Privacy Practices
PROTECTING YOUR MEDICAL INFORMATION
This Notice explains how we will use and disclose your protected health information while maintaining your privacy, explains your rights with respect to your protected health information, and explains our duty to abide by terms of this Notice and any revisions to this Notice that we may make in the future. Protected Health Information (PHI) is information about you, regardless of form (oral, written, electronic), that may identify you and that relates to your past, present or future physical or mental health or condition.
UNDERSTANDING YOUR HEALTH INFORMATION
When you visit a healthcare provider, they make a record of your visit. In this record, you will find documents containing your contact information, insurance information, pertinent medical history, medical evaluation, delivery tickets for equipment that you have received, and proof that you have received important information through notices such as this one. Providers use this record to plan for the care you receive, share with other healthcare providers that treat you and prove to your insurance and other necessary parties that services were actually provided.
USE OF YOUR INFORMATION
This company creates a medical record for you. This medical record is the property of this company, however, the information that it contains belongs to you. It is stored safely in a HIPAA compliant physical and electronic location for your protection. The law states that we can share your health information for the following purposes:
TREATMENT
We may use or disclose your health information to a physician or other health care providers to provide you with medical treatment and service. For example, your medical information may be used to provide health-related products and services to you and to coordinate with your doctor to ensure that you receive the products that your doctor has prescribed to you.
PAYMENT
We may use or disclose your health information in order to receive payment for the supplies and or services that have been provided to you as, for example, billing Medicare.
HEALTH CARE OPERATIONS
We may use or disclose your health information to improve the quality of our internal health care operations. An example of such use for health care operations includes conducting quality assessments, planning, financial analysis, and other similar functions.
BUSINESS ASSOCIATES
Business Associates are organizations or individuals that carry out certain functions for us such as utilization review and claims administration. The federal privacy laws allow us to share your PHI with our Business Associates to assist us with these functions. We have a written contract with all business associates requiring that they protect the confidentiality of your PHI.
YOUR CHOICES
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us.
IN THESE CASES, YOU HAVE BOTH THE RIGHT AND CHOICE TO TELL US TO:
• Share information with your family, close friends, or others involved in your care
• Share information in a disaster relief situation
• Include your information in a hospital directory
IN THESE CASES WE NEVER SHARE YOUR INFORMATION UNLESS YOU GIVE US WRITTEN PERMISSION:
• Marketing purposes
• Sale of your information
• Most sharing of psychotherapy notes
HOW ELSE CAN WE USE OR SHARE YOUR HEALTH INFORMATION?
We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research.
We have to meet many conditions in the law before we can share your information for these purposes.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
HELP WITH PUBLIC HEALTH AND SAFETY ISSUES
We can share health information about you for certain situations such as:
• Preventing disease
• Helping with product recalls
• Reporting adverse reactions to medications
• Reporting suspected abuse, neglect, or domestic violence
• Preventing or reducing a serious threat to anyone’s health or safety
DO RESEARCH
• We can use or share your information for health research.
COMPLY WITH THE LAW
• We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
RESPOND TO ORGAN AND TISSUE DONATION REQUESTS
• We can share health information about you with organ procurement organizations.
WORK WITH A MEDICAL EXAMINER OR FUNERAL DIRECTOR
• We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
ADDRESS WORKERS’ COMPENSATION, LAW ENFORCEMENT, AND OTHER GOVERNMENT REQUESTS
• We can use or share health information about you:
• For workers’ compensation claims
• For law enforcement purposes or with a law enforcement official
• With health oversight agencies for activities authorized by law
• For special government functions such as military, national security, and presidential protective services
RESPOND TO LAWSUITS AND LEGAL ACTIONS
• We can share health information about you in response to a court or administrative order, or in response to a subpoena.
YOUR RIGHTS
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
GET AN ELECTRONIC OR PAPER COPY OF YOUR MEDICAL RECORD
• You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
• We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
ASK US TO CORRECT YOUR MEDICAL RECORD
• You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
• We may say “no” to your request, but we’ll tell you why in writing within 60 days.
REQUEST CONFIDENTIAL COMMUNICATIONS
• You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
• We will say “yes” to all reasonable requests.
GET A LIST
• You can ask for a list (accounting) of the times we’ve of shared your health information for six years prior to with whom
the date you ask, who we shared it with, and why. we’ve shared information
• We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
GET A COPY OF THIS PRIVACY NOTICE
• You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
CHOOSE SOMEONE TO ACT FOR YOU
• If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
• We will make sure the person has this authority and can act for you before we take any action.
ASK US TO LIMIT WHAT WE USE OR SHARE
• You can ask us not to use or share certain health information for treatment, payment, or our operations.
• We are not required to agree to your request, and we may say “no” if it would affect your care.
• If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer.
• We will say “yes” unless a law requires us to share that information.
FILE A COMPLAINT IF YOU FEEL YOUR RIGHTS ARE VIOLATED
• You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter or calling or visit www.hhs.gov/ocr/privacy/hipaa/ complaints/
• We will not retaliate against you for filing a complaint.
• If you have any question or want to make a request
pursuant to the rights described above, please contact our HIPAA Privacy Officer
200 Independence Avenue, S.W.,
Washington, D.C. 20201
Phone: 1-877-696- 6775
MEDICARE DMEPOS SUPPLIER STANDARDS
1. A supplier must be in compliance with all applicable Federal and State licensure and regulatory requirements.
2. A supplier must provide complete and accurate information on the DMEPOS supplier application. Any changes to this information must be reported to the National Supplier Clearinghouse within 30 days.
3. A supplier must have an authorized individual (whose signature is binding) sign the enrollment application for billing privileges.
4. A supplier must fill orders from its own inventory, or contract with other companies for the purchase of items necessary to fill orders. A supplier may not contract with any entity that is currently excluded from the Medicare program, any State health care programs, or any other Federal procurement or non-procurement programs.
5. A supplier must advise beneficiaries that they may rent or purchase inexpensive or routinely purchased durable medical equipment, and of the purchase option for capped rental equipment.
6. A supplier must notify beneficiaries of warranty coverage and honor all warranties under applicable State law, and repair or replace free of charge Medicare-covered items that are under warranty.
7. A supplier must maintain a physical facility on an appropriate site and must maintain a visible sign with posted hours of operation. The location must be accessible to the public and staffed during posted hours of business. The location must be at least 200 square feet and contain space for storing records.
8. A supplier must permit CMS or its agents to conduct on-site inspections to ascertain the supplier’s compliance with these standards.
9. A supplier must maintain a primary business telephone listed under the name of the business in a local directory or a toll-free number available through directory assistance. The exclusive use of a beeper, answering machine, answering service, or cell phone during posted business hours is prohibited.
10. A supplier must have comprehensive liability insurance in the amount of at least $300,000 that covers both the supplier’s place of business and all customers and employees of the supplier. If the supplier manufactures its own items, this insurance must also cover product liability and completed operations.
11. A supplier is prohibited from direct solicitation to Medicare beneficiaries. For complete details on this prohibition see 42 CFR § 424.57 (c) (11).
12. A supplier is responsible for delivery of and must instruct beneficiaries on the use of Medicare-covered items, and maintain proof of delivery and beneficiary instruction.
13. A supplier must answer questions and respond to complaints of beneficiaries, and maintain documentation of such contacts.
14. A supplier must maintain and replace at no charge or repair cost either directly, or through a service contract with another company, any Medicare-covered items it has rented to beneficiaries.
15. A supplier must accept returns of substandard (less than full quality for the particular item) or unsuitable items (inappropriate for the beneficiary at the time it was fitted and rented or sold) from beneficiaries.
16. A supplier must disclose these standards to each beneficiary it supplies a Medicare-covered item
17. A supplier must disclose any person having ownership, financial, or control interest in the supplier.
18. A supplier must not convey or reassign a supplier number; i.e., the supplier may not sell or allow another entity to use its Medicare billing number.
19. A supplier must have a complaint resolution protocol established to address beneficiary complaints that relate to these standards. A record of these complaints must be maintained at the physical facility.
20. Complaint records must include the name, address, telephone number, and health insurance claim number of the beneficiary, a summary of the complaint, and any actions taken to resolve it.
21. A supplier must agree to furnish CMS with any information required by the Medicare statute and regulations.
22. All suppliers must be accredited by a CMS-approved accreditation organization in order to receive and retain a supplier billing number. The accreditation must indicate the specific products and services, for which the supplier is accredited in order for the supplier to receive payment for those specific products and services (except for certain exempt pharmaceuticals).
23. All suppliers must notify their accreditation organization when a new DMEPOS location is opened.
24. All supplier locations, whether owned or subcontracted, must meet the DMEPOS quality standards and be separately accredited in order to bill Medicare.
25. All suppliers must disclose upon enrollment all products and services, including the addition of new product lines for which they are seeking accreditation.
26. A supplier must meet the surety bond requirements specified in 42 CFR § 424.57 (d).
27. A supplier must obtain oxygen from a state-licensed oxygen supplier.
28. A supplier must maintain ordering and referring documentation consistent with provisions found in 42 CFR § 424.516(f).
29. A supplier is prohibited from sharing a practice location with other Medicare providers and suppliers.
30. A supplier must remain open to the public for a minimum of 30 hours per week except for physicians (as defined in section 1848(j) (3) of the Act) or physical and occupational therapists or a DMEPOS supplier working with custom made orthotics.
MEDICARE DMEPOS SUPPLIER STANDARDS
DMEPOS suppliers have the option to disclose the following statement to satisfy the requirement outlined in Supplier Standard 16 in lieu of providing a copy of the standards to the beneficiary. The products and/or services provided to you by ( supplier legal business name or DBA) are subject to the supplier standards contained in the Federal regulations shown at 42 Code of Federal Regulations Section 424.57(c). These standards concern business professional and operational matters (e.g. honoring warranties and hours of operation). The full text of these standards can be obtained at http://ecfr.gpoaccess.gov.
Upon request, we will furnish you a written copy of the standards.