June 7, 2023
This involves a HIPAA breach that occurred with one of our business associates, Alvaria/TimeDoc. Alvaria is managing this breach and our patient’s should be directed to the letter and URL for assistance.
Heritage Health Patient
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are required by law to maintain the privacy of your health information and to notify you of our legal duties and privacy practices with respect to your protected health information. This notice summarizes our duties and your rights concerning your information.
1. Uses and Disclosures We May Make Without Written Authorization: We may use or disclose your protected health information for certain purposes without your written authorization, including the following:
Treatment: We may use or disclose information for purposes of treating you, e.g., our staff may use your information or disclose your information to another healthcare provider to diagnose or treat you. In addition, we may use or disclose your information to provide appointment reminders, or to provide information about treatment alternatives or other health-related benefits and services we offer that may be of interest to you.
Payment: We may use or disclose information to obtain payment for services provided to you. For example, we may disclose information to your health insurance company or other payers to obtain pre-authorization or payment for treatment.
Healthcare Operations: We may use or disclose information for certain activities that are necessary to operate our practice and ensure that our patients receive quality care. For example, we may use the information to review the performance of our staff or make decisions affecting the practice.
Idaho Health Data Exchange: As a patient of Heritage Health you are a part of the Idaho Health Data Exchange (IHDE). The IHDE receives data from Hospitals, Labs, Imaging systems, and Clinics with connected Electronic Medical Records (EMRs). Data includes patient demographics, lab results, radiology reports, and other inpatient and outpatient reports, such as Progress Notes, History and Physical, ER Notes, and Office Notes. Heritage Health patient data is shared with and received from the IHDE in order to improve the continuity of patient care. If a patient wants to “Opt-Out” and not have their data shared, then they can complete an Opt-Out form and send it to IHDE. The Opt-Out form can be found on the IHDE website www.idahohde.org and can be faxed or mailed to IHDE.
Other Uses or Disclosures: We may also use or disclose information for certain other purposes allowed by 45 C.F.R. § 164.512 or other applicable laws and regulations, including the following purposes:
To avoid a serious threat to your health or safety or the health or safety of others.
As required by state or federal law, e.g., to report abuse or neglect or certain other occurrences.
As allowed by workers’ compensation laws for use in workers’ compensation proceedings.
For certain public health activities, e.g., to report certain events or diseases.
For certain public health oversight activities, e.g., to allow public health agencies to conduct investigations or inspections.
In response to a court order, warrant, or subpoena in judicial or administrative proceedings.
Subject to specific limitations, in response to certain requests by law enforcement, e.g., to help identify or locate a fugitive, witness, or victim, or to report a crime.
For research purposes, if certain conditions are satisfied.
2. Disclosure to Persons Involved in Your Healthcare: Unless you tell us otherwise in advance, we may disclose information to a member of your family, relative, friend, or another person who is involved in your healthcare or the payment for your healthcare. We will limit the disclosure to the information relevant to that person’s involvement in your healthcare or payment. If you object to such disclosures, please notify the Privacy Officer identified below.
3.Uses and Disclosures with Your Written Authorization: We will make other uses and disclosures of your information only with your written authorization. You may revoke your authorization by submitting a written notice to the Privacy Officer identified below. The revocation will not be effective to the extent we have already taken action in reliance on the authorization.
4. Your Rights Concerning Your Protected Health Information: You have the following rights concerning your protected health information. To exercise any of these rights, you must submit a written request to the Privacy Officer identified below.
You may request additional restrictions on the use or disclosure of information for treatment, payment, or healthcare operations. We are not required to agree to the requested restriction.
We normally contact you by telephone or mail at your home address. We will accommodate reasonable requests to contact you by alternative means or at alternative locations.
You may inspect and obtain a copy of records that are used to make decisions about your care or payment for your care. We may charge you a reasonable cost-based fee for providing the records. We may deny your request under limited circumstances, e.g., if we determine that disclosure may result in harm to you or others.
You may request that your protected health information be amended. We may deny your request for certain reasons, e.g. if we did not create the record or if we determine that the record is accurate and complete.
You may receive an accounting of certain disclosures we have made of your protected health information. You may receive the first accounting within a 12-month period free of charge. We may charge a reasonable cost-based fee for all subsequent requests during that 12-month period.
You may obtain a paper copy of this notice upon request. You have this right even if you have agreed to receive the notice electronically.
5. Changes to This Notice: We reserve the right to change the terms of our Notice of Privacy Practices at any time, and to make the new notice effective for all protected health information that we maintain. If we materially change our privacy practices, we will post a copy of the current notice in our reception area and on our website. You may obtain a copy of the Operative Notice from our receptionist or the Privacy Officer identified below.
6. Complaints: You may complain to us or to the Secretary of Health and Human Services if you believe your privacy rights have been violated. You may file a complaint with us by notifying our Privacy Officer identified below. All complaints must be in writing. We will not retaliate against you for filing a complaint.
7. Effective Date: This Notice is effective January 1, 2016.
Privacy Officer: Judy Backhaus
(208) 215-2128 ext. 1037
P.O. Box 1387 Hayden, ID 83835