HIPAA Privacy Policy Statement

HIPAA Policy Statement

Vital Podiatry Foot and Ankle Clinic works with industry groups to ensure that its products and services meet or exceed industry standards with respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Vital Podiatry’s services are specifically designed to include features that help our customers comply with HIPAA. Vital Podiatry  uses a relational database that employs a secure login process requiring a username and password. Vital Podiatry  programmers work with material which may occasionally contain ePHI.  All aforementioned programmers go through a clearance process and are required to have unique usernames and passwords when working with the server. When a user adds or modifies data within the database, a record is made that includes which data were changed, the user ID, and the date and time the changes were made. This establishes an audit trail that can be examined by authorized system administrators.

Business Associate

HIPAA requires health care providers to enter into “business associate” contracts with certain businesses to which they disclose patient health information. These business associate contracts generally require the recipients of such information to use appropriate safeguards to protect the patient health information they receive. To perform certain service and support functions, Vital Podiatry  personnel may need access to patient health information maintained by its customers. As a result, Vital Podiatry  may be considered a “business associate” of customers to whom it provides such services.

Vital Podiatry ’s business associate agreement will assure its customers that the company will use patient information obtained from them to provide services and support only and will safeguard that information from misuse.

We are committed to your privacy

We understand that information about you and your health is very personal. We strive to protect our patients’ privacy. We are required by law to maintain the privacy of our patients’ protected health information (“PHI”). We are also required to provide notice of our legal duties and privacy practices with respect to PHI and to abide by the terms of the Notice of Privacy Practices currently in effect. We reserve the right to change the terms of this Notice and to make a new Notice effective for all PHI we maintain.

We are committed to excellence in providing state-of-the-art health care services through the practice of patient care, education, and research. Below is a description of how your health information will be used and disclosed to advance this mission.

Uses and disclosures of your protected health information that do not require an authorization

Treatment. For example, doctors, nurses, and other staff members involved in your care will use and disclose your PHI to coordinate your care or to plan a course of treatment for you.

Payment. For example, we may disclose information regarding your medical procedures and treatment to your insurance company to arrange payment for the services provided to you.

Health Care Operations. For example, we may disclose your PHI for billing or interpreter support. We may use your PHI to conduct an evaluation of the treatment and services provided or to review staff performance. We may disclose your PHI for education and training purposes to doctors, nurses, technicians, medical students, residents, fellows and others.

Health Information Exchanges. We participate in initiatives to facilitate electronic sharing of patient information, including but not limited to Health Information Exchanges (HIEs). HIEs involve coordinated information sharing among HIE members for purposes of treatment, payment, and health care operations. You may opt out of Vital Podiatry’s information sharing through its HIE activities. If you wish to opt out, please speak with your patient/customer services associate or contact the Vital Podiatry Foot and Ankle Clinic as described below.

Our Facility Directory. We use information to maintain an inpatient directory listing your name, room number, general condition and, if you wish, your religious affiliation. Unless you choose to have your information excluded from this directory, the information (except for religious affiliation) may be disclosed to anyone who requests it by asking for you by name. This information, including your religious affiliation, may also be provided to members of the clergy, even if they do not ask for you by name. If you wish to have your information excluded from this directory, please contact your patient/customer services associate.

To Persons Involved in Your Care. As long as you do not object, we may, based on our professional judgment, disclose your PHI to a family member or other person if they are involved in your care or paying for your care. Similarly, we may also disclose limited PHI to an entity authorized to assist in disaster relief efforts for the purpose of coordinating notification to someone responsible for your care of your general condition or location.

Fundraising. We may contact you at times to donate to a fundraising effort on our behalf. If you wish to opt out of receiving these communications, EMAIL us @ info@vitalpodiatry.com

Communicating with You. We will use your PHI to communicate with you about a number of important topics, including information about appointments, your care, treatment options and other health-related services, payment for your care, and opportunities to participate in research, provided this research outreach is approved by the Vital Podiatry Review Board (IRB) and/or the IRB of Record, see Research section below.

We urge you to sign up for our patient portal to send and receive communications conveniently and securely and to share your preferences for how we contact you. The patient portal is www.vitalpodiatry.com

We may also contact you at the email, phone number or address that you provide, including via text messages, for these communications. If your contact information changes, it is important that you let us know. Texting and email are not 100% secure. Regarding text messages, please note that message and data rates may apply and you will have an opportunity to opt out.

Research. We may use and disclose your PHI as permitted by applicable law for research. This is subject to your authorization and/or oversight by the Vital Podiatry, committees charged with protecting the privacy rights and safety of human subject research.

Business Associates. At times, we need to disclose your PHI to persons or organizations outside Vital Podiatry who assist us with our payment/billing activities and health care operations. We require these business associates and their subcontractors to appropriately safeguard your PHI.

Other Uses and Disclosures. We may be permitted or required by law to make certain other uses and disclosures of your PHI without your authorization. Subject to conditions specified by law, we may release your PHI:

  • For any purpose required by law
  • For public health activities, including required reporting of disease, injury, birth and death, for required public health investigations, and to report adverse events or enable product recalls
  • To government agencies if we suspect child/elder adult abuse or neglect. We may also release your PHI to government agencies if we believe you are a victim of abuse, neglect or domestic
  • To your employer when we have provided screenings and health care at their request for occupational health and safety
  • To a government oversight agency conducting audits, investigations, inspections and related oversight functions
  • In emergencies, such as to prevent a serious and imminent threat to a person or the public
  • If required by a court or administrative order, subpoena or discovery request
  • For law enforcement purposes, including to law enforcement officials to identify or locate suspects, fugitives or witnesses, or victims of crime
  • To coroners, medical examiners and funeral directors
  • If necessary to arrange organ or tissue donation or transplant
  • For national security, intelligence, or protective services activities
  • For purposes related to your workers’ compensation benefits

Uses and disclosures of your protected health information based on a signed authorization

Except as outlined above, we will not use or disclose your PHI for any other purpose unless you have signed a form authorizing the use or disclosure. You may revoke an authorization in writing, except to the extent we have already relied upon it.

In some situations, a signed authorization form is required for uses and disclosures of your PHI, including:

  • Most uses and disclosures of psychotherapy notes
  • Uses and disclosures for marketing purposes
  • Disclosures that constitute the sale of PHI
  • Uses and disclosures for certain research protocols
  • As required by privacy law. The confidentiality of substance use disorder and mental health treatment records as well as HIV-related information maintained by us is specifically protected by state and/or federal law and regulations
  • Generally, we may not disclose such information unless you consent in writing, the disclosure is allowed by a court order, or in other limited, regulated circumstances

Your rights

Access to Your PHI. Generally, you can access and inspect paper or electronic copies of certain PHI that we maintain about you. You may readily access much of your health information without charge using the patient portal, which is www.vitalpodiatry.com

You may also access your information through the Health Information Management department, which you can contact at info@vitalpodiatry.com In line with set fees under federal and state law, we may charge you for a copy of your medical records.

Amendments to Your PHI. You can request amendments, or changes, to certain PHI that we maintain about you that you think may be incorrect or incomplete. All requests for changes must be in writing, signed by you or your representative, and state the reasons for the request. If we decide to make an amendment, we may also notify others who have copies of the information about the change. Note that even if we accept your request, we may not delete any information already documented in your medical record.

Accounting for Disclosures of Your PHI. In accordance with applicable law, you can ask for an accounting of certain disclosures made by us of your PHI. This request must be in writing and signed by you or your representative. This does not include disclosures made for purposes of treatment, payment, or health care operations or for certain other limited exceptions. An accounting will include disclosures made in the six years prior to the date of a request.

Restrictions on Use and Disclosure of Your PHI. You can request restrictions on certain of our uses and disclosures of your PHI for treatment, payment, or health care operations. We are not required to agree but will attempt to accommodate reasonable requests when appropriate.

Restrictions on Disclosures to Health Plans. You can request a restriction on certain disclosures of your PHI to your health plan. We are only required to honor such requests when services subject to the request are paid in full. Such requests must be made in writing and identify the services to which the restriction will apply.

Confidential Communications. You can request that we communicate with you through alternative means or at alternative locations, and we will accommodate reasonable requests. You must request such confidential communication in writing to each department you would like to accommodate the request.

Breach Notification. We are required to notify you in writing of any breach of your unsecured PHI without unreasonable delay and no later than 60 days after we discover the breach.