In accordance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), this Notice of Privacy Practices (this “Notice”) describes how Lancaster Radiology Associates, LTD (the “Provider”) may use or disclose your protected health information. It also describes certain individual rights that you have to your protected health information. Protected health information or (“PHI”), is information that identifies you and that relates to your past, present and future physical or mental health condition and related health care services, as well as payment for these services (i.e. “Individually Identifiable Health Information”). This Notice applies whenever you receive health care services at any of our locations (please see our website for locations http://www.lancasterrad.com).
We are required by law to maintain the privacy of protected health information and to provide individuals with this Notice of our legal obligations and privacy practices with respect to your health information. We are required by law to abide by the terms of this Notice. We reserve the right to change the terms of this Notice, and these changes may affect the PHI that we maintain. We will post the most recent Notice on our website, http://www.lancasterrad.com. You may request a paper copy of this Notice at any time.
Treatment: We may use and disclose your health information to manage your care and to provide treatment or services. This health information may include imaging, diagnostic tests or other health care services provided by us. Also, we may disclose your health information to other health care providers who may be involved in your medical care. This could include disclosing your health information to a doctor, hospital, nursing home or other providers.
Payment: We may use and disclose your health information for purposes of billing or payment for the treatment or services you receive from us. Your health information may be shared with your insurance company, health plan or others that are responsible for payment. For example, we may need to submit a claim for interpreting x-rays that you received, so that the insurance company will either pay us or reimburse you. We may also inform your insurer about a test or treatment that you are going to receive in order to meet pre-approval requirements.
Health Care Operations: We may use and disclose health information about you to manage our organizations or the quality of care that you receive from us. We may disclose health information to doctors, nurses, technicians and other health care professionals or staff for clinical, administrative or educational purposes. We may also combine the PHI that we maintain with health information from other health care providers to see how we are doing and how we can improve, as further described below.
Health Information Exchanges: We may participate in health information exchanges to facilitate the secure exchange of your electronic health information between and among several health care providers or other health care entities for purposes of treatment, payment or other healthcare operational purposes. We may share PHI that we obtain or create about you with outside entities (such as hospitals, doctors’ offices, insurance companies, etc.) or we may receive information they create or obtain about you (such as medication history, medical history or insurance information) so each of us can provide better treatment and coordination of your care. In addition, if you visit any of our offices, or those of participating providers, your health information may be available to other clinicians and staff who may use it to care for you or to coordinate your health services. Participation within the Health Information Exchange is voluntary. If you opt out, participating health care providers will not be able to access your PHI.
Business Associates: We may use or disclose your health information to outside companies or professionals that assist us in providing our services. The “business associates” may perform clinical, auditing, legal, consulting or other services. These companies or individuals also may create, receive, maintain or transmit PHI on our behalf, and are required to keep your health information confidential in the same way that we do.
Research: We may use or disclose your health information to researchers to determine the feasibility of a research study or when an Institutional Review Board has approved the study. The Institutional Review Board is required to review and approve the research proposal and establish standards to help ensure that your health information remains confidential.
Individuals Involved in Your Care or Payment for Your Care: We may disclose your PHI to a family member, relative, a close personal friend or any other person identified by you when you are present if: (1) we obtain your written agreement or provide you with the opportunity to object to the disclosure and you do not object, or (2) we reasonably believe based upon emergency or other circumstances that you would not object to the disclosure. If you are not present for or unavailable prior to a disclosure (for example, when we receive a telephone call from a family member or other caregiver), we may exercise our professional judgment to determine whether a disclosure is in your best interests. If we disclose information under such circumstances, we will make every effort to disclose only information that is directly relevant to the person’s involvement with your care.
To Contact You: We may use your information to contact you in order to remind you about a medical appointment or to provide you with important health or patient information.
As Required by Law: We may disclose health information about you when required by federal, state or local laws. For example, we may disclose health information about you to federal officials for intelligence, counter-intelligence and other national security measures authorized by law.
Public Safety: We may disclose your health information to prevent or lessen a serious or imminent threat to the health or safety of a person or the public, if the disclosure is to a person reasonably able to prevent or lessen the threat, or to law enforcement authorities.
Public Health Activities: We may disclose your health information for public health activities that are permitted or required by law. For example, these activities may include:
Abuse or Neglect: We may disclose your health information to a government agency that is authorized by law to receive reports of suspected abuse, neglect or domestic violence. Additionally, as required by law, if we believe that you have been a victim of abuse, neglect or domestic violence, we may be required to report this information.
Organ and Tissue Donation: We may disclose your health information to an organ donation bank or organization that handles organ, eye or tissue transplant. This information can help to determine if a patient who has died or is near death may be a candidate for donation.
Governmental Functions: We may disclose your health information for military, veterans or other government activities. If you are a member of the armed forces, we may disclose your health information to military command authorities. We may disclose health information about foreign military personnel to the proper foreign military authority. We also may disclose health information to a correctional institution or law enforcement official having lawful custody of an inmate or another individual for health, safety or other lawful purposes.
Health Oversight Activities: We may disclose your health information to a health oversight agency for approved activities. Examples include audits, investigations, inspections and licensure. These activities help the government oversee the health care system, government programs and compliance with laws.
Judicial and Administrative Proceedings: If you are in a lawsuit or a dispute, we may disclose your health information as required by a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request or other legal process from someone else involved in a legal proceeding. We will only do this if reasonable efforts were made to notify you about the request or to obtain an order protecting the confidentiality of the requested information.
Law Enforcement: We may disclose health information in response to a court order, subpoena, warrant, summons or similar law enforcement process. We also may disclose this information to identify or find a suspect, fugitive, material witness or missing person. Under certain limited conditions, we may release health information to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners and Funeral Directors: We may disclose health information to a coroner or medical examiner. This may be needed to identify a deceased individual or to determine the cause of death. We also may disclose health information about a deceased individual to funeral directors as required by them to complete their duties.
When using and disclosing your health information for any of the above purposes, we will endeavor to provide the minimum necessary information required in order to comply with most stringent of federal, state and local laws.
Other uses and disclosures of your health information that are not described above will be made only with your written authorization. For example, the following uses and disclosures of your health information will only be made with your authorization:
In addition, certain federal and state laws may limit us from disclosing health information without your authorization. For example, Pennsylvania laws do not allow us to disclose mental health records or HIV related information without your authorization, except in limited circumstances. Other laws may limit us in disclosing records containing drug or alcohol abuse treatment information.
You have the following rights concerning your health information:
Right to Access and Copy: You have the right to access or request copies of your PHI to the extent that we maintain it as a “designated record set”, which HIPAA generally defines as medical and payment records, or other records used to make decisions about your health care or benefits. If we maintain the information electronically, you may request the information in a format of your choice, unless we cannot practically accommodate this request, in which case we will provide the information in another readable electronic format that is mutually agreeable. If you request access/copies of your PHI, we may charge you a reasonable copying or administrative fee for providing this information as permitted by HIPAA.
Right to Amend: If you believe that your PHI is incorrect or incomplete, you have the right to request an amendment of your PHI. You may submit your request in writing to our Privacy Officer at the address below, along with an explanation of why you believe the information is incorrect or incomplete. We may deny your request if we do not agree that the information is incorrect or incomplete, or for other legitimate reasons, as for example, if another health care provider created the information, in which case we will provide you with a written explanation. You then may have the right to appeal this decision in accordance with applicable HIPAA requirements.
Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures of your PHI that were not made for purposes of treatment, payment or heath care operations. We will respond to your request in accordance with applicable HIPAA standards. If we fulfill your request, the accounting will include the date(s) of the disclosure, the recipient(s) of the disclosure, a brief description of the PHI disclosed, and the purpose of the disclosure. You may request an accounting by submitting your request in writing to our Privacy Officer at the address below. If you request an accounting of your PHI more than once in a 12 month period, we may charge you a reasonable fee for responding to additional requests as permitted by HIPAA.
Right to Request Restrictions: You have the right to request that we restrict certain uses or disclosures of your PHI. You may submit your request in writing to our Privacy Officer at the address below, including an explanation of what restricted uses or disclosures of your PHI are requested. We are not required to agree to the request, but if we do agree, we will then restrict your PHI as instructed, except under emergency circumstances. We may discontinue this restriction at any time, provided that we inform you in writing in accordance with applicable HIPAA standards.
Right to Request Confidential Communications: You have the right to request that we communicate with you in a confidential or alternative means or to an alternative location, as for example to your office address, if your request is reasonable and made for safety, privacy or other legitimate reasons. You may submit your request in writing to our Privacy Officer at the address below, by providing an explanation for your request. We will respond to your request in accordance with applicable HIPAA standards, and if accepted, we will then follow your requested communication instructions until otherwise notified in writing.
Right to Revoke an Authorization: If you provide us with a written authorization to use or disclose your information, you may revoke the authorization in writing, and this revocation will be in effect for future uses and disclosures of your health information. However, the revocation will not be effective for the information that we have used or disclosed in accordance with that prior authorization.
Right to Obtain a Paper Copy of This Notice: You may ask for a paper copy of this Notice at any time even if you have agreed to accept this Notice electronically.
Right to be Notified of a Breach: You have the right to be notified in the event that we (or one of our business associates) discover(s) a breach of unsecured protected health information that includes your PHI. We are required to notify you within 60 days following the discovery of a breach.
If you feel that we have violated your HIPAA or privacy rights, or if you disagree with a decision that we made concerning the use or disclosure of your protected health information, you may file a complaint in writing with our Privacy Official at the address below. You also may send a written complaint to the U.S. Department of Health and Human Services. We will provide you with the appropriate contact information/address upon request. We will not retaliate against you in any way for requesting this information or filing a complaint.
Phone: (717) 358-1339
The effective date of this Notice of Privacy Practices is July 15, 2018. We will abide by the terms of this Notice unless we change or revise this Notice in response to new legal or other requirements. If we make any changes to this Notice, we will promptly post the revised Notice on our website. This Notice will remain in effect until changed/revised in accordance with applicable HIPAA requirements.