NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Malibu Medical Group (MMG) knows how important it is to protect your privacy at all times and in all settings. This Notice of Privacy Practices describes how MMG may collect, use and disclose your protected health information, and your rights concerning your protected health information. “Protected health information” or “PHI” is information about you, including demographic information, that can reasonably be used to identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care to you or the payment for that care.
State and federal law require us to maintain the privacy of your protected health information. This includes protecting all of your information whether it is oral, written, or in electronic format. The federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) also requires us to provide you this notice about our legal duties and privacy practices.
This notice takes effect on January 1, 2021. We must follow the privacy practices described in this Notice while it is in effect. This Notice replaces any other information you have previously received from us with respect to your PHI.
How does MMG protect my personal health information?
MMG has a detailed policy on confidentiality. All MMG employees are required to protect the confidentiality of your PHI. An employee may only access your information when they have an appropriate reason to do so. Each employee or temporary employee must sign a statement that he or she has read and understands the policy. On an annual basis, MMG will send a notice to employees to remind them of this policy. Any employee who violates the policy is subject to discipline, up to and including dismissal. MMG also maintains physical, electronic, and procedural safeguards to protect your information.
How does MMG collect protected health information?
MMG gets PHI from:
- Information we receive directly or indirectly from you (e.g., name, address, social security number, date of birth, marital status, dependent information, employment information and medical history).
How does MMG use and disclose my protected health information?
HIPAA and other laws allow or require us to use or disclose your PHI for many different reasons. We can use or disclose your PHI for some reasons without your written agreement. For other reasons, we need you to agree in writing that we can use or disclose your PHI.
Uses and Disclosures for Treatment, Payment, and Health Care Operations: MMG uses and discloses protected health information in a number of different ways in connection with your treatment, the payment for your health care, and our health care operations. The following are only a few examples of the types of uses and disclosures of your protected health information that we are permitted to make without your authorization for these purposes:
Payment: We will use and disclose your protected health information to administer your health benefits policy or contract, which may involve:
- Determining your eligibility for benefits;
- Paying claims for services you receive;
- Making medical necessity determinations;
- Coordinating your care, benefits, or other services;
- Coordinating your MMG coverage with that of other plans (if you have coverage through more than one plan to make sure that the services are not paid twice;
- Responding to complaints, appeals, and external review requests;
Other Permitted or Required Uses and Disclosures of Protected Health Information: In addition to treatment, payment, and health care operations, federal law allows or requires us to use or disclose your protected health information in the following additional situations without your authorization:
Abuse or Neglect: We may make disclosures to government authorities if we believe you have been a victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when we are required or authorized by law to do so.
Required by Law: We may use or disclose your protected health information to the extent we are required to do so by state or federal law. For example, the HIPAA law compels us to disclose PHI when required by the Secretary of the Department of Health and Human Services to investigate our compliance efforts.
Health Oversight: We may disclose your protected health information to a government agency authorized to oversee the health care system or government programs, or its contractors (e.g., state insurance department, U.S. Department of Labor) for activities authorized by law, such as audits, examinations, investigations, inspections, and licensure activity.
Public Health Activities: We may disclose your protected health information to an authorized public health authority for purposes of public health activities. The information may be disclosed for such reasons as controlling disease, injury, or disability.
Other Uses and Disclosures (Requires Written Authorization): For all other uses or disclosures not described above, MMG will always obtain your written authorization prior to conducting these activities.
Disclosure of “Highly Confidential” PHI: Certain kinds of PHI are deemed as “highly confidential” due to the sensitivity of the information.
- Alcohol and drug abuse prevention, treatment and referral
- Genetic testing information
- HIV/AIDS or other sexually transmitted diseases testing, diagnosis or treatment
- Psychotherapy notes
Additional protection might be added for these kinds of PHI as required by state and federal law. MMG will only disclose “highly confidential” PHI only when we have obtained prior written authorization from you unless otherwise required by law.
Will MMG give my PHI to my family or friends?
We will only disclose your PHI to a member of your family (including your spouse), a relative, or a close friend in the following circumstances:
- You have authorized us to do.
- That person has submitted proof of legal authority to act on your behalf.
- That person is involved in your health care or payment for your health care and needs your PHI for these purposes. If you are present for such a disclosure (whether in person or on a telephone call), we will either seek your verbal agreement to the disclosure or provide you an opportunity to object to it. We will only release the PHI that is directly relevant to their involvement.
- We may share your PHI with your friends or family members if professional judgment says that doing so is in your best interest. We will only do this if you are not present or you are unable to make health care decisions for yourself. For example, if you are unconscious and a friend is with you, we may share your PHI with your friend so you can receive care.
- We may disclose a minor child’s PHI to their parent or guardian. However, we may be required to deny a parent’s access to a minor’s PHI, for example, if the minor is an emancipated minor or can, under law, consent to their own health care treatment.
Will MMG disclose my personal health information to anyone outside of MMG?
MMG may share your protected health information with affiliates such as the laboratory we send your specimen to for testing.
MMG may also share your personal health information with an individual or company that is working as a contractor or consultant for MMG. Whenever such an arrangement involves the use or disclosure of your protected health information, we will have a written contract that contains terms designed to protect the privacy of your protected health information.
When does MMG need my written authorization to use or disclose my personal health information?
We have described in the preceding paragraphs those uses and disclosures of your information that we may make either as permitted or required by law or otherwise without your written authorization. For other uses and disclosures of your medical information, we must obtain your written authorization. A written authorization request will, among other things, specify the purpose of the requested disclosure, the persons or class of persons to whom the information may be given, and an expiration date for the authorization. If you do provide a written authorization, you generally have the right to revoke it.
What are my rights with respect to my PHI?
The following is a brief statement of your rights with respect to your protected health information:
Right to Request Restrictions: You have the right to ask us to place restrictions on the way we use or disclose your protected health information for treatment, payment or health care operations or to others involved in your health care. However, we are not required to agree to these restrictions. If we do agree to a restriction, we may not use or disclose your protected health information in violation of that restriction, unless it is needed for an emergency.
Right to Request Confidential Communications: You have the right to request to receive communications of protected health information from us by alternative means or at alternative locations if you clearly state that the disclosure of all or part of that information could endanger you. We will accommodate reasonable requests. Your request must be in writing.
Right to Access Your Protected Health Information: You have the right to see and get a copy of the protected health information about you that is contained in a “designated record set,” with some specified exceptions. Your “designated record set” includes enrollment, payment, claims adjudication, case or medical management records and any other records that we use to make decisions about you. Requests for access to copies of your records must be in writing and sent to the attention of the MMG Legal Department. Please provide us with the specific information we need to fulfill your request. We reserve the right to charge a reasonable fee for the cost of producing and mailing the copies.
Right to Amend Your Protected Health Information: You have the right to ask us to amend any protected health information about you that is contained in a “designated record set” (see above). All requests for amendment must be in writing and on a MMG Request for Amendment form. Please contact the MMG Legal Department to obtain a copy of the form. You also must provide a reason to support the requested amendment. In certain cases, we may deny your request. For example, we may deny a request if we did not create the information, as is often the case for medical information in our records. All denials will be made in writing. You may respond by filing a written statement of disagreement with us, and we would have the right to rebut that statement. If you believe someone has received the unamended protected health information from us, you should inform us at the time of the request if you want them to be informed of the amendment.
Right to Request a List (accounting) of Certain Disclosures: You have the right to request an account of the times we have shared your health information. This accounting requirement applies for six years from the date of the disclosure.
Right to a Notice in the event of a Breach: In the event of a data breach, you have the right to receive notice regarding the incident.
Right to Request a Copy of this Notice: If you have received this notice electronically, you have the right to obtain a paper copy of this notice upon request.
Who should I contact if I have a question about this notice or a complaint about how MMG is using my personal health information?
To exercise your rights under this Notice or to file a complaint with MMG, please call us at (310) 456-1603 or write to:
Privacy Officer – Compliance Department
Malibu Medical Group
23661 Pacific Coast Highway Malibu, CA 90265
Complaints to the Federal Government: If you believe your privacy rights have been violated, you also have the right to file a complaint with the Secretary of the Department of Health and Human Services at https://www.hhs.gov/ocr/complaints/index.html.
You will not be retaliated against for filing a complaint with us or the federal government.