HIPAA Policy

Effective January 2nd, 2025

At Greater Boston Dermatology, we are committed to maintaining the privacy and security of your protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) regulations. This privacy policy outlines how we collect, use, and safeguard your PHI.

  1. Information Collection and Use:

    We collect PHI, including but not limited to, your name, contact information, medical history, and treatment records, to provide you with quality dermatological care.

    • Treatment: We may use your PHI to provide treatment, such as conducting tests, writing prescriptions, or sharing information with other providers involved in your care, including family members.

    • Payment: We may use and disclose your PHI to bill for services, verify insurance coverage, collect payments from insurers or third parties, and bill you directly.

    • Health Care Operations: We may use your PHI for operational purposes, such as evaluating care quality and planning, and share it with other providers to support their operations, as required by law.

    • Messaging and Appointment Reminders: We may use your PHI to remind you and confirm upcoming appointments. We may use your PHI to contact you about weather related changes and changes in office hours. o We may disclose PHI when responding to messages you send us or to contact you about your care.

    • Treatment Options: We may use your PHI to inform you about potential treatment options or alternatives.

    • Health-Related Benefits and Services: We may use your PHI to inform you about health-related benefits or services that may interest you.

    • Business Associates: We may disclose your PHI to business associates, such as contractors or billing companies, to assist with payment or health care operations, ensuring they protect your PHI through a written contract. If we do disclose your PHI to a business associate, we will have a written contract to ensure that our business associate also protects the privacy of your PHI.

    • Release of Information to Family/Friends or Individuals Involved in Payment for Your Care: Unless you tell us otherwise, we may share your PHI with a family member, close friend, or anyone else you identify if they are directly involved in your care or payment for your care. You have the right to name a personal representative who may act on your behalf to control the privacy of your PHI. Parents and guardians will generally have the right to control the privacy of PHI about minors unless the minors are permitted by law to act on their own behalf. If you are unable to agree or object, we may share the information if we believe it is in your best interest, using our professional judgment.

    2. Disclosure to Third Parties:

    • We do not share your PHI with third parties without your consent, except as required by law or for treatment, payment, or healthcare operations.

    • We may disclose PHI when required by law, such as for public health risks, reporting abuse or neglect, or legal proceedings.

    • We may disclose your PHI to prevent a serious threat to your health, safety, or the safety of others, but only to someone who may be able to help prevent the threat.

    • PHI may be shared with health oversight agencies for activities not limited to audits, investigations, inspections, or licensure as authorized by law.

    • If you are involved in a legal dispute, we may disclose PHI in response to a court or administrative order.

    • We may disclose your health information to law enforcement in the following situations: (1) In response to a court order, subpoena, warrant, summons, or similar legal process; (2) To provide limited information for identifying or locating a suspect, fugitive, material witness, or missing person; (3) About a crime victim, even without their consent in certain limited circumstances;(4) Regarding a death we suspect resulted from criminal conduct; (5) Concerning criminal activity on our premises; (6) During emergencies, to report a crime, its location, the victims, or details about the person involved.

    • We may release PHI to a coroner, medical examiner, or funeral director as necessary for their duties.

    • We may disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law. PHI may also be released to protect the President, other authorized persons or foreign heads of state or to conduct special investigations.

    • If you are an inmate or in law enforcement custody, we may share PHI with the institution or officials to provide your health care, ensure safety, or maintain security.

    • If you are in the armed forces, we may release PHI to military command authorities or, if you serve in a foreign military, to the appropriate foreign military authority.

    • We may release Health Information for workers’ compensation or similar programs.

    • We may disclose your PHI for research purposes with your written authorization, unless a special process determines that a waiver of authorization poses minimal risk to your privacy.

    3. Patient Rights:

    Right to Paper Copy of this Notice:

    • You can access a notice explaining your PHI rights, our legal duties, and privacy practices.

    • Paper copies are available upon written request.

    Right to Inspect and Copy PHI:

    • You have the right to request and receive your PHI in an electronic format when available.

    • For paper copies, we may charge a reasonable fee for labor or related supplies.

    • For portable electronic copies, we may charge a reasonable fee for labor or related supplies.

    • We have up to 30 days to make your PHI available to you. If more time is needed to respond, we will notify you within the specified timeframe, explaining the delay and providing an updated response time.

    • In certain limited situations, we may deny your request to access your PHI. If this happens, we will provide a written explanation, your rights to appeal the decision, and how to file a complaint with us or the Department of Health and Human Services. If only part of your request is denied, we will give access to the rest.

    Right to Amend:

    • If you feel that your PHI, we have is incorrect or incomplete, you may make a written request to amend the information.

    Right to an Accounting of Disclosure:

    • You can request a written list of certain disclosures of your PHI made for purposes other than treatment, payment, healthcare operations, or those authorized by you. This request must be submitted in writing.

    Right to Confidential Communications:

    • You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work.

    • Our practice will accommodate reasonable written requests.

    Right to Request Restrictions:

    • You have the right to request restrictions on the use or disclosure of your PHI for treatment, payment, or healthcare operations.

    • You may also ask us to limit the disclosure of your PHI to specific individuals, such as family members or friends involved in your care or payment.

    • If you pay in full out-of-pocket for a service or item and request that we not share related PHI with your health plan, we will honor this request unless required by law.

    • You can revoke a restriction at any time, and in some cases, we may also revoke it with prior notification or your consent.

    • If we agree to a restriction, we will follow it unless the information is needed for emergency treatment.

    • Restriction requests must be submitted in writing and include: the information to be restricted, whether the restriction applies to use, disclosure, or both, and the individuals to whom it applies.

    • We are not required to agree to all requests, and some restrictions may not be allowed by law.

    4. Authorization for Release of PHI:

    • Authorization is required to release highly sensitive PHI. This includes but is not limited to your HIV/AIDS status; behavioral health documentation; sexually transmitted diseases; psychotherapy notes; and certain genetic information.

    • Other uses and disclosures of PHI not covered by this notice or the laws that apply to us will be made only with your written authorization.

    5. Authorization for Marketing:

    • Your PHI will not be used for marketing without your explicit written authorization. You have the right to revoke this authorization at any time.

    6. Security Measures:

    • We employ industry-standard security measures to protect your PHI from unauthorized access, disclosure, alteration, or destruction. o Incidental disclosures of your PHI may occur despite our efforts to safeguard privacy, such as other patients hearing your name during check-in.

    7. Data Retention and Disposal:

    • Your PHI is retained for the duration required by law and securely disposed of in compliance with applicable regulations when no longer needed.

    8. Breach Notification:

    • In the event of a breach that compromises the security of your PHI, we will notify you promptly and take appropriate steps to mitigate potential harm.

    9. Training and Accountability:

    • All members of our staff are trained on HIPAA regulations and are required to adhere to this policy. Any violations are addressed promptly and appropriately.

    10. Patient Revocation of Consent:

    • You have the right to revoke your consent or authorization for certain uses or disclosures of your PHI by submitting a written request.

    11. Changes and Amendments to this Notice:

    • We reserve the right to change this notice and make the new notice apply to PHI we already have as well as any information we receive in the future.

    • We will post a copy of our current notice at our office. The notice will contain the effective date on the first page.

    12. Questions, Requests, and Complaints:

    • If you have any questions or concerns regarding your privacy rights or the information in this notice, please contact your physician Dr. Rebecca Jacobson at the address below.

    • If you are making any written requests, please address to the practice at the following address: Greater Boston Dermatology PC, PO BOX 600736, Newton, MA 02460.