This Notice describes how medical information about your medical information may be used and disclosed by Sanctuary Salon & Spa, LLC. (“Company”) in its capacity as a Business Associate to the Company’s affiliated physician who takes care of you (“Physician”), and how you can get access to this information. Please review this Notice carefully.
What is your medical information? All the health care related information your Physician and the Company have in your file, including your medical history, current condition, diagnosis, examination notes, test results, and prescriptions.
Why are you getting this Notice? The Company is a Business Associate to your Physician and, as such, performs certain administrative functions for your Physician which require access to your medical record. As a Business Associate, the Company must comply with the HIPAA Privacy Rule that requires Company to protect the confidentiality of your medical information. As a medical services provider, your Physician must also comply with the HIPAA Privacy Rule. The Privacy Rule also gives you certain rights with respect to your medical information. This Notice explains both our obligations and your rights under the Privacy Rule.
Your rights: Although your physical medical file belongs to your Physician, the information in your file belongs to you. You therefore have the right to:
- Request that your Physician and the Company restrict the use or disclosure of your medical information for treatment, payment and health care operations. Please note that neither your Physician nor the Company has to agree to the requested restrictions but if it either one does agree, they must abide by the restrictions. Please also note that the Company does is not a medical services provider and does not provide any kind of medical advice or treatment to anyone. The Company is providing this Notice strictly in its role as a Business Associate to your Physician.
- Request that your Physician and the Company use an alternative means to communicate with you on a confidential basis about your medical information. You may also request that we send such communications to you at an alternative location.
- Inspect and copy your medical information for as long as your Physician and/or the Company maintain your medical record. Under certain specific circumstances, your Physician and/or the Company may deny your request but this denial is, in most cases, reviewable. Please also note that there is some medical information that you do not have a right to access, including psychotherapy notes and information prepared in anticipation of civil, criminal or administrative proceedings.
- Request in writing that your Physician and the Company amend your medical information or record, unless the record is already accurate and complete or neither your physician nor the Company creates the information you wish to amend. The Company will act on your written request within 60 days after receiving it and either make the amendment or provide you with a written denial.
- Except for certain disclosures, request an accounting of disclosures of your medical information by both your Physician and the Company.
- Receive a paper copy of this Notice.
Company’s obligations: We are required to do the following:
- Maintain the privacy of your medical information and provide you with this Notice.
- Abide by the terms of this Notice.
- Notify you if we cannot agree to a use or disclosure restriction you request.
- Accommodate your reasonable request to communicate with you via alternative means or at an alternative location.
Please note that the Company reserves the right to change its privacy practices and apply the changes to your medical information. If we do change our privacy practices, we will mail you a revised Notice to the address you have provided to us.
Uses and disclosures: These are some examples of the uses and disclosures of your medical information that the Company will make:
- Health care operations: The Company maintains a comprehensive electronic health record (“EHR”) system which your Physician uses to access your medical record and to add information to that record. The Company will use the information in your medical record on the EHR to provide administrative and support services to your Physician, track, locate and load lab test results into your medical record for your Physician to access, keep track of your appointments with your Physician and answer any questions you may have which do not require you to speak with your Physician.
- Payment: The Company will handle the billing for any laboratory tests your Physician prescribes for you and will collect any amount due from you and make sure that payment is transmitted to the appropriate laboratory. All billing information, including the back up sent with the bill will identify you and will include information about the types of tests the lab performed for you and your test results.
- Business Associates: The Company may use an outside consultants, including financial, IT and legal consultants, who may, in connection with providing services to the Company, have need to access the EHR system. The Company may disclose your information to these outside consultants for the purpose of enabling them to provide the requested services to the Company. Before Company discloses any of your medical information to such outside consultants, we will require the contractor to sign a Business Associate Agreement in which the consultant agrees to protect the confidentiality of your medical information.
- We may disclose your medical information as required by law, including worker’s compensation regulations; to the Centers for Medicare and Medicaid Services or other regulatory agency; in response to an order of court or administrative tribunal and as required by a valid subpoena; for law enforcement purposes; for public health purposes; to governmental authorities, including social service or protective service agencies, if we believe you have been the victim of abuse, neglect or domestic violence; to a health oversight agency for oversight activities authorized by law; to avert a serious threat to health or safety; in connection with specialized government functions including military or veteran’s activities, national security and intelligence activities and national security or intelligence activities; or during a medical emergency as necessary to protect your welfare.
- The Company will make any other uses and/or disclosures of your medical information that are not related to treatment, payment or health care operations only with your prior written authorization. If the Company wishes to use your medical information for any such other purpose (for example, marketing), we will speak to you first and give you the option of signing an Authorization. You are not required to sign the Authorization and if you do, you may revoke that Authorization at any time.
- We will contact you to provide appointment reminders but will do so only at the telephone number(s) or e-mail address you provide to us for that purpose.