Top Tags

Privacy Statement

The Department of Health and Human Services, Office of Civil Rights, under the Public Law 104-191, (the Health Insurance Portability and Accountability Act of 1996) (HIPAA), mandates that we issue this Privacy Notice to our patients. This notice to our patients meets all current requirements as it relates to Standards for Privacy of Individually Identifiable Health Information (IIHI); affecting our patients. You are urged to read this notice.

As part of the Privacy Standard, implemented on April 14, 2001, you are required to provide this office with a new, signed and dated, Consent Agreement. Every patient must receive our new Privacy Notice and execute a new Consent Agreement before this office may use your information for treatment, payment, or other health care operations (TPO).

Our Privacy Notice informs you of our use and disclosure of your Protected Health Information (PHI), defined as: “any information, whether oral or recorded in any medium, that is either created or received by a health care provider, health plan, public health authority, employer, life insurance company, school or university or clearinghouse and that relates to the past, present or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past present or future payment for the provision of health care to an individual”.

Our office will use or disclose your PHI for purposes of treatment, payment and other healthcare purposes as required to provide you the best quality healthcare services that we offer to the extent permitted by your Consent Agreement or in such specific situations, by your signed and dated Authorization. It is our policy to control access to your PHI; and even in cases where access is permitted; we exercise a “minimum necessary information” restriction to that access. We define the minimum necessary information as the minimum necessary to accomplish the intent of the request.

An Authorization differs from a Consent Agreement in that it is very specific with regard to the information allowed to be disclosed or used, the individual or entity to which the information may be disclosed to, the intent for which it may be disclosed, and the date that it was initiated which may include the duration of the authorization. This is a form, separate from the Consent Agreement, and usually used only for one specific request for information. In the event of a non-healthcare related request for personal health information this office will request you to complete an Authorization Form.

You, as our patient, may revoke any Consent Agreement or Authorization at any time and all use and disclosure and administration of related healthcare services will be revised accordingly, with the exception of matters already in process as a result of prior use of your PHI. To revoke either the Consent Agreement or the Authorization you will have to provide this office with a written request with your signature and date and your specific instructions regarding an existing Authorization or Consent Agreement. Any revocation will not apply to information already used or disclosed. If you had a “personal representative” initiate as Authorization you may revoke that authorization at any time.

You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, but not including psychotherapy notes. You must submit your request in writing to FairfaxMD PLLC, c/o Richard W. Chen, M.D., Privacy Officer, 10721 Main Street #3300, Fairfax, VA 22030, in order to inspect and/or obtain a copy of your PHI. Our practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. Another licensed health care professional chosen by us will conduct reviews.

You may ask us to amend your health information if you believe it is incorrect or incomplete, and you may request an amendment for as long as the information is kept by or for our practice. To request an amendment, your request must be made in writing and submitted to FairfaxMD PLLC, c/o Richard W. Chen, M.D., Privacy Officer, 10721 Main Street #3300, Fairfax, VA 22030. You must provide us with a reason that supports your request for amendment. Our practice will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you ask us to amend information that is in our opinion: (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by our practice, unless the individual or entity that created the information is not available to amend the information.

In limited circumstances, The Privacy Standard permits, but does not require, covered entities to continue certain existing disclosures of health information without individual authorization for specific public responsibilities.

These permitted disclosures include: emergency circumstances; identification of the body of a deceased person, or to assist in determining the cause of death; public health needs; research, generally limited to when a waiver of authorization is independently approved by a privacy board or Institutional Review Board; oversight of the health care system; judicial and administrative proceedings; limited law enforcement activities; and activities related to national defense and security. Our practice will use and disclose your PHI when we are required to do so by federal, state, or local law.

If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint with our practice, contact FairfaxMD PLLC, c/o Richard W. Chen, M.D., Privacy Officer, 10721 Main Street #3300, Fairfax, VA 22030. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

All of these disclosures could occur previously under former laws and regulations however; The Privacy Standard establishes new safeguards and limits. If there is no other law requiring that your information be disclosed, we will use our professional judgments to decide whether to disclose any information, reflecting our own policies and ethical principals.

On some occasions we may furnish your PHI to a third party. This could be an insurance company for the purpose of payment or another health care provider for further treatment or additional services. Although we will institute a “chain of trust” contract and monitor our business associates’ contracts with us, we cannot absolutely guarantee that they will not use or disclose your PHI in such a way as to violate the Privacy Standard.

Although the law requires a signed and dated Privacy Notice, this office does not demand that you sign this agreement as a condition of your receiving care. It is the law that your rights are communicated in this manner.

It is our practice to retain information about non-healthcare related requests for your health care information for a period of six years. In complying with the Privacy Standard, we have appointed a Privacy Officer, trained our Privacy Officer and the staff in the law, and implemented policies to protect your PHI. We have instituted privacy and security processes to guard and protect your IIHI. This office is taking and continues to monitor and improve steps for the protection of your information and to remain in compliance with the law.