hipaa and privacy notice
Sameday Healthcare takes securing your data seriously. Below are details on how we collect and use your data, as well as how we secure your sensitive patient information.
our responsibility
As your healthcare provider, we are obligated by law to safeguard the confidentiality of your health information. This Notice outlines our legal responsibilities, privacy protocols, and your entitlements regarding your health data.
what is phi?
In this Notice, we will use the term "PHI" to refer to your protected health information. This includes details that identify you and reports concerning the care and services you receive at hospitals or clinics. Examples of PHI encompass information related to your diagnosis, medications, insurance status and policy number, payment details, social security number, address, and other demographic particulars.
​
This Notice regarding our privacy practices outlines the methods, occasions, and reasons for which we utilize and share your PHI. We are committed to using or disclosing only the necessary amount of your PHI for the intended purpose, with certain exceptions.
uses for your phi
Sameday Healthcare is permitted by law to utilize and share your health information with others without requiring your authorization for various reasons. The following examples outline the categories of uses and disclosures we may undertake without your explicit consent. Please note that not every use or disclosure within each category is enumerated, and these descriptions are general in nature. Where state or federal law imposes restrictions on any of the described uses or disclosures, we adhere to the requirements of such laws.
​
Treatment: We may use and disclose medical information about you to healthcare professionals involved in your care, such as physicians, nurses, and technicians. For instance, if you are undergoing treatment for a knee injury, we may disclose your PHI to providers involved in your care. Additionally, other healthcare professionals like pharmacists, lab technicians, and x-ray technicians may share information to coordinate your care. We may also share information with physicians who referred you to our clinic or with healthcare providers not affiliated with us who are involved in your treatment.
​
Payment: Your PHI may be used and disclosed to facilitate billing and payment for the treatment and services provided to you. For example, we may share PHI with a payer to obtain approval for treatment or hospital admission. Additionally, we may disclose your health information to another provider who has treated you for billing purposes.
​
Healthcare Operations: We may use and disclose your PHI as part of our operational activities. This includes evaluating the quality of healthcare services you received or assessing the performance of healthcare professionals involved in your care.
​
Business Associates: Your health information may be shared with "business associates" who provide services on our behalf. These associates must agree in writing to maintain the confidentiality of your information. For example, we may share your health information with a billing company that handles our invoicing processes.
​
Appointment Reminders and Health-related Benefits or Services: We may use your PHI to provide appointment reminders or information about treatment alternatives or other healthcare services. If you provide us with your mobile telephone number, we may contact you via phone or text message for treatment-related purposes, such as appointment reminders or wellness checks. We will identify ourselves as the sender of such communications and provide you with the option to opt out.
​
Public Health Activities: Medical information about you may be disclosed for various public health activities, including disease prevention or control. This may involve sharing information with public health authorities, reporting cases of abuse or neglect, monitoring the safety and effectiveness of products regulated by the FDA, notifying individuals who may have been exposed to a disease, or providing proof of required immunizations to schools with parental consent.
​
Law Enforcement: We may disclose certain medical information to law enforcement authorities for various purposes, such as reporting certain injuries as required by law, responding to legal mandates like court orders or subpoenas, or assisting in identifying or locating suspects or missing persons.
​
Threats to Health or Safety: Under certain circumstances, we may use or disclose your medical information to prevent a serious threat to health and safety. This includes situations where we believe disclosure is necessary to prevent harm or aid law enforcement in apprehending individuals involved in criminal activities.
​
Abuse, Neglect, or Domestic Violence: We may notify appropriate government authorities if we suspect you have been a victim of abuse, neglect, or domestic violence, unless such disclosure is prohibited by law or if you object to such disclosure.
​
Judicial and Administrative Proceedings: If you are involved in a legal dispute, we may disclose medical information about you in response to a court order, subpoena, or similar lawful process.
​
Health Oversight Activities: We may disclose PHI to health oversight agencies for auditing, investigation, inspection, licensure, and other authorized activities.
​
Deceased Individuals: We are required to safeguard your medical information for a certain period after your death and may disclose it to coroners, medical examiners, funeral directors, or personal representatives as needed.
​
Workers' Compensation: We may disclose PHI about you for workers' compensation or other programs that offer benefits for work-related injuries or illnesses.
​
Required by Law: We will use and disclose your information as required by federal, state, or local law.
How we secure your phi
DrChronos and OnPatient are EHR platforms and messengers we use to maintain security of your medical records. These are companies that also have access to your data, and have separate privacy policies as linked below.
​
https://www.onpatient.com/privacy/
https://www.drchrono.com/ehr-emr/privacy-policy/
​
You retain the right to revoke any authorization you've given at any time by adhering to our authorization policy and following the instructions provided in our authorization form. It's important to note that any revocation you make will not impact uses and disclosures made in reliance on your initial authorization. Examples of when we need to request consent are for use that are not listed above; marketing, sales, etc.
know your rights
Request Restrictions: You can request that we refrain from using or disclosing certain PHI for treatment, payment, or healthcare operations purposes. For instance, if you've paid for services out of pocket, we won't share information about those services with your payor unless required by law. While we'll consider your request, we're not legally obligated to accept it, except in emergencies. If accepted, we'll document any limits in writing and adhere to them. However, you can't limit uses and disclosures required or allowed by law. To request a restriction, contact the Privacy Officer listed at the end of this Notice.
​
Request Confidential Communications: You can ask us to send PHI to a different address or contact you about your health information in a specific manner. For example, you may prefer appointment reminders and test results sent to a PO Box. We'll accommodate reasonable requests without needing a reason. To make a request, inform the Privacy Officer at the address provided at the end of this Notice.
​
Inspect and Copy: You have the right to review and obtain copies of much of the medical information we maintain about you, with some exceptions. This typically includes medical and billing records. If the information is electronic and you request an electronic copy, we'll provide it in your preferred format if feasible. If not, we'll agree on an alternative format. You can also direct us to send your medical information to another person. Send written requests for access or copies to Release of Information (for medical information) or Patient Financial Services (for billing). We'll generally respond within 30 days but may require more time in certain cases. A fee may apply as allowed by law.
​
Amendment: You can ask us to amend certain medical information in your records if you believe it's incorrect or incomplete. We'll respond within 30 days, explaining any denials. Submit written requests for amendments to Release of Information.
​
Paper Copy of this Notice: You can request a paper copy of this Notice at any time, even if you've opted to receive it electronically. You can obtain a copy at various locations throughout our facilities or request it to be sent to you.
​
Notification in the Case of Breach: We're obligated by law to notify you of a breach of your unsecured medical information. We'll provide this notification promptly, within 60 days of discovering the breach.
​
How to Exercise These Rights: All requests must be made in writing. We'll respond promptly following our written policies and legal requirements. Contact the offices noted below in this Notice for request forms or inquiries.
​
For questions, concerns or request; email adpersaud@sdhcw.com.
​