Privacy Practices

HILLSBORO EYE CLINIC
NOTICE OF PRIVACY PRACTICES

Date of Last Revision: 11.15.2024
Effective Date: Immediately

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. THIS NOTICE APPLIES TO ALL OF THE RECORDS OF YOUR CARE GENERATED BY THE PRACTICE, WHETHER MADE BY THE PRACTICE OR AN ASSOCIATED FACILITY.

This notice describes our Practice’s policies, which extend to:

The Practice provides this Notice to comply with the Privacy Regulations issued by the Department of Health and Human Services in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

We understand that your medical information is personal to you, and we are committed to protecting the information about you. As our patient, we create paper and electronic medical records about your health, our care for you, and the services and/or items we provide to you as our patient. We need this record to provide for your care and to comply with certain legal requirements.

We are required by law to:
make sure that the protected health information about you is kept private; provide you with a paper copy of the Notice of our Privacy Practices and your legal rights with respect to protected health information about you; and follow the conditions of the Notice that is currently in effect.

HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU.

The following categories describe different ways that we use and disclose protected health information that we have and share with others. Each category of uses or disclosures provides a general explanation and provides some examples of uses. Not every use or disclosure in a category is either listed or actually in place. The explanation is provided for your general information only.

We may also use or disclose information about you for internal or external utilization review and/or quality assurance, to business associates for purposes of helping us to comply with our legal requirements, to auditors to verify our records, to billing companies to aid us in this process and the like. We shall endeavor, at all times when business associates are used, to advise them of their continued obligation to maintain the privacy of your medical records.

Treatment Alternatives and Fundraising Communications.

We may contact you, by phone or in writing, to provide information about treatment alternatives or other health related benefits and services, in addition to other fundraising communications, that may be of interest to you. You do have the right to “opt out” with respect to fundraising communications from us.

BREACH NOTIFICATION

A breach is defined as the “acquisition, access, use or disclosure of protected health information which compromises the security or privacy of the protected health information”. In the event of a security breach, affected individuals and enforcing agencies will be notified accordingly as mandated by the provision of the HIPAA Privacy and Security Rules and the provision of the HITECH Act (Health Information Technology for Economic and Clinical Health Acct) passed as part of the American Recovery and Reinvestment Act.

CHANGES TO THIS NOTICE

We reserve the right to change this notice at any time. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we may receive from you in the future. We will post a copy of the current notice in the Practice. The notice will contain on the first page, in the top right-hand corner, the date of last revision and effective date. In addition, each time you visit the Practice for treatment or health care services you may request a copy of the current notice in effect.

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with the Practice or with the Secretary of the Department of Health and Human Services. To file a complaint with the Practice, contact our Administrator, who will direct you on how to file an office complaint. All complaints must be submitted in writing, and all complaints shall be investigated, without repercussion to you. [The Administrator can be reached at 503-640-3708.]

You will not be penalized for filing a complaint.

OTHER USES OF MEDICAL INFORMATION

Other uses and disclosures of medical information not covered by this notice or the laws that apply to us will be made only with your written permission, unless those uses can be reasonably inferred from the intended uses above. If you have provided us with your permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.

PATIENT RIGHTS

THIS SECTION DESCRIBES YOUR RIGHTS AND THE OBLIGATIONS OF THIS PRACTICE REGARDING THE USE AND DISCLOSURE OF YOUR MEDICAL INFORMATION.

You have the following rights regarding medical information we maintain about you:

We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that our Compliance Committee review the denial. Another licensed health care professional chosen by the Practice will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome and recommendations from that review.

To request an amendment, your request must be submitted in writing, along with your intended amendment and a reason that supports your request to amend. The amendment must be dated and signed by you and notarized.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

To request this list, you must submit your request in writing. Your request must state a time period not longer than six (6) years back and may not include dates before April 14, 2003 (or the actual implementation date of the HIPAA Privacy Regulations). Your request should indicate in what form you want the list (for example, on paper, electronically). We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

We are not required to agree to your request and we may not be able to comply with your request. If we do agree, we will comply with your request except that we shall not comply, even with a written request, if the information is exempted from the consent requirement or we are otherwise required to disclose the information by law.

If you have paid for services “out of pocket”, in full, and you request that we do not disclose PHI related solely to those services to a health plan, we will accommodate your request, except where by law we are required to make a disclosure.

To request restrictions, you must make your request in writing. In your request, you indicate:

To request confidential communications, you must make your request in writing. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish us to contact you.