NOTICE OF PRIVACY PRACTICES
Oregon Anesthesiology Group, P.C.
Effective Date: April 14, 2003
Updated: July 25, 2016
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
For more information about this notice or to report a problem, please contact us:
We understand that medical information about you and your health is personal. We are committed to preserving and protecting the privacy of your health information. In fact, we are required by law to do so for certain kinds of identifiable information created or kept by us. We are also required to provide you with this Notice of Privacy Practices describing our legal duties and our practices concerning your health information.
This Notice of Privacy Practices describes how Oregon Anesthesiology Group, P.C. (“OAG”) may use and disclose your Protected Health Information (“PHI”) to carry out treatment, payment, or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI. “PHI” is information about you, including demographic information, that may identify you and that relates to your past, present, or future physical or mental health or condition and related health services.
OAG is required to abide by federal and state law, and by the terms of this Notice of Privacy Practices (“NPP”). We may change the terms of our NPP at any time. The new NPP will be effective for all PHI that we maintain at that time. Upon your request, we will provide you with any revised NPP. We will maintain a copy of the current NPP with an effective date on our website at https://oagpc.com. You may also obtain a copy by calling the OAG office at (503) 299 9906 and requesting that a revised copy be emailed or mailed to you.
1) How OAG may use and disclose your personal health information
We will use your PHI for the purposes of treatment, payment, and health care operations.
Treatment includes the disclosure of PHI to other providers who have referred you for services or are involved in your care. This may include physicians, nurses, surgeons and other health care providers. For example, if you have an unusual medical condition that might affect your anesthesia, we may want to consult with another Anesthesiologist or medical expert. Your PHI may be further used by or released to other health professionals to assist in your care, and to ensure that they are fully informed about your medical condition and treatment needs.
Payment includes the disclosure of PHI to your health insurance company, including Medicare and Medicaid, so payment can be obtained for services rendered. Your insurance company may make a request to review your medical record to determine that your care was necessary.
Health Care Operations includes the utilization of medical information to monitor the quality of care. For example, we may use your PHI to monitor the medical record documentation practices of OAG physicians, or to ensure that OAG is complying with state and federal laws. We are also permitted to disclose your PHI to other health care providers or health plans for their health care operations concerning quality assurance, the qualifications of health care professionals, or quality improvement programs. For example, the quality assurance department of a hospital may use your PHI to assess the quality of care provided in your case.
Uses and Disclosures Required by Law
The federal health information privacy regulations either permit or require us to use or disclose your PHI in the following ways: we may share some of your PHI with a family member or friend involved in your care if you do not object, we may use your PHI in an emergency situation when you may not be able to express yourself, we may use your PHI to contact you prior to your procedure and to inform you of alternative procedures, and we may use or disclose your PHI for research purposes if we are provided with very specific assurances that your privacy will be protected. We may also disclose your PHI when we are required to do so by law, for example by court order or subpoena. Disclosures to health oversight agencies are sometimes required by law to report certain diseases or adverse drug reactions and for other public health purposes.
Uses and Disclosures that Do Not Require Your Authorization
We may use and disclose your PHI to avert a serious threat to your health or safety or the health or safety of the public or others. We may use and disclose your PHI to organ procurement organizations, for the purposes of organ and tissue donation. If you are in the Armed Forces, we may release your PHI when it is determined to be necessary by the appropriate military command authorities. We may also release you PHI for workers’ compensation or other similar programs that provide benefits for work-related injury or illness.
Disclosures to Business Associates
We contract with outside companies that provide services for us and to us, such as billing companies, management consultants, quality assurance reviewers, accountants, or attorneys (collectively, “business associates”), and maintain a list of these business associates. In certain circumstances, we may need to share your PHI with a business associate so it can perform a service on your behalf. We will limit the disclosure of your information to a business associate to the amount of information that is the minimum necessary to perform services for us.
In addition, we will have a written contract in place with the business associate requiring it to protect the privacy of your PHI as described in this Notice of Privacy Practices and as required by law.
Limited Data Sets
We may disclose limited PHI to third parties for purposes of research, public health, and health care operation purposes; provided, however, that we may disclose only the “minimum necessary” to accomplish that purpose. This limited information includes only the following identifiers: service dates, dates of birth, age, and five-digit zip code or any other geographic subdivision, such as state, county, city, precinct, and their equivalent geocodes (except street address). Before disclosing this information, we must enter into an agreement with the recipient of the information that limits who may use or receive the data and requires the recipient to agree not to re-identify the data or contact you. The agreement must contain assurances that the recipient of the information will use appropriate safeguards to prevent inappropriate use or disclosure of the information.
Other Uses and Disclosures Requiring Authorization
Other uses and disclosures not described in this NPP will be made only with your written authorization.
Revoking Your Authorization
You may revoke an authorization in writing at any time, except to the extent that action has been taken in reliance upon the authorization.
Marketing and Fundraising
We must obtain your authorization prior to receiving, directly or indirectly, any remuneration in exchange for PHI or prior to using PHI for any marketing purposes. If we intend to use your PHI for any fundraising communications, we must provide you with an opportunity to opt-out of receiving further communications. Such an opportunity will be provided to you in a clear and conspicuous manner.
We are not allowed to sell or receive anything of value in exchange for your medical information without your written authorization.
2) Your Privacy Rights
You have the right to request that we not use or share certain PHI about you. This request must be made in writing. We are not required to agree with your request. If we do agree, we must abide by your request. You may request that we restrict disclosures of PHI to health plans for payment or health care operations purposes if the PHI pertains solely to items and services paid for by you up front and in full.
You have the right to request that we contact you in a specific way (for example, your home or office phone) or to send mail to a different address of your choosing. This request must be in writing.
Access to PHI
You have the right to request a copy of your medical record. You must make this request in writing and we may charge a fee to cover the costs of copying and mailing. If any of your PHI is contained in an electronic health record, we are required to provide you with a copy of your information in electronic format, upon request. Please send your request for your records as follows:
Medical Record Requests
Interventional Pain Consultants – Medical Records
If you were a patient of the Interventional Pain Consultants (IPC), you may request a copy of your medical record by sending your request to SIS NW. Please note that after the closure of the IPC, SIS NW was contracted to process all IPC medical record requests. Mail or fax your request to:
P.O. Box 739
Enumclaw, WA 98022
Fax Number: (206) 686 2840
If you need further assistance with requesting your IPC medical record, please call SIS NW at (206) 686 2821.
Oregon Anesthesiology Group, P.C. – Medical Records
If you saw an OAG anesthesia provider and would like to request a copy of your anesthesia record, please contact the hospital or ambulatory surgery center where you received anesthesia services. Please click here to review a directory of OAG’s practice locations.
Billing Record Requests
To request a copy of your OAG or IPC billing records, please mail or fax a written request to:
Attn: Compliance Department
707 SW Washington St., Suite 700
Portland, OR 97205
Fax Number: (503) 295 2232
If you need further assistance, or have questions about obtaining your billing records, please contact the OAG Corporate Office at (503) 299 9906.
You have the right to request that we correct PHI about you that you think is incorrect or incomplete. This request must be made in writing. If we disagree with you, we are not required to make the change. You do have the right to submit a written statement about why you disagree that will become part of your record. We may not amend parts of your medical record that we did not create.
Accounting of Disclosures
You have the right to request an accounting of the disclosures made by us in the previous six years. These disclosures will not include those made for treatment, payment, or health care operations, or for which we have obtained authorization. This request must be made in writing.
If we discover that a breach of your unsecured PHI has occurred, we are obligated to notify you within 60 days of that breach. The notification will include: (A) A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known; (B) A description of the types of unsecured PHI that were involved in the breach (such as whether full name, Social Security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); (C) Any steps you should take to protect yourself from potential harm resulting from the breach; (D) A brief description of what we are doing to investigate the breach, to mitigate harm, and to protect against any further breaches; and (E) Contact procedures for you to ask questions or learn additional information, which shall include a toll-free telephone number, an email address, website, or postal address.
If you choose to communicate with us via email, we may respond to you in the same manner in which communication was received, and to the same email address from which you sent your email. Before using email to communicate with us, you should understand that there are certain risks associated with the use of email. It may not be secure, which means it could be intercepted and seen by others. In addition, there are other risks associated with the use of email, such as misaddressed/misdirected messages, email accounts that are shared with others, messages that can be forwarded on to others, or messages stored on portable electronic devices that have no security.
Additionally, you should understand that use of email is not intended to be a substitute for professional medical advice, diagnosis, or treatment. Email communications should never be used in a medical emergency.
If you feel that your privacy rights have been violated, you have the right to make a complaint to us in writing without fear of retaliation. Your complaint should contain enough specific information so that we may adequately investigate and respond to your concerns. If you are not satisfied with our response, you may complain directly to the Secretary of Health and Human Services.
If you would like more information about our privacy practices or to file a complaint, you may contact:
Sr. Compliance Analyst & Privacy Officer
707 SW Washington Street, Suite 700
Portland, OR 97205
(503) 299 9906