Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Commitment to Privacy:
BioHorizon Direct is dedicated to maintaining the privacy of your healthcare information and we are required by law to maintain the confidentiality of information that identifies you. Any use of healthcare information beyond the uses described below requires your individual written authorization. The Health Insurance Portability and Accountability Act (HIPAA) obligates BioHorizon Medical, Inc. to provide you with a copy of our Privacy Notice, outlining our privacy practices and how we safeguard your health information. BioHorizon Direct abides by the terms of the Privacy Notice currently in effect, and reserves the right to revise or amend the notice, as needed.
Your Health Information Rights:
Although your health record is the physical property of the healthcare facility that compiled it, the information belongs to you. You have the right to:
- Request a restriction on certain uses and disclosures of your information;
- Obtain a paper copy of the notice of privacy practices;
- Inspect and copy your health care record;
- Obtain an accounting of disclosures of your health information;
- Request confidential communication;
- Amend your healthcare record;
- Revoke your authorization to use or disclose health information except to the extent that action has already been taken.
BioHorizon Direct is required to:
- Maintain the privacy of your health information;
- Provide you with a notice as to our legal duties and privacy practices with respect to information we collect and maintain about you;
- Abide by the terms of this notice;
- Notify you if we are unable to agree to a requested restriction;
- Accommodate reasonable requests you my have to communicate health information by alternative means.
BioHorizon Direct reserves the right to change our practices and to make the new provisions effective for all protected health information we maintain. Should our information practices change, we will mail a revised notice to your address on file. We will not use or disclose your health information without your authorization, except for treatment, payment, and healthcare operations.
BioHorizon Direct is including HITECH Act provisions to its Notice as follows:
HITECH Notification Requirements
Under HITECH, BioHorizon Direct is required to notify patients whose PHI has been breached. Notification must occur by first class mail within 60 days of the event. A breach occurs when an unauthorized use or disclosure that compromises the privacy or security of PHI poses a significant risk for financial, reputational, or other harm to the individual. This notice must:
(1) Contain a brief description of what happened, including the date of the breach and the date of discovery;
(2) The steps the individual should take to protect themselves from potential harm resulting from the breach;
(3) A brief description of what BioHorizon Direct is doing to investigate the breach, mitigate losses, and to protect against further breaches.
Effective February 2010, BioHorizon Direct Business Associate Agreements have been amended to provide that all HIPAA security administrative safeguards, physical safeguards, technical safeguards and security policies, procedures, and documentation requirements apply directly to the business associate.
HITECH states that if a patient pays in full for their services out of pocket they can demand that the information regarding the service not be disclosed to the patient’s third party payer since no claim is being made against the third party payer.
Access to E-Health Records
HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct BioHorizon Direct to send the e-health record directly to a third party. BioHorizon Direct may only charge for labor costs under the new rules.
Accounting of E-Health Records for Treatment, Payment, and Health
BioHorizon Direct does not currently have to provide an accounting of disclosures of PHI to carry out treatment, payment, and health care operations. However, starting January 1, 2014, the Act will require BioHorizon Direct to provide an accounting of disclosures through an e-health record to carry out treatment, payment, and health care operations. This new accounting requirement is limited to disclosures within the three-year period prior to the individual’s request.
Examples of Disclosure for Treatment, Payment, and Healthcare Operations:
We will use your health information for treatment. Information obtained by our company will be documented in your healthcare record and will be used to provide you with durable medical equipment and/or supplies. The prescription that your physician has ordered will be part of the record and will determine the equipment and supplies that you receive.
We will use your health information for payment. In order to determine your eligibility for equipment and/or supplies, BioHorizon Direct may contact your insurance company and disclose healthcare related information. Also, BioHorizon Direct will bill you or a third-party payer for services that you receive from our company. The health information that identifies you, your diagnosis, equipment, and supplies may be included on this bill.
We will use your health information for healthcare operations. BioHorizon Direct may use your health information to evaluate the quality of care you receive from us, to conduct cost management assessments, and to plan business activities. This information is used in an effort to continually improve the quality and effectiveness of the healthcare services we provide.
Other Uses or Disclosures:
Business Associates: There are some individuals who are under contract with BioHorizon Direct and, from time to time, are engaged in the improvement or financial enhancement of our business. So that your health information is protected, however, we require any business associate to appropriately safeguard your information.
Public Health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
Law Enforcement: We may disclose health information for law enforcement purposes as required by law, or in response to a valid subpoena.
Health Oversight Activities: We may disclose health information to health oversight agencies for activities authorized by law, including surveys, audits, and compliance inspections.
Worker’s Compensation: We may release your health information to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.
For More Information:
Please contact BioHorizon Direct’s Privacy Officer, at (877) 657-7353 if you require additional information and/or want to pursue your rights, including:
- Requesting restrictions;
- Inspecting and copying your record;
- Securing an accounting of disclosures;
- Requesting additional disclosures;
- Revoking authorizations at any time;
- Filing a complaint
If you believe your privacy rights have been violated, you may contact our company’s CEO. You may also file a complaint with the Secretary of Health and Human Services (Office of Civil Rights). There will be no retaliation for filing a complaint