Stratis Gayner Plastic Surgery
10 Capital Drive #100
Harrisburg, PA 17110
Phone: (717) 728-1700
Monday, Tuesday, Thursday: 8 a.m.–4 p.m.
Wednesday: 8 a.m.–5 p.m.
Friday: 8 a.m.–3 p.m.
Notice of Privacy Practices
Effective: September 23, 2013
Stratis Gayner Plastic Surgery is required by law to maintain the privacy of its patients’ protected health information (“PHI”) and to provide each patient with notice of our legal duties and privacy practices with respect to PHI under the federal Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”), and the HIPAA Privacy and Security regulations.
The terms of this Notice of Privacy Practices (“Notice”) apply to Stratis Gayner Plastic Surgery and the employees, staff, volunteers, and other personnel whose work is under direct control of Stratis Gayner Plastic Surgery. All Stratis Gayner Plastic Surgery personnel may share certain information with each other for treatment, payment or health care operations, as described in this Notice. Stratis Gayner Plastic Surgery is required to abide by the terms of this Notice.
Stratis Gayner Plastic Surgery will be referred to as “SGPS” or “we”, “us” or “our” in this Notice.
CONTACT INFORMATION – QUESTIONS, COMMENTS OR REQUESTS
If you have any questions about this Notice, or to obtain a copy of this Notice, please contact our Privacy Officer, Maureen Brouse, 10 Capital Drive, Suite 100, Harrisburg, PA 17110; (717) 728-1700.
This Notice describes how SGPS will protect the health information we have about you that relates to your PHI. PHI means all paper or electronic records of your care that identify you or can reasonably be used to identify you (including demographic information) and that relate to your past, present or future physical or mental health or condition and related health services, including information about payment and billing for your health care services. This Notice will refer to all of that PHI as “medical information.”
This Notice describes how SGPS may use and disclose your medical information for treatment, to carry out payment or healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your medical information.
We reserve the right to change this Notice at any time. Any change in the terms of this Notice will be effective for all medical information that we are maintaining at that time. If any change is made to this Notice, we will provide you with a written revised notice upon request.
HOW WE MAY USE AND DISCLOSE YOUR MEDICAL INFORMATION
The following categories provide details on the various ways in which we may use and disclose your medical information. We have provided examples for the types of uses and disclosures listed below. Not every use or disclosure will be listed. However, all of the ways in which we are permitted to use and disclose your medical information will fall within one of the categories listed in this Notice.
We will not use or disclose your medical information for any purposes other than those described in this Notice without your signed written authorization. You have the right to revoke your authorization in writing at any time, but if you revoke your authorization, we are unable to retract any uses and disclosures we have already made with your permission. We are required to retain our records as proof of the care that we provided you.
- Treatment. We may use and disclose your medical information to provide, coordinate or manage health care and related services provided by us as well as other health care providers. We may disclose medical information about you to doctors, nurses, hospitals and other health facilities involved in your care. We may consult with other health care providers concerning your care and, as part of the consultation, share your medical information with them.
- Payment. We may use and disclose medical information about you so we can bill and collect payment for the services we have provided to you. This can include billing you, your health plan or a third party payor. For example, we may need to give your health plan information about the health care services we provide to you so your health plan will pay us for those services or reimburse you for amounts you have paid. We also may need to provide your health plan or a government program, such as Medicare or Medicaid, with information about your medical condition and the health care you need to receive to determine if you are covered by that
insurance or program.
- Health Care Operations. We may use and disclose medical information about you for our own health care operations. Health care operations are business tasks necessary to operate SGPS and to maintain quality health care for our clients. Whenever practical, we may remove information that identifies you. For example, we may use or share your medical information to review the services we provide and the performance of our employees in caring for you, train our staff, study ways to more efficiently manage our organization, conduct budgeting and planning, conduct or arrange for medical review, legal, and auditing services, including fraud and abuse detection and compliance programs, and to maintain computer systems.
- Fundraising Activities. We may use your medical information and your name and address to contact you for fundraising communications on our own behalf. If we contact you, we will tell you how to opt out of receiving future fundraising communications from us. You also have the right to opt out of receiving fundraising communications from us now by notifying our Privacy Officer in writing at the address indicated on the first page of this Notice. We will not share your medical information with anyone else for another person’s or entity’s fundraising purposes.
- Client Listing. Unless you object, we will include certain limited information about you in our internal client listing. This information may include your name, your location, your general condition and your religious affiliation. We may release information in our listing, except for your religious affiliation, to people who ask for you by name. We may provide the listing information, including your religious affiliation, to any member of the clergy.
- Individuals Involved in Your Care. Unless you object, we may, in our professional judgment, disclose to a family member, other relative, a close personal friend, or any other person you identify, your medical information to facilitate that person’s involvement with your care or in payment related to your care. We may also use or disclose your medical information to notify or to assist in notifying a family member, your personal representative or other person responsible for your care of your location, general condition, or death. We may also disclose limited medical information to a public or private entity that is authorized to assist in disaster relief efforts in order for that entity to locate a family member or other persons that may be involved in some aspect of caring for you. If there is a family member, other relative or close personal friend to whom you do not want us to disclose your medical information, please notify our Privacy Officer.
- Business Associates. We may disclose medical information to third party contractors, or “business associates,” that provide contracted services for us, such as accounting, legal representation, claims processing, consulting and claims auditing. If we disclose medical information to a business associate, we will do so subject to a contract that requires the business associate to appropriately safeguard and restrict the use of your medical information to the purposes of the arrangement, as required under HIPAA and its regulations, including requiring the business associate to have contracts with any subcontractors the business associate may use to perform a function involving your medical information.
- Shared Medical Record/Health Information Exchange. We maintain medical information about our patients in shared electronic medical records that allow the SGPS to share your medical information. We may participate in one or more health information exchanges (HIEs) and may electronically share your health information for treatment, payment and healthcare operations purposes with other participants in the HIEs. HIEs allow your health care providers to efficiently access and use your pertinent medical information necessary for treatment and other lawful purposes. If you do not opt out of this exchange of information, we may provide your health information to the HIEs in which we participate in accordance with applicable law.]
USES OR DISCLOSURES NOT REQUIRING AUTHORIZATION
We are permitted or required by law to make certain uses or disclosures of your medical information without your written authorization or consent for the following purposes, subject to conditions imposed by law:
- Disaster Relief. We may use or disclose your medical information to a public or private entity authorized by law or by its charter to assist in disaster relief efforts.
- Required by Law. We may use or disclose your medical information when we are required to do so by law.
- Public Health Activities. We may disclose your medical information for public health activities and purposes, such as reporting disease, injury, birth and death, and for required public health investigations.
- Health Oversight Activities. We may disclose your medical information to a government oversight agency for activities authorized by law, including audits, investigations, inspections and licensure actions and related oversight functions.
- Victims of Abuse, Neglect or Domestic Violence. We may disclose your medical information to a government authority authorized by law to receive reports of abuse, neglect, or domestic violence, if we believe you are a victim of abuse, neglect, or domestic violence. Adverse Events, Product Recalls. We may disclose your medical information to entities regulated by the federal Food and Drug Administration if necessary to report adverse events, product defects, or to participate in product recalls.
- Judicial and Administrative Proceedings. We may disclose your medical information in response to a subpoena, court order, or discovery request but only if efforts have been made to tell you about the request or to obtain an order protecting the information to be disclosed. In the event that Pennsylvania laws afford greater protection with respect to the disclosure of your medical information, we will follow Pennsylvania law.
- Disclosures for Law Enforcement Purposes. We may disclose your medical information to law enforcement officials for law enforcement purposes, such as identifying or locating suspects, fugitives or witnesses, or victims of crime, or other allowable law enforcement purposes. In the event that Pennsylvania laws afford greater protection with respect to the disclosure of your medical information, we will follow Pennsylvania law.
- Coroners, Medical Examiners, and Funeral Directors. We may disclose your medical information to coroners, medical examiners or funeral directors as necessary for them to carry out their duties.
- Organ or Tissue Donation. We may disclose your medical information to an organization involved in the donation of organs and tissue if necessary to arrange an organ or tissue donation from you or a transplant for you.
- To Avert a Serious Threat to Health or Safety. We may use or disclose your medical information in emergency circumstances when necessary to prevent a serious and imminent threat to the health or safety of the public or another person.
- Specialized Government Functions. We may disclose your medical information regarding military and veteran activities set out by certain military command authorities as required by armed forces services, for national security and intelligence activities, and protective services for the president and others, and for correctional institutions and other law enforcement custodial situations, in accordance with 45 C.F.R. § 164.512(k).
- Workers’ Compensation. We may disclose your medical information to the extent necessary to comply with workers’ compensation and similar laws that provide benefits for work-related injuries or illness without regard to fault.
- Employers. We may disclose your medical information to your employer when we have provided health care to you at the request of your employer for purposes related to occupational health and safety; in most cases you will receive notice that information is disclosed to your employer.
USES AND DISCLOSURES REQUIRING YOUR AUTHORIZATION
The following specific uses and disclosures require your written authorization:\
- Marketing. We may not use or disclose your medical information for marketing purposes, where “marketing” means making a communication about a product or service that encourages recipients of the communication to purchase or use the product or service, except if the communication is in the form of a face-to-face communication made by us to you, or involves a promotional gift of nominal value provided by us. We may use and disclose your medical information only after receiving your written authorization to provide any communications regarding treatment and health care operations where we receive financial remuneration, directly or indirectly, for making the communications from or on behalf of a third party whose product or service is being marketed. Such authorization must disclose that we are receiving financial remuneration from a third party to make the communication and shall permit you to revoke your authorization at any time if you wish to stop receiving such subsidized marketing materials.
- Sale of Medical Information. We may not disclose your medical information without your written authorization if the disclosure of medical information is made as a sale to a third party in exchange for direct or indirect remuneration from or on behalf of the recipient of the information. The authorization for a sale of medical information must state that we will receive financial remuneration in exchange for disclosing your medial information.
YOUR RIGHTS REGARDING YOUR MEDICAL INFORMATION
- Right to Request Restrictions. You have the right to request that we restrict the uses and disclosures of your medical information to carry out treatment, payment, or health care operations. For example, you may request that we not share your medical information with certain family members, or with public or private entities for disaster relief efforts. We are not required to agree to your request to restrict disclosures for treatment, payment or health care operations. If we agree, we may not use or disclose your medical information in violation of such restriction, unless you require emergency treatment and the restricted medical information is needed to provide the emergency treatment. In that case, we may use the restricted medical information, or may disclose such information to a health care provider, to provide such treatment to you.
You may also request that we restrict disclosure of your medical information to a health plan if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the medical information pertains solely to a health care item or service for which you, or another person (other than the health plan) acting on your behalf, have paid us out-of-pocket in full. We are required to agree to your request to restrict disclosure of medical information to health plans regarding services for which you have paid us out-of-pocket in full.
You must submit your limitation or restriction request in writing to our Privacy Officer at the address indicated on the first page of this Notice. In your request you must tell us (a) what information you would like to limit or restrict; (b) whether you wish to limit the use or disclosure, or both; and (c) to whom you would like the limits to apply, for example, disclosures to your spouse.
We may terminate your restriction if: (a) you agree or request the termination in writing; (b) you orally agree to the termination; or (c) as to restrictions related to treatment, payment or health care operations, if we inform you that we are terminating our agreement to your restriction, except that such termination will only be effective for your medical information that is created or received after you receive our notice of termination.
- Right to Receive Confidential Communications. We will accommodate reasonable requests to receive communications about your medical information from us by alternative means or to alternative locations. For example, you may ask that we only contact you by mail or at work. We will not require you to tell us why you are asking for the confidential communications. If you want to request confidential communications, you must make your request in writing to our Privacy Officer at the address indicated on the first page of this Notice.
- Right to Inspect and Copy Your Medical Information. With a few very limited exceptions, you have the right to request access to inspect or obtain an electronic or hardcopy of your medical information maintained by us in a designated record set, subject to certain limitations imposed by law. To inspect or copy your medical information, you must submit your request in writing to our Privacy Officer at the address identified on the first page of this Notice. Your request should specifically state what medical information you want to inspect or copy. We must act on your request within thirty (30) days of our receipt of your request. We may charge a fee for the costs of copying, mailing or other supplies associated with your request and will tell you the fee amount in advance.
We may deny your request to inspect and copy in limited circumstances. If you are denied access to your medical information, you may submit a written request that such denial be reviewed to our Privacy Officer at the address indicated on the first page of this Notice. Your denial of access will be reviewed by a licensed health care professional designated by us who did not participate in the original decision to deny access. We will ordinarily act on your request for review within thirty (30) days. In certain circumstances you will not be granted a review of a denial.
- Right to Amend Your Medical Information. You have the right to request an amendment or correction to your medical information. You have the right to request an amendment for as long as the information is kept by or for us. Your request must be submitted in writing to our Privacy Officer to the address indicated on the first page of this Notice, and must specifically state your reason or reasons for the amendment. We will ordinarily act on your amendment request within sixty (60) days after our receipt of your request.
We may deny your request to amend medical information if we determine that the information: (a) was not created by us; (b) is not part of the medical information maintained by us; (c) would not be available for you to inspect or copy; or (d) is accurate and complete. If we grant the request, we will inform you of such acceptance in writing. We will make the appropriate amendment to your medical information and we will request that you identify and agree that we may notify all relevant persons with whom the amendment should be shared: (a) individuals that you have identified as having medical information about you and (b) business associates that we know have your medical information that is the subject of the amendment. Please note that even if we accept your request, we may not delete any information already documented in your medical information.
- Right to Receive an Accounting. You have the right to request an “accounting of disclosures” for disclosures of your medical information. The list of disclosures does not include disclosures: (a) for treatment, payment and healthcare operations, with the exception of disclosures made for such purposes via an electronic health record in compliance with the applicable effective dates related to such required accountings; (b) made with your authorization or consent; (c) to your family member, close relative, friend or any other person identified by you; (d) for national security or intelligence purposes; (e) to correctional institutions or law enforcement officials; or (f) as part of a limited data set. Additionally, under certain circumstances, government officials can request that we withhold disclosures from the accounting.
To request an accounting of disclosures, you must submit your request in writing to our Privacy Officer at the address indicated on the first page of this Notice. Your request must state the time period for which you would like an accounting which may not be longer than six (6) years from the date of your request for all disclosures except for disclosures made for treatment, payment or healthcare operations via an electronic health record. Your request for an accounting for disclosures for treatment, payment and healthcare operations made via an electronic health record cannot be greater than three (3) years from the date of your request. Your first accounting request within any 12-month period will be provided to you free of charge. For additional accounting lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
We will ordinarily act on your accounting request within sixty (60) days of your request. We are permitted to extend our response time for a period of up to thirty (30) days if we notify you of the extension. We may temporarily suspend your right to receive an accounting of disclosures of your medical information, if required to do so by law.
- Right to Notice if Your Medical Information is Breached. You have the right to be notified following a breach involving your unsecured medical information. We will provide you with written notice of a breach unless we determine through a risk assessment that there is a low probability that the privacy and/or security of your medical information has been compromised.
- Right to a Paper Copy of this Notice. You have the right to obtain a paper copy of this Notice, even if you have previously agreed to receive this Notice electronically. You may request a copy of this Notice at any time.
We welcome an opportunity to address any questions or concerns that you may have regarding the privacy of your medical information. If you believe that the privacy of your medical information has been violated, you may contact us to discuss your concerns, or you may file a complaint in writing to our Privacy Officer at the address indicated on the first page of this Notice. You may also file a complaint with the Secretary of the Department of Health and Human Services if you believe your privacy rights have been violated by us.
To file a complaint with the Secretary of the Department of Health and Human Services, send your complaint in care of: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue SW, Washington, D.C. 20201.
You will not be penalized or retaliated against for filing a complaint or voicing a privacy concern.Back to Top