Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information.

Please review it carefully.

A Covered Entity, as that term is defined under Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), is required by law to maintain the privacy of your medical information and to provide you with notice of its legal duties and privacy practices with respect to this information. Certain entities that operate on a cash-pay or self-pay basis, who do not bill third-party payors, or perform other types of covered transactions under the law, are not considered a Covered Entity under HIPAA. Nonetheless, Oak Concierge Medicine seeks to comply with requirements under the law, to ensure our patients privacy is protected in accord with the federal standards. The purpose of this notice is to provide you with that information.

Any information that is about your health, the health care you receive, or payment for that care is considered confidential and protected by Oak Concierge Medicine. We will abide by the terms of the notice that is currently in effect at the time your medical information is used or disclosed.

We reserve the right to change the terms of this notice and to make the new notice provisions effective for all medical information that we maintain. We will post a copy of the current notice in our office. In addition, each time you are treated by Oak Concierge Medicine or provided health care services, you may request a copy of the current notice in effect.

Section A

We may use and/or disclose your medical information for purposes of treatment, payment and Health care operations.

The following is a description and example of the ways in which we may use and/or disclose your medical information:

  • For Treatment: We may provide medical information about you to health care providers, other Oak Concierge Medicine personnel, or third parties who are involved in the provision, management or coordination of your care. For example:
    • Health care Professionals: Your medical information will be shared among physicians and nurses involved in your care.
    • Appointment Reminders: We may use and disclose medical information to provide appointment reminders or information about treatment alternatives or other health-related benefits.
  • For Payment: We may use and/or disclose your medical information so that we can collect or make payment for the health care services you receive or are going to receive.

We may also disclose your medical information to another health care provider, a health plan, or a health care clearinghouse for the payment activities of that entity.

  • For Health Care Operations: We may use and/or disclose your medical information for our activities and operations. These uses and disclosures are necessary to run Oak Concierge Medicine and to make sure that all of our patients receive quality care. For example:
    • Quality Improvement: We may use or disclose your medical information to review quality of care or competence of health care providers.
    • Fundraising Activities: We may use or disclose your demographic information and the dates that you received treatment as necessary to contact you for fundraising purposes. You may opt out of receiving fundraising communications by delivering written notice to the Privacy Officer.
    • Sale: We may need to disclose your medical information if we ever sell or transfer Oak Concierge Medicine.

For quality-related or fraud and abuse activities, if you have or had a relationship with another health care provider, a health plan, or a health care clearinghouse, we may also disclose your medical information to that entity for those types of health care operations.’

Section B

We may use or disclose your medical information without your written authorization.

The following is a description of ways in which we may use and/or disclose your information for which an authorization or an opportunity to agree or object is not required:

  • As Required By Law: We may use or disclose your medical information to the extent required by law, provided that the use or disclosure complies with and is limited to the relevant requirements of such law.
  • Public Health Activities: To the extent authorized or required by law, we may disclose your medical information to a public health authority to report a birth, death, disease or injury, as part of a public health investigation, or to report child or adult abuse, or domestic violence.

To the extent authorized or required by the Food and Drug Administration (“FDA”), we may disclose your medical information to a person or organization authorized to report

adverse events, track products, enable product recalls, repairs, or replacement, and/or conduct post marketing surveillance. This means we may disclose to non-governmental persons information about the quality, safety and effectiveness of FDA regulated products and activities.

  • Victim of Abuse, Neglect or Domestic Violence: If we believe you have been a victim of abuse, neglect or domestic violence, we may disclose your medical information to a government authority. We will make this disclosure if it is necessary to prevent serious harm to you or other potential victims, you are unable to agree due to your incapacity, you agree to the disclosure, or when required by law.
  • Health Oversight Activities: We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include but are not limited to, audits, investigations, inspections, and licensure. These activities are necessary for appropriate oversight of the health care system, government benefit and regulatory programs, and compliance with civil rights laws.
  • Judicial and Administrative Proceedings: We may disclose medical information about you as required by a court or administrative order, or under certain circumstances in response to a subpoena, discovery request or other legal process.
  • Law Enforcement: We may release medical information to law enforcement officials as required by the law. Under limited circumstances we may release your medical information to report a crime or in response to a court order, grand jury subpoena, warrant, or administrative request.
  • Decedents: Consistent with applicable law, we may release medical information to a coroner, medical examiner, or funeral director.
    Organ, Eye and Tissue Donation: For the purpose of facilitating organ, eye or tissue donation and transplantation, we may use or disclose medical information to organizations that engage in procurement, banking, or transplantation of cadaveric organ, eye or tissue transplantation.
  • Organ, Eye and Tissue Donation: For the purpose of facilitating organ, eye or tissue donation and transplantation, we may use or disclose medical information to organizations that engage in procurement, banking, or transplantation of cadaveric organ, eye or tissue transplantation.
  • Research: If a researcher has obtained the required waiver, from the Institutional Review Board or the Privacy Board, and has demonstrated that the information is necessary to the research and possesses a minimal risk of inappropriate use or disclosure, we may use and disclose medical information about you for research purposes. If a researcher has not obtained the required waiver, we will not disclose your medical information without your written authorization, other than in a limited data, set as described below.
  • Limited Data Set: For purposes of research, public health, or health care operations, it may be necessary to use or disclose some of your medical information for activities or to persons we are not otherwise authorized to give your information to. In this situation, we may use your medical information to create a limited data set in which certain required direct identifiers (such as your name) have been removed. We will disclose the information in the limited data set for these purposes only if we have obtained satisfactory assurances from the recipient that the recipient will only use or disclose the information for limited
    purposes.
  • To Avert a Serious Threat to Health or Safety: We may use and disclose medical information about you when we believe in good faith disclosure is necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
  • Specialized Government Functions: Medical information may be disclosed for military and veterans’ affairs, for national security and intelligence activities, or for correctional
    activities.
  • Workers’ Compensation: We may release medical information about you as necessary to comply with laws relating to workers’ compensation or similar programs that are established by the law to provide benefits for work-related injuries or illness without regard to fault.
  • Business Associates: We may disclose your information to a person or organization that performs a function or activity on behalf of Oak Concierge Medicine that involves the use or disclosure of protected health information, such as a billing services company. In addition, if a business associate is not a person or organization that we are otherwise permitted to disclose medical information to, we will only use or disclose your information to that person or organization if we have obtained adequate assurances that the business associate will appropriately safeguard the information.
  • Personal Representative: We may disclose your information to a person who has the authority, under the law, to act on your behalf in making decisions related to health care.

The following is a description of ways in which we may use and/or disclose your information after we have given you an opportunity to object.

We will attempt to obtain your permission prior to making a disclosure for these purposes. This permission may be oral. If we are unable to obtain your permission because you are incapacitated or we are unable to reach you, we may use or disclose some or all this information, if (1) based on our professional judgement use or disclosure is in your best interest or (2) use or disclosure of this information is consistent with your previously expressed preference.

  • Individuals Involved in Your Care or Payment for Your Care: We may release relevant medical information about you to a friend or family member who is involved in your
    medical care. We may also notify these individuals of your location, general condition, or death.
  • Disaster Relief: We may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.

Section C

We may use and/ or disclose your medical information for other purposes once we have obtained your written authorization.

Other uses and disclosure of medical information not covered by this notice or the laws that apply to us will be made only with your written authorization. You may revoke this authorization, in writing, at any time. However, this revocation will not apply to the extent we have taken action in reliance on that authorization. For example:

Marketing: We’ll obtain your authorization prior to any use or disclosure for marketing purposes.

Sale of Protected Health Information: We’ll obtain your authorization prior to any use or disclosure that constitutes a sale of Protected Health Information that is not otherwise incorporated into an appropriate health care operation.

Section D

Your rights regarding medical information about you

  • Right to Request Restrictions: You have the right to request a restriction or limitation on the medical information we disclose about you for treatment, payment, or health care operations. You also have the right to request a limit on the medical information we disclose about you for notification purposes or to someone who is involved in your care or the payment of your care, like a family member or friend.

    We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.

    To request a restriction, you must make your request in writing to our Privacy Officer. The requested restriction will not be effective unless and until it has been reviewed and approved by the Privacy Officer. For purposes of ensuring proper documentation, we may require that you make your request using a form that we give you.

    We may terminate an agreed upon restriction without your consent. In that situation, the restriction will only apply to protected health information created or received before you were informed of the termination of the restriction.

  • The Right to Receive Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to our Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. To comply with this request we may ask you to (1) provide information as to how payment will be handled and (2) specify an alternative method of contact. For purposes of ensuring proper documentation, we may require that you make your request using a form that we give you.
  • Right to Inspect and Copy: You have the right to inspect and obtain a copy of most of your medical information maintained in a paper or electronic record at Oak Concierge Medicine; you must submit your request in writing to our Privacy Officer. For purposes of ensuring proper documentation, we may require that you make your request using a form that we give you. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.

    We may deny your request to inspect and obtain a copy in certain limited circumstances. If you are denied access, you may have the right to request that the denial be reviewed. Another licensed health care professional chosen by Oak Concierge Medicine will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

  • Right to Amend: If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment to your paper or electronic record for as long as the information is kept by Oak Concierge Medicine. To request an amendment, your request must be made in writing and submitted to our Privacy Officer. In addition, you must provide a reason that supports your request. For purposes of ensuring proper documentation we may require that you make your request using a designated form. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition we may deny your request if you ask us to amend information that (1) was not created by us; (2) is not part of the medical information kept by or for Oak Concierge Medicine; (3) is not part of the information which you would be permitted to inspect and copy; or (4) is accurate and complete.
  • Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures. This is a list of the disclosures we made of medical information about you. You have the right to request an accounting of certain disclosures by the covered entity for a period of time as far back as six years from the date of your request. To
    request an accounting you must submit a written request to our Privacy Officer. Your request should indicate in what form you want the list (for example, on paper, electronically). We will comply with your request within sixty (60) days or we will provide you with an explanation for the delay. The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

    The right to an accounting does not apply to all disclosures. For example, you do not have a right to an accounting of disclosures pursuant to an authorization, disclosures to carry out treatment, payment, or health care operations, or disclosures of a limited data set.

  • Right to a Paper Copy of This Notice: You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. You may view an electronic copy of this notice on our website at https://oakconciergemedicine.com. To obtain a paper copy of this notice, you may print one from our website, ask for a copy when being treated by Oak Concierge Medicine, or you may contact our Privacy Officer.
  • Complaints: If you believe your privacy rights have been violated, you may file a complaint with Oak Concierge Medicine or with the Secretary of the Department of Health and Human Services. To file a complaint with Oak Concierge Medicine, you must submit complaint in writing to our Privacy Officer at:

    Privacy Officer
    Oak Concierge Medicine
    (386) 688-7988

    You will not be retaliated against for filing a complaint.

  • Questions? For further information about matters covered by this notice you may contact our Privacy Officer, Stefan Mann, M.D., by e-mail at stefansmann@gmail.com or by telephone at (386) 688-7988.