THIS NOTICE DESCRIBES HOW YOUR PROTECTED HEALTH INFORMATION MAY BE USED AND DISCLOSED. PLEASE REVIEW IT CAREFULLY.

OUR LEGAL DUTY:

Griffey Eye Care is required to comply with all applicable federal and state laws to maintain the privacy of your Protected Health Information (‘PHI’). PHI is defined as “any individually identifiable health information that relates to any physical or mental health or that can otherwise be used to identify the individual”.

Griffey Eye Care is also required to provide you with this notice about our privacy practices, our legal obligations, and your rights concerning your PHI. This notice is effective July 1, 2024, and is subject to any amendments enacted by the governing statutes. Periodic amendments may also be made in order to clarify certain language of the applicable laws and statutes. We may tell you about any changes to our notice through a newsletter, patient portal, website, or a letter.

You may request a copy of this notice (or any subsequent revision of this notice) at any time, even if you agreed to get this Notice by electronic means, you still have the right to ask for a paper copy. For more information about our privacy practices, or for additional copies of this notice, please contact us using the information listed at the end of this notice.

Uses and Disclosures of Protected Health Information:

Griffey Eye Care may use and disclose your PHI to (1) facilitate your medical treatment, (2) obtain payment from your health insurance company for medical services, and (3) conduct industry-standard health care operations. Such use and disclosure of your PHI is considered under HIPAA as “permissible use”. Any and all “permissible use” of your PHI will be made within “minimum necessary” limitations, and only to facilitate specific activity directly relative to treatment, payment, and/or operations.

Following are examples of permissible use of your PHI:

Treatment: Griffey Eye Care may use and disclose your PHI to provide, coordinate, or manage your health care and any related services as recommended by your medical provider. This includes the coordination or management of your health care with a third party or other physicians who may currently be involved with your medical care or whom it may be determined by your medical condition to be required with your medical care for the purposes of diagnosis and treatment (i.e., specialist, laboratory, hospital, or other facility). If you receive services through Telemedicine, we will also collect information as part of the services or information provided during the audio and/or video teleconference encounter itself, and to the extent applicable, through other telephonic communications. We may also collect information from the electronic medical record system (if applicable) of your selected provider in order to facilitate the provision of services.

Payment: Griffey Eye Care may use and disclose your PHI to obtain payment for your health care services. This may include providing copies of the pertinent medical record to your health insurance plan in order to determine eligibility and benefits, obtain pre-authorization on your behalf for recommended medical services, review of medical services provided to you to confirm medical necessity, and other health plan utilization review activities. For example, obtaining approval for a hospital admission may require that your relevant PHI be disclosed to the health plan to obtain approval for the hospital admission.

Health Care Operations: Griffey Eye Care may use and disclose your PHI in order to facilitate industry-standard business and operational activities. These activities include, but are not limited to, daily clinic operations relative to scheduling, appointment reminders, assembly and maintenance of your medical record, and inter-departmental coordination of your medical care. For example, we may use a sign-in sheet at the registration desk where you will be asked to sign your name, call you by name in the waiting room when your doctor is ready to see you, or contact you by telephone or mail to ensure necessary continuum of care or other related activities.

Sharing your PHI with you: Griffey Eye Care must give you access to your own PHI. Griffey Eye Care, including our affiliates and/or vendors, may call or text you by using an automatic telephone dialing system and/or an artificial voice. The calls/texts may be about appointment reminders, appointment confirmations, treatment options, health-related benefits and services, and to gather feedback regarding your experience. If you do not want to be contacted by phone or text, just let the caller know and we will add you to our Do Not Call list. We will then no longer call or text you. However, if you initiate communications using e-mail, we will assume (unless you have explicitly stated otherwise) that e-mail communications are acceptable to you. Communications via email over the internet are not secure. Although it is unlikely, there is a possibility information included in an email can be intercepted and read by other parties besides the person to whom it is addressed. You understand you must take reasonable steps to protect the unauthorized use of electronic communications by others, and Griffey Eye Care is not responsible for breaches of confidentiality caused by you or an independent third party. Information disclosed to you under the HIPAA Privacy Rule may be redisclosed by you to others. Once disclosed, this information may no longer be protected by HIPAA.

Griffey Eye Care may share your PHI with third-party “business associates” that perform certain activities (i.e., billing, transcription services) for the company. Whenever an arrangement between our office and a business associate involves “permissible use” of your PHI, your PHI is protected by a Business Associate Agreement that contains terms that will protect your PHI.

Uses and Disclosures Based On Your Written Authorization: Any other uses and disclosures of your PHI will be made only with your written authorization, unless otherwise permitted or required by law as described below.

You may give us written authorization to use your PHI or to disclose it to anyone for any purpose. Your written authorization may be revoked in writing at any time. Your revocation will not affect any use or disclosure permitted by your authorization while it was in effect. Without your written authorization, we will not disclose your health care information except as described in this notice.

Health information that has been properly de-identified is not protected by the HIPAA Privacy Rule and may be used for research and other statistical purposes.

Others Involved in Your Health Care: Unless you object, we may disclose to a member of your family, a relative, a close friend, or any other person you identify as an emergency contact, your PHI that directly relates to that person’s involvement in your health care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may use or disclose PHI to notify or assist in notifying a family member, personal representative, or any other person that is responsible for your care of your location, general condition, or death.

Uses and Disclosures Required by Law:

Research; Death; Organ Donation: Your (de-identified) PHI may be used or disclosed for research purposes in limited circumstances. Your PHI may be disclosed to a coroner, protected health examiner, funeral director, or organ procurement organization under specific circumstances.

Public Health and Safety: Your PHI may be disclosed to the extent necessary to avert a serious and imminent threat to your personal health or safety, or the public health or safety of others. Your PHI may be disclosed to a government health agency authorized to oversee the health care system or government programs or its contractors, and to public health authorities for public health purposes.

Health Oversight: Your PHI may be disclosed to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs, and civil rights laws.

Abuse or Neglect: Your PHI may be disclosed to a public health authority that is authorized by law to receive reports of abuse, neglect, or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.

Food and Drug Administration: Your PHI may be disclosed to a person or company required by the Food and Drug Administration to report adverse events, product defects or problems, biologic product deviations; to track products to enable product recalls; to make repairs or replacements; or to conduct post-marketing surveillance, as required.

Criminal Activity: Consistent with applicable state and federal laws, your PHI may be disclosed if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health and safety of a person or the public. We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.

Required by Law: Your PHI may be disclosed when we are required to do so by law. For example, we must disclose your PHI to the U.S Department of Health and Human Services upon request for purposes of determining whether we are in compliance with privacy laws. We may disclose your PHI when authorized by Workers’ Compensation or other similar laws.

Process and Proceedings: Your PHI may be disclosed to legally authorized law enforcement officials in response to a court or administrative order, subpoena, discovery request, or other lawful process, under certain circumstances. Griffey Eye Care may disclose PHI of an inmate or other person in lawful custody to a law enforcement official or correctional institution under certain circumstances. We may disclose PHI where necessary to assist law enforcement officials to capture an individual who has admitted to participation in a crime or who has escaped from lawful custody.

Accreditation Organizations: Disclosure to accreditation organizations for quality purposes. Any accreditation organizations would be considered a Business Associate and would enter into an agreement with us to maintain confidentiality and protect the privacy of your PHI.

Disaster Relief: Your PHI may be disclosed to disaster relief organizations to coordinate your care, or to notify family and friends of your location or condition in a disaster. We will provide you with an opportunity to agree or object to these disclosures whenever it is practical to do so.

National Security: Your PHI may be disclosed to authorized federal officials for the purpose of intelligence, counterintelligence, and other national security activities authorized by law.

Specialized Government Functions: In certain circumstances, we may disclose the PHI of military personnel and veterans. We may also disclose your PHI for national security, intelligence activities, and protection of the President.

Workers’ Compensation: Your PHI may be disclosed to comply with laws relating to Workers’ Compensation or other similar programs established by law.

Reproductive Health Services: In accordance with state law, Griffey Eye Care will not release any information to your health insurance company about any reproductive health services you have received unless you provide a separate written authorization requesting us to do so. The services you have the right to keep confidential include, but are not limited to, family planning services and services to treat infections of the reproductive organs. An additional attestation or consent may be required to release that information. 

Substance Use Disorder Information: Federal law and regulations protect the confidentiality of substance use disorder patient records maintained by us. Generally, we may not disclose information identifying a person as having or having had a substance use disorder unless:

  • The patient consents in writing, and such consent can now cover all future uses and disclosures for treatment, payment, and health care operations.
  • The disclosure is allowed by a court order.
  • The disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
  • The disclosure is made to a public health authority, as permitted by HIPAA, for the purpose of preventing or controlling disease, injury, or disability.
  • The disclosure is made to a business associate, as permitted by HIPAA, provided the business associate agreement includes the necessary safeguards for confidentiality.
  • The disclosure is made for purposes of care coordination and case management by a covered entity or a business associate.

Psychotherapy Notes:

Psychotherapy notes are treated differently from regular medical records under HIPAA. These notes are maintained separately and require your specific authorization for most uses and disclosures. This authorization must be separate from the general consent you provide for other uses and disclosures of your health information.

HIV/AIDS, Communicable Diseases, and Genetic Testing:

Information related to HIV/AIDS, communicable diseases, genetic testing or genetic information used for underwriting purposes of you results may have additional protections under state laws and regulations. Specific consent is required for the disclosure of this information beyond what is covered in this general Notice of Privacy Practices.

Marketing:

Use of disclosure of your PHI for marketing purposes will be made only with your written authorization.

Your Health Information Rights:

Access: You have the right to inspect and copy your PHI that may be used to make decisions about your care. You have the right to request an electronic copy of your PHI. We may charge a reasonable, cost-based fee for the cost of copying, mailing, or other supplies associated with your request. If you request a copy of your PHI in electronic form and the PHI is maintained in an electronic health record, we will provide you with access to your PHI in the electronic form and format requested if it is readily producible.

Disclosure Accounting: You have the right to receive a list of certain instances in which we or our business associates disclosed your PHI for purposes other than treatment, payment, health care operations, and certain other activities. If you request this accounting more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests.

Restriction: You have the right to request that we place additional restrictions on our use or disclosure of your PHI. We are not required to agree to these additional restrictions, but if we do, we will abide by our agreement (except in an emergency). Any agreement we may make to a request for additional restrictions must be in writing signed by a person authorized to make such an agreement on our behalf.

Confidential Communication: You have the right to request that we communicate with you about your PHI by alternative means or to alternative locations. You must make your request in writing. We will accommodate all reasonable requests.

Amendment: You have the right to request that we amend your PHI. Your request must be in writing, and it must explain why the information should be amended. We may deny your request under certain circumstances.

Notice: You have the right to receive notice of a breach in the event of a breach of any of your PHI.

Electronic Notice: If you receive this notice on our Web site or by electronic mail (e-mail), you are entitled to receive this notice in written form.

Website Privacy: Any personal information you provide us with via our website, including your e-mail address, will never be sold or shared with any third party without your express permission. If you provide us with any personal contact information in order to receive anything from us, we may collect and store that personal data. We do not automatically collect your personal e-mail address simply because you visit our site. In some instances, we may partner with a third party to provide services such as newsletters, surveys to improve our services, health or company updates, and in such case, we may need to provide your contact information to said third parties. This information, however, will only be provided to these third-party partners specifically for these communications, and the third party will not use your information for any other reason. While we may track the volume of visitors on specific pages of our website and download information from specific pages, these numbers are used in aggregate and without any personal information. This demographic information may be shared with our partners, but it is not linked to any personal information that can identify you or any visitor to our site.

Our site may contain links to other websites. We cannot take responsibility for the policies or practices of these sites and we encourage you to check the privacy practices of all internet sites you visit. While we make every effort to ensure that all the information provided on our website is correct and accurate, we make no warranty, express or implied, as to the accuracy, completeness or timeliness, of the information available on our site. We are not liable to anyone for any loss, claim, or damages caused in whole or part, by any of the information provided on our site. By using our website, you consent to the collection and use of personal information as detailed herein. Any changes to this Privacy Policy will be made public on this site, our website, and our patient portal so you will know what information we collect and how we use it.

Questions and Complaints:

If you want more information about our privacy practices or have questions or concerns, please contact us using the information below.

If you are concerned that we may have violated your privacy rights or you disagree with a decision we made about access to your PHI, you may file a complaint with us using the contact information below.

HIPAA Privacy Officer:

Attention: Privacy Officer

Office: 8043 Cooper Creek Blvd, Suite 101, University Park, FL 34201

Telephone: 800-765-0624

Email: useyecompliance@useye.com

You may also contact the Secretary of the U.S. Department of Health and Human Services if you believe your privacy rights have been violated. Your complaint can be sent by email, fax, or mail to the Office of Civil Rights. U.S. Dept. of Health, OCR, 200 Independence Avenue SW, Washington, D.C., 20201. For more information, see their website at: http: www.hhs.gov/ocr/privacy/hipaa/complaints/.