 |
164.520
|
|
 |
|
4. NOTICE OF PRIVACY PRACTICES/PRIVACY
NOTICE:
|
164.520(a) |
|
|
|
|
|
Notice to Individuals Required:
An individual has a right to adequate notice of: the uses and disclosures
of PHI that may be made by the CE, and; of the individual's rights
and the CE's duties with respect to PHI except: |
|
| |
4.1.1 |
An inmate has no right
to notice and these notice provisions do not apply to a correctional
institution.
|
| |
4.1.2. |
An individual enrolled in a Group Health Plan
(GHP) has a right to notice:
4.1.2.1. |
From the GHP if the individual
does not receive health benefits under the GHP through an insurance
contract with a health insurance issuer or HMO; or |
4.1.2.2. |
From a health insurance issuer
or HMO with respect to the GHP through which such individual
receives his/her health benefits. |
|
| |
4.1.3.
|
A GHP that provides
health benefits solely through an insurance contract with a health
insurance issuer or HMO and that creates or receives PHI or information
on whether an individual is participating in the GHP, or is enrolled
or has disenrolled from a health insurance issuer or HMO offered by
the plan must:
4.1.3.1. |
Maintain a notice; and
|
4.1.3.2. |
Provide notice
to any person upon request. |
|
| |
4.1.4.
|
A GHP that provides
health benefits solely through an insurance contract with a health
insurance issuer or HMO and does not create or receive PHI other than
summary health information or information on whether an individual
is participating in the GHP or is enrolled in or has disenrolled from
a health insurance issuer or HMO offered by the plan is not required
to maintain or provide the notice. |
|
164.520(b)(1) |
|
|
|
|
|
Content of Notice:
Notice must be written in plain language and contain the following
elements:
4.2.1. |
The following statement must be displayed
as a header or otherwise prominently: "THIS NOTICE DESCRIBES
HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW
IT CAREFULLY."
|
4.2.2. |
Uses
and Disclosures: notice must contain:
4.2.2.1. |
A description, including
at least one example, of the types of uses and disclosures
the CE is permitted to make for purposes of TPO; |
4.2.2.2. |
A description of each
of the other purposes the CE is permitted or required
to use or disclose PHI without an individual's consent
or authorization; |
4.2.2.3. |
Descriptions of uses and disclosures
must reflect more stringent law, if applicable;
|
4.2.2.4. |
Descriptions must
contain sufficient detail to place an individual on notice
of the uses and disclosures permitted or required; |
4.2.2.5. |
A statement
that other uses or disclosures will be made only with
the individual's written authorization and the individual
may revoke such authorization as provided by 164.508(b)(5)
[¶ 7.2.6.]; |
|
|
|
Separate
Statement for Certain Uses or Disclosures Required: If CE
intends to engage in any of the following activities, the description
of uses/disclosures for TPO must include a statement, as applicable,
that:
4.2.3.1. |
CE may contact individual
for appointment reminders, information about treatment
alternatives or other health benefits that may be of interest
to the individual; |
4.2.3.2. |
CE may contact individual
to raise funds for the CE; or |
4.2.3.3. |
A GHP, or a health
insurance issuer or HMO with respect to a GHP, may disclose
PHI to the sponsor of the plan. |
|
|
|
Individual
Rights: Must include a statement of the individual's rights
with respect to the PHI and a brief description of how to exercise
those rights, as follows:
4.2.4.1. |
Right to request restriction
on certain uses/disclosures pursuant to 164.522(a) [¶
8.2.1.], and statement CE not required to agree to restriction; |
4.2.4.2. |
Right to receive confidential
communications of PHI pursuant to 164.522(b) [¶ 8.2.2.]; |
4.2.4.3. |
Right to inspect and
copy PHI pursuant to 164.524 [¶ 8.1.1.]; |
4.2.4.4. |
Right to amend PHI
pursuant to 164.526 [¶ 8.3.]; |
4.2.4.5. |
Right to receive accounting
of disclosures pursuant to 164.528 [¶ 11.2.]; and |
4.2.4.5. |
Right to receive accounting
of disclosures pursuant to 164.528 [11.2.]; and |
4.2.4.6. |
Right to obtain paper
copy of the notice upon request. |
|
|
|
| |
|
|
|
| |
|
CE's Duties: Notice must contain:
4.2.5.1. |
Statement that CE is required
by law to maintain privacy of PHI and to provide individuals
with notice of its legal duties and privacy policies with respect
to PHI; |
4.2.5.2. |
Statement that CE is required
to abide by the terms of the notice currently in effect; and |
4.2.5.3. |
For a CE to apply a change
in a privacy practice described in the notice affecting PHI
created or received prior to issuing a revised notice, a statement
that the CE reserves the right to change terms of its notice
and to make new notice provisions effective for all PHI that
it maintains, and a description of how it will provide individuals
with the revised notice. |
|
| |
|
Complaints: Notice
must contain a statement that individuals may complain to the CE and
to the Secretary of HHS about privacy rights violations, describe
how the individual may file a complaint with the CE, and a statement
that the individual will not be retaliated against for filing a complaint.
|
| |
|
Contact: Notice must contain
name, or title, and telephone number of person or office to contact
for further information [¶ 11.3.1.2.]; |
| |
|
Effective date: Notice must
contain the date on which notice is first effective, which may not
be earlier than date printed or published. |
|
|
| |
|
|
|
|
|
| |
|
|
|
|
