The following is the Notice of Privacy Practices of Howard M. Rombom, Ph.D., P.C., New York State Licensed Psychologist, DBA Behavioral Medicine Associates. HIPAA is a federal law that requires us to maintain the privacy of your protected health information and to provide you with notice of our legal duties and privacy policies with respect to your protected health information. We are required by law to abide by the terms of this Notice of Privacy Practices.
Your “protected health information” (PHI) broadly includes any health information, oral, written or recorded, that is created or received by us, other healthcare providers, and health insurance companies or plans, that contains data, such as your name, address, social security number, and other information, that could be used to identify you as the individual patient who is associated with that health information.
Generally, we may not “use” or “disclose” your PHI without your permission, and must use or disclose your PHI in accordance with the terms of your permission. “Use” refers generally to activities within our office. “Disclosure” refers generally to activities involving parties outside of our office. The following are the circumstances under which we are permitted or required to use or disclose your PHI. In all cases, we are required to limit such uses or disclosures to the minimal amount of PHI that is reasonably required.
Without your written authorization, we may use within our office, or disclose to those outside our office, your PHI in order to provide you with the treatment you require or request, to collect payment for our services, and to conduct other related health care operations as follows:
Treatment activities include: (a) use within our office by our professional staff for the provision, coordination, or management of your health care at our office; and (b) our contacting you to provide appointment reminders or information about treatment alternatives or other health-related services that may be of interest to you.
Payment activities include: (a) if you initially consent to treatment using the benefits of your contract with your health insurance plan, we will disclose to your health plans or plan administrators, or their appointed agents, PHI for such plans or administrators to determine coverage, for their medical necessity reviews, for their appropriateness of care reviews, for their utilization review activities, and for adjudication of health benefit claims; (b) disclosures for billing for which we may utilize the services of outside billing companies and claims processing companies with which we have Business Associate Agreements that protect the privacy of your PHI; and (c) disclosures to attorneys, courts, collection agencies and consumer reporting agencies, of information as necessary for the collection of our unpaid fees, provided that we notify you in writing prior to our making collection efforts that require disclosure of your PHI.
Health care operations include: (a) use within our office for training of our professional staff and for internal quality control and auditing functions (b) use within our office for general administrative activities such as filing, typing, etc.; and (c) disclosures to our attorney, accountant, bookkeeper and similar consultants to our healthcare operations, provided that we shall have entered into Business Associate Agreements with such consultants for the protection of your PHI.
PLEASE NOTE THAT UNLESS YOU REQUEST OTHERWISE, AND WE AGREE TO YOUR REQUEST, WE WILL USE OR DISCLOSE YOUR PERSONAL HEALTH INFORMATION FOR TREATMENT ACTIVITIES, PAYMENT ACTIVITIES, AND HEALTHCARE OPERATIONS AS SPECIFIED ABOVE, WITHOUT WRITTEN AUTHORIZATION FROM YOU.
We may use or disclose your PHI to the extent that such use or disclosure is required by law. Examples of instances in which we are required to disclose your PHI include: (a) disclosures regarding reports of child abuse or neglect, including reporting to social service or child protective services agencies; (b) health oversight activities including audits, civil, administrative, or criminal investigations, inspections, licensure or disciplinary actions, or civil, administrative, or criminal proceedings or actions, or other activities necessary for appropriate oversight of government benefit programs; (c) judicial and administrative proceedings in response to an order of a court or administrative tribunal, or other lawful process; (d) to the extent necessary to protect you or others from a serious imminent risk of danger presented by you; (e) for worker’s compensation claims, and (f) as required by the Secretary of Health and Human Services to investigate or determine our compliance with federal regulations, including those regarding government programs providing public benefits.
Except as otherwise permitted or required as described above, we may not use or disclose your PHI without your written authorization. Further, we are required to use or disclose your PHI consistent with the terms of your authorization. You may revoke your authorization to use or disclose any PHI at any time, except to the extent that we have taken action in reliance on such authorization, or, if you provided the authorization as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy.
“Psychotherapy Notes” are defined as records of communications during individual or family counseling which may be maintained in addition to and separate from medical or healthcare records. Psychotherapy Notes are only released with your specific written authorization except in limited instances, including: (a) if you sue us or place a complaint, we may use Psychotherapy Notes in our defense; (b) to the United States Department of Health and Human Services in an investigation of our compliance with HIPAA; (c) to health oversight agencies for a lawful purpose related to oversight of our practice; and (d) to the extent necessary to protect you or others from a serious imminent risk of danger presented by you. Health insurers may not condition treatment, payment, enrollment, or eligibility for benefits on obtaining authorization to review, or on reviewing, Psychotherapy Notes.
Under HIPAA, you have certain rights with respect to your PHI. The following is an overview of your rights and our duties with respect to enforcing those rights.
You have the right to request restrictions on certain uses and disclosures of your PHI. While we are not required to agree to any requested restriction, if we agree to a restriction, we are bound not to use or disclose your protected healthcare information in violation of such restriction, except in certain emergency situations. We will not accept a request to restrict uses or disclosures that are otherwise required by law. If you have paid for our services in full yourself, out-of-pocket, then we must comply with your request to restrict those disclosures of your PHI that would otherwise be made for payment or healthcare operations, that are unnecessary because of your manner of payment. We require that all requests for restrictions be in writing and that you state a reason for the request. We will respond in writing to all requests within 30 days or receipt.
We must permit you to request and must accommodate reasonable requests by you to receive communications of PHI from us by alternative means or at alternative locations. We will ask you how you wish us to communicate with you. We must agree to your request if you inform us that certain of means of communicating with you will place you in danger.
You have the right of access in order to inspect, and to obtain a copy of your PHI, including any PHI maintained in electronic format, except for (a) personal notes and observations of the treating provider, (b) information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding, (c) health information maintained by us to the extent to which the provision of access to you is at our discretion, and we exercise our professional judgment to deny you access, and (d) health information maintained by us to the extent to which the provision of access to you would be prohibited by law.
We require written requests for copies of your PHI; they should be sent to our Privacy-Security Officer at the mailing address below. If you request a copy of your PHI, we will charge a fee for copying, or for electronic records, for labor. We reserve the right to deny you access to and copies of all or certain PHI as permitted or required by law. Upon denial of a request for access or request for information, we will provide you with a written denial specifying the basis for denial, a statement of your rights, and a description of how you may file an appeal or complaint.
You have the right to request that we amend your PHI, for as long as your medical record is maintained by us. We have the right to deny your request for amendment. We require that you submit written requests and provide a reason to support the requested amendment.
If we deny your request, we will provide you with a written denial stating the basis of the denial, your right to submit a written statement disagreeing with the denial, and a description of how you may file a complaint with us and/or the Secretary of the U.S. Department of Health and Human Services (DHHS). If we accept your request for amendment, we will make reasonable efforts to provide the amendment within a reasonable time to persons identified by you as having received PHI of yours prior to amendment and persons that we know have the PHI that is the subject of the amendment and that may have relied, or could foreseeably rely, on such information to your detriment. All requests for amendments shall be sent to our Privacy-Security Officer at the mailing address below.
You have the right to receive a written accounting of all disclosures of your PHI for which you have not provided an authorization that we have made within the six (6) year period immediately preceding the date on which the accounting is requested. You may request an accounting of such disclosure for a period of time less than six (6) years from the date of the request. We require that you request an accounting in writing on a form that we will provide to you.
The accounting of disclosures will include the date of each disclosure, the name and, if known, the address of the entity or person who received the information, a brief description of the information disclosed, and a brief statement of the purpose and basis of the disclosure or, instead of such statement, a copy of your written authorization or written request for disclosure pertaining to such information. We are not required to provide accountings of disclosures for the following purposes: (a) treatment, payment, and healthcare operations, (b) disclosures pursuant to your authorization, (c) disclosures to you, (d) to other healthcare providers involved in your care, (e) for national security or intelligence purposes, (f) to correctional institutions, and (g) with respect to disclosures occurring prior to 4/14/2003. We reserve the right to temporarily suspend your right to receive an accounting of disclosures to health oversight agencies or law enforcement officials, as required by law. We will provide the first accounting to you in any twelve (12) month period without charge, but will impose a reasonable cost-based fee for responding to each subsequent request for accounting within that same twelve (12) month period. All requests for an accounting shall be sent to our Privacy-Security Officer at the mailing address below.
If we maintain any PHI in electronic form, then you may also request and receive an accounting of any disclosures of your electronic health records made for purposes of treatment, payment and health operations during the prior three (3) year period. Upon request, one list will be provided for free every twelve (12) months.
You may file a complaint with us and with the Secretary of DHHS if you believe that your privacy rights have been violated. Please submit any complaint to us in writing by mail to our Privacy-Security Officer at the mailing address below. A complaint must name the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable requirements of HIPAA or this Notice of Privacy Practices. A complaint must be received by us or filed with the Secretary of DHHS within 180 days of when you knew or should have known that the act or omission complained of occurred. You will not be retaliated against for filing any complaint.
We reserve the right to revise or amend this Notice of Privacy Practices at any time. These revisions or amendments may be made effective for all PHI we maintain even if created or received prior to the effective date of the revision or amendment. Upon your written request, we will provide you with notice of any revisions or amendments to this Notice of Privacy Practices, or changes in the law affecting this Notice of Privacy Practices, by mail or electronically within 60days of receipt or your request.
We will provide you with a copy of the most recent version of this Notice of Privacy Practices at any time upon your written request sent to our Privacy-Security Officer at the mailing address below. For any other requests or for further information regarding the privacy of your PHI, and for information regarding the filing of a complaint, please contact us at the address, telephone number, or e-mail address listed above.
This is our contact information referred to above. Our Privacy-Security Officer is: Richard Goldstein. Our mailing address is: 310 East Shore Road Suite 100 Great Neck, NY 11023. Our telephone number is: 516-466-7077. Our fax number is: 516-466-0450. We may be reached by e-mail through the contact form located on this website.