This web site is provided for information
and education purposes only. No doctor/patient relationship is
established by your use of this site. No diagnosis or treatment is
being provided. The information contained here should be used in
consultation with a dentist of your choice. No guarantees or
warranties are made regarding any of the information contained within
the web site. This web site is not intended to offer specific medical
or dental advice to anyone. Jennifer B. Turner, D.M.D. is licensed to
practice in the state of South Carolina and this web site is not
intended to solicit patients from other states. Further, this web
site and Dr. Jennifer B. Turner take no responsibility for web sites
hyper-linked to this site and such hyper-linking does not imply any
relationships or endorsements.
Copyright: Information and names within
this web site may be subject to copyright and trademark protection
with all rights reserved. Duplication or use without the expressed
written permission by Jennifer B. Turner, D.M.D., subjects the
violator to both civil and criminal penalties.
HEALTH INFORMATION PRIVACY
POLICIES & PROCEDURES
These Health Information Privacy Policies &
Procedures implement our obligations to protect the privacy of
individually identifiable health information that we create, receive,
or maintain as a healthcare provider.
We implement these Health Information Privacy
Policies and Procedures as a matter of sound business practice; to
protect the interests of our patients; and to fulfill our legal
obligations under the Health Insurance Portability and Accountability
Act of 1996 ("HIPAA"), its implementing regulations at 45 CFR Parts
160 and 164 (65 Fed. Reg 82462 (Dec. 28, 2000)) ("Privacy Rules"), as
amended (67 Fed. Reg. 53182 [Aug. 14, 2002]), and state law that
provides greater protection or rights to patients than the Privacy
Rules.
As a member of our workforce or as our Business
Associate, you are obligated to follow these Health Information
Privacy Policies & Procedures faithfully. Failure to do so can result
in disciplinary action, including termination of your employment or
affiliation with us.
These Policies & Procedures address the basics of
HIPAA and the Privacy Rules that apply in our dental practice. They do
not attempt to cover everything in the Privacy Rules. The Policies &
Procedures sometimes refer to forms we use to help implement the
policies and to the Privacy Rules themselves when added detail may be
needed.
Please note that while the Privacy Rules speak in
terms of "individual" rights and actions, these Policies & Procedures
use the more familiar word "patient" instead; "patient" should be read
broadly to include prospective patients, patients of record, former
patients, their authorized representatives, and any other
"individuals" contemplated in the Privacy Rules.
If you have questions or doubts about any use or
disclosure of individually identifiable health information or about
your other obligations under these Health Information Privacy Policies
& Procedures, the Privacy Rules or other federal or state law, please
contact our office. This policy was adopted effective 4/14/03
Back to Top
1. General Rule: No Use or Disclosure
Our dental office must not use or disclose
protected health information (PHI), except as these Privacy
Policies & Procedures permit or require.
2. Acknowledgement and Optional Consent
Our dental office will make a good faith effort to
obtain a written acknowledgement of receipt of our Notice of
Privacy Practices (see Section 9) from a patient before we use or
disclose his or her protected health information (PHI) for treatment,
to obtain payment for that treatment, or for our healthcare operations
(TPO).
Our dental office’s use or disclosure of PHI for
our payment activities and healthcare operations may be subject to the
minimum necessary requirements (see Section 7).
Our dental office will become familiar with our
state’s privacy laws. If required by our state law, or as directed by
the dentist, we will also seek Consent from a patient before we
use or disclose PHI for TPO purposes – in addition to obtaining an
Acknowledgement of receipt of our Notice of Privacy Practices.
a) Obtaining Consent
– If consent is to be obtained, upon the
individual’s first visit as a patient (or next visit if already a
patient), our dental office will request and obtain the patient’s
written Consent for our use and disclosure of the patient’s
PHI for treatment, payment, and healthcare operations.
Any consent we obtain must be on our Consent
form, which we may not alter in any way. Our dental office will
include the signed Consent form in the patient’s chart.
b) Exceptions
– Our dental office does not have to obtain the patient’s Consent in
emergency treatment situations; when treatment is required by law;
or when communications barriers prevent consent.
c) Consent
Revocation – A patient from whom we obtain consent may revoke it
at any time by written notice. Our dental office will include the
revocation in the patient’s chart. There is space at the bottom of
our Consent form where the patient can revoke the consent.
d) Applicability –
Consent for use or disclosure of PHI should not be confused with
informed consent for dental treatment. This section applies to our
practice.
3. Authorization
In some cases we must have proper, written
Authorization from the patient (or the patient’s personal
representative) before we use or disclose a patient’s PHI for any
purpose (except for TPO purposes) or as permitted or required without
consent or authorization (see Sections 3, 4, or 5).
Our dental office will use the Authorization
form. We will always act in strict accordance with an
Authorization.
a) Authorization
Revocation – A patient may revoke an authorization at any time by
written notice. Our dental office will not rely on an Authorization
we know has been revoked.
b) Authorization
from Another Provider – Our dental office will use or disclose PHI
as permitted by a valid Authorization we receive from another
healthcare provider.
Our dental office may rely on that covered entity
to have requested only the minimum necessary protected PHI. Therefore,
our dental office will not make our own "minimum necessary"
determination, unless we know that the Authorization is
incomplete, contains false information, has been revoked, or has
expired.
c) Authorization
Expiration – Our dental office will not rely on an
Authorization we know has expired.
4. Oral Agreement
Our dental office may use or disclose a patient’s
PHI with the patient’s Oral Agreement or if the patient is
unavailable subject to all applicable requirements.
Our dental office may use professional judgment and
our experience with common practice to make reasonable inferences of
the patient’s best interest in allowing a person to act on behalf of
the patient to pick up dental/medical supplies, X-rays, or other
similar forms of PHI.
Back to Top
5. Permitted Without Acknowledgement, Consent
Authorization or Oral Agreement
Our dental office may use or disclose a patient’s
PHI in certain situations, without Authorization or Oral
Agreement. In our dental office, these disclosures are not likely
to be frequent.
a) Verification of Identity
– Our dental office will always verify the identity of any patient,
and the identity and authority of any patient’s personal
representative, government or law enforcement official, or other
person, unknown to us, who requests PHI before we will disclose the
PHI to that person.
Our dental office will obtain appropriate
identification and, if the person is not the patient, evidence of
authority. Examples of appropriate identification include photographic
identification card, government identification card or badge, and
appropriate document on government letterhead. Our dental office will
document the incident and how we responded.
b) Uses or
Disclosures Permitted under this Section 5 – The situations in
which our dental office is permitted to use or disclose PHI in
accordance with the procedures set out in this Section 5 are listed
below.
-
For public health activities;
-
To health oversight agencies;
-
To coroners, medical examiners, and funeral
directors;
-
To employers regarding work-related illness or
injury;
-
To the military;
-
To federal officials for lawful intelligence,
counterintelligence, and national security activities;
-
To correctional institutions regarding inmates;
-
In response to subpoenas and other lawful
judicial processes;
-
To law enforcement officials;
-
To report abuse, neglect, or domestic violence;
-
As required by law;
-
As part of research projects; and
-
As authorized by state worker’s compensation
laws.
6. Required Disclosures
Our dental office will disclose protected health
information (PHI) to a patient (or to the patient’s personal
representative) to the extent that the patient has a right of access
to the PHI (see Section 10); and to the U.S. Department of Health and
Human Services (HHS) on request for complaint investigation or
compliance review.
Our dental office will use the disclosure log to
document each disclosure we make to HHS.
Back to Top
7. Minimum Necessary
Our dental office will make reasonable efforts to
disclose, or request of another covered entity, only the minimum
necessary protected health information (PHI) to accomplish the
intended purpose.
There is no minimum necessary requirement
for disclosures to or requests by one another in our dental office or
by a healthcare provider for treatment; permitted or required
disclosures to, or for disclosure requested and authorized by, a
patient; disclosures to HHS for compliance reviews or complaint
investigations; disclosures required by law; or uses or disclosures
required for compliance with the HIPAA Administrative Simplification
Rules.
a) Routine or Recurring Requests or Disclosures
– Our dental office will follow the policies and procedures that we
adopt to limit our routine or recurring requests for our disclosures
of PHI to the minimum reasonably necessary for the purpose.
b) Non-Routine or Non-Recurring Requests or
Disclosures – No non-routine or
non-recurring request for or disclosure of PHI will be made until it
has been reviewed on a patient-by-patient basis against our criteria
to ensure that only the minimum necessary PHI for the purpose is
requested or disclosed.
c) Other’s Requests –
Our dental office will rely, if reasonable for the situation, on a
request to disclose PHI being for the minimum necessary, if the
requester is: (a) a covered entity; (b) a professional (including an
attorney or accountant) who provides professional services to our
practice, either as a member of our workforce or as our Business
Associate, and who represents that the requested information is
the minimum necessary; (c) a public official who represents that the
information requested is the minimum necessary; or (d) a researcher
presenting appropriate documentation or making appropriate
representations that the research satisfies the applicable
requirements of the Privacy Rules.
d) Entire Record –
Our dental office will not use, disclose, or request an entire record,
except as permitted in these Policies & Procedures or standard
protocols that we adopt reflecting situations when it is necessary.
e) Minimum Necessary Workforce Use
– Our dental office will use only the minimum necessary PHI needed to
perform our duties.
Back to Top
8. Business Associates
Our dental office will obtain satisfactory
assurance in the form of a written contract that our Business
Associates will appropriately safeguard and limit their use and
disclosure of the protected health information (PHI) we disclose to
them.
These Business Associate requirements are
not applicable to our disclosures to a healthcare provider for
treatment purposes. The Business Associate Contract Terms
document contains the terms that federal law requires be included in
each Business Associate Contract.
a.)
Breach by Business Associate – If our
dental office learns that a Business Associate has materially
breached or violated its Business Associate Contract with us,
we will take prompt, reasonable steps to see that the breach or
violation is cured.
If the Business Associate does not promptly
and effectively cure the breach or violation, we will terminate our
contract with the Business Associate, or if contract
termination is not feasible, report the Business Associate’s
breach or violation to the U.S. Department of Health and Human
Services (HHS).
9. Notice of Privacy Practices
Our dental office will maintain a Notice of
Privacy Practices as required by the Privacy Rules.
a) Our Notice – Our
dental office will use and disclose PHI only in conformance with the
contents of our Notice of Privacy Practices. We will promptly
revise a Notice of Privacy Practices whenever there is a
material change to our uses or disclosures of PHI to legal duties, to
the patients’ rights or to other privacy practices that render the
statements in that Notice no longer accurate.
Form 1, Notice of Privacy Practices, found in this
Privacy Kit, contains the terms that federal law requires.
b) Distribution of Our Notice
– Our dental office will provide our Notice of Privacy Practices
to any person who requests it, and to each patient no later than the
date of our first service delivery after April 14, 2003.
Our dental office will have our Notice of
Privacy Practices available for patients to take with them. We
will also post our Notice of Privacy Practices in a clear and
prominent location where it is reasonable to expect patients seeking
services from us will be able to read the Notice.
c) Acknowledgement of Notice
– Our dental office will make a good faith effort to obtain from the
patient a written Acknowledgement of receipt of our Notice of
Privacy Practices.
Our dental office shall use Form 2,
Acknowledgement of Receipt of Notice of Privacy Practices, found
in this Privacy Kit, to obtain the Acknowledgement. If we cannot
obtain written Acknowledgement from the patient, we will use the form
to document our attempt and the reason why written Acknowledgement was
not signed by the patient.
Back to Top
10. Patients’ Rights
Our dental office will honor the rights of patients
regarding their PHI.
a) Access – With rare
exceptions, our dental office must permit patients to request access
to the PHI we or our Business Associates hold.
No PHI will be withheld from a patient seeking
access unless we confirm that the information may be withheld
according to the Privacy Rules. We may offer to provide a summary of
the information in the chart. The patient must agree in advance to
receive a summary and to any fee we will charge for providing the
summary. Our dental office will contact our Business Associates
to retrieve any PHI they may have on the patient.
b) Amendment –
Patients have the right to request to amend their PHI and other
records for as long as our dental office maintains them.
Our dental office may deny a request to amend PHI
or records if: (a) we did not create the information (unless the
patient provides us a reasonable basis to believe that the originator
is not available to act on a request to amend); (b) we believe the
information is accurate and complete; or (c) we do not have the
information.
Our dental office will follow all procedures
required by the Privacy Rules for denial or approval of amendment
requests. We will not, however, physically alter or delete existing
notes in a patient’s chart. We will inform the patient when we agree
to make an amendment, and we will contact our Business Associates
to help assure that any PHI they have on the patient is appropriately
amended. We will contact any individuals whom the patient requests we
alert to any amendment to the patient’s PHI. We will also contact any
individuals or entities of which we are aware that we have sent
erroneous or incomplete information and who may have acted on the
erroneous or incomplete information to the detriment of the patient.
When we deny a request for an amendment, we will
mark any future disclosures of the contested information in a way
acknowledging the contest.
c) Disclosure
Accounting – Patients have the right to an accounting of certain
disclosures our dental office made of their PHI within the 6 years
prior to their request. Each disclosure we make, that is not for
treatment payment or healthcare operations, must be documented showing
the date of the disclosure, what was disclosed, the purpose of the
disclosure, and the name and (if known) address of each person or
entity to whom the disclosure was made. The Authorization or
other documentation must be included in the patient’s record. We use
the patient’s chart to track each disclosure of PHI as needed to
enable us to fulfill our obligation to account for these disclosures.
We are not required to account for disclosures we
made: (a) before April 14, 2003; (b) to the patient (or the patient’s
personal representative); (c) to or for notification of persons
involved in a patient’s healthcare or payment for healthcare; (d) for
treatment, payment, or healthcare operations; (e) for national
security or intelligence purposes; (f) to correctional institutions or
law enforcement officials regarding inmates; or (g) according to an
Authorization signed by the patient or the patient’s representative;
(h) incident to another permitted or required use disclosure.
We will temporarily suspend the accounting of any
disclosure when requested to do so pursuant according to the Privacy
Rules by health oversight agencies or law enforcement officials. We
may charge for any accounting that is more frequent than every 12
months, provided the patient is informed of the fee before the
accounting is provided. We will contact our Business Associates
to assure we include in the accounting any disclosures made by them
for which we must account.
d) Restriction on Use or Disclosure
– Patients have the right to request our dental office to restrict use
or disclosure of their PHI, including for treatment, payment, or
healthcare operations. We have no obligation to agree to the request,
but if we do, we will comply with our agreement (except in an
appropriate dental/medical emergency).
We may terminate an agreement restricting use or
disclosure of PHI by a written notice of termination to the patient.
We will contact our Business Associates whenever we agree to
such a restriction to inform the Business Associate of the
restriction and its obligations to abide by the restriction. We will
document in the patient’s chart any such agreed to restrictions.
e) Alternative Communications –
Patients have the right to request us to use alternative means or
alternative locations when communicating PHI to them. Our dental
office will accommodate a patient’s request for such alternative
communications if the request is reasonable and in writing.
Our dental office will inform the patient of our
decision to accommodate or deny such a request. If we agree to such a
request, we will inform our Business Associates of the agreement and
provide them with the information necessary to comply with the
agreement.
f) Applicability –
Our dental office will be aware of and respect these patients’ rights
regarding their PHI, even though in most situations patients are
unlikely to exercise them.
Back to Top
11. Staff Training and Management, Complaint
Procedures, Data Safeguards, Administrative Practices
a) Staff Training and Management
* Training – Our
dental office will train all members of our workforce in these Privacy
Policies & Procedures, as necessary and appropriate for them to carry
out their functions. We will complete the privacy training of our
existing workforce by April 14, 2003.
After April 14, 2003, our dental office will train
each new staff member within a reasonable time after the member
starts. We will also retain each staff member whose functions are
affected either by a material change in our Privacy Policies and
Procedures or in the member’s job functions, within a reasonable time
after the change.
Form 7, Staff Review of Policies and Procedures,
can be used to have workforce members acknowledge they have received
and read a copy of these Policies and Procedures.
*Discipline and Mitigation
– Our dental office will develop, document, disseminate, and implement
appropriate discipline policies for staff members who violate our
Privacy Policies & Procedures, the Privacy Rules, or other applicable
federal or state privacy law.
Staff members who violate our Privacy Policies &
Procedures, the Privacy Rules or other applicable federal or state
privacy law will be subject to disciplinary action, possibly up to and
including termination of employment.
b) Complaints – Our
dental office will implement procedures for patients to complain about
our compliance with our Privacy Policies and Procedures or the Privacy
Rules. We will also implement procedures to investigate and resolve
such complaints.
The Complaint form can be used by the
patient to lodge the complaint. Each complaint received must be
referred to management immediately for investigation and resolution.
We will not retaliate against any patient or workforce member who
files a Complaint in good faith.
c) Data Safeguards –
Our dental office will "add to" and strengthen these Privacy Policies
& Procedures with such additional data security policies and
procedures as are needed to have reasonable and appropriate
administrative, technical, and physical safeguards in place to ensure
the integrity and confidentiality of the PHI we maintain.
Our dental office will take reasonable steps to
limit incidental uses and disclosures of PHI made according to an
otherwise permitted or required use or disclosure.
d) Documentation and Record Retention
– Our dental office will maintain in written or electronic form all
documentation required by the Privacy Rules for six years from the
date of creation or when the document was last in effect, whichever is
greater.
e) Privacy Policies & Procedures
– Only Dr. Jennifer B. Turner may change these Privacy Policies &
Procedures.
Back to Top
12. State Law Compliance
Our dental office will comply with the privacy laws
of each state that has jurisdiction over our practice, or its actions
involving protected health information (PHI), that provide greater
protections or rights to patients than the Privacy Rules.
13. HHS Enforcement
Our dental office will give the U.S. Department of
Health and Human Services (HHS) access to our facilities, books,
records, accounts, and other information sources (including
individually identifiable health information without patient
authorization or notice) during normal business hours (or at other
times without notice if HHS presents appropriate lawful administrative
or judicial process).
We will cooperate with any compliance review or
complaint investigation by HHS, while preserving the rights of our
practice.
14. Designated Personnel
Our dental office will designate a Privacy Officer
and other responsible persons as required by the Privacy Rules.
Back
to Top
