Privacy Policy And Data Security

Effective Date: October 1, 2003
Revised Date: October 26, 2023

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU MAY OBTAIN ACCESS TO SUCH INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

Each time you visit a hospital, physician, dialysis facility, or other health care provider a record of your visit is made. These records typically contain information regarding your symptoms, examination and test results, diagnoses, treatment and care plan. This information, which may be referred to as your protected health information or “PHI,” is needed to provide quality care and to comply with certain legal requirements. This notice applies to all of your PHI generated by us or received by us from you or others.

Along with safeguarding your PHI, we must also make available a copy of this notice of our legal duties and privacy practices, and we must follow the terms of the notice currently in effect. This notice will tell you about the ways in which we may use and disclose health information about you. We also describe your rights of access, amendment, control, and other rights concerning the use and disclosure of your PHI. IRC is also required to notify you if your unsecured PHI is breached. We will let you know promptly if such a breach occurs.

If you are the parent, legal guardian, or personal representative of the patient, references herein to PHI shall be understood to be references to that patient’s PHI.

HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION

The following categories describe different ways that we may USE your health information within IRC and DISCLOSE your health information to persons and entities outside of IRC.

We have not listed every use or disclosure within the categories, but give some examples for understanding.

COMMON USES AND DISCLOSURES ALLOWED BY LAW

Treatment: We may use your health information to provide you treatment and health care services. We may disclose health information about you to other healthcare providers who are involved in your care. For example, information obtained by your nephrologist, by a nurse, or by another member of your healthcare team will be recorded in your health record and used to develop a treatment plan for you. Your physician will order a course of dialysis treatment for you. Members of your healthcare team, including nurses and technicians, will record details of your dialysis treatments, along with any observations about your health status, before, during and after the dialysis treatment. This information will be reviewed by your physician and other members of your healthcare team as needed.

Payment: We may use and disclose your health information so the treatment and services you receive at IRC may be billed to and payment collected from you, an insurance company or other third party. We may also disclose health information to your insurance plan to obtain prior authorization for treatment and procedures. These disclosures may include information that identifies you, your diagnosis, the treatments rendered to you, and the medications, supplies and equipment used to perform the treatments.

Health Care Operations: We may use and disclose your health information for health care operations activities such as: quality assurance; administration; the financial and business planning and development of IRC; and customer service (including investigation of complaints). These uses and disclosures are necessary to operate our healthcare practice and make sure patients receive quality care.

Business Associates: Some services may be provided to our organization through contracts with business associates, such as: accountants; consultants; quality assurance reviewers; billing and transcription services. Other examples of services provided by business associates include medical director services provided by physicians with whom we have contracted and training services provided by manufacturers of dialyzers. We may disclose your health information to our business associates so that they can perform the job we asked them to do. Business associates are required to sign a contract that states they will appropriately safeguard your information.

Contacting You About Your Health: We may use and disclose health information to contact you and provide you with a reminder about an appointment or other treatment options at IRC.

Fundraising: If we are going to contact you as part of a fundraising effort, you will have a simple way to opt out of these contacts.

Individuals Involved in Your Care: We may disclose health information about you to a friend or family member who is involved in your care, unless you tell us in advance not to do so.

Other Laws: At times there may be federal, state or local laws that require us to use or disclose health information in other ways, or give you additional privacy protections. We will comply with those laws.

SPECIAL SITUATIONS WHICH DO NOT REQUIRE YOUR AUTHORIZATION

The following disclosures of your health information are permitted by law without any oral or written permission from you:

Public Health Activities: We may disclose health information about you for public health activities, including:

  • To prevent or control disease, injury or disability.
  • To report births and deaths.
  • To report child abuse or neglect.
  • To report reactions to medications, problems with products or other adverse events.
  • To notify people of recalls of products they may be using.
  • To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
  • To avert a serious threat to you or others. These disclosures would be made only to someone able to intervene.
  • To notify the appropriate government authority if we believe a patient has been the victim of abuse (including child abuse), neglect or domestic violence.
  • Immunization records to a school requiring such for entry, provided informal approval is given by a parent, guardian, or the patient if the patient is an adult or emancipated minor.
  • To disaster relief agencies (such as the Red Cross) for notification as to your location and condition (unless you request otherwise in advance).
  • If you are an organ donor, we may release health information to the organizations that handle the process, as necessary to facilitate the donation.

Research: We may disclose your health information for the purpose of research. We will only disclose your health information for research purposes without your express authorization if (i) the research protocol has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information; or (ii) where we have received assurances from a researcher that the health information is sought solely for review as necessary to prepare a research protocol or for similar purposes preparatory to research and no health information will be removed from our premises in the course of the review.

Military and Veterans: If you are a member of the armed forces, we may release health information about you as required by military command authorities.

Worker’s Compensation: We may release health information about you for worker’s compensation or similar programs if you have a work-related injury.

Health Oversight Activities: IRC may disclose health information to a health oversight agency for activities authorized by law. These include audits, investigations, inspections and licensure.

These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws.

Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we may be required to disclose your health information in response to a court order, administrative order, subpoena, discovery request or other lawful process by someone involved in the dispute.

Law Enforcement: We may disclose health information to law enforcement officials for reasons such as:

  • In response to a court order, subpoena, warrant, summons or similar process.
  • To identify or locate a suspect, fugitive, material witness or missing person.
  • About the victim of a crime if, under certain circumstances, we are unable to obtain the person’s agreement.
  • About a death we believe may be the result of criminal conduct.
  • About criminal conduct on our premises.
  • In emergency circumstances to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.

Health Records of Deceased Patients: We may disclose health information to a coroner or medical examiner, to identify a deceased person or determine the cause of death. We may also duties. We may disclose to relatives or close personal friends who were involved with the patient’s care prior to death, health information relevant to their involvement. HIPAA privacy protections continue until 50 years after the patient’s death.

National Security and Intelligence Activities: We may disclose health information about you to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.

Legal Requirements: We will disclose health information about you without your permission when required to do so by federal, state or local law.

OTHER USES AND DISCLOSURES REQUIRE YOUR AUTHORIZATION

Other uses and disclosures of health information not covered by this notice or applicable laws will be made only with your written permission (called “authorization”). These uses and disclosures specifically include, but are not limited to, (1) uses and disclosures of your health information for marketing purposes; (2) disclosures of your health information that constitute a sale; (3) to the extent that we have such information in our medical records, most disclosures of psychotherapy notes, disclosures of records related to HIV/AIDS (however, we may notify health care providers at our practice on a need-to know basis or responding emergency providers and law enforcement, if necessary), disclosures of genetic testing results, and disclosures of mental health and developmental disabilities records, unless allowed under state law. If you do give authorization to disclose your health information, you may revoke that authorization in writing at any time.

YOUR HEALTH INFORMATION RIGHTS

You have the following rights concerning your health information:

  1. Request a restriction on certain uses and disclosures of your information. We may agree to your request but are not required by law to do so, with one exception: If you health plan or insurer, we must and will comply.
  2. Obtain a copy of this Notice of Privacy Practices upon request.
  3. Inspect and/or request a copy of your health record. You must make the request in writing, and we have 30 days to comply. You may also obtain an electronic copy of your medical record if we maintain your record electronically. We may charge a fee for producing your records to you.
  4. Request an amendment to your health record if you feel the information is incorrect or incomplete. IRC may deny your request if, for instance, we believe it is accurate and complete as it stands.
  5. Obtain an accounting of disclosures of your health information. This will include the times when someone used or disclosed your health information other than you may receive one accounting of disclosure for free in any 12-month period.

We may:

  1. Request communication of your health information by alternative means or locations. For instance: an address or phone number other than your home.
  2. Revoke a previously agreed upon authorization except to the extent that action has already been taken.

We reserve the right to change this notice, and to make the revised or changed notice effective for health information we already have about you as well as any information we receive in the future. A copy of the current notice in effect will be available at IRC.

>NOTICE OF PRIVACY PRACTICES – CONNECTICUT ONLY

We participate in CONNIE, the statewide health information exchange. We encourage you to learn more about CONNIE at www.conniect.org

As permitted by the Health Insurance Portability and Accountability Act (HIPAA) for treatment, payment, and operations, your health information will be securely shared with the statewide health information exchange. Our participation is mandated by the State of Connecticut. Participation helps your providers have faster access to your health information to make more informed decisions and enable them to best coordinate your care.

Important: You may opt out and disable access to your health information available through Connie by calling or completing and submitting an Opt-Out form to Connie by mail, fax or through their website at www.conniect.org. Public health reporting and controlled dangerous substances information, as part of the Connecticut Prescription Monitoring and Reporting System (PMP), will still be available to providers.

FOR MORE INFORMATION OR TO REPORT A PROBLEM

If you believe your privacy rights have been violated, you may file a complaint with the Privacy Officer. Additionally, you may file a complaint with the Secretary of the Department of Health and Human Services (“HHS”), Office for Civil Rights (800-368-1019) at www.hhs.gov or in writing to any HHS Regional Office.

There will be no retaliation against you for filing a complaint.

If you have questions, or would like additional information, or if you wish to file a complaint with us regarding our use or disclosure of your PHI, you may contact IRC’s Privacy Officer at 978-522-6121.