Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The HIPAA Privacy Rule (HIPAA) gives you the right to be informed of the privacy practices of Nova Medical Centers and its affiliates (Nova), as well as the right to be informed of your privacy rights with respect to your protected health information (PHI). Nova uses PHI for the treatment of patients, to obtain payment for treatment, for administrative purposes and to evaluate the quality of care you receive.
This Notice has been created to help you understand Nova’s legal duties to protect your PHI by describing how Nova will use and disclose your PHI. If you have any questions about this Notice, please contact our Corporate Compliance Officer as explained in the Contact Information section.
WHAT ARE NOVA’S DUTIES AND RESPONSIBILITIES?
PHI is health care related information we might have about you, whether in paper, electronic, or other format, from which your identity might be known. Some examples of PHI are: medical records, including but not limited to doctors notes and orders, physical therapy notes, x-ray films and reports, lab reports, demographic information such as your name, address, telephone number, date of birth, billing and payment information, and recorded video or audio that may identify you or relates to your past, present or future physical or mental health or condition and related health care services. We are required by law to create and maintain medical records, charts and files related to the care and services you receive at Nova. We also use this information to ensure we provide quality care to our patients. We understand and respect that your health care is personal and we are committed to protecting the privacy of your PHI and only using and disclosing your PHI as necessary to provide you with health care services. Nova may be required by law to: make sure your PHI is kept private; notify you after a breach of your unsecured PHI; provide this Notice of our legal duties and privacy practices; and follow the terms of this Notice.
HOW WILL WE USE AND DISCLOSE YOUR PHI?
The following categories summarize different ways that we may use and disclose your PHI. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose PHI will fall within one of the categories.
Treatment: We may use and disclose your PHI to provide, coordinate, or manage your health care and any related services, including but not limited to drug testing, physical examinations and injury and illness treatment. This includes the coordination or management of your health care with other medical professionals, physicians, practitioners and insurance carriers. For example, we may disclose your PHI as necessary to a clinical case manager involved in your care, or to other physicians who may be treating you or become involved in your care, such as a specialist. We may need to share your PHI with other health care providers to ensure that you get the health care services that you need.
Individuals Assisting with Your Care or Payment: We may disclose your PHI to people involved in your care, such as family members, friends, or clergy, or to family or other individuals who are assisting you with payment of your bills.
Payment: We may use and disclose your PHI so that the health care services you receive from us may be billed to an insurance company or to another individual or entity responsible for or assisting with payment of your bills. For example, we may disclose PHI regarding a service you received from us so an insurance company or your employer will pay us or reimburse you for the service.
Healthcare Operations: We may use and disclose your PHI for our internal business operations. These uses and disclosures help us to ensure Nova provides quality care and services to our patients. Examples of how we may use and disclose of your PHI for our internal operations include: quality assessment activities to review our treatment and services, and to evaluate the performance of our staff in caring for you; for business management and general administrative activities; for licensure and accreditation activities; to provide appointment reminders; to provide satisfaction surveys; to provide you with general information about Nova and alternative treatments or services; to notify you of a breach of your PHI; for teaching purposes and to provide training to doctors, nurses, technicians, medical students and others involved in authorized training programs; customer services; to investigate suspected fraud and abuse; to resolve complaints and other grievances; and cost- management activities. In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name. We may also call you by name in the waiting room when your physician is ready to see you.
Business Associates: We may use and disclose your PHI to our third party business associates to enable them to perform services for us, or on our behalf, relating to our operations. Some examples of business associates are our auditors, accrediting agencies, laboratories, consultants and billing and collection companies. Our business associates are required to maintain the same high standards of safeguarding your privacy that we require of our own employees and affiliates.
Research: Under certain circumstances, we may use and disclose PHI for research purposes. For example a research project may involve comparing the health and recovery of all patients that had the same condition but received different treatments or medications. All research projects are governed by federal rules and are subject to a special approval process that balances the benefits of a proposed research project with the privacy issues of using PHI. However, this approval process is not required when we allow PHI about you to be reviewed by people who are preparing a research project and who want to look at information about patients with specific medical needs, so long as the PHI does not leave Nova’s control.
Workers’ Compensation / Medical Surveillance: If you have a workers’ compensation claim, are treated for a work-place illness or injury, or are evaluated as part of a workplace medical surveillance program, your PHI may be used and disclosed to comply with laws related to workers’ compensation, OSHA, MSHA and other similar laws and to meet other requirements. This may include disclosure to state agencies, insurance carriers, your employer and third-party administrators that handle administrative activities for your employer or insurance carrier.
As Required By Law: We will disclose your PHI to authorities when required to do so by federal, state or local law. Examples of these requirements include the following: In response to a court order, subpoena, warrant, summons or similar process; to identify or locate a suspect, fugitive, material witness, or missing person; about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; in mandatory reporting situations, including when there is reason to suspect domestic, child or elder abuse or neglect; about a death we believe may be the result of criminal conduct; about criminal conduct at a Nova facility; and in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime. In addition, the results of certain tests required for employment purposes may be disclosed to your employer or public health authority. For example, test results required to meet certain Department of Transportation, OSHA and other legally required workplace medical surveillance reporting requirements.
For Public Health or Safety: We may use and disclose your PHI when required to do so for public health activities, or as necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. For example we may disclose your PHI to the state or local health department to report, prevent, or control disease, injury or disability.
Health Oversight Activities: We may use or disclose your PHI to a health oversight agency for activities authorized by law. Examples of these oversight activities include: medical device tracking, product tracking, and drug or product recalls, all of which are required by the federal Food and Drug Administration; disclosures required by Medicare or Medicaid, the CDC or another state or federal agency or oversight board to audit, investigate, inspect, or conduct other activities which may be necessary for the government to monitor specific governmental programs, or the health care system generally; disclosures required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with HIPAA.
Lawsuits or Disputes: If you are involved in a lawsuit or a legal dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute.
Disaster Relief Efforts: We may use or disclose your PHI to appropriate disaster relief organizations engaging in disaster relief efforts, for the purpose of coordinating with such entities to notify your family or other persons involved in your health care of your location, general condition or death. We will not make such disclosures if you object, unless we determine that restricting the disclosure would interfere with the ability to respond to emergency circumstances.
Military, Veterans and Government Functions: If you are or were a member of the armed forces, we may use or disclose your PHI as required by military command authorities. We may disclose PHI about foreign military personnel to the appropriate foreign military authority. We may also disclose your PHI to authorized Federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.
Coroners, Medical Examiners and Funeral Directors. We may release PHI about patients to a coroner or medical examiner to identify a deceased person or to determine the cause of death or to funeral directors to carry out their duties.
Inmates: If you are, or become, an inmate of a correctional institution or under the custody of a law enforcement official, we may release PHI about you to the correctional institution or law enforcement official. This release would be necessary, for example, for the institution to provide you with health care; to protect your health and safety or the health and safety of others; or for the safety and security of the correctional institution.
Incidental Uses and Disclosures. Uses and disclosures that occur incidentally with a use or disclosure described in this Notice may occur provided there are reasonable safeguards in place to limit such incidental uses and disclosures. We may also use or disclose health information about you in a way that does not personally identify you or reveal who you are.
Emergencies: We may use or disclose your PHI in an emergency treatment situation. If this happens, your physician shall try to obtain your consent as soon as reasonably practicable after the delivery of treatment.
Uses and Disclosures Requiring Your Authorization. Any use or disclosure of your PHI not described in the above categories will require your written authorization before it is made. The following uses and disclosures of PHI will also require your authorization: Most uses and disclosures of psychotherapy notes; PHI for marketing purposes; the sale of your PHI. You will be asked to sign an authorization form to allow us to share PHI with persons or entities related to administering your health care, including, but not limited to, your employer, third party administrators, insurance companies and state and federal agencies. Your consent is not always required for the use and disclosures we engage in for healthcare operations, however, obtaining your consent is desired. The authorization form helps ensure you understand how your PHI will be used and disclosed. You may revoke your permission at any time by notifying us in writing. If you revoke your authorization, we will no longer use or disclose your PHI for the purposes covered by your written authorization; however we are unable to take back any disclosures we made prior to receiving your revocation.
POTENTIAL IMPACT OF OTHER APPLICABLE LAWS
HIPAA generally does not preempt, or override other laws that give people greater privacy protections. As a result, if any applicable state or federal privacy law requires us to provide you with more privacy protections, then we must follow the law in addition to HIPAA.
YOUR PRIVACY RIGHTS
You have the following rights regarding your PHI that we maintain:
Right to inspect and copy. You have the right to inspect and obtain a copy of most of the PHI we maintain about you. You may be required to submit your request in writing to the Compliance Officer. If you request a copy of your PHI, there may be a charge for the copying, mailing and other costs associated with your request. We may deny your request to inspect or copy your PHI in certain very limited circumstances. If we deny you access to any of your PHI we maintain, you may request that the denial be reviewed. A licensed health care professional chosen by Nova will review your request and the denial. The person conducting the review will not be the person who denied your request. Please contact our Compliance Officer if you have questions about access to your medical record.
Right to Request Restrictions. You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or with the payment for your care, like a family member or friend. We are not required to agree to your request for restriction except as provided below. If we do agree, we will provide a written response and comply with your request unless the information is needed to provide you emergency treatment or services. To request a restriction on your PHI, submit your written request to the Compliance Officer. Your request must state the specific restriction requested and to whom you want the restriction to apply. We are required to honor your request for restriction only if the disclosure is to a health plan for purposes of carrying out treatment, payment or health care operations and the PHI relates solely to treatment or services for which we have been paid in full without the application of insurance benefits or discounts. You cannot request to restrict uses or disclosures that are otherwise required by law.
Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example you may request that we only contact you at work or by mail. Depending on the nature of your request we will make arrangements for you to receive the confidential communication, or refer you to the appropriate office that can assist you with your request. We will accommodate reasonable requests. We may also condition this accommodation by asking you to specify an alternative address or other method of contact. We will not request an explanation from you as to the basis for the request. Please make any requests for confidential communications in writing to your physician.
Right to Amend. If you feel that the PHI we have about you is incorrect or incomplete, you may request us to amend the information. You may request to amend your PHI in a designated record set for as long as we maintain this information. Amending the PHI means adding to the information with which you disagree. It does not include deleting, removing, or otherwise changing the content of the record. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Your request to amend PHI must be made in writing to the Compliance Officer and contain the reason for the amendment.
Right to Accounting. You have the right to get a list of instances in which we have disclosed your PHI in the past six (6) years. The list will include the date of the disclosure(s), to whom PHI was disclosed, a description of the information disclosed, and the reason for the disclosure. The list will not include uses or disclosures: that were made for the purposes of treatment, payment or health care operations; that you authorized; made directly to you or to your family; made for national security purposes; or to corrections or law enforcement personnel.
Right to Additional Copies of This Notice. Additional copies of this notice can be obtained at our website, www.n-o-v-a.com/notice-of-privacy-practices or by requesting a copy from your Nova treatment facility.
ELECTRONIC CORRESPONDENCE
All patients who now or may desire to communicate with Nova via email, whether initiated by the patient or through the Nova website, the patient understands and agrees to the following: Transmitting patient information by email has a number of risks that patients should consider before using email. These include, but are not limited to, the following risks: email can be circulated, forwarded, and stored in numerous paper and electronic files; email can be immediately broadcast worldwide and be received by many intended an unintended recipients; email senders can easily misaddress an email; email is easier to falsify than handwritten or signed documents; backup copies of email may exist even after the sender or the recipient has deleted their copy; employers and online services have a right to archive and inspect emails transmitted through their systems; email can be intercepted, altered, forwarded, or used without authorization or detection; email can be used to introduce viruses into computer systems; and email can be used as evidence in court. Nova will use reasonable means to protect the security and confidentiality of email information sent and received. However, because of the risks outlined above, Nova cannot guarantee the security and confidentiality of email communication, and will not be liable for improper disclosure of confidential information that is not caused by Nova’s intentional misconduct. Patients should not use email for communications regarding sensitive medical information.
CHANGES TO THIS NOTICE
We reserve the right to change this Notice, in whole or in part. We reserve the right to make the provision of the revised or changed Notice effective for PHI we already have about you as well as any information we receive in the future. We will post a copy of the current Notice in each Nova location and make it available on our website.
COMPLAINTS
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). You may file a complaint with us by notifying the Compliance Officer at that address in the Contact Information section. Upon request, we will give you the appropriate OCR regional address or you have the option to e-mail your complaint to OCRComplaint@hhs.gov. We will not retaliate against you for filing a complaint.
EFFECTIVE DATE
This notice was originally effective April 1, 2003, and last revised August 24, 2020.
CONTACT INFORMATION
You may contact our Compliance Officer using the contact information below:
Nova Medical Centers Attn: Compliance Officer
2425 Fountain View Dr., STE #160
Houston, TX 77057
(713) 880-4400
or visit our website at www.n-o-v-a.com/notice-of-privacy-practices for information about our privacy practices or the complaint process.