NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We at Virginia Family Chiropractic & PM, PLLC (also DBA as Virginia Family Integrated Medicine; and Virginia Laser Therapy) are required by law to maintain the privacy of Protected Health Information (“PHI”) and to provide you with notice of our legal duties and privacy practices with respect to PHI. References to “Virginia Family Chiropractic & PM, PLLC,” “we,” “us,” and “our” include Virginia Family Chiropractic & PM, PLLC, and the members of its affiliated covered entity. An affiliated covered entity is a group of organizations under common ownership or control who designate themselves as a single affiliated covered entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). Virginia Family Chiropractic & PM, PLLC, its employees, workforce members and members of the Walgreens’ affiliated covered entity who are involved in providing and coordinating health care are all bound to follow the terms of this Notice of Privacy Practices (“Notice”). The members of Virginia Family Chiropractic & PM, PLLC affiliated covered entity will share PHI with each other for the treatment, payment and health care operations of the affiliated covered entity and as permitted by HIPAA and this Notice. For a complete list of the members of Virginia Family Chiropractic & PM, PLLC affiliated covered entity, please contact the Privacy Office.
PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care products and services to you or payment for such services. This Notice describes how we may use and disclose PHI about you, as well as how you obtain access to such PHI. This Notice also describes your rights with respect to your PHI. We are required by HIPAA to provide this Notice to you. Virginia Family Chiropractic & PM, PLLC is required to follow the terms of this Notice or any change to it that is in effect. We reserve the right to change our practices and this Notice and to make the new Notice effective for all PHI we maintain. If we do so, the updated Notice will be posted on our website and will be available at our facilities and locations where you receive health care products and services from us. Upon request, we will provide any revised Notice to you.
How We May Use and Disclose Your PHI
The following categories describe different ways that we use and disclose your PHI. We have provided you with examples in certain categories; however, not every permissible use or disclosure will be listed in this Notice. Note that some types of PHI, such as HIV information, genetic information, alcohol and/or substance abuse records, and mental health records may be subject to special confidentiality protections under applicable state or federal law and we will abide by these special protections.
I. Uses and Disclosures of PHI That Do Not Require Your Prior Authorization
Except where prohibited by federal or state laws that require special privacy protections, we may use and disclose your PHI for treatment, payment and health care operations without your prior authorization as follows:
Treatment: We may use and disclose your PHI to provide and coordinate the treatment, medications and services you receive. For example, we may disclose PHI to pharmacists, doctors, nurses, technicians and other personnel involved in your health care. We may also disclose your PHI with other third parties, such as hospitals, other pharmacies and other health care facilities and agencies to facilitate the provision of health care services, medications, equipment and supplies you may need. This helps to coordinate your care and make sure that everyone who is involved in your care has the information that they need about you to meet your health care needs.
Payment: We may use and disclose your PHI in order to obtain payment for the health care products and services that we provide to you and for other payment activities related to the services that we provide. For example, we may contact your insurer, pharmacy benefit manager or other health care payor to determine whether it will pay for health care products and services you need and to determine the amount of your co-payment. We will bill you or a third-party payor for the cost of health care products and services we provide to you. The information on or accompanying the bill may include information that identifies you, as well as information about the services that were provided to you or the medications you are taking. We may also disclose your PHI to other health care providers or HIPAA covered entities who may need it for their payment activities.
Health Care Operations: We may use and disclose your PHI for our health care operations. Health care operations are activities necessary for us to operate our health care businesses. For example, we may use your PHI to monitor the performance of the staff and providers providing treatment to you. We may use your PHI as part of our efforts to continually improve the quality and effectiveness of the health care products and services we provide. We may also analyze PHI to improve the quality and efficiency of health care, for example, to assess and improve outcomes for health care conditions. We may also disclose your PHI to other HIPAA covered entities that have provided services to you so that they can improve the quality and effectiveness of the health care services that they provide. We may use your PHI to create de-identified data, which is stripped of your identifiable data and no longer identifies you.
We may also use and disclose your PHI without your prior authorization for the following purposes:
We may contract with third parties to perform certain services for us, such as billing services, copy services or consulting services. These third-party service providers, referred to as Business Associates, may need to access your PHI to perform services for us. They are required by contract and law to protect your PHI and only use and disclose it as necessary to perform their services for us.
To Communicate with Individuals Involved in Your Care or Payment for Your Care.
We may disclose to a family member, other relative, close personal friend, or any other person you identify, PHI directly relevant to that person’s involvement in your care or payment related to your care.
Additionally, we may disclose PHI to your “personal representative.” If a person has the authority by law to make health care decisions for you, we will generally regard that person as your “personal representative” and treat him or her the same way we would treat you with respect to your PHI.
Food and Drug Administration (“FDA”).
We may disclose to persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacement.
To the extent necessary to comply with law, we may disclose your PHI to worker’s compensation or other similar programs established by law.
We may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability, including the FDA. In certain circumstances, we may also report work-related illnesses and injuries to employers for workplace safety purposes.
We may disclose your PHI for law enforcement purposes as required or permitted by law – for example, in response to a subpoena or court order, in response to a request from law enforcement, and to report limited information in certain circumstances.
As Required by Law.
We will disclose your PHI when required to do so by federal, state or local law.
Health Oversight Activities.
We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs and compliance with civil rights laws.
Judicial and Administrative Proceedings.
If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.
We may use your PHI to conduct research and we may disclose your PHI to researchers as authorized by law. For example, we may use or disclose your PHI as part of a research study when the research has been approved by an institutional review board or privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your information.
Coroners, Medical Examiners and Funeral Directors.
We may release your PHI to coroners or medical examiners so that they can carry out their duties. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to enable them to carry out their duties.
We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, or another person responsible for your care, regarding your location and general condition.
To Avert a Serious Threat to Health or Safety.
We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
Military and Veterans.
If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
National Security, Intelligence Activities, and Protective Services for the President and Others.
We may release PHI about you to federal officials for intelligence, counterintelligence, protection of the President, and other national security activities authorized by law.
Victims of Abuse or Neglect.
We may disclose PHI about you to a government authority if we reasonably believe you are a victim of abuse or neglect. We will only disclose this type of information to the extent required by law, if you agree to the disclosure, or if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else.
II. Uses and Disclosures of PHI that Require Your Prior Authorization
Specific Uses or Disclosures Requiring Authorization. We will obtain your written authorization for the use or disclosure of psychotherapy notes, use or disclosure of PHI for marketing, and for the sale of PHI, except in limited circumstances where applicable law allows such uses or disclosure without your authorization.
General Data Collection Practices
Personal data means any data used to identify an individual. We may collect the following data from you:
- Communication Data, which includes communication you send us via our website(forms, blog comments, etc.), texts, email, and social media. We collect this data to help us communicate with you and to keep records for legitimate legal purposes.
- User Data, which includes data about how you use our website and any online services together with any data that you submit for publication on our website or through other online services. We collect this data to ensure content is relevant to you, and to ensure site security. This enables us to administer our sites and business in a relevant manner.
- Technical Data. We may collect data about how you use our site and online services, including your IP address, email address, login data where applicable, browser data, visit length and paths, and other data about use of the site from our analytics tracking system. This helps us ensure our site meets user needs and is up-to-date with how users access the site and use the information.
- We may use Visitor Data, User Data, Technical Data and Marketing Data to deliver relevant website content to you (including social media content) and to measure or understand the effectiveness of the content we serve you.
- Third Party Data sharing. We do NOT sell your data to third parties.
Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to share information about our business).
Under the Privacy and Electronic Communications Regulations, we may send you marketing communications if:
- You asked for information from us about our goods or services or
- You agreed to receive marketing communications and in each case you have not opted out of receiving such communications since.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you OR by emailing us at firstname.lastname@example.org at any time.
If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions.
DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties set out below:
- Service providers who provide IT and system administration services on our behalf.
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Security measures are used to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorization. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach as required by law.
We retain your data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
When determining how long to keep data, we consider its nature and sensitivity, potential risk of harm from unauthorized use or disclosure, the processing purposes, and if these can be achieved by other means and legal requirements.
We hold pharmacy data as required by law. We may anonymize your data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
YOUR LEGAL RIGHTS
Under data protection laws you have rights in relation to your personal data that includes the right to request access, correction, erasure, restriction, transfer, to object to processing, to
portability of data and (where the lawful ground of processing is consent) to withdraw consent. Inquiries and requests may be forwarded to: email@example.com.
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Other Uses and Disclosures.
We will obtain your written authorization before using or disclosing your PHI for purposes other than those described in this Notice or otherwise permitted by law. You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing your PHI, except to the extent that we have already taken action in reliance on the authorization.
Your Health Information Rights:
Obtain a paper copy of the Notice upon request. You may request a copy of our current Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. You may obtain a paper copy at the site where you obtain health care services from us or by contacting the Privacy Office.
Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use or disclosure of your PHI by sending a written request to the Privacy Office. We are not required to agree to the restrictions, except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you, or a person on your behalf, has paid in full.
Inspect and obtain a copy of PHI.
With a few exceptions, you have the right to access and obtain a copy of the PHI that we maintain about you. If we maintain an electronic health record containing your PHI, you have the right to request to obtain the PHI in an electronic format. To inspect or obtain a copy of your PHI, you must send a written request to the Privacy Office. You may ask us to send a copy of your PHI to other individuals or entities that you designate. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you may request that the denial be reviewed.
Request an amendment of PHI.
If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send a written request to the Privacy Office. You must include a reason that supports your request. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it.
Receive an accounting of disclosures of PHI.
With the exception of certain disclosures, you have a right to receive a list of the disclosures we have made of your PHI, in the six years prior to the date of your request, to entities or individuals other than you. To request an accounting, you must submit a request in writing to the Privacy Office. Your request must specify a time period.
Request communications of PHI by alternative means or at alternative locations.
You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For instance, you may request that we contact you at a different residence or post office box, or via e-mail or other electronic means. Please note if you choose to receive communications from us via e-mail or other electronic means, those may not be a secure means of communication and your PHI that may be contained in our e-mails to you will not be encrypted. This means that there is risk that your PHI in the e-mails may be intercepted and read by, or disclosed to, unauthorized third parties.
To request confidential communication of your PHI, you must submit a request in writing to the Privacy Office. Your request must tell us how or where you would like to be contacted. We will accommodate all reasonable requests. However, if we are unable to contact you using the ways or locations you have requested, we may contact you using the information we have.
Notification of a Breach.
You have a right to be notified following a breach of your unsecured PHI, and we will notify you in accordance with applicable law.
Where to obtain forms for submitting written requests.
You may obtain forms for submitting written requests by contacting the Privacy Officer at Virginia Family Chiropractic & PM, PLLC, 344 Maple Avenue West, Ste. 231, Vienna, Virginia, 22180-5612 or by telephone at (703) 370-5300.
Obligations That We Have We are required by law to maintain the privacy of health information and to provide individuals with notice of our legal duties and privacy practices. We are required to abide by the terms of this notice as long as it is in effect.
We reserve the right to revise this notice and to make a new notice effective for all health information we maintain. Any revised notice will be posted in our office and copies will be available there.
If you are not satisfied with how our office handled your complaint, you may also: 1) submit a written complaint with the U.S. Department of Health and Human Services Office for Civil Rights, 200 Independence Ave. SW, Washington, DC 20201; 2) call 1-877-696-6775, or visit www.hhs.gov/ocr/orivacy/hipaa/complaints/ .
Effective Date This Notice is effective as of December 22, 2020.