Effective Date: May, 2024

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND/OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

Altheda, PC (the “Practice”) is required by law to maintain the privacy of your medical information and to provide you with notice of its legal duties and privacy practices with respect to this information. The purpose of this notice is to provide you with that information.

Any information that is about your health, the health care you receive, or payment for that care is considered confidential and protected by the Practice. We are required to abide by the terms of the notice that is currently in effect at the time your medical information is used or disclosed.

We reserve the right to change the terms of this notice and to make the new notice provisions effective for all medical information that we maintain. We will post a copy of the current notice in our office. In addition, each time you come to the Practice for treatment or health care services, you may request a copy of the current notice in effect.

SECTION A

WE MAY USE AND/OR DISCLOSE YOUR MEDICAL INFORMATION FOR PURPOSES OF TREATMENT, PAYMENT AND HEALTH CARE OPERATIONS.

The following is a description and example of the ways in which we may use and/or disclose your medical information:

For Treatment: We may provide medical information about you to health care providers, other Practice personnel, or third parties who are involved in the provision, management or coordination of your care. For example:

• Health Care Professionals: Your medical information will be shared among physicians and nurses involved in your care.
• Appointment Reminders: We may use and/or disclose medical information to provide appointment reminders or information about treatment alternatives or other health-related benefits.

For Payment: We may use and/or disclose your medical information so that we can collect or make payment for the health care services you receive or are going to receive. For example:

• Insurance: If you participate in a health insurance plan, we will disclose necessary information to that plan to obtain preauthorization, if required, or payment for your care.

We may also disclose your medical information to another healthcare provider, a health plan, or a healthcare clearinghouse for the payment activities of that entity.

For Health Care Operations: We may use and/or disclose your medical information for our activities and operations.  These uses and disclosures are necessary to run our practice and to make sure that all of our patients receive quality care. For example:

• Quality Improvement: We may use and/or disclose your medical information to review quality of care or competence of health care providers.
• Fundraising Activities: We may use and/or disclose your demographic information and the dates that you received treatment as necessary to contact you for fundraising purposes. You have a right to opt out of receiving fundraising communications by CHOOSE ONE: calling (412) 875-5275/emailing info@altheda.com.
• Sale: We may need to disclose your medical information if we ever sell or transfer our practice.

For quality-related or fraud and abuse activities, if you have or had a relationship with another health care provider, a health plan, or a health care clearinghouse, we may also disclose your medical information to that entity for those types of health care operations.

SECTION B

WE MAY USE AND/OR DISCLOSE YOUR MEDICAL INFORMATION WITHOUT YOUR WRITTEN AUTHORIZATION.

1. The following is a description of ways in which we may use and/or disclose your information for which an authorization or an opportunity to agree or object is not required:

As Required By Law: We may use and/or disclose your medical information to the extent required by law, provided that the use and/or disclosure complies with and is limited to the relevant requirements of such law.

Public Health Activities: To the extent authorized or required by law, we may disclose your medical information to a public health authority to report a birth, death, disease or injury, or as part of a public health investigation.

To the extent authorized or required by the Food and Drug Administration (“FDA”), we may disclose your medical information to a person or organization authorized to report adverse events, track products, enable product recalls, repairs, or replacement, and/or conduct post-marketing surveillance.  This means we may disclose to non-governmental persons information about the quality, safety and effectiveness of FDA-regulated products and activities.

Victim of Abuse, Neglect or Domestic Violence: If we believe you have been a victim of abuse, neglect or domestic violence, we may disclose your medical information to a government authority. We will make this disclosure if it is necessary to prevent serious harm to you or other potential victims, you are unable to agree due to your incapacity, you agree to the disclosure, or when required by law.

Health Oversight Activities: We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include but are not limited to, audits, investigations, inspections, and licensure. These activities are necessary for appropriate oversight of the health care system, government benefit and regulatory programs, and compliance with civil rights laws.

Judicial and Administrative Proceedings: We may disclose medical information about you as required by a court or administrative order or, under certain circumstances, in response to a subpoena, discovery request, or other legal process.

Law Enforcement: We may release medical information to law enforcement officials as required by law. Under limited circumstances, we may release your medical information to report a crime or in response to a court order, grand jury subpoena, warrant, or administrative request.

Decedents: Consistent with applicable law, we may release medical information to a coroner, medical examiner, or funeral director.

Organ, Eye and Tissue Donation: For the purpose of facilitating organ, eye or tissue donation and transplantation, we may use and/or disclose medical information to organizations that engage in procurement, banking, or transplantation of cadaveric organ, eye or tissue transplantation.

Research: If a researcher has obtained the required waiver, from the Institutional Review Board or the Privacy Board, and has demonstrated that the information is necessary to the research and possesses a minimal risk of inappropriate use or disclosure, we may use and/or disclose medical information about you for research purposes.  If a researcher has not obtained the required waiver, we will not disclose your medical information without your written authorization, other than in a limited data, set as described below.

Limited Data Set: For purposes of research, public health, or healthcare operations, it may be necessary to use and/or disclose some of your medical information for activities or to persons not otherwise authorized to receive your information. In this situation, we may use your medical information to create a limited data set in which certain required direct identifiers (such as your name) have been removed. We will disclose the information in the limited data set for these purposes only if we have obtained satisfactory assurances from the recipient that the recipient will only use and/or disclose the information for limited purposes.

To Avert a Serious Threat to Health or Safety: We may use and/or disclose medical information about you when we believe in good faith disclosure is necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.

Specialized Government Functions: Medical information may be disclosed for military and veteran’s affairs, for national security and intelligence activities, or for correctional activities.

Workers’ Compensation: We may release medical information about you as necessary to comply with laws relating to workers’ compensation or similar programs that are established by law to provide benefits for work-related injuries or illness without regard to fault.

Business Associates: We may disclose your information to a person or organization that performs a function or activity on behalf of the Practice involving the use and/or disclosure of protected health information, such as a billing services company. If a Business Associate is not a person or organization to which we are otherwise permitted to disclose medical information to, we will only use or disclose your information to that person or organization if we have obtained adequate assurances that the Business Associate will appropriately safeguard the information.

Personal Representative: We may disclose your information to a person who has the authority, under the law, to act on your behalf in making decisions related to health care.

2. The following is a description of ways in which we may use and/or disclose your information after we have given you an opportunity to object. We will attempt to obtain your permission prior to making a disclosure for these purposes. This permission may be oral. If we are unable to obtain your permission because you are incapacitated or we are unable to reach you, we may use and/or disclose some or all of this information, if (1) based on our professional judgment, use or disclosure is in your best interest, or (2) use or disclosure of this information is consistent with your previously expressed preference.

Individuals Involved in Your Care or Payment for Your Care:  We may release relevant medical information about you to a friend or family member who is involved in your medical care.  We may also notify these individuals of your location, general condition, or death.

Disaster Relief: We may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.

SECTION C

WE MAY USE AND/OR DISCLOSE YOUR MEDICAL INFORMATION FOR OTHER PURPOSES ONCE WE HAVE OBTAINED YOUR WRITTEN AUTHORIZATION.

Other uses and/or disclosure of medical information not covered by this notice or the laws that apply to us will be made only with your written authorization, specifically including, but not limited to:

[To be used only where Practice records or maintains psychotherapy notes: Psychotherapy Notes: An authorization is required prior to any use or disclosure of psychotherapy notes.]

Marketing: An authorization is required prior to any use or disclosure for marketing purposes.

Sales of Protected Health Information: An authorization is required prior to any use or disclosure that constitutes a sale of Protected Health Information that is not otherwise incorporated into an appropriate healthcare operation.

You may revoke this authorization, in writing, at any time. However, this revocation will not apply to the extent we have taken action in reliance on that authorization. In addition, if the authorization was obtained as a condition of obtaining insurance coverage, the insurer will have a right to contest a claim under the policy.

SECTION D

YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU.

Right to Request Restrictions:  You have the right to request a restriction or limitation on the medical information we disclose about you for treatment, payment, or healthcare operations. You also have the right to request a limit on the medical information we disclose about you for notification purposes or to someone who is involved in your care or the payment of your care, like a family member or friend.

Except as set forth below, we are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide treatment in the event of an emergency.

To request a restriction, you must make your request in writing to our Privacy Officer.  The requested restriction will not be effective unless and until it has been reviewed and approved by the Privacy Officer. For purposes of ensuring proper documentation, we may require that you make your request using a form that we give you.

Except as set forth below, we may terminate an agreed upon restriction without your consent.  In that situation, the restriction will only apply to protected health information created or received before you were informed of the termination of the restriction.

In the event that you pay for the services rendered out of pocket and in full we must honor your request and may not terminate the restriction without your consent.  Please be advised that you may be required to disclose this medical information if further treatment is required for which you have not paid in full.  By way of example, if the medical information is necessary to obtain insurance coverage for a medication that is ordered to treat the condition that is subject to the restricted medical information.

The Right to Receive Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to our Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests.  Your request must specify how or where you wish to be contacted.  To comply with this request, we may ask you to (1) provide information as to how payment will be handled, and (2) specify an alternative method of contact.  For purposes of ensuring proper documentation, we may require that you make your request using a form that we give you.

Right to Inspect and Copy: You have the right to inspect and obtain a copy of most of your medical information maintained at the Practice. You must submit your request in writing to our Privacy Officer.  For purposes of ensuring proper documentation, we may require that you make your request using a form that we give you. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.

We may deny your request to inspect and obtain a copy in certain limited circumstances. If you are denied access, you may have the right to request that the denial be reviewed. Another licensed healthcare professional chosen by the Practice will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

Right to Amend: If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by the Practice. To request an amendment, your request must be made in writing and submitted to our Privacy Officer. In addition, you must provide a reason that supports your request. For purposes of ensuring proper documentation, we may require that you make your request using a designated form.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that (1) was not created by us; (2) is not part of the medical information kept by or for the Practice; (3) is not part of the information which you would be permitted to inspect and copy; or (4)  is accurate and complete.

Right to Receive Notice in the Event of a Breach: You have the right to receive notice in the event of a Breach.  A Breach is any unauthorized acquisition, access, use or disclosure of your medical information. In the event of a Breach, we will notify you within sixty (60) days of the Breach’s discovery. The notice will inform you about the circumstances surrounding the Breach, what information was accessed, what, if anything, you need to do to protect yourself, and what we are doing to mitigate your damages. We will also provide you with a phone number and email address should you have additional questions about the Breach.

Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures. This is a list of the disclosures we made of medical information about you. You have the right to request an accounting of certain disclosures by us that were made during the six years prior to the date of your request. To request an accounting you must submit a written request to our Privacy Officer. Your request should indicate in what form you want the list (for example, on paper, or electronically). We will comply with your request within sixty (60) days or we will provide you with an explanation for the delay. The first list you request within a twelve (12) month period will be free. We may charge you for the costs of providing additional lists.  We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

The right to an accounting does not apply to all disclosures. For example, you do not have a right to an accounting of disclosures pursuant to an authorization, disclosures to carry out treatment, payment, or health care operations, or disclosures of a limited data set.

Right to a Paper Copy of This Notice: You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. You may view an electronic copy of this notice on our website, www.altheda.com. To obtain a paper copy of this notice, you may ask for a copy at registration when you visit the Practice for services, or you may contact our Privacy Officer.

Complaints: If you believe your privacy rights have been violated, you may file a complaint with the Practice or with the Secretary of the Department of Health and Human Services.  To file a complaint with the Practice, you must submit the complaint in writing to our Administrative Officer at:

Carrie Sardineer

596 Pine Hollow Rd, McKees Rocks, PA 15136

It is the Practice’s policy not to retaliate against patients or others for filing a complaint pursuant to this Notice.

Questions? For further information about matters covered by this notice, you may contact our Administrative Officer at the above address or by telephone at: (412) 875-5275.

HIPAA Compliance Statement for Altheda Medical

At Altheda Medical, we are committed to protecting the privacy and security of our patients’ health information. In accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), we have implemented comprehensive policies and procedures to safeguard all protected health information (PHI).

Our compliance measures include:

1. Privacy Practices: We maintain strict privacy practices to ensure that all PHI is handled with the highest level of confidentiality. Our team is trained to uphold these standards in all interactions and communications.
2. Data Security: We utilize advanced security technologies and protocols to protect electronic health records and other sensitive data from unauthorized access, breaches, or misuse.
3. Patient Rights: We respect and uphold patients’ rights to access, amend, and control their health information. Patients can request copies of their medical records and have the right to be informed about how their information is used and shared.
4. Ongoing Training: Our staff undergoes regular training on HIPAA regulations and best practices to ensure compliance and stay updated with any changes in the law.
5. Audit and Monitoring: We conduct regular audits and monitoring to identify and address potential vulnerabilities in our systems and processes.
6. Incident Response: In the event of a data breach or any other incident involving PHI, we have established protocols to respond swiftly and effectively, including notifying affected individuals and relevant authorities as required by law.

Altheda Medical is dedicated to maintaining the trust and confidence of our patients by ensuring the highest standards of privacy and security for their health information.