Privacy Statement
Oral and Maxillofacial Surgery in Lakewood
David W. Todd, DMD, M.D. Notice of privacy practices effective 1/2014. This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please read it carefully.
In the course of your appointments with David W. Todd, DMD, M.D., information about your care is created. The law calls this information Protected Health Information (PHI). Doctor Todd is required by law to protect this information and may only disclose it under certain conditions described below.
What is PHI? Protected Health Information (PHI) is any information in the medical record or designated record set that can be used to identify an individual and that was created, used, or disclosed, in the course of providing a health care service such as diagnosis or treatment.
Examples:
- Your doctor’s notes on your visit.
- Your x-rays.
- The services being billed to your health insurance
PHI may be used without your consent to provide treatment, obtain payment for services provided and conduct healthcare operations. Examples:
- Treatment—by Doctor Todd or for referral to another doctor.
- Obtain Payment-to verify treatment provided to you in order to receive reimbursement from an insurance company.Exception-If you request, Doctor Todd must restrict disclosure of PHI relating to a service for which you have paid in full and disclosure of that PHI is not required by law.
- Healthcare Operations-to conduct internal quality assessment and improvement or contact you for an appointment reminder.
Your healthcare information may also be released without consent or authorization for:
- Uses and disclosures required by law.
- Uses and disclosures for public health activities
- reporting births/deaths, communicable diseases, product recalls, proof of immunization
- Disclosures about victims of abuse, neglect or domestic violence
- Health oversight activities
- Judicial and administrative proceedings
- Law enforcement purposes
- Avert a serious threat to your health or safety
- For specialized government functions
- Workers’ Compensation
- Inmates of a correctional institution or persons in the custody of law enforcement officials
Your PHI may be released ONLY with your written authorization (i) for marketing purposes or (ii) for disclosures which are a sale of PHI. Once given, your authorization can be revoked at any time but must be in writing. Other uses and disclosures not addressed in this Notice of Privacy Practices will be made only with your authorization.
You have the right to:
- Request restrictions on certain uses & disclosures of your PHI. However, Dr. Todd may decline to accept your request.
- NOTE: We must accept your request not to disclose PHI relating to services for which you have paid in full unless disclosure is required by law.
- Receive confidential communications of HI.
- Inspect and copy your PHI, within restrictions specified in Federal Law.
- Amend your PHI if it was provided by Doctor Todd and in our record format.
- NOTE: All requests to inspect or amend must be submitted in writing to Dr. Todd, Privacy Officer. You will receive a timely response. Law requires in no more than 30 days.
- Receive an accounting of where your PHI was disclosed by us.
- Be notified following a breach of unsecured PHI.
- If you believe that your privacy rights have been violated you may contact Doctor Todd, HIPAA Privacy Officer: 120 Southwestern Drive, Lakewood, New York l4750 (716)-484-8091.
- There is NO penalty for filing a complaint.
- You may also contact the local officer of the federal department responsible for enforcing HIPAA privacy: Regional Manager, Office for Civil Rights, U.S. Department of Health and Human Services, Jacob Javits Federal Building, 26 Federal Plaza-Suite 3312, New York, New York 10278 (800) 368-1019.
DOCTOR TODD’s Duties and Rights:
- We are required by law to maintain the privacy of your PHI, provide individuals with a written copy of our legal duties and privacy practices with respect to PHI (this Notice of Privacy Practices), and notify affected individuals if a breach of unsecured PHI occurs.
- We are required by law to abide by the terms of the NPP currently in effect.
- We may change privacy practices; any such change will be effective for all PHI whether created or received before or after the change.
- If this NPP is revised, the new version will be posted in a prominent location in our offices and copies of the revised NPP will be readily available.
David W. Todd, DMD, M.D.
Privacy procedures
Privacy Policy: Our practice recognizes and respects the fact that the patient has a right to inspect and obtain a copy of his/her Protected Health Information (PHI).
Privacy Procedures to accomplish this Privacy Policy
- The Privacy Official will provide the front office staff with an original form for patients to complete when the patient desires to inspect and copy his/her PHI.
- The front office staff will photocopy and make available to patients the form to inspect and copy PHI.
- The front office staff will respond to patient’s requests and questions concerning inspecting and copying their PHI. In addition, the front office staff will distribute the form to the patients upon their request.
- Once the patient completes the form, the front office staff shall forward the form to the Site Coordinator.
- Once the patient has submitted his/her request in writing (using the practice’s form is an option), the front office staff must verify that the patient’s signature matches his/her signature on file.
- The Site Coordinator must review the patient’s request and respond to the patient within 30 days from the date of the request. The Site Coordinator needs to review the specific request with the patient’s treating physician. If the request is controversial or requires additional time for review, Doctor Todd’s Privacy Official needs to be involved.
- The Site Coordinator, with the Site Physician’s approval, should agree to all reasonable requests. If access is denied, the Privacy Official must provide the patient with an explanation for the denial as well as a description of the patient’s review appeal.
- When the patient has requested to inspect their PHI, and his/her request has been accepted, the Privacy Official or other authorized practice representative should accompany the patient to a private area to inspect his/her records and remain with the patient during inspection. After the patient inspects the records the Privacy Official will note in the record the date and time of the inspection, and whether the patient made any requests for amendments or changes to the record.
- When the patient’s request to copy his/her PHI has been accepted, the front office staff should copy his/her record within 30 days and may charge up to 75 cents per page.