STEPHEN J. VEGA, M.D., PLLC
PRIVACY NOTICE
THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION
MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO
THAT INFORMATION.
PLEASE REVIEW THIS NOTICE CAREFULLY.
The Practice is committed to maintaining the privacy of your protected health information (“PHI”), which includes information about your medical condition and the care and treatment you receive from us. This Notice details how your PHI may be used and disclosed to third parties to carry out your treatment, payment for your treatment, health care operations of the practice, and for other purposes permitted or required by law. This Notice also details your rights regarding your PHI.
USE OR DISCLOSURE OF PHI
- We may use and/or disclose your PHI for treatment, payment for your treatment, and health care operations of the practice. The following are examples of the types of uses and/or disclosures of your PHI that may occur. These examples are not meant to include all possible types of use and/or disclosure.
-
- Treatment – In order to provide, coordinate and manage your health care, we will provide your PHI to those health care professionals, whether on our staff or not, directly involved in your care so that they may understand your medical condition and needs and possibly provide advice or treatment (e.g., a specialist or laboratory). For example, a physician treating you for a condition such as arthritis may need to know what medications have been prescribed for you by the providers in this practice.
-
- Payment – In order to get paid for services provided to you, we will provide your PHI, directly or through a billing service, to appropriate third party payors, pursuant to their billing and payment requirements. For example, the practice may need to provide your health insurance carrier or, if you are over 65, the Medicare program with information about health care services that you received from us so that the practice can be properly reimbursed. The practice may also need to tell your insurance plan about the need to hospitalize you so that the insurance plan can determine whether or not it will pay for the expense
-
- Health Care Operations – In order for us to operate in accordance with applicable law and insurance requirements and in order for the practice to continue to provide quality and efficient care, it may be necessary for us to compile, use and/or disclose your PHI. For example, the practice may use your PHI in order to evaluate the performance of our personnel in providing care to you.
AUTHORIZATION NOT REQUIRED
- We may use and/or disclose your PHI, without a written Authorization from you, in the following normal situations:
-
- De-identified Information – Your PHI is altered so that it does not identify you and, even without your name, cannot be used to identify you.
- Business Associate – To a business associate, which is someone who the practice contracts with to provide a service necessary for your treatment, payment for your treatment and health care operations (e.g., billing service or transcription service). We will obtain satisfactory written assurance, in accordance with applicable law, that the business associate will appropriately safeguard your PHI.
- To You or a Personal Representative – To you, or a person who, under applicable law, has the authority to represent you in making decisions related to your health care.
- We may use and/or disclose your PHI, without a written Authorization from you, in the following special situations:
-
- Public Health Activities – Such activities include, for example, information collected by a public health authority, as authorized by law, to prevent or control disease, injury or disability. This includes reports of child abuse or neglect.
- Food and Drug Administration. – If required by the Food and Drug Administration to report adverse events, product defects or problems or biological product deviations, or to track products, or to enable product recalls, repairs or replacements, or to conduct post marketing surveillance.
- Abuse, Neglect or Domestic Violence – To a government authority if we are required by law to make such disclosure. If the practice is authorized by law to make such a disclosure, it will do so if it believes that the disclosure is necessary to prevent serious harm or if the healthcare provider believes that you have been the victim of abuse, neglect or domestic violence. Any such disclosure will be made in accordance with the requirements of law, which may also involve notice to you of the disclosure.
- Health Oversight Activities – Such activities, which must be required by law, involve government agencies involved in oversight activities that relate to the health care system, government benefit programs, government regulatory programs and civil rights law. Those activities include, for example, criminal investigations, audits, disciplinary actions, or general oversight activities relating to the community’s health care system.
- Judicial and Administrative Proceeding – For example, we may be required to disclose your PHI in response to a court order or a lawfully issued subpoena.
- Law Enforcement Purposes – In certain instances, your PHI may have to be disclosed to a law enforcement official for law enforcement purposes. Law enforcement purposes include: (1) complying with a legal process (i.e., subpoena) or as required by law; (2) information for identification and location purposes (e.g., suspect or missing person); (3) information regarding a person who is or is suspected to be a crime victim; (4) in situations where the death of an individual may have resulted from criminal conduct; (5) in the event of a crime occurring on the premises of the practice; and (6) a medical emergency (not on the practice’s premises) has occurred, and it appears that a crime has occurred.
- Coroner or Medical Examiner – we may disclose your PHI to a coroner or medical examiner for the purpose of identifying you or determining your cause of death, or to a funeral director as permitted by law and as necessary to carry out its duties.
- Organ, Eye or Tissue Donation – If you are an organ donor, we may disclose your PHI to the entity to whom you have agreed to donate your organs.
- Research – When we are involved in research activities, your PHI may be used, but such use is subject to numerous governmental requirements intended to protect the privacy of your PHI such as approval of the research by an institutional review board and the requirement that protocols must be followed.
- Avert a Threat to Health or Safety – We may disclose your PHI if we believe that such disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and the disclosure is to an individual who is reasonably able to prevent or lessen the threat.
- Specialized Government Functions – When the appropriate conditions apply, we may use PHI of individuals who are Armed Forces personnel: (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veteran Affairs of eligibility for benefits; or (3) to a foreign military authority if you are a member of that foreign military service. The practice may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities including the provision of protective services to the President or others legally authorized.
- Inmates. We may disclose your PHI to a correctional institution or a law enforcement official if you are an inmate of that correctional facility and your PHI is necessary to provide care and treatment to you or is necessary for the health and safety of other individuals or inmates.
- Workers’ Compensation. – If you are involved in a Workers’ Compensation claim, we may be required to disclose your PHI to an individual or entity that is part of the Workers’ Compensation system.
- Disaster Relief Efforts. The Practice may use or disclose your PHI to a public or private entity authorized to assist in disaster relief efforts
- Required by Law. If otherwise required by law, but such use or disclosure will be made in compliance with the law and limited to the requirements of the law.
AUTHORIZATION
Use and/or disclosure of your psychotherapy notes (if applicable) that do not fall within the limited exceptions, use of your PHI for marketing purposes, and disclosures resulting from the sale of your PHI, and any other use and/or disclosure not described above, will be made only with your written Authorization.
SIGN-IN-SHEET
We may use a sign-in-sheet at the registration desk. Personnel may also call your name in the waiting room when your physician is ready to see you.
APPOINTMENT REMINDER
The Practice may, from time to time, contact you to provide appointment reminders. The reminder may be in the form of a letter or postcard. The Practice will try to minimize the amount of information contained in the reminder. The Practice may also contact you by phone and, if you are not available, the Practice will leave a message for you.
TREATMENT ALTERNATIVES / BENEFITS
We may, from time to time, contact you about treatment alternatives, or other health benefits or services that may be of interest to you.
MARKETING
We may only use and/or disclose your PHI for marketing activities if we obtain from you a prior written Authorization. “Marketing” activities include communications to you that encourage you to purchase or use a product or service, and the communication is not made for your care or treatment. However, marketing does not include, for example, sending you a newsletter about this practice. Marketing also includes the receipt by the practice of remuneration, directly or indirectly, from a third party whose product or service is being marketed. The practice will inform you if it engages in marketing and will obtain your prior Authorization.
FUNDRAISING
We may use and/or disclose your demographic information and the dates that you received treatment from your physician, as necessary, in order to contact you for fund raising activities supported by the practice. If you do not want to receive these materials, please contact the Practice’s Privacy Officer to request that these fund-raising materials not be sent to you.
ON-CALL-COVERAGE
In order to provide on-call coverage for you, we have established relationships with other physicians who will take your call if a physician from the practice is not available. Those on-call physicians will provide the practice with whatever PHI that they create and will, by agreement, keep your PHI confidential.
FAMILY/FRIENDS
We may disclose to your family member, other relative, a close personal friend, or any other person identified by you, your PHI directly relevant to such person’s involvement with your care or the payment for your care. The practice may also use or disclose your PHI to notify or assist in the notification (including identifying or locating) a family member, a personal representative, or another person responsible for your care, of your location, general condition or death. However, in both cases, the following conditions will apply:
-
- If you are present at or prior to the use or disclosure of your PHI, the practice may use or disclose your PHI if you agree, or if the practice provides you with opportunity to object and you do not object, or if the practice can reasonably infer from the circumstances, based on the exercise of its professional judgment, that you do not object to the use or disclosure.
-
- If you are not present, the practice will, in the exercise of professional judgment, determine whether the use or disclosure is in your best interests and, if so, disclose only the PHI that is directly relevant to the person’s involvement with your care.
YOUR RIGHTS
- You have the right to:
-
- Revoke any Authorization, in writing, at any time. To request a revocation, you must submit a written request to the Practice’s Privacy Officer.
- Request restrictions on certain use and/or disclosure of your PHI as provided by law, but the Practice is not obligated to agree to any requested restrictions. However, the Practice must agree to a request to restrict disclosure of your PHI to a health plan if: the disclosure is for the purpose of carrying out payment or health care operations and is not required by law, and the PHI pertains solely to a health care item or service for which you or someone else has paid the Practice in full. To request restrictions, you must submit a written request to the Practice’s Privacy Officer. In your written request, you must inform the practice of what information you want to limit, whether you want to limit the practice’s use or disclosure, or both, and to whom you want the limits to apply. If the practice agrees to your request, we will comply with your request unless the information is needed in order to provide you with emergency treatment.
- Receive confidential communications or PHI by alternative means or at alternative locations (for example at your business instead of home address). You must make your request in writing to the Practice’s Privacy Officer. We will accommodate all reasonable requests.
- Inspect and copy your PHI as provided by law. To inspect and copy your PHI, you must submit a written request to the Practice’s Privacy Officer. We can charge you a fee for the cost of copying, mailing or other supplies associated with your request. In certain situations that are defined by law, the practice may deny your request, but you will have the right to have the denial reviewed as set forth more fully in the written denial notice.
- Amend your PHI as provided by law. To request an amendment, you must submit a written request to the Practice’s Privacy Officer. You must provide a reason that supports your request. We may deny your request if it is not in writing, if you do not provide a reason in support of your request, if the information to be amended was not created by the practice (unless the individual or entity that created the information is no longer available), if the information is not part of your PHI maintained by the practice, if the information is not part of the information you would be permitted to inspect and copy, and/or if the information is accurate and complete. If you disagree with the practice’s denial, you will have the right to submit a written statement of disagreement.
- Receive an accounting of disclosures of your PHI as provided by law. To request an accounting, you must submit a written request to the Practice’s Privacy Officer. The request must state a time period which may not be longer than six (6) years. The request should indicate in what form you want the list (such as a paper or electronic copy). The first list you request within a twelve (12) month period will be free, but the Practice may charge you for the cost of providing additional lists. We will notify you of the costs involved and you can decide to withdraw or modify your request before any costs are incurred.
- Receive a paper copy of this Privacy Notice from us upon request to the Practice’s Privacy Officer.
- Be notified following a breach of your unsecured PHI, if so required by law.
- Complain to us, or to the Secretary of Health and Human Service, Office of Civil Rights if you believe your privacy rights have been violated. You may contact a regional office of the Office for Civil Rights, which can be found at http://www2.ed.gov/about/offices/list/ocr/addresses.html. To file a complaint with the Practice, you must contact the Practice’s Privacy Officer. All complaints must be in writing.
- To obtain more information on, or have your questions about your rights answered, you may contact the Practice’s Privacy Officer, Carl Conklin, Jr. at 585-383-4040 x 308 or via email at Carl@vegaplasticsurgery.com
PRACTICE’S REQUIREMENTS
We are required by law to maintain the privacy of your PHI, and to provide you with this Privacy Notice of the Practice’s legal duties and privacy practices with respect to your PHI. We are required to abide by the terms of this Privacy Notice. We reserve the right to change the terms of this Privacy Notice and to make the new Privacy Notice provisions effective for all of your PHI that we maintain. We will not retaliate against you for making a complaint. We must make a good faith effort to obtain from you an acknowledgement of receipt of this Notice. We will post this Privacy Notice on the Practice’s web site, if the Practice maintains a web site. We will provide this Privacy Notice to you by e-mail if you so request. However, you also have the right to obtain a paper copy of this Privacy Notice.
EFFECTIVE DATE
This Notice is effective as of December 21, 2024.