Below are the privacy policies of BrioMD both for this website and for personal health information.
Personal Health Information
Notice regarding BrioMD and the Health Insurance Portability and Accountability Act of 1996 (HIPAA):
Our Website Privacy Policies
We make the following assurances of privacy for visitors to our website:
- The BrioMD website is designed to provide useful information about our program and to connect users with physicians, facilities and services within BrioMD.
- We do hope that the information provided encourages the visitor to consider using BrioMD for medical care, and that we will provide you with information to help you make an informed decision or stay connected on a newsletter or similar type of outreach or marketing effort but you can always opt out.
- We keep track of visits to our website via an automatic monitoring program that tells us, among other things, how many visits are made to the site; the time of day and date of those visits; and the areas visited. This information is used to evaluate the effectiveness of our site and the effectiveness of any promotion of our site. It helps us answer questions such as these: Are we providing information on our website that is useful? Which information is most useful? How have we made you aware that our website exists?
- The monitoring program does not provide us with any personal information about a visitor. We cannot discern the name, address or any other personal information about visitors to our site.
- If we wish to gather such personal information, it will be requested via a form on the site that the user voluntarily completes and submits. The form will describe the way in which the information will be used.
Who Oversees Our Website
The information on our website is managed by BrioMD. Questions, concerns or suggestions can be directed to us using the contact us page.
All health-related information provided via our site is intended to educate and inform visitors about illnesses and conditions and ways to maintain optimum health. It is not intended to diagnose personal physical conditions and is not a substitute for consulting with one’s own personal health care provider.
Our Commitment To Data Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Notice of Privacy Practices
Your Information. Your Rights. Our Responsibilities.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
- You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. Ask us how to do this.
- We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee.
Ask us to correct your medical record
- You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
- We may say “no” to your request, but we’ll tell you why in writing within 60 days.
Request confidential communications
- You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
- We will say “yes” to all reasonable requests.
Ask us to limit what we use or share
- You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
- If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
Get a list of those with whom we’ve shared information
- You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
- We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice
You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
- If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
- We will make sure the person has this authority and can act for you before we take any action.
File a complaint if you feel your rights are violated
- You can complain if you feel we have violated your rights by contacting us using the information on page 1.
- You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.
- We will not retaliate against you for filing a complaint.
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
- Share information with your family, close friends, or others involved in your care
- Share information in a disaster relief situation
- Include your information in a hospital directory
In the case of fundraising:
We may contact you for fundraising efforts, but you can tell us not to contact you again. If you receive a fundraising communication, it will tell you how to opt out.
Our Uses and Disclosures
How do we typically use or share your health information?
We typically use or share your health information in the following ways.
We can use your health information and share it with other professionals who are treating you.
Example: A doctor treating you for an injury asks another doctor about your overall health condition.
Run our organization
We can use and share your health information to run our practice, improve your care, and contact you when necessary.
Example: We use health information about you to manage your treatment and services.
We may also use such information for auditing our clinical procedures, analyzing our cost of care, arranging for patient satisfaction surveys, fundraising and determining the need for new health care services
Bill for your services
We can use and share your health information to bill and get payment from health plans or other entities.
Example: We give information about you to your health insurance plan so it will pay for your services.
How else can we use or share your health information?
We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
Help with public health and safety issues
We can share health information about you for certain situations such as:
- Preventing disease
- Helping with product recalls
- Reporting adverse reactions to medications
- Reporting suspected abuse, neglect, or domestic violence
- Preventing or reducing a serious threat to anyone’s health or safety
We can use or share your information for health research.
Comply with the law
We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Address workers’ compensation, law enforcement, and other government requests
We can use or share health information about you:
- For workers’ compensation claims
- For law enforcement purposes or with a law enforcement official
- With health oversight agencies for activities authorized by law
- For special government functions such as military, national security, and presidential protective services
Respond to lawsuits and legal actions
We can share health information about you in response to a court or administrative order, or in response to a subpoena.
There are some services provided in our organization through contracts with business associates. Examples include transcribing your medical record, surveying for patient satisfaction, and a copy service we use when making copies of your health record. When services are provided by contracted business associates, we may disclose the appropriate portions of your health information to them so they can perform the job we have asked them to do. However, our business associates are also required by law to safeguard your information.
- We are required by law to maintain the privacy and security of your protected health information.
- We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
- We must follow the duties and privacy practices described in this notice and give you a copy of it.
- We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request in our facilities and on our web site.
Effective Date of this Notice: May 1, 2017
HIPAA Frequently Asked Questions:
What is HIPAA?
HIPAA stands for Health Insurance Portability and Accountability Act of 1996. The Act was developed by Congress to protect the confidentiality of a person’s medical information. It sets boundaries on the use and release of health records and establishes safeguards to protect the privacy of health information.
When does HIPAA go into effect?
The HIPAA Privacy Rule has a compliance deadline of April 14, 2003.
What is the difference between privacy and security of patient information?
Security is the ability to control access and protect information from accidental or intentional disclosures to unauthorized persons. It is done through the use of technical controls.
Privacy is the controlling of who is authorized to access patient information and under what circumstances patient information may be accessed, used, and/or disclosed to third parties. Privacy is controlled through policies and procedures.
Does HIPAA only protect patient information in electronic format?
No. HIPAA protects all patient information whether it is written or electronic.
Does HIPAA protect oral communication?
It ensures that appropriate safeguards are taken when oral communication to third parties and in open-access areas occurs.
Is all patient information protected?
With a couple of exceptions, protected health information (PHI) includes all individually identifiable health information that is transmitted or maintained in any form or medium. This includes demographic information that ties the identity of the individual to his or her health record. Examples are names, addresses, geographic codes smaller than state, all dates (except year) elements related to the person, telephone numbers, fax numbers, license numbers, social security numbers, etc. The information is protected if it can possibly identify the person.
One notable exception involves disclosures of patient information that are required by law. For example, we are required by law to report communicable diseases to the appropriate authorities.
Who is covered by the HIPAA privacy and security regulations?
Health care providers, insurance companies, and health care clearinghouses must all follow the HIPAA Privacy Rules. (A health care clearinghouse is an organization that received health care data and reformats the data for processing. This is typically used for sending information to health insurance companies and for billing purposes.)
What is an Acknowledgement of Receipt?
When you receive your Notice of Privacy Practices, either in the mail or from one of our staff members in person, you will be asked to sign an Acknowledgement of Receipt. By signing this document, you are saying that you received a copy of the Notice of Privacy Practices – not that you agree to everything in the Notice or have even read the Notice. We are required by the HIPAA privacy rule to make a good effort at obtaining an acknowledgement from every patient.
Can a family member or close friend who is involved in an individual’s health care be consulted/be involved in sharing health care information in the individual’s best interest?
The health care professional can use professional judgment when including a family member or close friend in an individual’s care. This includes the sharing of protected health information if it is in the best interest of the patient. If patients have the capacity to make their own decisions, then they must be consulted and given the opportunity to agree or object to the disclosure of protected health information to third parties.