpose of a determination by the US Dept of Veteran Affairs of eligibility for benefits, or to a foreign military authority if the individual is a member of that foreign military service. The practice also may disclose a PHI to authorized federal officials for conducting national security and intelligence activities, including the provision of protective services to the President or others legally authorized.
- Inmates: The practice may disclose your PHI to a correctional institution or a law enforcement official, if you are an inmate of that correctional facility and your PHI is necessary to provide care and treatment to you, or if it is necessary for the health and safety of other individuals or inmates.
- Workers’ Compensation: If you are involved in a Workers’ Compensation claim, Workers’ Compensation may require the practice to disclose your PHI to an individual or entity that is part of the Workers’ Compensation system.
- Disaster relief efforts: The practice may use or disclose your PHI to a public or private entity authorized to assist in disaster relief efforts.
- Required by law: If required by law, the practice will use or disclose your PHI in compliance with the law, limited to the requirements of the law.
Uses and/or disclosures, other than those previously described, are made only with your written authorization, which you may revoke at any time.
The practice may, from time to time, contact you to provide appointment reminders. The practice will try to minimize the amount of information contained in the reminder. The practice also may contact you by telephone or e-mail, and if you are not available, the practice will leave a message for you.
The practice may, from time to time, contact you about treatment alternatives or other health benefits/services that may interest you.
Nutritiously Simple may only use and/or disclose your PHI for marketing activities if it obtains from you prior written authorization. Marketing activities include communications to you that encourage you to purchase or use a product or service. The communication is not made for your care or treatment. Marketing does not include a newsletter sent to you about this practice. Marketing does include the receipt by the practice of remuneration, directly or indirectly, from a third party that plans to market its product or service to you. The practice will inform you if it engages in marketing and will obtain your prior authorization.
The practice may disclose to your family member, other relative, a close personal friend, or any other person identified by you, your PHI directly relevant to such person’s involvement with your care or the payment for your care. The practice also may use or disclose your PHI to notify or assist in notifying (including identifying or locating) a family member, a personal representative, or another person responsible for your care of your location, general condition, or death. However, in both cases, the following conditions will apply:
- The practice may use or disclose your PHI if you agree, or if the practice provides you with an opportunity to object and you do not object, or if the practice can reasonably infer from the circumstances, based on the exercise of its judgment, that you do not object to the use or disclosure.
- If you are not present, the practice will, in the exercise of its judgment, determine whether the use or disclosure is in your best interests and, if so, disclose only the PHI that is directly relevant to the person’s involvement with your care.
You have the right to:
- Revoke any authorization, in writing, at any time. To request a revocation, you must submit a written request to the practice’s privacy officer.
- Request restrictions on certain use and/or disclosure of your PHI as provided by law. However, the practice is not obligated to agree to any requested restrictions. To request restrictions, you must submit a written request to the practice’s privacy officer. In your written request, you must inform the practice of what information you want to limit, whether you want to limit the practice’s use or disclosure, or both, and to whom you want the limits to apply. If the practice agrees to your request, the practice will comply with your request unless the information is needed in order to provide you with emergency treatment.
- Receive confidential communications of PHI by alternative means or at alternative locations. You must make your request in writing to the practice’s privacy officer. The practice will accommodate all reasonable requests.
- Inspect and copy your PHI as provided by law. To inspect and copy your PHI, you must submit a written request to the practice’s privacy officer. In certain situations that are defined by law, the practice may deny your request, but you will have the right to have the denial reviewed. The practice can charge you a fee for the cost of copying, mailing, or other supplies associated with your request.
- Amend your PHI as provided by law. To request an amendment, you must submit a written request to the practice’s privacy officer. You must provide a reason that supports your request. The practice may deny your request if it is not in writing, if you do not provide a reason and support of your request, if the information that needs amended was not created by the practice (unless the individual or entity that created the information is no longer available), if the information is not part of your PHI maintained by the practice, if the information is not part of the information you would have permission to inspect and copy, and/or if the information is accurate and complete. If you disagree with the practice’s denial, you have the right to submit a written statement of disagreement.
- Receive an accounting of disclosures of your PHI as provided by law. To request an accounting, you must submit a written request to the practice’s privacy officer. The request must state a time period [add any specific time period that applies, such as not longer than 6 years or not including dates before November 1, 2003.] The request should indicate in what form you want to receive the list, such as a paper or electronic copy. The first list you request within a 12-month period is free, but the practice may charge you for the cost of providing additional lists in that same 12-month period. The practice will notify you of the costs involved, and you can decide to withdraw or modify your request before any costs are incurred.
- Receive a paper copy of this Notice of Privacy Practices from the practice upon request to the practice’s privacy officer.
- Complain to the practice or to the Office of the Secretary, US Dept of Health and Human Services, Office for Civil Rights. You may contact a regional office of the Office for Civil Rights (locations available at www.hhs.gov/ocr/regmail.html). To file a complaint with the practice, you must contact the practice’s privacy officer. All complaints are required in writing.
Nutritiously Simple, LLC:
- Is required by law to maintain the privacy of your PHI and to provide you with this Notice of Privacy Practices of the practice’s legal duties and privacy practices with respect to your PHI.
- Is required to abide by the terms of this Notice of Privacy Practices.
- Reserves the right to change the terms of this Notice of Privacy Practices and to make the new Notice of Privacy Practices provisions effective for your entire PHI that it maintains.
- Will not retaliate against you for making a complaint.
- Must make a good faith effort to obtain from you an acknowledgement of receipt of this notice.
- Will post this Notice of Privacy Practices on the practice’s Web site, if it maintains a Web site.
- Will provide this Notice of Privacy Practices to you by e-mail, if you so request. However, you also have the right to obtain a paper copy of this Notice of Privacy Practices.