This Notice contains the privacy practices for Dr. Kimberly Queen (“I”, “Me”, “My”). The notice contains Dr. Queen’s legal duties, and the rights of patients (“You”, “Your”) concerning protected health information (“PHI”). The law requires Dr. Queen to keep PHI private in accordance with this Notice of Privacy Practices, as long as this Notice remains in effect.
Copy of the Notice
I, Dr. Queen, am required to post this Notice in a clear and easy to find location where you are able to see it, and a copy must be provided to anyone who asks for one. From time to time, I may revise my privacy practices and the terms of my Notice at any time as permitted or required by applicable law. Such revisions to my privacy practices and my Notice may be retroactive. My Notice will be updated and made available to you before any significant revisions of my privacy practices and policies.
Use and disclosures
I am required to protect PHI from unauthorized access or use. PHI is information that identifies you and includes demographic data that relates to your health or condition, the provision of your health care and payment for the provision of your health care. Common identifiers include your name and birth date. In all cases in which I use or disclose PHI, I do so only to the minimum extent necessary to accomplish the purpose of the use or disclosure. I am required to disclose PHI to you or your personal representatives when you specifically request access or an accounting of disclosures of your PHI, and to the Department of Health and Human Services when it is undertaking a compliance investigation, review, or enforcement action. I do not share PHI with your employer or private notes about your health care with any entity without specific authorization. I am permitted, but not required, to use and disclose PHI without your authorization for Treatment, Payment and Health Care Operations. For convenience, I provide the following examples:
Treatment: PHI may be used by or disclosed to any health care providers involved with the services provided to you.
Payment: PHI may be used or disclosed to collect payment for services provided to you.
Health Care Operations: PHI may be used or disclosed as part of my internal health care operations, which are any of the following activities: (a) quality assessment and improvement activities including case management and care coordination; (b) competency assurance activities including provider or health plan performance evaluation, credentialing, and accreditation; (c) conducting or arranging for medical reviews, audits, or legal services, including fraud and abuse detection and compliance programs; (d) conducting training programs; (e) business planning and development; and (f) business management and general administrative activities.
I will restrict the disclosure of PHI at your specific request, to the extent the disclosure satisfies three conditions: 1) The disclosure is for purposes of carrying out payment or healthcare operations, 2) the disclosure is not otherwise required by law or regulations, and 3) the PHI subject to the request pertains solely to a healthcare item or service for which you, a family member or anyone other than the health plan paid in full. Thus, you may request that I not disclose information about a procedure, diagnosis, etc. to your insurance company as long as you pay 100% of the expense out of pocket.
Access to PHI
I will provide you with access to your PHI as described below in the Individual Rights Section of this Notice. With your permission or in some emergencies, I may disclose PHI to your family members, friends, or other people to aid in your treatment or the collection of payment. A disclosure of PHI may also be made if I determine it is reasonably necessary or in your best interests for such purposes as allowing a person acting on your behalf to receive filled prescriptions, health care supplies, x-rays, et cetera.
Locating responsible parties
I may use or disclose your PHI to locate, identify, or notify a family member, your personal representative or another person responsible for your care. If I determine in my reasonable professional judgment that you are capable of doing so, you will be given the opportunity to consent to or to prohibit or restrict the extent or recipients of such disclosure. If I determine that you are unable to provide such consent, I will limit the PHI disclosed to the minimum necessary.
I may use or disclose your PHI to any public or private entity authorized by law or its charter to assist in disaster relief efforts.
Required by law
I may use or disclose your PHI when I am required to do so by law. For example, your PHI may be released when required by privacy laws, workers compensation or similar laws, public health laws, court or administrative orders, subpoenas, certain discovery requests, or other laws, regulations, or legal processes. Under certain circumstances, I may make limited disclosures of PHI directly to law enforcement officials or correctional institutions regarding an inmate, lawful detainee, suspect, fugitive, material witness, missing person or a victim or suspected victim of abuse, neglect, domestic violence, or other crimes. I may disclose your PHI to the extent reasonably necessary to avert a serious threat to your health or safety or the health or safety of others. I may disclose your PHI when necessary to assist law enforcement officials to capture a third party who has admitted to a crime against you or who has escaped from lawful custody.
I may disclose a deceased patient’s PHI to family members and others involved in their care or payment prior to death unless there is a specific wish/request of the patient otherwise. After your death, I may disclose your PHI to a coroner, medical examiner, funeral director or organ procurement organization in limited circumstances.
I may use or disclose your PHI for research purposes only in those limited circumstances not requiring your written authorization such as those which have been approved by an institutional review board that has established procedures for ensuring the privacy of your PHI.
Military and national security
I may disclose to military authorities the medical information of Armed Forces personnel under certain circumstances. When required by law I may disclose your PHI for intelligence, counterintelligence, and other national security activities.
Access to records and copies
In most cases, you have the right to review or to purchase copies of PHI by requesting access or copies in writing to my Compliance Officer. All such requests will be handled within 30 days but only to the extent that it does not interfere with treatment or operations, and when a 30-day extension is used, I will notify you of the reason(s) for the delay and when the expected date is. That expected date will be within 60 days of the initial request. I will require you to schedule an appointment with my Compliance Officer to review PHI and to pay a reasonable fee for photocopies or computer-generated records. You can receive your PHI in an electronic form or format if you specifically request it; to the extent it is readily producible in such form and format. I will negotiate on a case basis an acceptable format for doing the transfer directly to any entity or person designated by you.
You have the right to receive an accounting of the instances, if any, in which your PHI was disclosed for purposes other than those described in the Notice. For each 12-month period, you have the right to receive one free copy of an accounting of certain details surrounding such disclosures that occurred after April 13, 2003. If you request a disclosure accounting more than once in a 12-month period, you will be charged a reasonable, cost-based fee for each additional request. All requests for disclosure accounting must be in writing to my Compliance Officer. I do not use and disclose e-PHI through EHRs, and I do not provide an accounting of e-PHI disclosures.
I may provide you with information concerning health issues, benefits, and services, or treatment alternatives based on your PHI. You may opt out of receiving such information except that it is contained in a general newsletter, is presented in person, or is for nominally valued items by notifying in writing my Compliance Officer.
Fund raising, marketing and sale of PHI
I may use demographic information and dates of your health care to contact you for fundraising purposes. You may opt-out of receiving such information by notifying in writing my Compliance Officer. I will not sell PHI either by direct or indirect receipt or remuneration unless you opt-in with written authorization. Sales are explicitly defined as information in exchange for financial remuneration, which has some very specific exceptions: limited data set sharing for public health purposes; research purposes; mergers and acquisitions, treatment and payment purposes; to or by a business associate (and within the covered entity or affiliated groups); individuals paying a fee for their own PHI or a list of disclosures; any reason allowed by the Privacy Rule for a cost-based fee.
You have the right to request that I place additional restrictions on the use or disclosure of your PHI, but I am not required to honor such a request. I will be bound by such restrictions only if I agree to do so in writing signed by my Compliance Officer and me. If you request a restriction on disclosures of PHI to a health plan for purposes of carrying out payment or health care operations and the PHI pertains to an item or service for which I was paid out-of-pocket in full, this requested restriction will be honored.
You have the right to request that I communicate about your PHI by alternative means or in alternative locations. I will accommodate any reasonable request if it specifies in writing the alternative means or location and provides a satisfactory explanation of how future payments will be handled.
Amendments to PHI
You have the right to request that I amend your PHI. Any such request must be in writing and contain a detailed explanation for the requested amendment. Under certain circumstances, I may deny your request, but I will provide you with a written explanation of the denial. You have the right to send a statement of disagreement to which I may prepare a rebuttal; a copy of which will be provided to you at no cost. Please contact my Compliance Officer with any further questions about amending your health care record.
Security breach notification
You have the right to be notified regarding any security breach that compromises your PHI. I will notify the Secretary of Health and Human Services (HHS) or the Federal Trade Commission, or the media if more than 500 patients in a particular state am affected.
If you believe your privacy rights have been violated, you may complain to the Secretary of the U.S. Department of Health and Human Services. You may file a complaint with me by notifying my Compliance Officer. I support your right to protect the privacy of your health care information. I will not retaliate in any way if you choose to file a complaint with me or with the U.S. Department of Health and Human Services.
Access to my office
My office is private property. To ensure the privacy of patients and PHI, entry into my office is limited to patients at the time of their scheduled appointment. Patient family members, agents or representatives, and friends (“Guests”) are not allowed in my office, but may, if they are essential to your treatment and with the consent of you and me, enter and remain in the treatment room with you. My facility has a public lobby and restroom that is available to guests.
The Privacy Rule allows us to communicate through e-mail with you provided I apply reasonable safeguards when doing so. While the Privacy Rule does not prohibit the use of unencrypted e-mail for treatment-related communications between you and me, other safeguards should be applied to reasonably protect privacy, such as limiting the amount or type of information disclosed through the unencrypted e-mail. You may initiate communications with me using e-mail. If this situation occurs, I can assume (unless you have explicitly stated otherwise) that unencrypted e-mail communications are acceptable to you. Remember; PHI should not be sent over the Internet by e-mail or another electronic transmission unless appropriate safeguards are in place at the time such transmission takes place.
Contact Information: Compliance Officer
Address your questions and concerns, or if you have a complaint about privacy issues, to:
Dr. Queen for Health
One Embassy Centre
9020 SW Washington Square Road
Portland OR 97223
Tel: (503) 291-7155
Fax: (503) 291-7152