HIPAA Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW YOUR MEDICAL INFORMATION MAY BE USED
AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.

Wilcrest Medical Group, P.A.
Online Form: Contact Us
Effective date: April 1, 2021

Summary
This is a summary of how we may use and disclose your protected health information and your
rights and choices when it comes to your information. We will explain these in more detail on
the following pages.


Purpose
Wilcrest Medical Group partners with certain Health Professionals and Labs (collectively “Health Care Providers” or “we”) that are independent third-parties that work together to
provide you with services. We are legally required to maintain the privacy of your protected
health information (“PHI”) under the Health Insurance Portability and Accountability Act
(“HIPAA”) and other federal and state laws.


As part of our commitment and legal compliance, we are providing you with this Notice of
Privacy Practices (“Notice”). This Notice describes:


● Our legal duties and privacy practices regarding your PHI, including our duty to notify
you following a data breach of your unsecured PHI.
● Our permitted uses and disclosures of your PHI.
● Your rights regarding your PHI.


Contact
If you have any questions about this Notice, please contact us at 1-888-789-5639 ext 1095.


Our Uses and Disclosures
We may use and disclose your PHI for health care operations as we:
● Treat you.
● Bill for services.
● Run our organization.
● Comply with the law.
● Address law enforcement, or other government requests.
● Respond to lawsuits and legal actions.
● Help with public health and safety issues.
● Do internal research for product enhancement.
● Work with a medical examiner or funeral director.


Your Choices
You may limit how we use and disclose your PHI as we:
● Communicate with you.
● Share information about your condition with family and friends at your direction.
● Market our products and services.


For these purposes, you can tell us what elements of your PHI we can share. If you have a clear
preference for how we share your PHI in the situations described below, please contact us at
compliance@stdcheck.com and we will make reasonable efforts to follow your instructions.


You have both the right and the choice to tell us whether and how to:
● Share information, such as your PHI, general condition, or location, with your family,
close friends, or others involved in your care.
● Share information in a disaster relief situation.


We may share your PHI if we believe it is in your best medical interest, according to our best
judgment, and:
● If you are unable to tell us your preference, for example, if you are unconscious.
● When needed to lessen a serious and imminent threat to health or safety.


We never share your PHI for marketing purposes unless you authorize us to do so in writing.


Other than a custodian transfer in the context of a merger, acquisition or other corporate
reorganization, we do not sell your PHI.


PHI Defined
Your PHI:
● Is health information about you:
○ which someone may use to identify you; and
○ which we keep or transmit in electronic, oral, or written form.
● Includes information such as your:
○ name;
○ contact information;
○ past, present, or future physical or medical conditions;
○ payment for health care products or services; or
○ prescriptions.


Scope
We create a record of the care and health services you receive, to provide your care and to
comply with certain legal requirements. This Notice applies to all the PHI that we generate or
receive.


We and our employees and other workforce members follow the duties and privacy practices that
this Notice describes and any changes to this Notice once they take effect.


Changes to this Notice
We can change the terms of this Notice, and the changes will apply to all PHI we have about
you. The new Notice will be available on request and on our website.


Data Breach Notification
We will promptly notify you if a data breach occurs that may have compromised the privacy or
security of your PHI. We will notify you within the legally required timeframe but no later than
60 days after we discover the breach. Generally, we will notify you in writing, by mail or email
if you have provided us with your current email address and you have previously agreed to
receive notices electronically. In some circumstances, our business associates may provide the
notification. In limited circumstances when we have insufficient or out-of-date contact
information, we may provide notice of a breach in a legally acceptable alternative form.


Uses and Disclosures of Your PHI
Applicable law permits or requires us to use or disclose your PHI for various reasons, which we
explain in this Notice. We have included some examples, but we have not listed every
permissible use or disclosure. When using or disclosing PHI, or requesting your PHI from
another source, we will make reasonable efforts to limit our use, disclosure, or request to the
minimum amount of your PHI we need to accomplish our intended purpose.


Uses and Disclosures for Treatment, Payment, or Health Care Operations
● Treatment. We may use or disclose your PHI and share it with other health professionals
who are treating you, including doctors, nurses, technicians, medical students, or hospital
personnel involved in your care. For example, we might disclose information about your
overall health condition with physicians who are treating you for a specific injury or
condition.
● Payment. We may use and disclose your PHI to bill and receive payment for services we
provide to you.
● Health Care Operations. We may use and disclose your PHI to run our practice and
improve your care. For example, we may use your PHI to manage the services you
receive or to monitor the quality of our health care services.


Other Uses and Disclosures
We may share your PHI in other ways, usually for public health or research purposes or to
contribute to the public good. For more information on permitted uses and disclosures, see
www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. For example, these other
uses and disclosures may involve:
● Our Business Associates. We may use and disclose your PHI to outside persons or
entities that perform services on our behalf, such as auditing, legal, or transcription
(Business Associates). HIPAA requires our business associates and their subcontractors
to protect your PHI in the same way we do. We also contractually require these parties to
use and disclose your PHI only as permitted under this Notice and HIPAA and to
appropriately safeguard your PHI.
● Legal Compliance. For example, we will share your PHI if the U.S. Department of
Health and Human Services requires it when investigating our compliance with HIPAA
privacy requirements.
● Public Health and Safety Activities. For example, we may share your PHI to:
○ prevent disease;
○ report suspected child neglect or abuse or domestic violence; or
○ avert a serious threat to public health or safety.
● Responding to Legal Actions. For example, we may be required to disclose your PHI to
respond to:
○ a court or administrative order or subpoena;
○ discovery request; or
○ another lawful process.
● Law Enforcement, or Other Government Requests. For example, we may be required
to disclose your PHI for:
○ health oversight activities by federal or state agencies;
○ law enforcement purposes; or
○ specialized government functions, such as military and veterans’ activities, national
security and intelligence, presidential protective services, or medical suitability.


Uses and Disclosures that Require Authorization
In the following cases we will only share your PHI if you give us written authorization:
● Marketing third-party services.
● Use or share your information with a third-party for research purposes
● Other uses and disclosures not described in this Notice.


You may revoke your authorization at any time, but it will not affect PHI that we already used
and disclosed prior to receiving your revocation.


Your Rights
When it comes to your PHI, you have certain rights, in addition to your right to receive a copy of
this Notice. This section explains your rights and some of our responsibilities to help you.
You have the right to:
● Inspect and Obtain a Copy of Your PHI. You have the right to see or obtain an
electronic or paper copy of the PHI that we maintain about you (right to request access).
Some clarifications about your access rights:
○ we require you to request access in writing by submitting a request to the address
above;
○ we may charge a reasonable, cost-based fee for the costs of copying, mailing, or other
supplies associated with responding to your request. This fee complies with
state/federal laws;
○ you may request that we direct a copy of your PHI to a third party of your choice on a
standing, regular basis. We require that you submit these requests in writing to the
address above; and
○ if you request a copy of your PHI, we will generally decide to provide or deny access
within 30 days, however, if we cannot act within 30 days, we will give you a reason
for the denial or delay in writing.
● Make Amendments. You may ask us to correct or amend PHI that we maintain about
you that you think is incorrect or inaccurate.
● Request Additional Restrictions. You have the right to ask us to limit the PHI we use or
share (right to request restrictions). You can contact us and request us not to use or
share certain PHI for treatment, payment, or operations or with certain persons involved
in your care. We require that you submit this request in writing to the address listed
above.
● Request an Accounting of Disclosures. You have the right to request an accounting of
certain PHI disclosures that we have made. For these requests:
○ we will respond no later than 60 days after receiving the request. We may ask for an
additional 30 days during this 60-day period, but if we do, we will only do it once,
provide a written statement of why, and indicate the date by which we intend to send
the response;
○ we will include all the disclosures except for those about treatment, payment, and
health care operations, and certain other disclosures, such as any you authorized us to
make; and
○ we will provide one accounting a year for free but will charge a reasonable, costbased fee if you ask for another one within 12 months. We will notify you about the
costs in advance and you may choose to withdraw or modify your request at that time.
● Choose Someone to Act for You. If you have given someone medical power of attorney
or if someone is your legal guardian, that person can exercise your rights and make
choices about your PHI. We will confirm the person has this authority and can act for you
before we take any action.
● Request Confidential Communications. You have the right to request that we
communicate with you about health matters in a certain way or at a certain location. For
example, you can ask that we only contact you at work or at a specific address. In
addition, you may consent to us communicate with you by e-mail or SMS messaging
regarding various aspects of your care, such as test results, prescriptions, appointment
reminders, and billing. For these requests:
○ we will not ask for the reason;
○ you must specify how or where you wish to be contacted; and
○ we will accommodate reasonable requests.
● Make Complaints. You have the right to complain if you feel we have violated your
rights. We will not retaliate against you for filing a complaint. You may file a complaint
either:
○ directly with us by contacting us at compliance@STDcheck.com. All complaints
directed to us must be submitted in writing; or
○ with the Office for Civil Rights at the US Department of Health and Human Services.
Send a letter to 200 Independence Avenue, S.W. Washington, D.C. 20201; call 1-
800-537-7697; or visit www.hhs.gov/ocr/privacy/hipaa/complaints/.

Acknowledgment of Receipt
I acknowledge that I received a copy of this Notice of Privacy Practices and that I read and
understood it. I understand that:
● I have certain rights regarding the use and disclosure of my PHI, which are listed in the
Notice.
● My Health Care Provider, directly or through its business associates and or their thirdparty providers, can and will use my PHI for purposes of my treatment, payment, and
health care operations.
● The Notice explains in more detail how my Health Care Provider may use and share my
PHI for other purposes.
● The Notice may be changed from time to time, and I can obtain a current copy of the
Notice by visiting my Health Care Provider’s website or contacting
compliance@STDcheck.com.