"Count on absolute confidentiality about your health care, whether you contact us in person, by phone or in writing"
Your health care service and medical records at our office are kept strictly confidential. No information can be released without your written permission. You may designate both who receives any information and for what period of time. Maintaining absolute confidentiality can sometimes be a little inconvenient. Our office for example, cannot give you test results without the doctor's permission. And grown children cannot access their parent's medical records unless the patient first signs a release authorizing a specified son or daughter to obtain information. Likewise, parents of children 18 or older cannot be given information about their children unless the patient gives us written permission to do so - even if Mom or Dad are still carrying the patient on their insurance policy.
We hope this assurance helps you know you can count on our office for confidentiality and that you understand that we can't share another patient's medical information with another party unless we first have written permission.
Your health care service and medical records are strictly confidential. To ensure your confidentiality is always protected, our staff follows very specific guidelines for releasing medical records. There is a nominal fee for the copying of medical records and diagnostic x-rays as provided by the State of Indiana.
Use and Disclosure of PHI We may use PHI for our management, administration, data aggregation, and legal obligations to the extent such use of PHI is permitted or required and not prohibited by law.
In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us with respect to PHI, including the implementation of reasonable and appropriate safeguards.
We may also use PHI to report violations of law to appropriate federal and state authorities.
Safeguards We use appropriate safeguards to prevent the use or disclosure of PHI. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Covered Entity. Such safeguards include: • Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures; • Providing appropriate training for our staff to assure that our staff complies with our security policies; • Making use of appropriate encryption when transmitting PHI over the Internet; • Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI; • Utilizing appropriate authentication and access controls to safeguard PHI; • Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and • Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.
Mitigation of Harm In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include: • Reporting any use or disclosure of PHI not provided for by the BA Agreement and any security incident of which we become aware to the Covered Entity; and • Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.