Notice of Privacy Practices

Your PHI may be used and disclosed by your physician, our organization, our office staff, and others outside our office who are involved in your care and treatment for the purpose of providing healthcare services to you, obtaining payment your healthcare bills, supporting the operation of our organization, and any other use required by law.

• Treatment: We will use and disclose your PHI to provide, coordinate, or manage your healthcare and any related services. This includes the coordination or management of your healthcare with a third party. For example, we would disclose your PHI, as necessary, to a healthcare agency that provides care to you. For example, your PHI may be provided to a physician to whom you have been referred to ensure that the physician has the information necessary to diagnose or treat you.
• Payment: Your PHI will be used, as needed, to obtain payment for your healthcare services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the healthcare services, we recommend for you.
• Healthcare operations: We may use and disclose health information about you in connection with healthcare operations necessary to run our practice, including provision and review of our treatment and services, training, evaluating the performance of our staff and healthcare professionals, quality assurance, financial or billing audits, legal matters, and business planning and development. In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician.
• Communications: We will send email and text communications for reasons including providing services to you, sharing diagnosis or treatment information, information on orders, and special offers and deals. PLEASE NOTE: use of unencrypted email or text can carry privacy risk, and we cannot promise the security of PHI contained in unencrypted emails or text messages. We encourage all patients to use the patient portal on their electronic health records (EHR) system to access PHI. We employ administrative, technical, and physical safeguards designed to protect PHI. However, no method of transmission or storage is 100% secure. If you prefer not to receive unencrypted email or text, please tell us and we will use reasonable alternative means. We may also call you by name in the waiting room when your physician is ready to see you. We may use or disclose your PHI, as necessary, to remind you of your appointment.
• Additional uses: We may use or disclose your PHI in the following situations without your authorization: as required by law; public health activities; disaster relief efforts, lawsuits and legal actions; law enforcement purposes; coroners, medical examiners, and funeral directors; organ, eye and tissue donation; research; serious threat to health or safety; military activity and national security; and workers’ compensation. We may also share your PHI with a family member, friend, or other individual you have identified as involved in your care or payment of care you have listed as an emergency contact, next of kin, or otherwise indicate you want involved in your care, or as permitted by law.
• Business associates: We may share your information with third-party business associates that perform various activities such as billing or transcription services. Whenever an arrangement between our office and business associate involves the use or disclosure of your PHI, we will have a written contract with the business associate that contains the terms that will protect the privacy of your PHI. Your PHI will be available to other healthcare providers within the Forum Health network to provide continuous care on a need-to-know basis. In most cases, your employer is not considered a business associate.

You have the following rights with respect to certain health information that we have about you (information in a Designated Record Set as defined by HIPAA). To exercise any of these rights, you must submit a written request to our privacy officer.

• Right to access and review: You may request to access and review a copy of your health information. We may deny your request under certain circumstances. You will receive written notice of a denial and can appeal it. We will provide a copy of your health information in a format you request if it is readily producible. If not readily producible, we will provide it in a hard-copy format or other format that is mutually agreeable. If your health information is included in an electronic format we will send it to you or the person or entity you designate in an electronic format. We may charge a reasonable fee to cover our cost to provide you with copies of your health information as allowed under applicable law.
• Right to request amendment: If you believe that your health information is incorrect or incomplete, you may request that we amend it. We may deny your request under certain circumstances. You will receive written notice of any denial and can file a statement of disagreement that will be included with your health information that you believe is incorrect or incomplete.
• Right to request restricted use and disclosure: You may request that we restrict uses of your health information to carry out treatment, payment, or healthcare operation or to your family member or friend involved in your care or the payment for your care. We may not (and are not required to) agree to your requested restrictions, with one exception: if you pay out of your pocket in full for a service you receive from us and you requested that we not submit the claim for this service to your health insurer or health plan for reimbursement, we must honor that request.
• Right to request confidential communications: You may request that we contact you at a specific location or by a specific method (for example, at your work address or via phone only). We will accommodate reasonable requests.
• Right to an accounting of disclosures: You may request a list (accounting) of certain disclosures of your PHI that we made in the six years prior to your request, excluding disclosures for treatment, payment, healthcare operations, and certain other exceptions.
• Right to receive a paper copy of this notice: You may request a paper copy of this notice at any time, even if you agreed to receive it electronically.
• Right to choose someone to act for you: If you have given someone medical power of attorney or are a legal guardian, that person can exercise your rights and make choices about your PHI. We will verify their authority before we act.
• Right to complain without retaliation: If you believe your privacy rights have been violated, you may file a complaint with us and/or with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). We will not retaliate against you for filing a complaint.
  • File with Forum Health: see How to Contact Us below.
  • File with HHS OCR: instructions are available at
    https://www.hhs.gov/ocr/privacy/hipaa/complaints/.

We will obtain your written authorization before using or disclosing your PHI for purposes not described in this Notice or not otherwise permitted by law. In particular, we will not:

• Use or disclose psychotherapy notes without your authorization, except as permitted by law.
• Use PHI for marketing where we receive financial remuneration from a third party, without your authorization.
• Sell your PHI without your authorization.

If you authorize us to use or disclose PHI, you may revoke that authorization at any time in writing. Revocation will not affect actions we already took in reliance on your authorization.

• We generally require a parent or legal guardian to act for minors, subject to state laws that allow minors to consent to certain services and control related PHI..
• If you receive telehealth services, we will use HIPAA-compliant technologies where required and will protect PHI in accordance with this Notice and applicable law

If you have questions about this Notice, want to exercise a right, or wish to file a complaint, please contact us using the information below:

Forum Health — Privacy Office
2300 Cabot Drive, Suite 125, Lisle, IL 60532
Email: privacy@forumhealth.com
Phone: (833) 510-1463