1. General Statement

Structural Foundation Chiropractic will not use or disclose patient health information except as allowed by the HIPAA Privacy Rules and the provisions of this Manual.

2. Patient Authorization

2.1 General Statement.  Except in those situations described in Section C of this Manual, patient health information may not be disclosed unless a written authorization has been signed by the patient.

2.2 Valid Authorizations.  To be a valid authorization, the authorization must:

• Be in writing;
• Be signed and dated by the patient or his/her authorized representative;
• Not have expired or been revoked;
• Be filled out completely; and
• Not be combined with, or a part of, any other document.

2.3 Form of Authorization.  Structural Foundation Chiropractic shall ensure that patient authorizations are in a form the same as or similar to that found in Appendix C, or that the authorizations have the same or similar content as Appendix C.

2.4 Revocation of Authorization.  A patient may revoke his/her authorization at any time, so long as the revocation is in writing and signed by the patient. 

2.5 Copy to the Patient.  The patient must be given a copy of all authorizations he/she signs.

3. Verification

3.1 General Statement.  Prior to disclosing patient health information, Structural Foundation Chiropractic personnel should verify the identity and authority (where applicable) of the person or entity requesting the information.

3.2 Verification Protocols.  The following verification protocols will be followed by Structural Foundation Chiropractic personnel prior to making disclosures of patient health information:

3.2.1 As to patients:

3.2.1.1 If the patient appears in person and is know to Structural Foundation Chiropractic personnel, no verification is necessary; or

3.2.1.2 If the patient appears in person and is not known to Structural Foundation Chiropractic personnel, verification should be obtained by requesting photo identification, such as a driver’s license; or

3.2.1.3 If a person purporting to be a patient calls Structural Foundation Chiropractic, the identity of the person should be accomplished by asking simple identifying questions such as date of birth, Social Security number or mother’s maiden name.

3.2.2 As to law enforcement or other public officials:

3.2.2.1 If the request is made in person, Structural Foundation Chiropractic personnel should request to see the officer’s or official’s identification badge or official credentials; or

3.2.2.2 If the request is made in writing, it is sufficient if it is on appropriate government letterhead; or

3.2.2.3 If the request is made by a person acting on behalf of a public official, Structural Foundation Chiropractic personnel should obtain a written statement on appropriate government letterhead showing the authority of the person making the request.

Patient health information will not be given by telephone to law enforcement or public officials except as provided in Section C.5.

3.2.3 As to health care providers who are treating the patient or insurance companies paying for treatment:

3.2.3.1 If the health care provider or insurance company is known to Structural Foundation Chiropractic, no further verification is necessary; or

3.2.3.2 If the health care provider or insurance company is not known to Structural Foundation Chiropractic, a written request (by fax or mail) on their letterhead shall be requested for verification.

3.3 Documentation.  To the extent that verification is required by subsection 3.2, such will be documented or noted in the patient’s chart.

4. Limiting Disclosures and Request to the Minimum 

Necessary Information

4.1 General Rule.  Structural Foundation Chiropractic will make reasonable efforts to limit its disclosures of, and requests for, patient health information to the minimum necessary information needed to accomplish the purpose of the disclosure or request. Except as allowed below, Structural Foundation Chiropractic will not request or disclose the patient’s entire medical record unless such is justified to accomplish the purpose of the request.

4.2 Information Requests Received By Structural Foundation Chiropractic.  

4.2.1 For health information requests received by Structural Foundation Chiropractic on a routine and reoccurring basis, Structural Foundation Chiropractic develop and follow protocols that limit the information disclosed to that which is reasonably necessary to achieve the purpose for the request;

4.2.2 For all other requests, Structural Foundation Chiropractic will develop and follow criteria designed to limit the information disclosed to that which is reasonably necessary to achieve the purpose of the request and will review the request on an individual basis in accordance with that criteria.

4.3 Requests Made By Structural Foundation Chiropractic to Others for Information.

4.3.1 For health information requests made by Structural Foundation Chiropractic to others on a routine and reoccurring basis, Structural Foundation Chiropractic will develop and follow standard protocols that limit the information requested to that which is reasonably necessary to achieve the purpose for the request;

4.3.2 For all other requests, Structural Foundation Chiropractic will develop and follow criteria designed to limit the information requested to that which is reasonably necessary to achieve the purpose of the request, and will review the request on an individual basis in accordance with that criteria.

4.4 Exceptions.  Structural Foundation Chiropractic personnel will not be required to follow the rules stated above in the following situations:

• Disclosures or requests to a health care provider for purposes of treatment.
• Disclosures to the patient.
• Disclosures or requests made pursuant to the patient’s written authorization.
• Disclosures to Health and Human Services (HHS).
• Disclosures required by the HIPAA Privacy Rules.
• Disclosures required by law (see section C.4).

4.5 Minimum Necessary Workforce Access to Patient Health Information.  Structural Foundation Chiropractic personnel who do not have a legitimate need to have access to patient health information to carry out their duties shall be restricted from having such access. The privacy officer will determine, in his/her discretion, whether access should be denied to any Structural Foundation Chiropractic personnel.

5. Health Information of Deceased Patients

5.1 General Statement.  Health information of deceased patients will be given the same protections as health information of living patients.

5.2 Executors and Personal Representative.  Legally authorized executors or personal representatives of deceased patients are entitled to act on behalf of the deceased patient with respect to the patient’s health information. All patient rights and protections set forth in this Manual must be afforded to such executors or personal representatives.

6. Disclosures for Workers’ Compensation Purposes

Disclosures of patient health information for purposes of worker’ compensation benefits may be made pursuant to state workers’ compensation laws and regulations.

Section B: Disclosures Without Patient Authorization

1. General Statement

1.1 Disclosures Allowed Without Patient Written Authorization.  In the following circumstances, the Structural Foundation Chiropractic may disclose patient health information without the patient’s written authorization.

1.1.1 To the patient himself/herself, upon request.

1.1.2 To other persons or entities for purposes of:

• Structural Foundation Chiropractic’s treatment (as defined in Appendix H) of the patient.
• Obtaining payment (as defined in Appendix H) for Structural Foundation Chiropractic’s services.
• Structural Foundation Chiropractic’s “health care operations” (as defined in Appendix H).

1.1.3 To another health care provider for the purpose of that provider’s treatment of the patient.

1.1.4 To another health care providers or HIPAA covered entities (as defined in Appendix H) for the purpose of their making or obtaining payment for health care serviced provided to the patient.

1.1.5 To another HIPAA covered entity (as defined in Appendix H), but only if that entity either has or had a relationship with the patient whose health information is being requested, the information requested pertains to that relationship, and the information is for the purpose of the following “health care operations”:

1.1.5.1 Conducting quality assessment and improvement activities, provided that the obtaining of generalized knowledge is not the primary purpose of any studies resulting from such activities; population-based activities relating to improving health or reducing health care costs, protocol development, case management and care coordination; contacting of health care providers and patients with information about treatment alternatives; and related function that do not include treatment; or

1.1.5.2 Reviewing the competence or qualifications of health care professionals; evaluating practitioner and provider performance, or health plan performance; conducting training programs in which students, trainees or practitioners in areas of health care learn under supervision to practice or improve their skills as health care providers; training of non-health care professionals; accreditation, certification, licensing or credentialing activities.

2. Disclosures to Parents and Other Authorized Representatives

2.1 Guardians and Conservators.  If, under applicable state law, a person has legal authority to act for the patient as a guardian, conservator or holder of a power of attorney, Structural Foundation Chiropractic may treat that person as if he/she is the patient as to all matters within the scope of that representative’s authority. Structural Foundation Chiropractic personnel will request documentation (and keep a copy in the patient’s file) from the representative to verify their authority to act on behalf of the patient.

2.2 Parents of Unemancipated Minors.  If, under applicable state law, a parent or other person acting in loco parentis (a guardian or temporary custodian, foster parent, etc.) of an unemancipated minor has authority to act for the minor in making decisions related to health care, Structural Foundation Chiropractic may treat that person as if he/she is the patient and will grant him/her the same rights and protections set forth in this Manual. As to guardians, foster parents, or temporary custodians, Structural Foundation Chiropractic personnel will request documentation (and keep a copy in the patient’s file) to verify their authority to act on behalf of the patient. 

2.3 Domestic Violence, Abuse or Neglect.  Structural Foundation Chiropractic may decline to recognize a guardian, conservatory, parent or other personal representative, if under applicable state law, Structural Foundation Chiropractic has reason to believe that the patient has been or may be subjected to domestic violence, abuse or neglect by that person, or that recognizing such a person as the patient’s representative could endanger the patient.

2.4 Rights of Minors Under State Law.  If applicable state law allows an unemancipated minor to consent to obtain health care without parental consent, Structural Foundation Chiropractic will not treat the parent as the minor’s representative. 

3. Disclosures to Close Friends and Family Members

3.1 General Statement.  In the situations described below, Structural Foundation Chiropractic personnel may disclose patient health information to family members, relatives or close personal friends of the patient.

3.2 Disclosures to Family Members or Close Personal Friends.  Structural Foundation Chiropractic personnel may disclose to family members, relatives or close personal friends of the patient that health information directly relevant to such person’s involvement in caring for the patient or paying for the patient’s care if:

• The patient is physically present at the time of the disclosure and either agrees verbally or does not object to the disclosure, or Structural Foundation Chiropractic personnel reasonably infer from the circumstances that the patient does not object; or

• The patient is not physically present or is incapacitated (unconscious, sedated, etc.) and Structural Foundation Chiropractic personnel determine that a disclosure of limited information would be in the patient’s best interests. For example, Structural Foundation Chiropractic personnel may make limited disclosures to allow family, friends or relatives to pick up filled prescriptions, medical supplies, X-rays or similar items for the patient if Structural Foundation Chiropractic personnel determine that such would be in the patient’s best interests.

3.3 Other Disclosures to Caregivers.  Structural Foundation Chiropractic personnel may disclose patient health information to locate and notify a family member, personal representative or other person responsible for the patient’s care of the patient’s location, general condition or death if:

• The patient is physically present at the time of the disclosure and either agrees verbally or does not object to the disclosure, or Structural Foundation Chiropractic personnel reasonably infer from the circumstances.

• The patient is not physically present, is incapacitated (unconscious, sedated, etc.) or deceased, and Structural Foundation Chiropractic personnel determine that a disclosure of limited information would be in the patient’s best interests.

4. Disclosures Required by Law

4.1 General Statement.  In certain circumstances, as described below, Structural Foundation Chiropractic personnel may disclose patient health information when required by law to do so. In such situations, the disclosure of patient health information should always be limited to only that which is required by law.

4.2 Public Health Reporting.  Patient health information may be disclosed to:

• A public health authority that is authorized to receive information for the purpose of preventing or controlling disease, injury or disability (e.g., reporting of communicable diseases, births, deaths, etc.).

• A public health authority or other appropriate government authority authorized to receive reports regarding suspected child abuse or neglect (as defined by state law).

• Drug company representatives or medical device company representatives regulated by the FDA, for purposes of (1) reporting adverse events involving the drug or device; (2) tracking FDA related products; (3) enabling product recalls, repairs or replacements; or (4) conducting post marketing surveillance.

• A person who may have been exposed to a communicable disease or who may be at risk of contracting a disease or condition, if state law authorized the Structural Foundation Chiropractic to notify the person as part of a public health investigation or intervention.

4.3 Victims of Abuse, Neglect, Domestic Violence.  Structural Foundation Chiropractic personnel may disclose patient health information regarding a patient believed to be the victim of abuse (other than child abuse), neglect or domestic violence to a government authority authorized by law to receive reports of such abuse, neglect or domestic violence where:

• The disclosure is required by law;

• The patient agrees to the disclosure; or

• The disclosure is allowed by state law and Structural Foundation Chiropractic personnel believe the disclosure is necessary to prevent serious harm to the patient or other potential victims, or the patient is incapacitated and the law enforcement officer or authorized public official states that the information will be not used against the patient and that waiting for the information would adversely impact immediate enforcement activity.

If a disclosure of patient health information is made for the reasons described in this subsection 4.3, the patient must be informed that the disclosure has been or will be made unless informing the patient would put him/her at risk of serious harm. Structural Foundation Chiropractic personnel need not inform a parent, guardian, conservator or other personal representative of the disclosure if it is reasonably believed that such a person is responsible for the abuse, neglect and domestic violence, and that informing them would not be in the patient’s best interests.

4.4 Health Oversight Activities.  Structural Foundation Chiropractic personnel may disclose patient health information to federal or state agencies for purposes of:

• audits;
• civil, administrative or criminal investigations or proceedings;
• inspections; or
• licensure or disciplinary actions;

relating to oversight of the health care system, government benefit programs and regulation of government programs for which health information is necessary.

4.5 Judicial and Administrative Proceedings.  Structural Foundation Chiropractic personnel may disclose patient health information in relation to a judicial or administrative proceeding – 

4.5.1 When ordered to do so by a court or administrative tribunal; or

4.5.2 Upon receipt of a subpoena or discovery request if – 

4.5.2.1 Structural Foundation Chiropractic receives an appropriate protective order from the court or tribunal that prohibits the parties to the case from using or disclosing the information for any purpose other than the proceeding, and requires the return to Structural Foundation Chiropractic or destruction of the health information at the end of the proceeding; or

4.5.2.2 The patient has been notified in writing of the request for his/her health information, and the notice gave the patient sufficient information about the proceeding in order to allow the patient to raise an objection to the court or tribunal by a certain date, and the patient has not objected to the disclosure within the specified time period, or the court/tribunal has resolved the patient’s objections.

4.6 Law Enforcement.  

4.6.1 Disclosures required by orders, warrants or subpoenas.  Structural Foundation Chiropractic personnel may disclose patient health information to a law enforcement official for law enforcement purposes in the following situations:

• Where state law requires the reporting of certain types of wounds or injuries (e.g., gunshot wounds);

• Upon receipt of a court order or court ordered warrant;

• Upon receipt of a subpoena or summons issued by a judicial officer;

• Upon receipt of a grand jury subpoena; or

• Upon receipt of an administrative subpoena, summons or investigative demand

4.6.2 Identification of suspects, fugitives or witnesses.  Other than in those situations described in subsections 4.6.1, above, Structural Foundation Chiropractic personnel may disclose only the following limited patient health information to law enforcement officials in response to their request made for purposes of identifying or locating a suspect, fugitive, material witness or missing person:

• Name and address

• Date and place of birth
• Social Security number
• ABO blood type and Rh factor
• Type of injury
• Date and time of treatment
• Date and time of death, if applicable
• A description of distinguishing characteristics

4.6.3 Patients who are crime victims.  Structural Foundation Chiropractic personnel may disclose patient health information to a law enforcement official about a patient who is the victim of a crime if:

• The patient agrees to the disclosure; or

• Structural Foundation Chiropractic is unable to obtain the patient’s agreement due to his/her incapacity and the law enforcement official states that the information is needed to determine whether a crime was committed by someone other than the patient, immediate action depends on the disclosure and disclosure would be in the patient’s best interests.

4.7 Coroners and Funeral Directors.  

4.7.1 Structural Foundation Chiropractic personnel may disclose health information of a deceased patient to a coroner for the purpose of identifying a deceased person, determining the cause of death or other duties authorized by law.

4.7.2 Structural Foundation Chiropractic personnel may disclose health information of a deceased patient to a funeral director pursuant to applicable state law.

5. Disclosures to Prevent Serious Threats to Health or Safety

5.1 Unless otherwise prohibited by state law or professional ethical standards, Structural Foundation Chiropractic personnel may disclose patient health information if such disclosure – 

5.1.1 Is necessary to prevent a serious and imminent threat to the health or safety of a person or the pubic, and is made to someone reasonably able to prevent the threat, including the target of the threat; or

5.1.2 Is necessary for law enforcement authorities to identify or apprehend the patient – 

5.1.2.1 because of a statement by the patient admitting participation in a violent crime that caused serious physical harm to the victim; or

5.2.1.2 where it appears that the patient has escaped from a correctional institution or from law custody.

5.2 A disclosure made pursuant to subsection 5.1.2.1, above, must be limited to only the patient’s statement and the following information:

• Name and address
• Date and place of birth
• Social Security number
• ABO blood type and Rh factor
• Type of injury
• Date and time of treatment
• Date and time of death, if applicable
• A description of distinguishing physical characteristics

6. Disclosures to Business Associates

6.1 Definition of Business Associates.  “Business associates” are third parties who provide services for Structural Foundation Chiropractic and in so doing have access to patient health information. (Examples include: transcriptionists, billing services, clearinghouses, attorneys, accountants, collection agencies, etc.) Other treating health care providers are not business associates. (A more extensive definition may be found in Appendix H.)

6.2 Requirement for Business Associate Agreements.  Structural Foundation Chiropractic may disclose patient health information to its business associates if and only if the business associate has signed an agreement to protect patient privacy by following HIPAA Privacy Rules.

6.3 Time for Obtaining Business Associate Agreements.  

6.3.1 If possible, Structural Foundation Chiropractic shall have all of its current business associates sign an agreement the same as or similar to that found in Appendix B to this Manual prior to April 14, 2003.²

6.3.2 Those business associates with whom Structural Foundation Chiropractic forms a relationship after April 14, 2003, must sign an agreement the same or similar to that found in Appendix B. Patient health information may not be disclosed to business associates who fail or refuse to sign agreements by these dates.

6.4 Privacy Violations by Business Associates.  If Structural Foundation Chiropractic or any of its personnel become aware that a business associate has violated or is violating its obligations under the business associate agreements, Structural Foundation Chiropractic shall:

• Contact the business associate and request that such violations cease immediately; or
• If the request to cease violations is not followed, terminate its relationship with the business associate.

²  The Privacy Rules allow for a grace period until April 14, 2004 to have business associates provisions added to existing contractual relationships. Structural Foundation Chiropractic, however, will attempt to have all business associate agreements in place, if possible, by the general compliance date of April 14, 2003. If this is not possible, such agreements will be obtained, at the latest, by April 14, 2004.

7. Other Disclosures Which May Not Require Patient

Authorization

7.1 Research.  Structural Foundation Chiropractic may use or disclose patient health information for purposes of research projects provided that – 

• Structural Foundation Chiropractic obtains documentation that a waiver of patient authorization has been approved by either (1) an institution of review board (IRB) established pursuant to federal law, or (2) a privacy board composed of members with varying backgrounds and appropriate professional competency as necessary to review research protocols, and the board has at least one member who is not affiliated with Structural Foundation Chiropractic or any entity conducting the research;

• Structural Foundation Chiropractic obtains from the researcher a signed statement that patient health information is sought solely to prepare a research protocol for similar purposes preparatory to research and that no health information will be removed from Structural Foundation Chiropractic by the researcher in the course of his/her review; and

• The IRB or privacy board has determined that there is a minimal privacy risk to patients, there is an adequate plan to protect patient identifying information, and there is an adequate plan to destroy patient identifiers at the appropriate time consistent with the research.

7.2 Marketing.

7.2.1 General Statement.  “Marketing” means communications about a product or service that encourages someone to buy or use the product or service.

7.2.2 Marketing activities that do not require authorization.  Structural Foundation Chiropractic may engage in the following marketing activities (as defined in 7.2.1) without obtaining patient authorization:

• Communications to patients regarding their treatment;

• Communications regarding the case management or coordination of care of the patients;

• Recommendations to the patient regarding alternative treatments, therapies or health care providers; or

• Face-to-face discussions with the patient regarding health care products or services, so long as Structural Foundation Chiropractic discloses any compensation it receives from the third parties to promote their products or services.

7.2.3 Other than those activities described in subsection 7.2.2, marketing activities require written patient authorization.

Section C: Patient Rights

1. General Statement

Structural Foundation Chiropractic personnel will recognize, uphold and enforce all patient rights established by the HIPAA Privacy rules, and as set forth in this Section D of the Manual.

2. Right to Notice

All patients of Structural Foundation Chiropractic have a right to receive a notice of the Structural Foundation Chiropractic’s privacy policies and procedures. Structural Foundation Chiropractic will prepare and post a notice of privacy practices. This notice will be provided to all patients on their first visit to Structural Foundation Chiropractic after April 14, 2003. The notice will be posted in Structural Foundation Chiropractic’s lobby or reception area in a location accessible to all patients. If Structural Foundation Chiropractic maintains a website, the notice of privacy practices will be posted on the website.

3. Right to Request Restrictions

3.1 General Statement.  Patients have a right to request that Structural Foundation Chiropractic restrict the uses or disclosures of patient health information to carry out treatment, payment or health care operations, and have a right to request that Structural Foundation Chiropractic restrict disclosures made to family, relatives and close personal friends.

3.2 Written Request.  Patients who request restrictions on the use or disclosure of their health information will be asked to fill out the Restriction Request Form as found in Appendix K.

3.3 Procedure.  If Structural Foundation Chiropractic receives a written request to restrict the uses and disclosure of patient health information, the request will be referred to the privacy officer for handling. The privacy officer will notify that patient in writing within a reasonable time as to whether Structural Foundation Chiropractic will agree to the restriction. If the privacy officer advises the patient that it will not agree to the restriction, no further action is necessary. If Structural Foundation Chiropractic advises the patient that it will abide by the restriction, a notation will be made prominently in the patient’s chart, and Structural Foundation Chiropractic will abide by that restriction from that date forward.

3.4 Disclosures Required by Law.  Structural Foundation Chiropractic will not agree to restrict disclosures of health information that are required by law. 

3.5 Termination of Restrictions.  If Structural Foundation Chiropractic has agreed to a restriction on uses or disclosures of health information, it may terminate that agreement by advising the patient in writing that the termination will only be effective with respect to health information created or received after written notification to the patient. As to health information created or received prior to that date, the restriction must be followed.

3.6 Documentation.  All patient requests for restrictions along with Structural Foundation Chiropractic’s response thereto, shall be kept for a minimum of six (6) years from the date of the document(s).

4. Right to Confidential Communications

4.1 General Statement.  Patients have a right to request reasonable accommodations in receiving communication of their health information by alternative means or alternative locations.

4.2 Written Request.  Patients who request confidential communications will be asked to fill out the Request for Confidential Communications form, as found in Appendix L. 

4.3 Procedure.  Upon receipt of a request for confidential communications, the privacy officer will evaluate the request. If the request is reasonable, the privacy officer will note the request prominently in the patient’s chart and adhere to the request. For example, if the patient requests that all communications be sent to an address different than the patient’s home address, Structural Foundation Chiropractic will adhere to that request and note it in the patient’s chart. If the request is not reasonable, the privacy officer will notify that patient that the request has been rejected.

4.4 Conditions to Providing Confidential Communications.  As a condition to providing confidential communications at the patient’s request, Structural Foundation Chiropractic may require that the patient provide assurances as to how payment for services will be provided.

4.5 No Demand for Explanations.  Structural Foundation Chiropractic may not require an explanation from patients as to the reason for requesting confidential communications.

4.6 Documentation.  All patient requests for confidential communications, along with Structural Foundation Chiropractic’s response thereto, shall be kept for a minimum of six (6) years from the date of the document(s).

5. Right to Access

5.1 General Statement.  Patients have a right to inspect and obtain a copy of their health information except as noted herein.

5.2 Procedure.  Structural Foundation Chiropractic may require that the patient request in writing to have access to his/her health information. Upon receipt of such a request, Structural Foundation Chiropractic will provide the patient with an opportunity to inspect his or her health information within the following time frames:

• For records that are maintained on site, Structural Foundation Chiropractic will provide access within 30 days from the receipt of the request from the patient;

• For records not maintained on site, Structural Foundation Chiropractic will provide access within 60 days of the date of receipt of the request from the patient. 

5.2.1 Structural Foundation Chiropractic will provide the patient with the health information in readable hard copy form. Structural Foundation Chiropractic may provide the patient with a summary of the health information in lieu of providing access to the records themselves if and only if the patient agrees to receiving a summary and the patient agrees in advance to paying the fees imposed, if any, for Structural Foundation Chiropractic providing the summary.

5.2.2 Structural Foundation Chiropractic will provide a convenient time and place for the patient to inspect his/her health information or to obtain a copy of the information. This may include simply mailing a copy of the information to the patient if that is acceptable to the patient. 

5.2.3 Structural Foundation Chiropractic may charge a reasonable, cost-based fee for providing the patient with access to his/her health information. That fee may include copying charges, including the cost of supplies for and labor of copying. Structural Foundation Chiropractic may also charge postage if the patient has requested that the information be mailed. If the patient has agreed to a summary, Structural Foundation Chiropractic may charge the costs of preparing the summary.

5.2.4 All requests by patients for access to health information will be referred to the privacy officer. In those circumstances in which access to health information is denied, the privacy officer will determine if some part of the patient’s record may be disclosed without objection. If so, that portion of the record may be disclosed. As to all other parts of the record for which access is denied, the privacy officer will provide a timely, written denial to the patient stating the basis for the denial and, if applicable, the patient’s right to have the denial reviewed. The written notice must also explain to the patient that they may complain regarding the denial of access either to Structural Foundation Chiropractic or to the Secretary of HHS. This notice will include the name, title and telephone number of the privacy officer.

5.2.5 All documentation regarding patient requests for access and any denials thereof, or any other documentation maintained under this subsection, must be retained by Structural Foundation Chiropractic for a minimum of six (6) years from the date of the document(s).

5.3 Denial of Access.  

5.3.1 Unreviewable grounds for denial.  Structural Foundation Chiropractic may deny patients access to health information that is created, maintained or is otherwise subject to the Clinical Laboratory Improvements Amendments of 1988 (CLIA) to the extent that providing access would be prohibited by that law, or where such information is made exempt under the CLIA law. In addition, a patient who is part of a research program may have his/her right of access temporarily suspended for as long as the research is in progress, provided that the patient has agreed to the denial of access at the time that he/she consented to participate in the research.

5.3.2 Reviewable grounds for denial.

5.3.2.1 Structural Foundation Chiropractic may deny the patient access to his/her health information if Structural Foundation Chiropractic reasonably believes that such access is likely to endanger the life or physical safety of the patient or another person, or that the information makes reference to another person and Structural Foundation Chiropractic believes that allowing access may cause substantial harm to that person.

5.3.2.2 Structural Foundation Chiropractic may deny access to a guardian, conservator or parent where Structural Foundation Chiropractic believes that such a person is likely to cause substantial harm to the patient or another person by having access to the patient’s health information.

5.3.2.3 If access to the patient’s health information is denied for the above reasons, the patient has a right to have the denial reviewed by a licensed health care professional designated by Structural Foundation Chiropractic as a reviewing official. This health care professional must be someone who did not participate in the original decision to deny access. Structural Foundation Chiropractic will abide by the decision of that reviewing health care professional, to either grant or deny access to the patient. 

6. Right to Amend

6.1 General Statement.  Patients have a right to request that Structural Foundation Chiropractic amend their health information.

6.2 Procedure.  Structural Foundation Chiropractic will follow the following procedures when a request to amend is received from a patient. 

6.2.1 Written request.  Patients who request amendments or corrections to their health information will be asked to fill out the Request for Correction/Amendment of Health Information form, as found in Appendix J. The requests will be referred to the privacy officer.

6.2.2 Response to the patient’s request.  After a reasonable investigation, the privacy officer will determine whether Structural Foundation Chiropractic will grant or deny the request to amend. The privacy officer will respond in writing to the patient’s request within 60 days from the date of the request by either granting the amendment, or advising the patient of the denial of the request, as described below.

6.2.2.1 Acceptance of amendment.  If Structural Foundation Chiropractic accepts the patient’s request for amendment, it will amend the patient’s record and provide an appropriate link or reference to the location of the amendment. Structural Foundation Chiropractic will also make reasonable efforts to provide the amendment within a reasonable time to those persons identified by the patient as having received health information about the patient and who need the amendment, and those persons, including business associates, who Structural Foundation Chiropractic knows may have relied upon the information that is subject to the amendment.

6.2.2.2 Denial of amendment.  If Structural Foundation Chiropractic determines to deny an amendment, it must provide the patient with a timely, written denial stating the basis for the denial, with the patient’s right to submit a statement disagreeing with the denial and how the patient may file that statement. In addition, Structural Foundation Chiropractic must inform the patient that he/she may request that Structural Foundation Chiropractic provide a copy of the patient’s request for amendment and the denial with any future disclosures of health information regarding the patient. Structural Foundation Chiropractic must advise the patient that he/she is entitled  to make a complaint and how such complaints may be submitted to Structural Foundation Chiropractic or Secretary of HHS. This notice must include the name or title and telephone number of Structural Foundation Chiropractic’s privacy offer. If the patient, upon denial of the request to amend, submits a written statement disagreeing with the denial, Structural Foundation Chiropractic must include that statement with the patient’s records and include that statement with any subsequent disclosure of the patient’s health information to which that disagreement relates.

6.2.3 Structural Foundation Chiropractic may deny a patient’s request for amendment if the privacy officer determines that the health information subject to the request – 

• was not created by Structural Foundation Chiropractic;
• is not part of the patient’s chart;
• would not be available for inspection under the provisions of this Manual; or
• is accurate and complete

6.3 Documentation.  All patient requests to amend their health information, along with Structural Foundation Chiropractic’s response thereto, shall be kept for a minimum of six (6) years from the date of the document(s).

7. Right to an Accounting

7.1 General Statement.  Patients have a right to receive an accounting of disclosures of their health information made by Structural Foundation Chiropractic and its business associates in the six (6) years prior to the date the accounting is requested.

7.2 Procedure.  Patients requesting an accounting will be asked to make the request in writing. All requests for an accounting will be referred to the privacy officer. In responding to such requests, the privacy officer will follow the following procedures:

7.2.1 The privacy officer will respond to the patient’s request no later than 60 days from the receipt of the request by providing the patient with a written accounting using the form in Appendix G.

7.2.2 Structural Foundation Chiropractic will retain a copy of all requests for accountings from patients as well as the accounting provided by Structural Foundation Chiropractic to the patient for a minimum of six (6) years from the date of the document(s).

7.3 Suspension of the Right to an Accounting.  Structural Foundation Chiropractic may temporarily suspend he patient’s right to receive an accounting of disclosures made to a health oversight agency or a law enforcement official for the time specified by that agency or official if giving the accounting would impede the agency’s activities. 

7.4 Exceptions.  Patients shall have no right to an accounting as to disclosures – 

• To carry out treatment, payment or health care operations (as defined in Appendix H);
• To the patient;
• Incident to a use or disclosure otherwise permitted by this Manual or the HIPAA Privacy Rules;
• Pursuant to an authorization signed by the patient;
• To correctional institutions or law enforcement officials; or
• That occurred prior to April 14, 2003.

8. Waivers of Patient Rights and Non-Retaliation

8.1 No Waivers of Privacy Rights.  No patient or prospective patient will be asked to waive their rights under the HIPAA Privacy Rules as a condition to receiving health care services from Structural Foundation Chiropractic. 

8.2 Non-Retaliation Policy.  Structural Foundation Chiropractic personnel will not intimidate or retaliate against patients who seek to inquire about, enforce or complain regarding their rights under the HIPAA Privacy Rules or this Manual.

Section D: Organizational Matters

1. Notice of Privacy Practices

1.1 Preparation of the Notice.  Structural Foundation Chiropractic will prepare a Notice of Privacy Practices the same or similar to that found in Appendix A. The Notice will contain those provisions required by the HIPAA Privacy Rules, and will be in two sections: a summary and an attached Notice of Privacy Rules (Notice). The entire Notice will be provided to patients.

1.2 Providing the Notice to Patients.  Structural Foundation Chiropractic will provide the Notice to each new patient who comes to Structural Foundation Chiropractic after April 14, 2003; for existing patients, Structural Foundation Chiropractic will provide the Notice at the time of the patient’s first visit to Structural Foundation Chiropractic after April 14, 2003.

1.3 Posting the Notice.  The Notice will be posted or located prominently in Structural Foundation Chiropractic’s lobby or reception area. If Structural Foundation Chiropractic has multiple offices or other locations where health care is provided, the Notice will be posted in each location. If Structural Foundation Chiropractic has a website, the Notice will be posted on the website.

1.4 Patient Acknowledgement.  Structural Foundation Chiropractic personnel will make a good faith effort to have each patient acknowledge in writing his/her receipt of the Notice at the time the Notice is provided pursuant to subsection 1.2, above. Acknowledgment may be accomplished by:

• The patient signing and dating a separate acknowledgment form;
• The patient checking off a box on an intake form signed and dated by the patient; or
• The patient initialing/signing and dating the Notice itself.

Notation will be made as to patients who refuse to acknowledge the receipt of the Notice.

1.5 Document Retention.  Structural Foundation Chiropractic will retain patient acknowledgment for a minimum of six (6) years from the date they are signed.

2. Patient Complaints

2.1 Notice to Patients.  Structural Foundation Chiropractic will notify its patients, through the Notice of Privacy Practices, that they may make complaints regarding the Practice’s policies, procedures and practices with respect to the HIPAA Privacy Rules. The Notice will also set forth the complaint process described below.

2.2 Procedure for Patient Complaints.  

2.2.1 Patient complains must be submitted in writing to the contact person designated by Structural Foundation Chiropractic using the form in Appendix F.

2.2.2 Patient complaints will be reviewed by the privacy officer, and appropriate investigation, if any, will be conducted to develop the necessary information regarding the complaint.

2.2.3 Within fifteen (15) days of receiving the written complaint, the privacy officer will advise the patient, in writing, of the privacy officer’s determination regarding the complaint, and the measures, if any, which will be taken by Structural Foundation Chiropractic to mitigate and improper uses or disclosures of protected health information. 

2.2.4 If the patient requests information to make a complaint to HHS, the privacy officer will provide the patient with HHS’s address as follows:

Office of Civil Rights

U.S. Department of Health and Human Services

200 Independence Avenue, S.W.

Room 509F, HHH Building

Washington, D.C.  20201

(202) 619-0257

Email:  ocrmail@hhs.gov

2.3 Document Retention.  All documentation received or prepared in relation to a patient complaint will be kept for minimum of six (6) years.

2.4 Non-Retaliation Policy.  Structural Foundation Chiropractic personnel will not retaliate against any patient who submits a complaint. 

3. Mitigation of Improper Disclosures

If Structural Foundation Chiropractic learns of an improper disclosure of patient health information, either through patient complaint or otherwise, Structural Foundation Chiropractic will take immediate action to mitigate the impact of the disclosure to the extent possible. Structural Foundation Chiropractic will also seek to mitigate, to the extent practicable, any improper disclosure of its business associates. 

4. Privacy and Security Safeguards

Structural Foundation Chiropractic will implement administrative, technical and physical safeguards to protect the privacy of patient health information as appropriate to the size, resources and circumstances of Structural Foundation Chiropractic. These safeguards will be implemented with the intent of preventing or reducing improper or unauthorized disclosures of patient health information as set forth in the HIPAA Privacy Rules and this Manual. In particular, Structural Foundation Chiropractic will take reasonable steps to prevent disclosures of patient health information in the following areas:

• reception and waiting room areas;
• hallways and treatment rooms;
• patient record storage areas;
• fax machines and photocopiers;
• computer terminals and computer systems;
• portable electronic devices (laptops, PDAs, cell phones); and
• e-mail and other Internet communication. 

5. Record Retention and Disposal

5.1 Policies and Procedures Maintained.  Structural Foundation Chiropractic will keep and maintain policies and procedures designed to ensure compliance with the HIPAA Privacy Rules.

5.2 Document Retention Period.  Structural Foundation Chiropractic will retain, for a minimum of six (6) years, all records, documents or information generated, created or required to be kept under the policies and procedures in the Manual, or as otherwise required by the HIPAA Privacy Rules. 

5.3 Storage in Secure Locations.  Records and information of Structural Foundation Chiropractic will be kept or stored in safe, secure locations. Structural Foundation Chiropractic records stored offsite will be placed only in secure facilities. 

5.4 Disposal of Patient Health Information.  Patient health information (in whatever format or medium) will be disposed of using appropriate methods. Hard copy (paper) records will be disposed of by means of shredding, incineration or other methods that obliterate any identifying information in such records. Hard copy records or other health information will never be disposed of by placing such in a trash receptacle or dumpster. 

APPENDICES

1. Notice of Privacy Practices 
2. Sample Business Associate Agreement
3. Patient Authorization to Release Health Information
4. Practice Resolutions
5. Privacy Training and Education Log
6. Patient Complaint Form
7. Accounting of Disclosures Form
8. Glossary of Terms
9. HIPAA Resources
10. Request for Correction/Amendment of Health Information
11. Restriction Request Form
12. Request for Confidential Communications
13. FAQs:  Frequently Asked Questions
14. Quick Reference Regarding Disclosures Requiring/Not Requiring Written Patient Authorization