Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Our Commitment to Protect Your Health Information

Somi Javaid MD and Associates, LLC, SJ Medical Spa LLC and its affiliates are dedicated to protecting your medical information. A federal regulation known as the “HIPAA Privacy Rule” requires that we provide detailed notice in writing of our privacy practices. Your Protected Health Information (PHI) is information that identifies you and that relates to your past, present, or future healthcare. We are required by law to maintain the privacy of your PHI and to give you this notice about our privacy practices that explains your rights as our patient and how, when, and why we may use or disclose your PHI.

We are required by law to follow the privacy practices described in this notice, but we may change our policies at any time. Changes will apply to information we already hold, as well as new information after the change occurs. If we change our privacy practices and the terms of this notice, we will post a copy in our office in a prominent location and on our website www.hermdhealth.com. You may request a copy at any time.

How We May Use and Disclose Your PHI

Treatment, payment and healthcare operations. As described below, we will use or disclose your PHI for treatment, payment, or healthcare operations. The examples below do not list every possible use or disclosure in a category.

Treatment. We may use or disclose PHI about you to provide, coordinate or manage your healthcare and related services. We may consult with other healthcare providers regarding your treatment and coordinate and manage your healthcare with others. For example, we may use and disclose PHI when you need a prescription, lab work or other healthcare services. We may also use and disclose information about you to other healthcare providers involved in your care.

Payment. We may use and disclose PHI so that we can bill and collect payment for the treatment and services provided to you. For example, we may send your insurance company a bill for services or release certain medical information to your health insurance company so that it can determine whether your treatment is covered under the terms of your health insurance policy. We may also use and disclose PHI for billing, claims management, and collection activities.

Health care operations. We may use and disclose PHI in performing certain business activities which are called healthcare operations. Some examples of these operations include our business, accounting, and management activities. These healthcare operations may also include quality assurance, utilization review, and internal auditing, such as reviewing and evaluating the skills, qualifications, and performance of healthcare providers. If another healthcare provider, company, or health plan that is required to comply with the HIPAA Privacy Rule has or once had a relationship with you, we may disclose PHI about you for certain healthcare operations of that healthcare provider, company, or health plan. For example, healthcare operations may include assisting with the legal compliance activities of that provider, company or plan.

Business associates. We may contract with individuals and entities (business associates) to perform various functions on our behalf or to provide certain types of services. To perform these functions or to provide the services, business associates may receive, create, maintain, use or disclose your PHI. We require business associates to agree in writing to contract terms designed to appropriately safeguard your information. For example we may disclose your PHI to a business associate for claims administration purposes.

Communication to you. We may use or disclose medical information in order to contact you to follow up after you are discharged, for appointment reminders, to tell you about or recommend possible treatment options or alternatives that may be of interest to you, or, subject to certain limitations, to inform you about health related benefits or services that may be of interest to you.

Communication to others if you agree or do not object. We may also use or disclose your PHI in the following circumstances. However, except in emergency situations, we will inform you of our intended action prior to making any such uses and disclosures and will, at that time, offer you the opportunity to object.

Notifications to friends and family. We may disclose PHI to your relatives, close friends or any other person identified by you if the PHI is directly related to that person’s involvement in your care or payment for your care. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may also use and disclose your health information for the purpose of locating and notifying your relatives or close personal friends of your location, general condition or death, and to organizations that are involved in those tasks during disaster situations.

Other uses and disclosures authorized by the HIPAA Privacy Rule. We may use and disclose PHI about you in the following circumstances, provided that we comply with certain legal conditions set forth in the HIPAA Privacy Rule.

Required by law. We may use or disclose PHI as required by federal, state, or local law if the disclosure complies with the law and is limited to the requirements of the law.

Public health activities. We may disclose PHI to public health authorities or other authorized persons to carry out certain activities related to public health, including to:

      • Prevent or control disease, injury, or disability or report disease, injury, birth, or death;
      • Report child abuse or neglect;
      • Report information regarding the quality, safety, or effectiveness of products or activities regulated by the federal Food and Drug Administration;
      • Notified a person who may have been exposed to a communicable disease in order to control who may be at risk of contracting or spreading the disease; or
      • Report to employers, under limited circumstances, information related primarily to workplace injuries or illness or workplace medical surveillance.

Abuse, neglect, or domestic violence. We may disclose PHI to proper government authorities if we reasonably believe that you (or others) have been or may be a victim of domestic violence, abuse, or neglect.

Health oversight. We may disclose PHI to a health oversight agency for oversight activities including, for example, audits, investigations, inspections, licensure and disciplinary activities and other activities conducted by health oversight agencies to monitor the healthcare system, government healthcare programs, and compliance with certain laws.

Legal proceedings. We may disclose PHI as expressly required by the court or administrative tribunal order or in compliance with state law in response to subpoenas, discovery requests or other legal process when we receive satisfactory assurances that efforts have been made to advise you of the request or to obtain an order protecting the information requested.

Law enforcement. We may disclose PHI to law-enforcement officials under certain specific conditions where the disclosure is:

      • About a suspected crime victim if the person agrees or, under limited circumstances, we are unable to obtain the person’s agreement because of incapacity or emergency;
      • To alert law enforcement of a death that we suspect was the result of criminal conduct;
      • In response to authorized legal process or required by law;
      • To identify or locate a suspect, fugitive, material witness, or missing person;
      • About a crime or suspected crime committed on our premises; or
      • In response to a medical emergency not occurring on our premises, if necessary to report a crime.

Coroners, medical examiners or a funeral directors. We may disclose PHI regarding descendants to a corner, medical examiner or funeral director so that they may carry out their jobs. We may also disclose such information to a funeral director in reasonable anticipation of death.

Organ donation. We may disclose PHI to organizations that help procure, locate, and transplant organs in order to facilitate organ, eye, or tissue donation and transplantation.

Threat to health or safety. In limited circumstances, we may disclose PHI when we have a good faith belief that the disclosure is necessary to prevent a serious and imminent threat to the health or safety of a person or to the public.

Specialized government functions. We may disclose PHI for a certain specialized government functions, such as military and veteran activities, national security and intelligence activities, protective services for the President and others, medical sustainability determinations, and for certain correctional institutions or in other law-enforcement custodial purposes.

Workers’ compensation. We may disclose PHI in order to comply with the law relating to workers’ compensation or other similar programs.

Research. We may disclose PHI under limited circumstances for research projects that have been evaluated and approved through an approval process that takes into account your need for privacy. We must obtain a written authorization to use and disclose PHI about you for research purposes except in situations where research project meets specific, detailed criteria established by the HIPAA Privacy Rule to ensure the privacy of PHI.

Emergencies. We may use or disclose your PHI in an emergency treatment situation in compliance with applicable laws and regulations.

With your written authorization. Your written authorization generally will be obtained before we use or disclose psychotherapy notes about you that may be in our possession. Psychotherapy notes are separately filed notes about your conversations with a mental health professional during a counseling session; summary information about your mental health treatment does not constitute psychotherapy notes. In addition, your written authorization will be obtained for uses and disclosures of PHI, for marketing purposes and disclosures that constitute a sale of PHI, unless use and disclosure is permitted without your authorization. Except as described in this notice, all other uses and disclosures of your PHI will be made only with your written authorization. If you have authorized us to disclose or use PHI about you, you may revoke your authorization at any time, except to the extent that we have taken action based on the authorization (e.g., you cannot revoke with respect to disclosures that have already been made.)

Limited data set/minimum necessary. The amount of health information used or disclose in accordance with the above provisions will be limited, to the extent practicable, to a limited data set, or if needed by the practice, to the minimum necessary to accomplish the intended purpose of the use, disclosure or request, respectively. Practice commits to complying with any guidance issued in the future that relates to the minimum necessary use or disclosure of PHI.

Your Rights Regarding Your Protected Health Information

The HIPAA Privacy Rule gives you several rights with regard to your PHI these rates include:

Right to request restrictions. You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payments or healthcare operations, or that we disclose to those who may be involved in your care or payment for your care. In the instances where you have paid for healthcare items or services out of pocket in full, we are required upon request to restrict disclosures of PHI to your health plan. In all other instances, while we consider a patient’s restriction request, we are not required to agree to it. If we do agree to your request, we will comply with your request except as required by law or for emergency treatment. To request restrictions, you must make your request in writing on our Request for Additional Restrictions on Communication Form to our Privacy Officer at the address listed on the last page of this notice.

Right to receive confidential communications. You have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. For example, you may request that we contact you at home rather than at work. You must make your request in writing by submitting the request for alternative communication forms specifying how you would like to be contacted (for example, to a post office box and not your home) to the Privacy Officer. We will accommodate all reasonable requests.

Right to inspect and copy. You have the right to inspect and receive a copy of your PHI contained in records we maintain that may be used to make decisions about your care. These records usually include your medical and billing records that we may maintain, but do not include psychotherapy notes, information gathered or prepared for a civil, criminal, or administrative proceeding, or PHI that is subject to law that prohibits access. To inspect and copy your PHI, you must make a request on the Request for Access Form to the practice’s Privacy Officer at the address listed below. If you request a copy of PHI about you, we may charge you a reasonable fee for the copying, postage, labor and supplies used in meeting your request. If and only to the extent that the practice uses or maintains your PHI in electronic format and, upon your request, we will transmit such copy directly to an entity or individual of your designation, provided that such designation is made clear, conspicuous and specific. We may charge you a fee for providing your PHI in electronic form equal to our labor costs incurred in responding to your request. We may deny your request to inspect and copy PHI only under limited circumstances, and in some cases, a denial of access may be reviewable.

Right to amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information for as long as such information is kept by us or for us. You must submit your request to amend in writing on the Request for Amendment of Patient Information Form to the Privacy Officer and give us a reason for your request. We may deny your request in certain cases. If your request is denied, you may submit a written statement disagreeing with the denial, which we will keep on file and distribute with future disclosures of the information to which it relates.

Right to receive an accounting of disclosures. You have the right to request a list of certain disclosures of PHI made by us during a specific period of up to six years prior to the request, except disclosures: (i) for treatment, payment or healthcare operations, unless, as of the date required by the HITECH Act and only to the extent that the practice uses or maintains an EHR for you, such disclosures are made through your EHR (in which case the list of disclosures will be limited to those made in the three years prior to the date of your request, subject to certain restrictions); (ii) made to you; (iii) to persons involved in your care or for the purpose of notifying your family or friends of your whereabouts; (iv) for national security or intelligence purposes; (v) made pursuant to your written authorization; (vi) incidental to another permissible use or disclosure; (vii) for certain notification purposes (including national security, intelligence, correctional, and law-enforcement purposes); or (viii) made before April 14, 2003. If you wish to make such a request, please contact the Privacy Officer. The first accounting that you request in a 12 month period will be free, but we may charge you for the reasonable cost of providing additional lists in the same 12 month period. We will tell you about these costs, and you may choose to cancel your request at any time before costs are incurred.

Right to a paper copy of this notice. You have the right to receive a paper copy of this notice at any time. You are entitled to a paper copy of this notice even if you have previously agreed to receive this notice electronically. To obtain a paper copy of this notice, please contact the Privacy Officer.

The right to be notified of a breach of unsecured PHI. We are required by law to maintain the privacy of your PHI and to notify you if a breach of your unsecured PHI occurs.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us, or the Secretary of the United States, Department of Health and Human Services. To file a complaint with our office, please contact our Privacy Officer. We will not take action against you in anyway for filing a complaint.

Questions

If you have any questions or need additional information about this notice, please contact our Privacy Officer:

HIPAA Privacy Officer
Somi Javaid MD and Associates, LLC
8350 East Kemper Road, Suite A
Cincinnati, OH 45249

The form of this notice was published and first became effective July 1, 2015.