HIPAA Statement

Posted on by Hebert Medical Group

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION AUOUT YOU MAY UE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices is adopted to ensure that HEBERT MEDICAL GROUP, APMC (“the Company’), fully complies with all federal and state privacy protection laws and regulations, in particular, the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Protection of patient privacy is of utmost importance to the Company. The Company is required by law to maintain the privacy of protected health information and provide its patients with a copy of it Notice of Privacy Practices outlining its legal duties and privacy practices with respect to protected health information. Violations of any of these provisions will result in disciplinary action which may include termination of employment and possible referral for criminal prosecution.

This Notice of Privacy Practices shall become effective as of December 2016 and shall remain in effect until it is either amended or cancelled.

You have a right to receive a paper copy of this Notice of Privacy Practices. If you have any questions or comments concerning this notice, you should contact the Chief Privacy Officer, Hebert Medical Group, APMC, 3256 Highway 190 Eunice, Louisiana 70535 by mail or by telephone at No. 337-550-8530.

DEFINITIONS

For the purposes of this notice, the following defined terms shall have the following definitions.

  1. “HHS” shall mean United States Department of Health and Human Services.
  2. Health Information”, “Protected Health Information” or “PHI”, shall mean certain Individually Identifiable Health Information, as defined in 45 CFR § 164.501 of the Privacy Standards
  1. Information Collected

In the ordinary course of business, the Company may receive personal information such as:

  • Patient’s name, address, and telephone number;
  • Information relating to treatment, diagnosis or other medical information concerning a patient;
  • Patient’s insurance information and coverage

In addition, other information will be gathered about a patient and we will create a record of the care and/or services provided to the patient by the Company. Some of the information also may be provided to us by other individuals or organizations that are part of the patient’s “circle of care” – such as a patient’s referring physician, other doctors, health plan, family members, hospitals, or other health care providers.

  1. How the Company May Use or Disclose a Patient’s PHI

The Company collects PHI from the patient and stores it in an account file. This is the patient’s medical record. The medical record is the property of the Company, but the information in the medical record belongs to the patient. The Company protects the privacy of the patient’s PHI. It is the policy of the Company that all PHI may not be used or disclosed unless it meets one of the following conditions:

  1. The use or disclosure is for treatment, payment or health care operations.
    1. Treatment. The Company collects information from the referring physicians regarding the patient. This information may be transmitted to various departments within our organization, the patient’s physician and other entities associated or involved in the patient’s treatment. This information may also be disclosed to the patient’s physicians in association with the patient’s treatment including, but not limited to, any physical therapy or home health entities.
    1. Payment. The Company may collect billing information from the patient such as the patient’s present address, social security number, date of birth, health insurance carrier, policy number and any other related billing information. The Company may disclose to the patient’s health insurance provider, Medicare, Medicaid, or other payer of health care claims the minimum amount necessary of the patient’s PHI in order to process the patient’s health insurance claim.
    1. Regular Health Care Operations. The Company may disclose the patient’s healthcare information to physicians, medical assistants, nurses, nurse practitioners, physician assistants, billing clerks, administrative staff, and other employees involved in the patient’s healthcare treatment.
  2. The patient, who is the subject of the information, through a written authorization has authorized the use or disclosure of the information. This authorization may be revoked by the patient providing the Company with a written revocation of said authorization. Without the patient’s authorization, the Company may not disclose the patient’s psychotherapy notes. The Company may also not use the or disclose the patient’s PHI for the Company’s own marketing and may not sell the patient’s PHI.
  3. The patient, who is the subject of the information, does not object to the disclosure of the PHI to persons involved in the health care of the individual or for facility directory purposes.
  4. Voice Mail Message. It is the policy of the Company that voice mail or answering machine message may be left at a patient’s home or other number the patient provides to the Company regarding billing or payment issues, or other PHI, related to treatment, payment or health operations.
  5. As Required by Law. It is the policy of the Company that may use and disclose a patient’s PHI as required by law.
    1. Public Health. As required by law, we may disclose a patient’s PHI to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure.
    1. Health oversight activities. We may disclose a patient’s PHI to health agencies during the course of audits, investigations, inspections, licensure, and other proceedings.
    1. Judicial and administrative proceedings. We may disclose a patient’s PHI in the course of any administrative or judicial proceeding.
    1. Law enforcement. We may disclose a patient’s PHI to a law enforcement official for purposes such as identifying or locating a suspect, fugitive, material witness or missing person, complying with a court order or subpoena, and/or for other law enforcement.
    1. Descendent Information. We may disclose a patient’s PHI to coroners, medical examiners and funeral directors.
    1. Organ donation. We may disclose a patient’s PHI to organizations involved in procuring, banking or transplanting organs and tissues.
    1. Research. We may disclose a patient’s PHI to researchers conducting research that has been approved by an Institutional Review Board or the Company’s Board of Directors.
    1. Public Safety. We may disclose a patient’s PHI to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
    1. Specialized government functions. We may disclose a patient’s PHI for military, national security, and prisoner purposes.
    1. Worker’s compensation. We may disclose a patient’s PHI We may disclose a patient’s PHI as necessary to comply with worker’s compensation laws.
    1. Marketing. We may contact a patient to provide appointment reminders or to give the patient information about other treatments or health-related benefits and services that may be of interest to the patient.
    1. Fundraising. We may use certain information to contact you for the purpose of raising money for the Company and you will have the right to opt out of receiving such communications with each solicitation. The money raised will be used to expand and improve the services and programs we provide the community. You are free to opt out fundraising solicitation, and your decision will have no impact on your treatment or payment for services at the Company.
    1. Change of Ownership. In the event that the Company is sold or merges with another organization, the patient’s PHI will become the property of the new owner.
  1. Other Policies Uses and Disclosures
  1. Notice of Privacy Practices. It is the policy of the Company that privacy practices must be published and that all uses and disclosures of PHI are done in accordance with the Company’s privacy policy. The Company is required by law to abide by the terms of its notice of Privacy Practices.
  2. Decreased Individuals. It is the policy of the Company that privacy protections extend to information concerning decreased individuals.
  3. Restriction Requests. It is the policy of the Company that serious consideration must be given to all requests for restrictions on uses and disclosures of PHI as published in the privacy policy. The patient has the right to request restrictions on certain uses and disclosures of their PHI. The patient may do so by completing the Company’s form entitled “Restrictions”. The Company is not required to agree to the restriction that the patient requests. If a particular restriction is agreed to, the Company is bound by that restriction. If a patient pays for a specific health product or service out of pocket, the patient has the right to request that the Company not disclose their information to their insurer. Such a request can also be made in writing by completing the Company’s form entitled “Restriction-Self Pay” and checking the particular box indicating that the service or product was paid for by the patient. If such a request is made, the Company must agree with the patient’s request.
  4. Minimum Necessary Disclosure. It is the policy of the Company that it shall make reasonable efforts to limit the disclosure to the minimum amount of information needed to accomplish the purpose of the disclosure. It is also the policy of the Company that all requests for PHI must be limited to the minimum amount of information needed to accomplish the purpose of the request.
  5. Access to Information. It is the policy of the Company that the patient has the right to inspect and copy their PHI. It is the Company’s policy that access to PHI must be granted to a patient when such access is requested. Such request shall be submitted in writing by completing the Company’s request form entitled “Request for Inspection and/or Copy of Protected Health Information”. Costs associated with the copying of any PHI shall in accordance with applicable state and federal law.
  6. Designation of Personal Representative. It is the policy of the Company that access to PHI must be granted to a patient’s designated personal representative as specified by the patient when such access is requested and authorized by the patient. This designation of a personal representative must be made in writing by completing the Company’s form entitled “Designation of Personal Representative.”
  7. Confidential Communications Channels. It is the policy of the Company that the patient has the right to receive their PHI through a reasonable alternative means or at an alternative location. Confidential communication channels can be used within the reasonable capability of the Company. Such request shall be made in writing by completing the Company’s form entitled “Confidential Channel Communication Request.”
  8. Amendment of Incomplete or Incorrect Protected Health Information. It is the policy of the Company that a patient has a right to request that the Company amend their PHI that is incorrect or incomplete. The Company is not required to change a patient’s PHI and will provide the patient with information about the Company’s denial and how the patient can disagree with the denial. A request to amend a patient’s PHI shall be made in writing by completing the Company’s form entitled “Request for Amendment of Health Information.”
  9. Accounting of Disclosures. It is the policy of the Company that an accounting of disclosures of PHI made by the Company is given to the patient whenever such an accounting is requested in writing. The patient has a right to receive an accounting of disclosures of their PHI made by the Company. Such written request for an accounting shall be made by completing the Company’s form entitled “Request for Accounting of Disclosures”.
  10. Breach Notification. It is the policy of the Company as required by law to maintain the privacy of a patient’s PHI. If there is a breach (an inappropriate use or disclosure of the patient’s PHI that the law requires to be reported) the Company must notify the patient of said breach.
  11. Underwriting and Genetic Information. The Company is prohibited from using or disclosing a patient’s PHI that is genetic information (information about genetic tests or genetic illnesses of the patient or their family members) for the purposes of eligibility, continued eligibility, enrollment, determination of benefits, computing premium or contribution amounts, pre-existing condition exclusion, or other activities related to the creation, renewal, or replacement of a contract of health insurance or health benefits.
  12. Complaints. It is the policy of the Company that all complaints by employees, patients, providers, or other entities relating to PHI be investigated and resolved in a timely fashion. Complaints about this Notice of Privacy Practices or how the Company handles a patient’s PHI should be directed to:

Hebert Medical Group, APMC

Attn: Privacy Officer 3256 Highway 190

Eunice, Louisiana 70535

If a patient is not satisfied with the manner in which this office handles a complaint, the patient may submit a formal complaint to:

Department of Health and Human Services

Office of Civil Rights

Hubert H Humphrey Bldg.

200 Independence Avenue, SW

Room 509F HHH Building

Washington, DC 20201

  1. Prohibited Activities. It is the policy of the Company that no employee may engage in any intimidating or retaliatory acts or actions against any person who files a complaint or otherwise exercises their rights under HIPAA regulations. It is also the policy of the Company that no disclosure of PHI will be withheld as a condition for payment for services from the patient or from an entity.
  2. Responsibility. It is the policy of the Company that the responsibility for designing arid implementing procedures related to this policy lies with the Chief Privacy Officer.
  3. Mitigation. It is the policy of the Company that the effects of any unauthorized use or disclosure of PHI be mitigated (to decrease the damage caused by the action) to the extent possible.
  4. Preemption of State Law. It is the policy of the Company that the federal privacy regulations are the minimum standard to be used regarding the privacy of a patient’s PHI. If the laws od the State of Louisiana are more stringent in certain areas, the state laws in these areas shall prevail. In all other areas, federal privacy regulations shall prevail.
  5. Cooperation with Privacy Oversight Authorities. It is the policy of the Company that oversight agencies such as the Office for Civil Rights of the Department of Health and Human Services be given full support and cooperation in their efforts to ensure the protection of PHI within this organization. It is also the policy of the Company that all personnel cooperate fully with all privacy compliance review and investigations.

If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, contact the Chief Privacy Officer of the Company.

  1. Changes to this Notice of Privacy Practices

The Company reserves the right to amend this Notice of Privacy Practices at any time in the future and will provide a copy of such amendment to the patient upon request or upon the patient’s next visit. Until such amendment is