Notice of Privacy Practices for Protected Health Information
Effective Date: June 1, 2013
Updated: August 1, 2015
If you have any questions or concerns about this notice, please contact: Privacy Officer at 801-516-5508, firstname.lastname@example.org or Legal Department 261 West Data Drive, Draper, Utah 84020.
Our Responsibilities: The Health Insurance Portability and Accountability Act (HIPAA) of 1996 and its related rules and regulations dictate the privacy practices that health care organizations and their partners are obligated to follow with respect to medical information about you. The law requires us to: (1) keep medical information about you confidential, as provided for by state and federal law; (2) notify you of our legal duties and privacy practices with respect to medical information about you; and (3) abide by the terms of our most current version of this notice.
Uses and Disclosures of Medical Information about You: The following is a list of ways in which we may use and disclose medical information about you. We may:
- use your medical information to provide you with treatment or services, such as to fill your order and confirm your contact lens prescription. We also may use medical information about you for purposes of contacting you, for appointment reminders, possible treatment options and alternatives, health related benefits or services that may be of interest to you.
- use your medical information to receive payment for the services we provide, such as to bill and collect payment from you, your insurance company or a third party payer.
- use your medical information to support our operational activities such as comparing patient data to improve our operations or assessing the care and outcomes in your case and others like it.
- use medical information about you to interact with our business associates that we have contracted with to perform specific functions for us and help us do our jobs. Our partners are required by contract and by law to protect medical information about you in the same manner as we do.
- disclose medical information about you to other organizations, subject to certain requirements, without prior authorization, for public health purposes, research studies, organ donation, emergencies, abuse or neglect reporting, funeral arrangements, workers’ compensation purposes and health oversight audits or inspections.
- disclose medical information about you when required to do so by law, such as in response to: requests from law enforcement agencies in specific circumstances; valid judicial or administrative orders; the government, if you are in the military or a veteran; national security and intelligence activities; and protective services for the President and others.
- disclose medical information about you to a friend or family member who is involved in your medical care, someone who helps pay for your care or disaster relief authorities to notify your family of your location and condition. We may disclose medical information about you to a person legally authorized to act on your behalf, such as a parent, legal guardian, administrator or executor of your estate, or other individual authorized under applicable law.
In any other situation not covered by this notice, we will ask for your written authorization before using or disclosing your medical information. If you chose to authorize use or disclosure you can later revoke that authorization by notifying us in writing of your decision.
State-Specific Requirements: Some states have separate privacy laws that may apply additional legal requirements regarding uses and disclosures of medical information about you. If the state privacy laws are more stringent than federal privacy laws, the state law preempts the federal law.
Your Rights: To exercise these rights, contact our Privacy Officer to obtain a form or submit a written request to: 261 West Data Drive, Draper, Utah 84020. You have the right to:
- inspect and obtain a copy of the medical information that may be used to make decisions about your care. We may deny your request to inspect and copy in certain circumstances. If you are denied access to medical information about you, you may request that the denial be reviewed. We may charge you for the cost of the request.
- request that we amend the information kept by us if you believe it is incorrect or incomplete. You must provide a reason that supports your request. We may deny your request for an amendment and if this occurs, you will be notified of the reason for the denial and permitted to provide a statement of disagreement that will be attached to your medical record.
- request an accounting of disclosures. This is a list of certain disclosures we make of medical information about you for purposes other than treatment, payment or health care operations when an authorization was not required. Your request must specify a time period, which may not be longer than six years.
- request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations and to limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. We are not required to agree to your request, except in the case a of disclosure to a health plan if it is for payment or certain care operations and relates to an item or service for which you have paid out of pocket in full. If we agree, we will comply with your request except in certain emergency situations or as required by law.
- request that we communicate with you about medical matters in a certain way or at a certain location. For example, you may ask that we contact you at work instead of home or vice versa. We will grant reasonable requests.
- a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
Receive notification of breaches of unsecured medical information.
Changes to this Notice: We reserve the right to change this notice at any time, and the revised or changed notice will be effective for information we already have about you as well as any information we may receive in the future. The current notice will be posted on our website www.1800contacts.com or upon request.
Complaints: You have to file a complaint if you believe your privacy rights have been violated. You may register complaints with our Privacy Officer at the location above, who will evaluate the complaints and take appropriate action consistent with our mitigation and disciplinary policies. You will not be retaliated against for filing a complaint. You also have the right to contact the Office for Civil Rights (OCR), who is the federal agency that enforces HIPAA rules and regulations. Information on filing a complaint with OCR is available at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.