Southeast Diabetes, Inc. Notice of Privacy Practices
This notice describes the obligations that Southeast Diabetes, Inc. has to keep your medical information confidential, the circumstances of when we may use or disclose such information, and how you can get access to your information. Please review this notice carefully.
This Notice of Privacy Practices (“Notice”) applies to Protected Health Information created or received by Southeast Diabetes, Inc. doing business as Southeast Diabetes, Inc., also referred to as SDI in this Notice of Privacy Practices. This Notice explains how this information may be used and shared with others. It also explains your privacy rights regarding this kind of information.
SDI complies with U.S. laws regarding the protection and security of health information, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended. We are required to provide all patients a copy of this Notice, follow the terms of this Notice currently in effect, and notify you in the event there is a breach of any unsecured protected health information about you.
How SDI May Use and Disclose Your Protected Health Information
Protected Health Information
“Protected health information” is information that may identify you and that relates to your physical or mental health or condition, related health care services, or your coverage or payment for health care. We are committed to safeguarding all protected health information collected about you, while providing health-related products, services, education and/or training.
Examples of protected health information include:
Information about your health condition (e.g., your blood glucose levels);
Information about health care products or services provided to you (e.g., insulin pumps or training on the use of an insulin pump); Geographic information (e.g., your home or work address); Demographic information (e.g., your race, gender, ethnicity, or age); Unique numbers that may identify you (e.g., your Social Security Number, phone number(s), or driver’s license or state certificate number); or
Other types of information that may identify you.
Treatment, Payment, or Health Care Operations
Treatment. We may disclose protected health information to your providers for treatment, including the provision of care (diagnosis, cure, etc.) or the coordination or management of that care.
Payment. We may use and disclose your protected health information to receive payment for our products and services. Payment activities may include sending claims or bills to your health insurance carrier, HMO or medical plan, reviewing the medical necessity of the services rendered with your physician, and coordinating the payment of benefits between medical plans.
Healthcare Operations. We may use and disclose your protected health information for plan operational purposes. For example, conducting our normal business operations, such as processing and fulfilling your product or services orders, undertaking surveys and patient feedback, verification with your health insurance carrier that you are eligible for benefits under the plan, quality control activities of our organization and service and training.
Friends and Family Involved in Your Care; Emergencies
We will only disclose protected health information to those taking care of you, helping to pay your medical bills, or other close family member or friends if these people need to know this information to help you, and then only to the extent permitted by law. If you need emergency treatment and we are unable to obtain your consent, we may share your protected health information with a family member, relative, or close personal friend who is involved in your care, or payment for that care. We may also notify, or assist others in notifying, a family member, friend, or another person responsible for your care about your location, general condition, or about your death. In some cases, we may need to share your protected health information with a disaster relief organization that will help us notify these persons.
To Government Agencies or Officials
We may disclose your protected health information to authorized public health officials (or a foreign government agency collaborating with such officials) to carry out public health activities (e.g., government officials who are responsible for controlling disease, injury, or disability). We may also release your protected health information to government agencies (e.g., DHHS) authorized to conduct audits, investigations, and inspections of our facilities or privacy practices. These government agencies can monitor the operation of the health care system, or compliance with government regulatory programs or civil rights laws.
Product Monitoring, Repair and Recall
We may disclose your protected health information to the U.S. Food and Drug Administration (FDA) to: (1) collect, report or track adverse events, product defects or problems; (2) repair, replace, or recall defective or dangerous products; or (3) monitor the performance of a product after it has been approved for use by the general public.
As Required By Law; Lawsuits and Other Proceedings
We may disclose your protected health information if required to do so by federal, state, or local law, or if ordered by a court or by another properly authorized body (e.g., in response to a subpoena, discovery request, or other legal request made by someone involved in the dispute, if we receive satisfactory assurances either that (1) you were notified of the request; or (2) the parties to the dispute have agreed to a qualified protective order regarding your health information). We may disclose information in the context of civil litigation where you have put your condition at issue in the litigation.
We may release medical information about you to authorized federal officials for intelligence, counter-intelligence, and other national security activities only as required by law. We may disclose medical information about you to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state, or conduct special investigations only as required by law.
We may disclose your medical information to law enforcement officials to: comply with court orders, subpoenas, or warrants. In addition, we are required to report certain types of wounds, such as gunshot wounds and some burns. In most cases, reports will include only the fact of injury, and any additional disclosures would require your consent or a court order.
We may also release information to law enforcement that is not a part of the health record (non-medical information) for the following reasons: 1) to assist law enforcement officers with identifying or locating a suspect, fugitive, witness, or missing person; 2) if you have been the victim of a crime and we determine that (i) we have been unable to obtain your consent because of an emergency or your incapacity, (ii) law enforcement officials need your information immediately to carry out their law enforcement duties, and (iii) in our professional judgment disclosure to these officials is in your best interests; 3) if we suspect that your death resulted from criminal conduct; 4) about criminal conduct at our facility; and 5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.
To Avert a Serious Threat to Health or Safety
We may use or disclose your protected health information when necessary to prevent a serious threat to your health or safety, or to the health or safety of another person or to the public. In such cases, we will only disclose your protected health information to someone able to help prevent the threat, including the target of the threat.
Military and Veterans
If you are in the Armed Forces, we may disclose protected health information about you to appropriate military command authorities if required to do so by law, or when we have your written consent. We may also release protected health information about foreign military personnel to the appropriate foreign military authority as required by law or with your written consent.
Inmates and Correctional Institutions
If you are an inmate or you are detained by a law enforcement officer, we will disclose your protected health information to prison or law enforcement officials only as permitted by law.
We may disclose your protected health information as authorized by and to the extent necessary to comply with laws relating to workers’ compensation or similar programs that provide benefits for work-related injuries or illness.
Coroners, Medical Examiners, and Funeral Directors
We will disclose your protected health information to a coroner or medical examiner in the case of certain types of death, and we must disclose health records upon the request of the coroner or medical examiner (e.g., to determine the cause of death or for identification purposes) We may also release the fact of death and certain demographic information about you to funeral directors as necessary to carry out their duties.
In most cases, we will ask for your written authorization before using or disclosing your protected health information with others to conduct research. However, under some cases, we may use and disclose your protected health information without prior authorization when the research has been approved by an Institutional Review Board or Privacy Board.
Under no circumstances, however, would we allow researchers to use your name or identity publicly. We may also use or disclose protected health information for research purposes if we remove all identifying information (e.g., your name, telephone number, Social Security number, medical record number and account number). Also, in some cases, researchers may be permitted to use information in a limited way to determine whether the study or the potential participants are appropriate. Finally, if there is a death, we may share the deceased’s protected health information with people who are conducting research using the information of deceased persons.
Victims of Abuse, Neglect, or Domestic Violence
We may release your protected health information to a public health authority that is authorized to receive reports of abuse or neglect of a child or vulnerable adult, or in the case of domestic violence. We will make an attempt to obtain your permission before releasing this information, but in some cases we may be required or authorized to act without your permission.
Education and Information
We may use your protected health information to inform you about new, updated, or alternative products and therapies, conducting relevant or necessary training on new or existing products, providing educational or self-help programs, or invitations for special programs, events, or offers on existing products.
Except as described in this Notice, we will obtain your written authorization or consent before using your protected health information or disclosing it to persons or organizations outside of SDI. Also, we will obtain an authorization for any communications with you for marketing purposes, or any disclosures that constitute a sale of protected health information. You may revoke any written authorization you have provided to us in writing, at any time. If you revoke your authorization, we will no longer use or disclose your protected health information for the reasons covered by your written authorization, except to the extent that we have made any use(s) or disclosure(s) of your protected health information in reliance on an existing authorization. We are unable to take back any disclosures we have already made with your permission, and we are required to retain our records of the care that we have provided to you. To revoke an authorization, please send your request in writing with a copy of the authorization being revoked (or, if not available, a detailed description of the authorization including the date) to our Privacy Compliance Manager at the address below.
How You Can Access And Control Your Protected Health Information:
Inspect and Copy Records
You may request a copy of your protected health information for inspection, which includes your medical and billing records. Under certain other circumstances, we may deny your request for a copy of your protected health information. If we deny any part of your request, we will provide a written explanation of the reasons, but provide complete access to the remaining parts.
To obtain a copy of your protected health information, submit your request in writing to the Patient Services Department. We may charge a reasonable fee for the costs of copying, mailing, or other supplies we use to fulfill your request, to the extent permitted by state and federal law.
If we maintain your health information electronically as part of a designated record set, you have the right to receive a copy of your health information in electronic form upon your request (e.g., requesting the copy to be sent in an e-mail communication). You may also direct us to transmit your health information (whether in hard copy or electronic form) directly to an entity or person clearly and specifically designated by you in writing.
If you believe that your protected health information is incorrect or incomplete, you may ask us to amend the protected health information, for as long as we retain your information. To request an amendment, please submit a written request to our Privacy Compliance Manager at the address below. Your request must include your reason for the request. We may deny your request for an amendment if it is not in writing or does not include your reason for the request. In addition, we may deny your request if you ask us to amend information that: 1) was not created by us, unless the person or entity that created the information is no longer available to make the amendment; 2) is not part of the medical information we maintain; 3) is not part of the information you would be permitted to inspect and copy; or 4) is accurate and complete.
Accounting of Disclosures
You may request an “accounting of disclosures”, i.e., how we have shared your protected health information with other persons or organizations within the past six (6) years. This accounting, however, will not include disclosures that were made directly to you; pursuant to your authorization; in accordance with other permissible purposes (e.g., treatment, payment, or health care operations); disclosures for national security or intelligence purposes; disclosures to correctional institutions or law enforcement with custody of you; disclosures that took place before June 15, 2009; or certain other disclosures. To request an accounting, please write to our Privacy Compliance Manager at the address below, including the specific time period for the disclosures. The accounting period may not go back further than six years from the date of this request. You may receive one free accounting in any 12-month period. We will charge you for additional requests based on the reasonable costs involved in providing this to you.
Right to Request Restrictions
You may request a restriction or limitation on the medical information we use or disclose about you. If you directly pay for a product or service in full (without obtaining insurance coverage), then you may request that we not disclose any information pertaining to such purchase to your health plan for purposes of payment or health care operations. We must agree to this restriction when the information pertains solely to the product or service for which you have paid in full; we may not agree to this request, however, when the law requires us to submit a claim to a health plan and prohibits us from accepting payment from you.
We are not required to agree to any other requests. If we do agree to any other requests, we will comply with such request unless the information is needed to provide you with emergency treatment or in similar circumstances.
To request such a restriction, please write to our Privacy Compliance Manager at the address below and tell us: 1) what information you would like to limit; 2) whether you would like to limit our use, disclosure, or both; and 3) to whom you want the limits to apply.
You may request that we contact or send protected health information to you in a certain way or at a certain location, such as only at work or home, or only by mail. To request a confidential communication, please write to our Privacy Compliance Manager at the address below and state how or where you wish to be contacted. We will not ask you the reason for your request, and we will accommodate all reasonable requests.
Right to a Paper Copy of this Notice
You have the right to receive a paper copy of this notice, and may ask us for a copy of this notice any time.
Complaints and Privacy Compliance Manager contact for Southeast Diabetes, Inc.*
If you believe your protected health information has not been safeguarded, protected, or handled as required by law or pursuant to the terms of this Notice, you may file a complaint with SDI by submitting your complaint in writing to our Privacy Compliance Manager. SDI will not retaliate or take action against you for filing any such complaint. If you wish, you may also file a complaint or seek resolution with the Secretary of Health and Human Services (200 Independence Avenue, S.W. Washington, D.C. 20201; (202) 619-0257; www.hhs.gov/ocr/office/index.html). If you have any questions about this Notice, please contact the Privacy Compliance Manager:
Southeast Diabetes, Inc.
ATTN: Privacy Compliance Manager
31 Inverness Ctr Pkwy, Ste 400
Birmingham, AL 35242
Changes to This Notice
The effective date of this Notice is November 12, 2014, and it has been updated on September 17, 2017. We reserve the right to change this Notice, and to make the revised or changed Notice effective for medical information we already have about you, as well as any information we receive in the future. If the terms of this Notice are changed, we will provide you with a revised Notice only upon request, and we will post the revised Notice on our website.