This notice describes how information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
At Progenix, we are committed to treating and using protected health information about you responsibly. This Notice of Privacy Practices describes the personal information we collect, and how and when we use or disclose that information. It also describes your rights as they relate to your protected health information. This Notice is effective January 1, 2011 and applies to all protected health information as defined by federal regulations.
Understanding Your Health Record/Information
Each time you receive equipment from Progenix, a record is made. Typically, this record contains your symptoms, examination and test results, diagnosis, treatment, and a plan for future care or treatment. This information, often referred to as your health or medical record, serves as:
- a basis for planning your care and treatment
- a means of communication among the many health professionals who contribute to your care
- a legal document describing the care/equipment you received
- a tool in educating health professionals
- a source of information for public health officials charged with improving the health of this state and the nation
- source of data for planning and marketing
- a tool with which we can assess and continually work to improve the care we render and the outcomes we achieve.
Understanding what is in your record and how your health information is used helps you to: ensure its accuracy, better understand who, what, when, where, and why others may access your health information, and make more informed decisions when authorizing disclosures to others.
Your Health Information Rights
Although your health record is the physical property of Progenix, the information belongs to you. You have the right to:
- Obtain a paper copy of this notice of privacy practices on request.
- Inspect and receive a copy of your health record as provided for in 45 CFR 164.524 (from the Health Insurance Portability and Accountability Act of 1996.)
- Amend your health record as provided in 45 CFR 164.528.
- Obtain an accounting of disclosures of your health information, other than those for purposes contained within this notice and those you have authorized, as provided in 45 CFR 164.528.
- Request communications of your health information by alternative means or at alternative locations. We will comply with a reasonable request for such an alternative.
- Request a restriction on certain uses and disclosures of your information as provided by 45 CFR 164.522. We are not required to agree to the requested restrictions. If however, we do agree, the agreement will be binding on us.
- Revoke your authorization to use or disclose health information except to the extent that action has already been taken.
Examples of Disclosures for Treatment, Payment, and Health Operations
Progenix may disclose your information without your specific authorization in the following circumstances:
We will use your health information for treatment. For example: Information obtained by a nurse, physician, physical therapist, or other member of your health team will be recorded in your record and used to determine the course of treatment that should work best for you. Your physician will document in your record his/her expectations of the members of your health care team (including orders for equipment), who will then record the actions they took and their observations and your response to the therapy. In that way, the physician will know how you are responding to treatment.
We will use your health information for payment. For example: A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and equipment/supplies used.
We will use your health information for regular health operations. For example: The risk management or quality improvement team may use information in your health record in an effort to continually improve the quality and effectiveness of the care, products and services we provide. We may use your billing information for review by our compliance department.
Other Required or Permitted Disclosures:
- Notification: We may use or disclose information to notify a family member, personal representative, or another person responsible for your care regarding your location and general condition. We may leave a message on your answering machine or voicemail, mail you a postcard or written notice, or send you an email as a means of communication.
- Communication with family: Health professionals, using their best judgment, may disclose to a family member, other relative, close personal friend or any other person you identify, health information relevant to that person's involvement in your care or payment related to your care.
- Research: We may disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
- Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse events with respect to food, drugs, supplements, product and product defects, product tracking, or post marketing surveillance information to enable product recalls, repairs, or replacement.
- Worker's Compensation: We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.
- Marketing: The ESC reserves the right to contact you with information about treatment alternatives and other health-related benefits that may be appropriate to you.
- Public health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability, tracking reports of morbidity, or receiving reports regarding victims of abuse, neglect, or domestic violence.
- Law enforcement: We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena or other legal process.
- Disclosures required by law: We may be required by federal, state, or local law to disclose your medical information. In addition, federal law makes provision for your health information to be released to appropriate health oversight agencies for activities authorized by law such as audits, investigations, and inspections.
Progenix is required to:
- Maintain the privacy of your health information
- Provide you with notice as to our legal duties and privacy practices with respect to information we collect and maintain about you
- Abide by the terms of the Notice of Privacy Practices currently in effect
- Notify you if we are unable to agree to a requested restriction
- Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations
We will obtain your written authorization before using or disclosing your health information for purposes other than those listed in this notice or otherwise permitted or required by law. You may revoke an authorization in writing at any time. Upon receipt of a written revocation, we will discontinue using or disclosing your health information, except to the extent that we have already taken action in reliance on the authorization.
We reserve the right to change our practices and to make the new provisions effective for all protected health information we maintain. Should our information practices change, a copy of the revised notice will be available on our website www.progenix.com, from any of our sales representatives, from our Privacy Officer at 703-383-0889, or by writing to us at the address at:
PO Box 4070
Oakton, VA 22124
Attention: Privacy Officer
Progenix is including HITECH Act provisions to its Notice as follows:
HITECH Notification Requirements Under HITECH, Progenix is required to notify patients whose PHI has been breached. Notification must occur by first class mail within 60 days of the event. A breach occurs when an unauthorized use or disclosure that compromises the privacy or security of PHI poses a significant risk for financial, reputational, or other harm to the individual. This notice must: (1) Contain a brief description of what happened, including the date of the breach and the date of discovery; (2) The steps the individual should take to protect themselves from potential harm resulting from the breach; (3) A brief description of what Progenix is doing to investigate the breach, mitigate losses, and to protect against further breaches.
Progenix Business Associate Agreements have been amended to provide that all HIPAA security administrative safeguards, physical safeguards, technical safeguards and security policies, procedures, and documentation requirements apply directly to the business associate.
HITECH states that if a patient pays in full for their services out of pocket they can demand that the information regarding the service not be disclosed to the patient's third party payer since no claim is being made against the third party payer.
Access to E-Health Records
HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct Progenix to send the e-health record directly to a third party. Progenix may only charge for labor costs under the new rules.
Accounting of E-Health Records for Treatment, Payment, and Health
Progenix does not currently have to provide an accounting of disclosures of PHI to carry out treatment, payment, and health care operations. However, starting January 1, 2014, the Act will require Progenix to provide an accounting of disclosures through an e-health record to carry out treatment, payment, and health care operations. This new accounting requirement is limited to disclosures within the three-year period prior to the individual's request.
Examples of Disclosure for Treatment, Payment, and Healthcare Operations:
We will use your health information for treatment. Information obtained by our company will be documented in your healthcare record and will be used to provide you with durable medical equipment and/or supplies. The prescription that your physician has ordered will be part of the record and will determine the equipment and supplies that you receive.
We will use your health information for payment. In order to determine your eligibility for equipment and/or supplies, Progenix may contact your insurance company and disclose healthcare related information. Also, Progenix will bill you or a third-party payer for services that you receive from our company. The health information that identifies you, your diagnosis, equipment, and supplies may be included on this bill.
We will use your health information for healthcare operations. Progenix may use your health information to evaluate the quality of care you receive from us, to conduct cost management assessments, and to plan business activities. This information is used in an effort to continually improve the quality and effectiveness of the healthcare services we provide.
Other Uses or Disclosures:
Business Associates: There are some individuals who are under contract with Progenix and, from time to time, are engaged in the improvement or financial enhancement of our business. So that your health information is protected, however, we require any business associate to appropriately safeguard your information.
Public Health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability.Law Enforcement: We may disclose health information for law enforcement purposes as required by law, or in response to a valid subpoena.
Health Oversight Activities: We may disclose health information to health oversight agencies for activities authorized by law, including surveys, audits, and compliance inspections.Worker's Compensation: We may release your health information to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.
For More Information or to Report a Problem
If you have questions and would like additional information, you may contact the company's Privacy Officer at 703-383-0889.
If you believe your privacy rights have been violated, you can file a complaint with the company's Privacy Officer, or with the Office for Civil Rights, U.S. Department of Health and Human Services. There will be no retaliation against any individual for filing a complaint. The address for the OCR is: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Room 509F, HHH Building, Washington, D.C. 20201.