THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
The Center for Vascular Medicine, deemed as a covered entity under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), will be referred to in this Notice of Privacy Practices (“Notice”) as “CVM.” This Notice is created by CVM to describe the ways in which CVM may use and disclose your medical information (called “Protected Health Information” or “PHI”) and to notify you of your rights with respect to PHI in the possession of CVM. Pursuant to the Regulations, and as outlined in this Notice, CVM is permitted to use or disclose PHI to other parties. Below are categories describing these uses and disclosures, along with some examples to help you better understand each category.
Uses and Disclosures for Treatment, Payment and Health Care Operations
CVM may use or disclose your PHI for the purposes of treatment, payment and health care operations, described in more detail below, without obtaining written authorization from you:
For Treatment: CVM may use and disclose PHI in the course of providing, coordinating, or managing your medical treatment, including the disclosure of PHI for treatment activities of other health care providers. These uses and disclosures may take place between physicians, nurses, technicians, and other health care professionals who provide or are otherwise involved in your health care. For example, your primary care physician may share your PHI with a specialist physician whom he/she consults regarding your condition, or to their staff who are assisting in the provision or coordination of your care.
For Payment: CVM may use and disclose PHI in order to bill and collect payment for health care services provided to you. For example, CVM may need to give PHI to your health plan in order to be reimbursed for the services provided to you. CVM may also disclose PHI to their business associates, such as billing companies, claims processing companies, and others that assist in processing health claims. CVM may also disclose PHI to other health care providers and health plans for the payment activities of such providers or health plans.
For Health Care Operations: CVM may use and disclose PHI as part of our health care operations, including: quality assessment and improvement, or evaluating the treatment and services you receive and the performance of its staff in caring for you. Other activities include provider training, compliance and risk management activities, planning and development, and management and administration. CVM may disclose PHI to doctors, nurses, technicians, attorneys, consultants, accountants, and others for review purposes. These disclosures help ensure that CVM is complying with all applicable laws, and are continuing to provide health care to patients at a high level of quality. CVM may also disclose PHI to other health care providers and health plans for certain of their operations, including their quality assessment and improvement activities, credentialing and peer review or compliance activities.
Sharing PHI Among CVM And Their Medical Staff
CVM locations work together with the physicians and other health care providers on staff to provide medical services to you when you are a patient at a CVM location. CVM and the members of its staff will share PHI with each other as needed to perform their joint treatment, payment and health care operations activities.
Other Uses and Disclosures for Which Authorization are Not Require
In addition to using or disclosing PHI for treatment, payment and health care operations, CVM may use and disclose PHI without your written authorization under the following circumstances:
As Required by Law and Law Enforcement: CVM may use or disclose PHI when required by law. CVM also may disclose PHI when ordered to in rare situations such as a judicial or administrative proceeding, in response to subpoenas or discovery requests, to identify or locate a suspect, fugitive, material witness, or missing person, about criminal conduct, to report a crime, its location or victims, or the identity, description or location of a person who committed a crime, or for other law enforcement purposes.
For Public Health Activities and Public Health Risks: CVM may disclose PHI to government officials in charge of collecting healthcare information, such as reactions to medications or product defects, or to notify persons who may have been exposed to a disease or may be at risk of contracting or spreading a disease or condition.
For Health Oversight Activities: CVM may disclose PHI to the government for oversight activities authorized by law, such as audits, investigations, inspections, licensure or disciplinary actions, and other activities necessary for monitoring health care or compliance with government programs or civil rights laws.
Research: Under certain circumstances, CVM may use and disclose PHI for medical research purposes.
To Avoid a Serious Threat to Health or Safety: CVM may use and disclose PHI to law enforcement or other appropriate persons, to prevent or lessen a serious threat to the health/safety of a person or the public.
Specialized Government Functions: CVM may use and disclose PHI of military personnel and veterans under certain circumstances, and may also disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities.
Appointment Reminders, Health-related Benefits and Services, Limited Marketing Activities: CVM may use and disclose PHI to remind you of an appointment, or to inform you of treatment alternatives or other health-related benefits and services that may be of interest to you, such as disease management programs. CVM may use and disclose your PHI to encourage you to purchase or use a product or service through face-to-face or written communication, or by giving you a promotional gift of nominal value.
Disclosures for HIPAA Compliance Investigations: CVM may disclose your PHI when required to do so in connection with your rights of access to your PHI and to account for certain disclosures of your PHI. CVM must disclose your PHI to the U.S. Department of HHS when requested by the Secretary in order to investigate compliance with privacy regulations issued under HIPAA.
Regulatory Requirements: CVM is required by law to maintain the privacy of your PHI, to provide individuals with notice of their legal privacy practice duties with respect to PHI, and to abide by the terms described in this Notice. CVM reserves the right to change the terms of this Notice or privacy policies, and to make changes applicable to all PHI it maintains. CVM will acknowledge Notice changes and make available a revised copy of the Notice upon the patient’s request. A copy of the Notice will be provided upon request
You Have The Following Rights Regarding Your PHI: You may request that CVM restrict the use and disclosure of your PHI. CVM is not required to agree to any restriction requests, but will be bound to restrictions to which we agree, except in emergency situations. You have the right to request that communications of PHI to you from CVM be made by alternative means or locations. You may request that CVM can communicate with you by cellphone or via e-mail or to an alternate address.
You have the right to inspect and copy your PHI in the possession of CVM, if you make a request in writing to the CVM Medical Records Director. Within thirty (30) days of receiving your request (unless extended by an additional thirty (30) days), CVM will inform you of the extent to which your request has or has not been granted. CVM may provide you a summary of the PHI you request if you agree in advance to such a summary. CVM may impose a reasonable fee determined by state law to cover copying, postage, and related costs for copies or summaries of your PHI. If CVM denies access to your PHI, it will explain the basis for denial. If CVM does not maintain the PHI you request, and it knows where that PHI is located, we will tell you how to redirect your request.
You have the right to receive notifications whenever a breach of your unsecured PHI occurs. CVM will provide notification through a written communication.
You have the right to restrict disclosure of information to your health plan(s) for services paid directly by you. You have the right to restrict the release of PHI for services for which you have paid for directly. Your written notification is required.
You have the right to designate personal representatives. You can designate specific individuals – other caregivers or personal representatives—with whom CVM may disclose your PHI. Please complete CVM’s Patient Privacy and HIPPA Protection Form.
You have the right to request that CVM amend, correct or supplement your PHI. Your request must be made in writing to the CVM Medical Records Director and it must explain why you are requesting an amendment to your PHI. Within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), CVM will inform you of the extent to which your request has or has not been granted. CVM generally can deny your request if your request relates to PHI: (i) not created by the entity; (ii) that is not part of the records the entity maintains; (iii) that is not subject to being inspected by you; or (iv) that is accurate and complete. If your request is denied, CVM will give you a written denial that explains the reason for the denial and your rights to: (i) file a statement disagreeing with the denial; (ii) if you do not file a statement of disagreement, submit a request that future disclosures of the relevant PHI be made with a copy of your request and the entity’s denial attached; and (iii) complain about the denial.
You have the right to request/receive a list of PHI disclosures CVM has made during the six (6) years prior to your request (but not before April 14, 2003). The list will not include disclosures (i) for which you have provided a written authorization; (ii) for payment; (iii) made to you; (iv) to persons involved in your health care; (v) for national security or intelligence purposes; (vi) to law enforcement officials; or (vii) of a limited data set. You should submit any such request to the Privacy Officer, and within sixty (60) days of receiving your request (unless extended by an additional thirty (30) days), CVM will respond to you regarding the status of your request. CVM will provide you a list at no charge, but if you make more than one request in a year you will be charged a fee of $25.00 for each additional request.
You have the right to receive a paper copy of this notice upon request, even if you have agreed to receive this notice electronically. You can review and print a copy of this notice at any CVM Web site via www.cvmus.com or you may request a paper copy of this notice by contacting the Privacy Officer as described below.
You may complain to CVM if you believe your privacy rights with respect to your PHI have been violated by contacting the Privacy Officer and submitting a written complaint, or contact the CVM Hotline at 301-982-2000 CVM will not retaliate against you for filing a complaint regarding their privacy practices. You also have the right to file a complaint with the Secretary of the Department of Health and Human Services.
If you have any questions about this notice, please contact the CVM Privacy Officer by phone at 301-982-2000 or by mail at 7474 Greenway Center Drive, Suite 900, Greenbelt, MD 20770.
NOTICE IS EFFECTIVE: 4/1/2020; REVISED: 4/1/2020