NOTICE OF PATIENT PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Purpose of This Notice
We understand that information about your health is personal. We are committed to protecting the privacy of your health information. This Notice tells you about the ways we may use and disclose Protected Health Information, or PHI, about you. This Notice will also describe our obligations and your rights regarding the use and disclosure of your PHI.
We are required by the law to:
- Protect the privacy of your PHI.
- Provide you notice of our legal duties and privacy practices with respect to PHI.
- Notify you in case of a breach of your unsecured PHI.
- Follow the terms of the Notice currently in effect.
“HIPAA” means the Health Insurance Portability and Accountability Act of 1996, as amended.
“Privacy Rule” refers to the privacy regulations issued by the Department of Health and Human Services pursuant to HIPAA, codified at 45 C.F.R. Parts 160 and 164.
“Protected Health Information” or “PHI,” generally, is information (i) about your physical or mental health or condition, health care provided to you, or the payment of health care provided to you, whether past, present, or future; (ii) that is created, received, transmitted or maintained by us; and (iii) that identifies you or could be used to identify you.
“vRad” for purposes of this notice means: (1) certain radiology practices under management of Virtual Radiologic Corporation (VRC) and that are HIPAA Covered Entity Health Care Providers; (3) certain other radiology practices under management of Virtual Radiologic Corporation which are not currently Covered Entities; and (4) VRC. When a vRad-affiliated entity is not required to comply with HIPAA, then the entity has voluntarily chosen to seek to comply with the requirement to the extent reasonable and appropriate in its sole discretion.
The terms “we,” “our,” and “us” refer to vRad Subject Entities and its workforce members and the terms “you” and “your” refer to individuals whose PHI we use or disclose as permitted and required by law and as described in this Notice.
Effective Date of this Notice
This notice is effective February 14, 2013 and governs our privacy practices on and after that date. The effective date of any change to this Notice will be located in the upper right hand corner of the document.
Changes to Privacy Practices and this Notice
We can change our privacy practices and this Notice at any time. Any change will apply to PHI we already have and to PHI we receive or generate after the change. At your request, we will give you an updated Notice. We will also post the most current Notice at our website.
For Questions, Additional Information Regarding Privacy Practices and Complaints, please contact:
Karen Scott, Privacy Officer
Virtual Radiologic Corporation
11995 Singletree Lane, #500
Eden Prairie, MN 55344
If you believe your privacy rights have been violated, you may file a complaint in writing with the privacy officer at the address listed above or with the United States Department of Health and Human Services. We will not retaliate against you for filing a complaint.
Your Rights Regarding Your Protected Health Information
You have the following rights regarding your PHI.
- Obtain a copy of the Notice upon request. You have the right to receive a written copy of this Notice upon request. Contact the privacy officer.
- Request consideration of a restriction on certain uses and disclosures of PHI. You may ask us to limit or not to use or disclose any part of your PHI for the purposes of payment, treatment or health care operations. You may also request that any part of your PHI not be disclosed to family members, friends or others who may be involved in your care or for notification purposes as described in this Notice. We are not required to agree to such restrictions. However, if you ask us to restrict disclosure to a health plan and the PHI pertains solely to a service that has been paid for in full, we must honor your request, except in two cases: if the disclosure is (1) for carrying out payment or healthcare operations or (2) otherwise required by law. To ask for a restriction, send a written request to the privacy officer at the address shown at the beginning of the notice.
- Inspect and obtain a copy of your PHI. You have the right to review and copy PHI about you for as long as we maintain the PHI. You must send a written request to the privacy officer. We may charge you for the costs of copying, mailing, or other supplies that are necessary to grant your request (subject to state law). We may deny your request to inspect and copy PHI in certain limited circumstances. If you are denied access to your PHI, you may request us to review the denial.
- Request correction of PHI. You have the right to request us to correct your PHI. You may request a correction for as long as we maintain the PHI. You must send a written request to the privacy officer that must include a reason that supports your request. In certain cases, we may deny your request. If we deny your request for correction, you have the right to file a statement of disagreement with the decision.
- Receive a list of disclosures of PHI. You have the right to receive a list of certain disclosures of your PHI made by us (subject to exceptions, restrictions, and limitations noted in the Privacy Rule). To request a disclosure list, submit a written request to the privacy officer and specify the time period (which may not be longer than 6 years). You may be charged for the cost of providing a disclosure list if you make more than one request within a 12-month period. We will notify you of the cost in advance and you may choose to withdraw or modify your request at that time.
- Request confidential communications of PHI by alternative means or at alternative locations. You can ask that we communicate with you by alternative means or at alternative locations. We will accommodate such a request if it is reasonable and states that disclosure of the information in the ordinary manner could endanger you. You must make such a request in writing to the privacy officer at the address shown at the beginning of this notice. We may refuse to accommodate your request if you have not provided information as to how payment, if applicable, will be handled and specify how or where you wish to be contacted.
- Required Disclosures of Protected Health Information
We will disclose PHI to you in accordance with your right to access your PHI or to receive an accounting of disclosures of your PHI as specified in this Notice. We will also disclose PHI to the Department of Health and Human Services when required by that department to investigate or determine our compliance with the requirements of the Privacy Rule.
Common Reasons for Our Use and Disclosure of Your Protected Health Information
Common reasons for use and disclosure include:
- Treatment. We may use and disclose your PHI to provide treatment services to you or to aid other physicians or practitioners who are providing treatment to you.
- Payment. We may use and disclose your PHI to determine your insurance coverage and benefits and to facilitate payment for the covered treatment and services you receive from vRad Subject Entities or other health care providers. For example, we may use and disclose PHI for billing and claims submission, for pre-certification; to coordinate insurance coverage and benefits; to obtain reimbursement for services rendered; or for subrogation or reimbursement purposes.
- Health Care Operations. We may use and disclose your PHI for operations. These uses and disclosures are necessary to run vRad Subject Entities. For example, we may use or disclose your PHI in connection with: quality assessment and improvement activities, credentialing activities, legal services, audit services, fraud and abuse detection, and compliance programs; business planning and development including cost management; and business management and general administrative activities.
- Individuals involved in your care or payment for your care. Unless you object, we may release PHI about you to a family member, other relative, or a close personal friend of yours or any other person identified by you. We will disclose only PHI that is directly relevant to the person’s involvement with your health care or payment related to your health care.
- Provide benefits information to you. We may use and disclose your PHI to inform you about health-related benefits and services that may be of interest to you.
- As required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law.
Note that we work with organizations or individuals that perform certain functions on our behalf or provide services to us that involve the use or disclosure of PHI. Our contracts with our business associates include the promises to protect PHI required by the Privacy Rule.
Less Common Reasons for Our Use or Disclosure of PHI
- Judicial and administrative agency proceedings. We may, upon certain conditions, disclose PHI in response to an order of a court or administrative tribunal, a subpoena, discovery request, or other lawful process.
- Workers’ compensation purposes. We may disclose PHI to workers’ compensation insurers, state administrators, employers, and other persons involved in workers’ compensation systems as authorized by workers’ compensation or similar programs required by law.
- Food and Drug Administration (FDA). We may disclose PHI to a person or company subject to the jurisdiction of the FDA, for the purpose of activities related to the quality, safety, or effectiveness of products regulated by the FDA.
- Public health activities. We may disclose PHI to a public health authority authorized to collect such information for certain purposes, including, but not limited to, preventing or controlling disease, injury or disability; reporting disease or injury; reporting vital events such as births or deaths; conducting public health surveillance, public health investigations and public health interventions; at the direction of a public health authority, to an official of a foreign government agency acting in collaboration with a public health authority; or reporting child abuse or neglect.
- Health oversight activities. We may disclose PHI to a health oversight agency for any oversight activities authorized by law, including: audits; investigations; inspections; licensure or disciplinary actions; civil, criminal or administrative actions or proceedings; or other activities necessary for the oversight of the health care system, government benefit programs, compliance with government regulatory program standards or compliance with applicable civil rights laws.
- To social services or law enforcement about victims of abuse or neglect. We may disclose PHI about an individual whom we reasonably believe to be a victim of abuse, neglect, or domestic violence to a government authority, including a social service or protective services agency, authorized by law to receive reports of such abuse, neglect, or domestic violence, to the extent the disclosure is required by law and the disclosure complies with and is limited to the relevant requirements of such law.
- To other Covered Entities for their Treatment, Payment or Health Care Operation Purposes. We may disclose PHI to other Covered Entities for the reasons and to the extent permitted under the Privacy Rule.
Uncommon Reasons for Our Use and Disclosure of PHI
- To avert a serious threat to public health or safety.
- National security and protective services for the President and other Heads of State.
- Coroners, medical examiners, and funeral directors.
- To a jail or prison about its inmates.
- To the military about its members or veterans.
- For organ or tissue transplant purposes.
- Research pursuant to waiver approval by an Institutional Review Board or Privacy Board.
- For law enforcement purposes.
Uses and Disclosures with Your Written Permission
PHI Will Not Be Used or Disclosed for Other Purposes Without Your Written Permission. We will obtain your written permission (called “Authorization” under the Privacy Rule) before using or disclosing your PHI for purposes other than those provided in this Notice (or as otherwise permitted or required by law). Types of uses and disclosures that require your written permission include marketing our services to you or selling your PHI.
You May Revoke Your Permission. You may revoke your permission at any time but must do so in writing. Upon receipt of the written revocation, we will stop using or disclosing PHI in accordance with the written permission, except to the extent we have already acted in reliance on your written permission.
(Website visitors may also want to view our Notice of Non-Discrimination.)