HIPAA

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices describes how we may use and disclose your protected health information (PHI) to carry out treatment, payment or health care operations (TPO) and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services.


Uses and Disclosures of Protected Health Information

Your protected health information may be used and disclosed by your healthcare provider, office staff and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you, to pay your health care bills, to support the operation of the healthcare provider’s practice, and any other use required by law.

Treatment

We will use and disclose your protected health information to provide, coordinate, or manage your health care and any related services. This includes the coordination or management of your health care with a third party. For example, we would disclose your protected heath information, as necessary, to a home health agency that provides care to you. For example, your protected health information may be provided to a healthcare provider to whom you have been referred to ensure that the healthcare provider has the necessary information to diagnose or treat you.

Payment

Your protected health information will be used, as needed, to obtain payment for your health care services. For example, obtaining approval for a hospital stay may require that your relevant protected health information be disclosed to the health plan to obtain approval for the hospital admission.

Health Care Operations

We may use or disclose, as needed, your protected health information in order to support the business activities of the healthcare provider’s practice. These activities include, but are not limited to quality assessment activities, employee review activities, training of students, licensing, and conducting or arranging for other business activities. We may also call you by name in the waiting room when your healthcare provider is ready to see you. We may use or disclose your protected health information, as necessary, to contact you to remind you of your appointment.

We may use or disclose your protected health information in the following situations without your authorization. These situations include: as Required By Law, Public Health Agencies; Victims of Abuse, Neglect, or Domestic Violence; Communicable Disease; Health Oversight: Abuse or Neglect, Serious Threats to Health or Safety; Food and Drug Administration requirements; Judicial and Administrative Proceedings; Law Enforcement; Coroners, Funeral Directors, and Organ Donation; Research; Criminal Activity: Military Activity and National Security; Workers’ Compensation; Inmates; Incidental Uses and Disclosures; Friends and Family Involved in your Care; Required Uses and Disclosures: under the law, we must make disclosures to you and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of Section 164.500.

We are required to obtain your written authorization in the following circumstances: (a) to use your PHI for marketing purposes; (b) to sell your PHI, and (c) to use or disclose your PHI for any purpose not previously described in this Notice. We also will obtain your authorization before using or disclosing your PHI when required to do so by (a) state law, such as laws restricting the use or disclosure of genetic information or information concerning HIV status; or (b) other federal law, such as federal law protecting the confidentiality of substance abuse records. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization we will no longer use or disclose your PHI for the reasons described in the authorization.


Your Rights

Following is a statement of your rights with respect to your protected health information. You have the right to inspect and copy your protected health information. Under federal law, however, you may not inspect or copy the following records; psychotherapy notes; information compiled in reasonable anticipation of, or use in, a civil, criminal, or administrative action or proceeding, and protected health information that is subject to law that prohibits access to protected health information.

You have the right to request a restriction of your protected health information. This means you may ask us not to use or disclose any part of your protected health information for the purposes of treatment, payment or health care operations. You may also request that any part of your protected health information not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in the Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply.

Your healthcare provider is not required to agree to a restriction that you may request unless (a) you request that we not disclose your PHI to a health insurance company, Medicaid or Medicare for payment or health care operations purposes; (b) you, or someone on your behalf, has paid us in full for the health care item or service to which the PHI pertains; and (c) we are not required by law to disclose to the insurer, Medicare or Medicaid, the PHI that is the subject of your request. If the healthcare provider believes it is in your best interest to permit use and disclosure of your protected health information, your protected health information will not be restricted. You then have the right to use another Health Care Professional.

You have the right to request to receive confidential communications from us by alternative means or at an alternative location. You have the right to obtain a paper copy of this notice from us, upon request, even if you have agreed to accept this notice alternatively i.e. electronically.

You may have the right to request that your healthcare provider amend your protected health information if you believe it is incorrect or incomplete. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal.

You must provide us with a reason that supports your request for amendment. We will deny your request if you fail to submit your request (and the reason supporting your request) in writing. Also, we may deny your request if you ask us to amend information that is, in our opinion: (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect and copy; or (d) not created by us, unless the individual or entity that created the information is not available to amend the information.

You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information. The accounting will exclude the following disclosures; (a) disclosures for “treatment,” “payment,” or “healthcare operations,” (b) disclosures to you or pursuant to your authorization; (c) disclosures to family members or close friends involved in your care or in payment for your care: (d) disclosures as part of a data use agreement; and (e) incidental disclosures. We will provide the first accounting during any 12-month period without charge. We may charge a reasonable, cost-based free for each additional accounting during the same 12-month period. If there will be a charge, the Privacy Official will first contact you to determine whether you wish to modify or withdraw your request.

We reserve the right to change the terms of this notice and will inform you by mail of any changes. You have the right to object or withdraw as provided in this notice.

You have the right to receive notice of a breach of your unsecured PHI. If we discover a breach of your unsecured PHI, we will notify you of the breach and provide the information required by law.


Complaints

You may complain to us or to the Secretary of Health and Human Services, Hubert H. Humphrey Building, 200 Independence Ave., S.W., Washington, D.C. 20201, if you believe your privacy rights have been violated by us. You may file a complaint with us by notifying our privacy contact of your complaint. We will not retaliate against you for filing a complaint.


This notice was published and becomes effective on/before September 23, 2013.

We are required by law to maintain the privacy of, and provide individuals with, this notice of our legal duties and privacy practices with respect to protected health information. If you have any questions about this form, please ask to speak with our Privacy Officer, Julee Bankes, 3400 E. McDowell Rd., Phoenix, AZ 85008, (602) 225-0595 ext. 7524

We reserve the right to amend this Notice of Privacy Practices. Any revision or amendment to this notice will be effective for all of your records that our practice has created or maintained in the past, and for any of your records that we may create or maintain in the future. You may request a copy of your most current Notice at any time.


Contact Dermatitis Institute℠ Website Privacy Policy

What Website(s) Does This Policy Apply To?

This online privacy policy (the "CDI Privacy Policy") applies to the Contact Dermatitis Institute website located at http://www.contactdermatitisinstitute.com/, the Contact Dermatitis Institute online forum located at http://contactdermatitisinstitute.mycrowdwisdom.com/diweb/community and the Contact Dermatitis Institute social media pages, such as Facebook, Twitter or Instagram owned and controlled by SmartHealth, the "CDI Websites").

The CDI Privacy Policy does not apply to any other website owned or operated by any third party, even if such third party websites link to a CDI Website or a CDI Website contains links to a third party website. Accordingly, the CDI Privacy Policy does not apply to the practices of any third party, affiliate, or business partner that SmartHealth does not own or control. Additionally, the owners of social media services may have additional online privacy terms and conditions that supersede the CDI Privacy Policy depending on a user's own personal preferences with that social media service.


Collection of Non-personal Data

If you browse the CDI Website without creating a user account or posting information on a public portion of the CDI Website (such as the online forum or social media page), you do so anonymously. We do not collect your e-mail address or other personal information. We do log your IP address (the internet address of your computer) to tell us which parts of the CDI Websites you visit and how long you spend there. We do not link your IP address to anything personally identifiable; however, we do track the state and/or country you are accessing the internet from, the date and time you visited and the type of computer, operating system and web browser you are using. Your browser supplies us with this information. We use this information from our server logs to learn more about our visitors as a group, not about you as an individual. The information helps us identify overall usage patterns and trends on the site.


Collection of Information

Certain features on the CDI Website enables members to contact SmartHealth and/or submit personal and/or business information to SmartHealth. If you submit personal and/or business information to SmartHealth, we will use this information to respond to your inquiries or provide various products, information and/or services to you. SmartHealth will not sell or share your name, address, e-mail address or other personal information with any other organization unless you expressly agree at the time you submit certain information to SmartHealth (typically by checking a box indicating your consent).


Online Forums and Social Media

When you post information on the online forum or social media portions of the CDI Website, you will publicly disclose your user name and other information that you have designated as part of your public profile. Additionally, all information contained in the body of any post made to the online forum or social media portions of a CDI Website is public and non-confidential. SmartHealth has no duty to maintain the privacy of any such information, and SmartHealth may collect, use and republish such information for any purpose in its sole discretion.


Removing or Updating Personal Information

If you believe your personal information is not accurate, or if you would like us to delete personal information collected by SmartHealth through the CDI Websites, please contact us at [email protected] or call 602.914.4267.


Disclosure of Your Personal Information

SmartHealth may disclose your personal information if required to do so by law or in the good-faith belief that such action is necessary to: (a) satisfy a legal order or comply with legal process; (b) defend the rights of SmartHealth or its affiliates or business partners; or (c) protect the personal safety of SmartHealth employees, agents, affiliates, business partners, customers or CDI Website users.


Third-Party Services

The CDI Website may offer features and services that are administered or provided by third parties hired by SmartHealth. To receive these services, you may be required to provide these third parties with personal information. All such services are subject to separate terms and conditions established by our third-party providers, including separate privacy policies, which may be different than this CDI Privacy Policy.


Security

The CDI Website has reasonable technical and organizational security measures in place to protect the loss, misuse or alteration of information under our control. We cannot guarantee that unauthorized third parties will never be able to defeat those security measures. Although we cannot guarantee that our systems are 100% secure 100% of the time, we periodically update our technology in order to improve the protection of customer information. The CDI Websites do not use a secure server to transmit sensitive data to and from our sites. However, if you place an order online, our third-party service providers that collect or process credit card information for online orders do use secure servers. Be sure not to transmit any credit card or other financial or sensitive data through the CDI Websites unless you have first verified that the data is being submitted to our third-party service provider’s secure server.


Governing Law and Jurisdiction

The CDI Privacy Policy, and SmartHealth's collection and use of customer information, shall be governed and interpreted in accordance with the laws of the United States and the State of Arizona. Any disputes arising out of this CDI Website Policy shall be adjudicated in a court of competent jurisdiction in Maricopa County of Phoenix, Arizona.


Governing Language

Any translation of this CDI Website Policy is done for local requirements and in the event of a dispute between the English and any non-English versions, the English version of this CDI Privacy Policy shall govern.


Privacy Policy Changes

SmartHealth reserves the right to change this CDI Privacy Policy at any time without prior notice. Any changes to this CDI Privacy Policy will be posted on this page and will be effective immediately upon posting.