Notice of Privacy Practices

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information.  Please review it carefully.

Our Uses and Disclosures:

We care about our patients’ privacy and strive to protect the confidentiality of your medical information at this practice. Federal legislation requires that we issue this official notice of our privacy practices. You have the right to the confidentiality of your medical information, and this practice is required by law to maintain the privacy of that protected health information.  This practice is required to abide by the terms of the Notice of Privacy Practices currently in effect, and to provide notice of its’ legal duties and privacy practices with the respect to protected health information.  If you have questions about this Notice, please contact the Privacy Coordinator at this practice.

Why we keep information about you

We keep medical information about you to help care for you and because the law requires us to. The law also says we must: protect your medical information; give you this Notice; follow what this Notice says.

Who will follow this Notice

Any health care professional authorized to enter information into your medical record. All employees, staff and personnel at this practice who may need access to your information must abide by this Notice. All subsidiaries, business associates (e.g. a billing service), sites and locations of this practice may share medical information with each other for treatment, payment, or health care operations described in this Notice.  Except where treatment is involved, only the minimum necessary information needed to accomplish the task will be shared.

How We May Use and Disclose Medical Information About You

The following categories describe different ways that we may use and disclose medical information without your specific consent or authorization. Examples are provided for each category, but not every use or disclosure in a category is listed.

Electronic Health Record: We use electronic record systems to manage your care. These systems have safeguards to protect the information in them. We also have policies and training that limit the use of information to those who need it to do their job. This practice must provide patients with an accounting of PHI disclosures for treatment, payment or healthcare operations for a 3-year period, including business associate disclosures. You have a right to access your PHI in electronic format upon request, where it is available. We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee. Doctors and other people who are not employed by Nephrology Associates of Dayton, Inc. may share information they have about you with our employees in order to care for you. Hospitals, clinics, doctors, and other caregivers, programs, and services may share medical information about you without your consent for many reasons.

For Health Information Exchanges (HIEs): We will send your health information to any of the Health Information Exchanges (HIEs) that Nephrology Associates of Dayton, Inc. participates in. A Health Information Exchange (HIE) is a secure electronic system that helps health care providers and entities such as health plans and insurers manage care and treat patients. We will send your health information Kettering Health Network (KHN) the Epic Care Everywhere HIE, and other HIEs we choose to participate in. Information about your past medical care and current medical conditions and medicines is available not only to us but also to non-NAOD health care providers who participate in the HIE.

For Treatment: We may use medical information about you to provide medical treatment or service. We may also share medical information about you so that you can get medicine, medical equipment, or other things you need for your health care: lab tests, x-rays, transportation, home care, nursing care, rehab, or other health care services. Medical information may also be shared when needed to plan for your care after you leave NAOD. We may also allow access to your information to those health care providers and their authorized representatives that are members of an organized health care arrangement with NAOD. The members of such an arrangement are operationally or clinically integrated and may participate jointly in utilization review, quality assessment and improvement, or payment activities. Anyone we share information with in order to do these tasks on behalf of or in partnership with us must also protect and restrict the use of your medical information. Example: A doctor treating you for an injury asks another doctor about your overall health condition.

For Payment: We may use and disclose medical information about you so the treatment and service you receive may be billed and payment may be collected from you, an insurance company, or third party. Example: We may need to send your protected health information, such as your name, address, and codes identifying your diagnosis and treatment to your insurance company for payment so your health plan will pay for care you got at NAOD; to get approval before doing a procedure; so your health plan can make sure they have paid the right amount to NAOD.

For Health Care Operations: We may use and disclose information about you if it is necessary to improve the quality of care we provide to patients or for health care operations, quality improvement activities, to obtain audit, accounting or legal services, or to conduct business management and planning. Example: We may use medical information to review our treatment and services and evaluate the performance of our staff in caring for you.

To Business Associates:  We may disclose your PHI to Business Associates who provide services to or on behalf of Nephrology Associates of Dayton, Inc.  Example: Company that processes credit card payments.

How else can we use or share your health information? We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.

  • Help with public health and safety issues • We can share health information about you for certain situations such as: • Preventing disease • Helping with product recalls • Reporting adverse reactions to medications • Reporting suspected abuse, neglect, or domestic violence • Preventing or reducing a serious threat to anyone’s health or safety.
  • Comply with the law • We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
  • Respond to organ and tissue donation requests • We can share health information about you with organ procurement organizations.
  • Work with a medical examiner or funeral director • We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
  • Address workers’ compensation, law enforcement, and other government requests • We can use or share health information about you: • For workers’ compensation claims • For law enforcement purposes or with a law enforcement official • With health oversight agencies for activities authorized by law • For special government functions such as military, national security, and presidential protective services.
  • Respond to lawsuits and legal actions • We can share health information about you in response to a court or administrative order, or in response to a subpoena.
  • Correctional Institution: Should you be an inmate of a correctional institutions or the like, we may disclose to the institution or agents thereof PH necessary for your health and the health and safety of other individuals.

Other Uses of Your Medical Information: We will not use or share your medical information for reasons other than those described in this Notice unless you agree to this in writing. For example, you may want us to give medical information to your employer. We will do this only with your written approval. Likewise, we would not use your information for marketing, sell your information, or share psychotherapy notes without your written approval. You may revoke the approval in writing at any time, but we cannot take back any medical information that has already been shared with your approval.

For Business Reasons: We may use and share information about you for business reasons. When we do this, we may, if we can, take out information that identifies who you are. Some of the business reasons we may use or share your medical information include: to follow laws and regulations; to train and educate; for credentialing, licensure, certification, and accreditation; to improve our care and services; to budget and plan; to do an audit; to maintain computer systems; to decide if we should offer more services; to find out how satisfied our patients are; to bill and collect payment. We may also allow access to your information to those health care providers and their authorized representatives that are members of an organized health care arrangement with NAOD. The members of such an arrangement are operationally or clinically integrated and may participate jointly in utilization review, quality assessment and improvement, or payment activities. Anyone we share information with in order to do these tasks on behalf of or in partnership with us must also protect and restrict the use of your medical information.

To Contact You About Appointments, Insurance, and Other Matters: We may contact you to provide appointment reminders or information about treatment alternatives or other health related benefits and services that may be of interest to you. We may contact you by mail, phone, or email for many reasons, including to: remind you about an appointment; register you for a procedure; give you test results; ask about insurance, billing, or payment; follow up on your care; ask you how well we cared for you. We may leave voice messages at the telephone number you give to us.

To Inform Family Members, Friends, Medical Power of Attorney, Legal Guardian Involved in Your Care or Paying for Your Care: We may share information about you with family members and friends who are involved in your care or paying for your care. We make sure the person has this authority and can act for you before we take any action. Whenever possible, we will allow you to tell us who you would like to be involved in your care. However, in emergencies or other situations in which you are unable to tell us who to share information with, we will use our best judgment and share only information that others need to know. We may also share information about you with a public or private agency during a disaster so that the agency can help contact your family or friends to tell them where you are and how you are doing.

Research: Under certain circumstances, we may use and disclose your PHI for research purposes, such as studying the effectiveness of a treatment you received. Under certain circumstances, we may share your PHI for research purposes without your written permission. Most research projects will require your specific permission if a researcher will have access to information that identifies you.

Uses and Disclosures of Protected Health Information Requiring Your Written Authorization: Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written authorization.  If you give us authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time.  If you revoke your authorization, we will thereafter no longer use or disclose medical information about you for the reasons covered by your written authorization.  You understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of the care we have provided.

Your Rights

Your Rights Regarding Your Medical Information: The records we create and maintain using your medical information belong to NAOD, but you have the following rights:

Your Individual Rights Regarding Your Medical Information Complaints:

If you believe your privacy rights have been violated, you may file a complaint with the Privacy Officer at this practice or with the Department of Health and Human Services Office for Civil Rights, 200 Independence Ave., S.W., Washington, DC 2020 or 1-877-696-6775, visiting www.hhs.gov/ocr/privacy/hipaa/compliants/. All complaints must be submitted in writing, or visiting www.hhs.gov/ocr/ privacy/hipaa/complaints/.You will not be penalized or discriminated against for filing a complaint. We will not retaliate against you for filing a complaint.

Right To Restrictions:

You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or health care operations, or to someone who is involved in your care or the payment of your care. We are not required to agree to your request.  If we do agree, we will comply with your request unless the information is needed to provide you with emergency treatment. To request restrictions, you must submit your request in writing to the Privacy Coordinator at this practice.  In your request, you must tell us what information you want to limit whether you want to limit our use or sharing of the information, or both; AND to whom you want the limits to apply.  Example: If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to your health or safety or you could ask that we not share information about a surgery you had.  You may require restrictions on disclosure of your PHI to a health plan where you paid out of pocket, in full, for items or services; if the disclosure is to be made to a health plan for purposes other than treatment. We will say “yes” unless a law requires us to share that information.

Right To Request Confidential Communications:

You have the right to request how we should send communications to you about medical matters, and where you would like those communications sent, and how you would like to be contacted. For example, you might request that we not call you at home, but at work instead; or you might request that all correspondence by mailed to your P.O.A. or a Post Office Box rather than to your home.  To request confidential communications, you must make your request to the Privacy Coordinator at this practice.  We will not ask you the reason for your request.  We will accommodate all reasonable requests.  Your request must specify how or where you wish to be contacted.  We reserve the right to deny a request if it imposes an unreasonable burden on the practice.

Right To Inspect And Copy

You have the right to inspect and copy medical information that may be used to make decisions about your care.  Usually this includes medical and billing records, but does not include psychotherapy notes; information compiled for use in a civil, criminal, or administrative action or proceeding, and protected health information to which access is prohibited by law.  To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to the Privacy Coordinator at this practice.  If you request a copy of the information, we reserve the right to charge a fee for the costs of copying, mailing, or other supplies associated with your request.  We may deny your request to inspect and copy in certain very limited circumstances.  If you are denied access to medical information, you may request that the denial be reviewed.  Another licensed health care professional chosen by this practice will review your request and the denial.  The person conducting the review will not be the person who denied your request.  We will comply with the outcome of the review.

Right To Change Your Medical Information:

If you think our information about you is not correct or complete, you may ask us to correct your record by writing to Health Information Management at the address listed at the end of this Notice. Your written request must say why you are asking for the correction. We will respond in 60 days. If we agree, we will tell you and correct your record. We cannot take anything out of the record. We can only add new information to complete or correct the existing information. With your help, we will notify others who have the incorrect or incomplete medical information. If we deny your request, we will tell you why in writing. You will then have the right to submit a written statement of 250 words or less that tells what you believe is not correct or is missing. We will add your written statement to your records and include it whenever we share the part of your medical record that your written statement relates to.

Right To Ask For A List of When Your Medical Information Was Shared (right to an accounting of disclosures):

You have the right to request an “accounting of disclosures”, which is a list of disclosures of your PHI that we have made to outside parties, except for disclosures related to those: 1. Necessary to care out treatment, payment, and healthcare operations; 2. Made before April 14, 2003; 3. Made to your; 4: you authorized; and 5. certain other disclosures. You must request this list in writing from the Privacy Coordinator at the address listed at the end of this Notice. Your request must state the time period for which you want the list. You can ask for a list of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.  We’ll provide one accounting a year for free but you may be charged a fee if you ask for another list in that same 12-month period.

Right to Notice in Case of a Breach:

 You have a right to know if your information has been breached (not treated according to our rules). We will follow what the privacy laws require to let you know if your information has been shared in error.

Right to Choose Someone To Act For You:

If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.

Right to Limit Sharing of Information with Health Plans: If you paid in full for your services, you have the right to limit the information that is shared with your health plan or insurer. To do this, you must ask before you receive any services. Let us know you want to limit sharing with your health plan when you schedule your appointment. Any information shared before we receive payment in full, such as information for preauthorizing your insurance, may be shared. Also, because we have a medical record system that combines all your records, we can limit information only for an episode of care (services given during a single visit to the clinic or hospital). If you wish to limit information beyond an episode of care, you will have to pay in full for each future visit as well.

Right A Paper Copy Of This Notice

You have the right to a paper copy of this Notice at any time.  Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy. 

Right to get an electronic or paper copy of your medical record:

You can ask to get an electronic or paper copy of your medical record and other health information we have about you. You will need to sign an authorization to release your medical records. We will provide a copy of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Your Choices:

You have both the right and choice to tell us to share information with your family, close friends, or other involved in your care; share information in a disaster relief situation; include your information in a hospital directory.

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

We never share your information unless you give us written permission:

Marketing purposes; sale of your information; most sharing of psychotherapy notes.

Genetic Information Nondiscrimination Act (GINA)

GINA: Consistent with the Genetic Information Nondiscrimination Act (GINA), health plans must include a statement in their Notice of Privacy Practices that the health plan is prohibited from using or disclosing genetic information for underwriting purposes.

Changes to this Notice: We reserve the right to change this Notice.  We reserve the right to make the revised or changed Notice effective for medical information we already have about you, as well as any information we receive in the future.  We will post a copy of the current Notice at the reception window at our Centerville Office or in the magazine holder to the left at the Huber Office, with the effective date in the lower left-hand corner of this notice.

How to Ask a Question or Report a Complaint: If you have questions about this Notice or want to talk about a problem without filing a formal complaint, please contact the Privacy Office at (937-312-6531). If you believe your privacy rights have been violated, you may file a complaint with us. Please send it to the NAOD Privacy Coordinator at the address listed at the end of this Notice. You may also file a complaint with the Office of Civil Rights at the address listed at the end of this Notice. You will not be treated differently for filing a complaint.

How to contact us:

NAOD Privacy Office
7700 Washington Village Drive Suite 230
Dayton, Ohio 45459
937-312-6531
www.naod.us

Ohio Office for Civil Rights
Dayton Regional Office
3055 Kettering Boulevard, Suite 111
Dayton, Ohio 45439
937-285-6500

Updated: 09/24/2018

Website Privacy Policy Information

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.