This Notice of Privacy Practices (the “Notice”) describes the legal obligations of Sole Supports, Inc. (“SSI”) and your legal rights regarding your protected health information held by SSI under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). This Notice describes how your protected health information may be used or disclosed to design, create and dispense Sole Supports Custom Orthotics. HIPAA requires us to provide this Notice of Privacy Practices to you.
As a Compliant organization, the HIPAA Privacy Rule protects certain medical information known as “protected health information.” Generally, protected health information is individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health care clearinghouse, a health plan, or your employer on behalf of a group health plan, which relates to:
- the patient's past, present or future physical or mental health or condition;
- providing health care to the patient; or
- making past, present or future payments for providing health care to the patient.
For Sole Supports, the only "protected health information" that we will store is the patient's Name, Date of Birth, Weight, doctor provided information regarding the patient's feet or posture, and 3D models of the patient's feet, obtained through a) foam casts, or b) 3D scanned images of foam casts.
3D Models of Foot Casts
The 3D models may be created using Apple's TrueDepth capability, or Occipital's StructureIO Scan technology. Sole Supports, Inc.'s policy regarding 3D models of foot casts is as follows:
Sole Supports will receive 3D models from Health Care Providers for the sole purpose of creating custom orthotics. The 3D models will not be used for any other purpose, except as outlined in the section titled "How We May Use and Disclose Your Protected Health Information" below.
Disclosure & Sharing
Sole Supports will not disclose or share the 3D models with any third party, except as outlined in the section titled "How We May Use and Disclose Your Protected Health Information" below.
Retention & Storage
Patient's 3D Models will be stored at Sole Supports for a maximum of 10 years for the purposes of creating multiple pair of custom orthotics. As Protected Health Information, the 3D models will be stored in accordance with HIPAA guidelines. You have the right to request review, auditing or deletion of the 3D models, as outlined in the section "Your Rights" below.
This Notice is effective October 1, 2013
We are required by law to:
- maintain the privacy of your protected health information;
- notify you of any breach of unsecured protected health information;
- provide you with certain rights with respect to your protected health information;
- provide you with a copy of this Notice of our legal duties and privacy practices with respect to your protected health information; and
- follow the terms of the Notice that is currently in effect.
How We May Use and Disclose Your Protected Health Information
We may use or disclose your protected health information in certain situations without your permission.
For Health Care Operations. We receive your protected health information from health care providers, who, in turn, may discuss your particular need with our customer service, clinical technicians or financial employees. All Sole Supports employees that handle protected health information are bound to follow appropriate safeguards regarding your protected health information.
Health Oversight Activities. We may disclose your protected health information to a health oversight agency for activities authorized by law. These oversight activities might include audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose your protected health information in response to a court or administrative order. We may also disclose your protected health information in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
As Required by Law. We will disclose your protected health information when required to do so by federal, state or local law. For example, we may disclose your protected health information when required by national security laws or public health disclosure laws.
Research. We may disclose your protected health information to researchers when:
- the individual identifiers have been removed; or
- when an institutional review board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of the requested information, and approves the research.
We are required to make disclosures of your protected health information in these situations:
Government Audits. We must disclose your protected health information to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA privacy rule.
Disclosures to You. If you request, we must disclose to you the portion of your protected health information that contains medical records, billing records, and any other records used to make decisions regarding your health care benefits. If you request, we also must provide you with an accounting of most disclosures of your protected health information if the disclosure was for reasons other than for payment, treatment, or health care operations, and if the protected health information was not disclosed due to your specific authorization.
You have the following rights with respect to your protected health information:
Right to Inspect and Copy. You have the right to inspect and copy certain protected health information that may be used to make decisions about your health care benefits. To inspect and copy your protected health information, you must submit your request in writing to the Employer Contact listed at the end of this Notice. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to your medical information, you may request that the denial be reviewed by submitting a written request to the Employer Contact listed at the end of this Notice.
Right to Amend. If you feel that the protected health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for SSI. To request an amendment, your request must be made in writing and submitted to the Employer Contact listed at the end of this Notice. You must provide a reason why and in what respect you believe your record is incorrect.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- is not part of the medical information kept by or for SSI;
- was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- is already accurate and complete.
If we deny your request, you have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement.
Right to an Accounting of Disclosures. You have the right to request an “accounting” of certain disclosures of your protected health information. The accounting will not include (1) disclosures for purposes of treatment, payment, or health care operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends or family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures.
To request this list or accounting of disclosures, you must submit your request in writing to the Employer Contact listed at the end of this Notice. Your request must state a time period of no more than six years.
Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be provided free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions. You have the right to request a restriction or limitation on your protected health information that we use or disclose for treatment, payment, or health care operations. You also have the right to request a limit on your protected health information that we disclose to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had. However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you.
To request restrictions, you must make your request in writing to the Employer Contact listed at the end of this Notice. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply—for example, disclosures to your spouse.
Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the Employer Contact listed at the end of this Notice. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests if you clearly provide information that the disclosure of all or part of your protected information could endanger you.
Right to Be Notified of a Breach. You have the right to be notified in the event that we (or a Business Associate) discover a breach of unsecured protected health information.
Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. To obtain a paper copy of this notice, contact the Sole Supports, Inc. Contact listed at the end of this Notice.
If you believe that your privacy rights have been violated, you may file a complaint with SSI or with the Office for Civil Rights of the United States Department of Health and Human Services. To file a complaint with SSI, contact Paul Garland, HIPAA Compliance Officer at 931-670-6111. All complaints must be submitted in writing.
You will not be penalized, or in any other way retaliated against, for filing a complaint with the Office for Civil Rights or with us.
We may change the terms of this Notice and make new provisions regarding your protected health information that we maintain, as allowed or required by law. If we make any significant change to this Notice, we will provide you with a copy of our revised Notice of Privacy Practices by posting to our website http://www.solesupports.com OR by mail within 60 days after the change.
Sole Supports, Inc. Contact
CIO/HIPAA Compliance Officer
October 1, 2013