4.Your Health Information Rights.
You have the following rights regarding medical information we gather about you:
A. Right to Obtain a Paper Copy of This Notice. You have the right to a paper copy of this Notice of Privacy Practices at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy.
B. Right to Inspect and Copy. You have the right to inspect and copy medical information that may be used to make decisions about your care. This includes medical and billing records.
To inspect and copy medical information, you must submit a written request to our privacy officer. We will supply you with a form for such a request. If you request a copy of your medical information, we may charge a reasonable fee for the costs of labor, postage, and supplies associated with your request. We may not charge you a fee if you require your medical information for a claim for benefits under the Social Security Act (such as claims for Social Security, Supplemental Security Income, and any other state or federal needs-based benefit program.
If your medical information is maintained in an electronic health record, you also have the right to request that an electronic copy of your record be sent to you or to another individual or entity. We may charge you a reasonable cost based fee limited to the labor costs associated with transmitting the electronic health record.
C. Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as we retain the information.
To request an amendment, your request must be made in writing and submitted to our privacy officer. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- was not created by us unless the person or entity that created the information is no longer available to make the amendment;
- is not part of the medical information kept by or for Naples Women’s Center;
- is not part of the information which you would be permitted to inspect and copy; or
- is accurate and complete.
If we deny your request for amendment, you may submit a statement of disagreement. We may reasonably limit the length of this statement. Your letter of disagreement will be included in your medical record, but we may also include a rebuttal statement.
D. Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures of your health information made by us. In your accounting, we are not required to list certain disclosures, including:
- • disclosures made for treatment, payment, and health care operations purposes or disclosures made incidental to treatment, payment, and health care operations; however, if the disclosures were made through an electronic health record, you have the right to request an accounting for such disclosures that were made during the previous 3 years;
- • disclosures made pursuant to your authorization;
- • disclosures made to create a limited data set;
- • disclosures made directly to you.
To request an accounting of disclosures, you must submit your request in writing to our privacy officer. Your request must state a time period which may not be longer than six years. Your request should indicate in what form you would like the accounting of disclosures (for example, on paper or electronically by e-mail). The first accounting of disclosures you request within any 12-month period will be free. For additional requests within the same period, we may charge you for the reasonable costs of providing the accounting of disclosures. We will notify you of the costs involved and you may choose to withdraw or modify your request at that time before any costs are incurred. Under limited circumstances mandated by federal and state law, we may temporarily deny your request for an accounting of disclosures.
E. Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or health care operations. If you paid out-of-pocket for a specific item or service, you have the right to request that medical information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we are required to honor that request. You also have the right to request a limit on the medical information we communicate about you to someone who is involved in your care or the payment for your care.
Except as noted above, we are not required to agree to your request. If we do agree, we will comply with your request unless the restricted information is needed to provide you with emergency treatment. To request restrictions, you must make your request in writing to our privacy officer. In your request, you must tell us:
- • what information you want to limit;
- • whether you want to limit our use, disclosure, or both; and
- • to whom you want the limits to apply.
F. Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by e-mail. To request confidential communications, you must make your request in writing to your provider or our privacy officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
G. Right to Receive Notice of a Breach. We are required to notify you by first class mail or by e-mail (if you have indicated a preference to receive information by e-mail), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of the breach. “Unsecured Protected Health Information” is information that is not secured through the use of a technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the Protected Health Information unusable, unreadable, and undecipherable to unauthorized users. The notice is required to include the following information:
- • a brief description of the breach, including the date of the breach and the date of its discovery, if known;
- • a description of the type of Unsecured Protected Health Information involved in the breach;
- • steps you should take to protect yourself from potential harm resulting from the breach;
- • a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches;
- • contact information, including a toll-free telephone number, e-mail address, Web site or postal address to permit you to ask questions or obtain additional information. In the event the breach involves 10 or more patients whose contact information is out of date we will post a notice of the breach on the home page of our Web site or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary. We also are required to submit an annual report to the Secretary of a breach that involved less than 500 patients during the year and will maintain a written log of breaches involving less than 500 patients.