Commitment to Quality
Awards & Recognition
Causes we Support
Bowel Cleansing Preps
Colon Cancer Screening
Disease ManagementPhysician & Staff
Billing & Benefits
Payment OptionsOnline Bill Pay
State and Federal laws require us to maintain the privacy and confidentiality of your protected health information (PHI) and to inform you about our legal duties and privacy practices by providing you with this Notice. Under Federal Law, your health information is protected and confidential. Protected health information includes all individually identifiable health information held or transmitted by the Center or our business associates, in any form or media, whether electronic, paper, or oral. Individually identifiable health information is information including demographic data, information about your symptoms, test results, diagnosis, and treatment, other related medical information, and payment, billing, and insurance information that can be used to identify you. We are required to abide by the terms of this notice currently in effect, and to notify affected individuals following a breach of unsecured protected health information. The terms of this notice apply to both the individual (subject of the PHI) and the personal representative of the individual.
A major purpose of the HIPAA Security and Privacy Regulations is to define and limit the circumstances in which an individual’s protected health information may be used or disclosed by covered entities such as the Center. We may not use or disclose protected health information, except either: (1) as the HIPAA Regulations permits or requires; or (2) as the patient or their representative authorizes in writing. We must disclose protected health information in only two situations: (1) to individuals (or their personal representatives) specifically when they request access to, or an accounting of disclosures of their protected health information: and (2) to Health and Human Services (HHS) for the purpose of them investigating or determining our compliance with the Privacy Rule. Our business associates must also disclose your PHI to Health and Human Services for the purpose of them investigating or determining their compliance with the HIPAA Regulations. With some exceptions, we may not use or disclose any more or your health information than is necessary to accomplish the purpose of the use of disclosure.
A record of your care is kept for the following reasons: as a basis for planning your care and treatment, as a means of communication among health care providers who contribute to your care, as a legal document describing the care you received, as a means by which you or a third-party payer can verify that services billed were actually provided, as a tool in educating health professionals, as a source of data for medical research, as a source of public health information, as a source for facility planning, and a tool with which the practice can assess and continually work to improve the care we render and outcomes we achieve. The Center collects health information about you and stores it in an electronic health record. This is your medical record. The medical record is the property of this Center, but the information in the medical record belongs to you. We are committed to keeping your health information confidential, and will not disclose your health information without your authorization, except as described in this notice.
Prior to any disclosure, the Center will verify the identity of a person requesting PHI and the authority of any such persons to have access to PHI if the identity or authority of such person is not known to us. We will also obtain any documentation, statements, or representations whether oral or written, from the person requesting the protected health information when such information is a condition of the disclosure.
This Notice will take effect on September 23, 2013 and will remain in effect until it is amended or replaced by us. We will make policies and procedures with respect to PHI that comply with the HIPAA Regulations. Any changes in the law will be reflected in our policies and procedures and this privacy notice. Changes in our policies or procedures will not be implemented prior to the effective date of the revised notice. We reserve the right to change the terms of this notice and to make the new notice provisions effective for all PHI that we maintain regardless of when it was created or received.
Our current Privacy Notice will be provided to you no later than the date of your first service delivery after the effective date. You may request a copy of our Privacy Notice at any time by asking our receptionist or other staff member. Our current Privacy Notice is posted in our reception area and on our website: www.seafordendo.com.
The Center is permitted, but not required, to use and disclose PHI, without an individual’s authorization, for the following purposes or situations:
1) To the Individual. We may disclose PHI to the individual who is the subject of the information.
2) Treatment, Payment, and Health Care Operations. Except with respect to uses or disclosures that require an authorization or are prohibited under the HIPAA Regulations, we may use or disclose your PHI for treatment, payment, or health care operations as described below.
3) Business Associates. We may disclose your PHI to a business associate and may allow a business associate to create, receive, maintain, or transmit PHI on its behalf, if we obtain satisfactory assurance that the business associate will appropriately safeguard the information. Similarly, our business associates may disclose PHI to a business associate that is a subcontractor with assurance that the subcontractor will safeguard the information. This satisfactory assurance will be documented in a written contract between the Center and our business associates. This contract is called a Business Associate Agreement and will establish required uses and disclosures of PHI by the business associate. The contract will (a) notify the business associate not to use or further disclose the information other than as permitted by the contract, (b) specify that they use appropriate safeguards and protect electronic health information, (c) require them to report any use or disclosure of information not provided for by its contract including breaches of unsecured PHI, (d) ensure that any subcontractors agree to the same restrictions and conditions that apply to them with respect to PHI,(e) make available PHI according to the HIPAA Regulations, (f) make PHI available for amendment, (g) provide an accounting of disclosures, (h) comply with the HIPAA Regulations, (i) make their internal records available to HHS for the purposes of determining compliance with the HIPAA Regulations, (j) at the termination of the contract, return or destroy all PHI received from, or created or received by them on behalf of the Center, and (k) authorize termination of our contract with them if we determine that they have violated the terms of our business associate contact. Our business associates may use or disclose your PHI for their proper management and administration and to carry out their legal responsibilities. Any subcontractors of our business associates are subject to the same requirements that apply between the Center and that business associate. Examples of business associates are providers of our electronic medical records, call reminder services, and patient satisfaction survey providers.
4) Uses or Disclosures with Opportunity to Agree or Object. Informal permission to use or disclose PHI may be obtained by asking you outright, or by circumstances that clearly give you the opportunity to agree or object. Except when an objection is expressed, we may use the following PHI to maintain a directory in the Center; your name, location in the Center, and your condition in general terms that does not communicate specific medical information about you. We will ask your permission to disclose your PHI to the person(s) who accompanies you to your procedure or someone else who may inquire about you. We will also use your PHI to give you reminders of recommended services, treatment, or scheduled appointments. We will use the contact information you provide us unless you request otherwise. For example, we will ask your permission for your responsible driver to be with you after your procedure and receive information about your health and procedure results. You will also receive written and phone reminders regarding your treatment and scheduled appointments. If you are not home we may leave a message on your answering machine or in a message left with the person answering the phone. We will also have you sign in when you arrive for your appointments and will call out your name when we are ready to see you.
Emergencies: If the opportunity to object to uses or disclosures discussed in this section cannot practically be provided to you because you are incapacitated, receiving emergency treatment, or deceased, we may use or disclose your PHI to notify, or assist in the notification of a family member, a personal representative, or other person involved in your health care or payment. We may also disclose your PHI for disaster relief purposes. We may disclose your name, location, general condition or death, and religious affiliation consistent with your prior expressed preference if known. Under emergency conditions or if you are incapacitated we will use our professional judgment to disclose only that information directly relevant to your care. If you are present and it is at all possible, we will give you the opportunity to agree or object prior to making a disclosure discussed in this paragraph.
5) Incidental Use and Disclosure. We will adopt reasonable safeguards as required by the HIPAA Regulations to prevent the risk of an incidental use or disclosure of your PHI that may occur as a result of an otherwise permitted use or disclosure. We will follow the “minimum necessary” principle regarding use and disclosure of your PHI. We will make reasonable efforts to use, disclose, and request only the minimum amount of PHI needed to accomplish the intended purpose of the use, disclosure, or request. Staff access to your PHI is limited to such persons or classes of person who need access to PHI to carry out their duties. Everyone on our staff is required to sign a confidentiality statement. The minimum necessary requirement is not imposed in any of the following circumstances: (a) disclosure to a request by a health care provider for treatment; (b) disclosure to the individual or personal representative of the subject of the information; (c) use or disclosure that has been authorized; (d) disclosure to HHS for a compliance investigation, review or enforcement; (e) use or disclosure required by law; or (f) use or disclosure required for compliance with HIPAA Regulations.
6) Public Interest and Benefit Activities. For the purposes of public interest and benefit, we are permitted to use or disclose your PHI as described below:
7) Limited Data Set. Health information which does not identify an individual, and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual, is not considered to be individually identifiable health information. Information is not individually identifiable if the risk is very small that the information could be used alone or in combination with other available information by an anticipated recipient to identify you. Your PHI is considered to be de-identified if the following identifiers of you or of relatives, employers, or household members of yours are removed: names; geographic subdivisions smaller that a state; all elements of dates except for year; telephone numbers; fax numbers; electronic email addresses; social security numbers; medical record numbers; account numbers; certificate/license numbers; vehicle identifiers and serial numbers; device identifiers and serial numbers; URLs; IP address numbers; biometric identifiers; full face photographic images; and any other unique identifying numbers, characteristics, or codes. We may disclose your de-identified information only for the purposes of research, public health, or health care operations. We will do this only after obtaining a data use agreement with the recipient that establishes permitted uses and disclosures of such information and specifies how the information will be safeguarded. We may assign a code or other means of record identification as long as it is not derived from or related to information about you, is not otherwise capable of being translated as to your identity, and we do not disclose the identification code.
8) Fundraising. The Center may at times participate in a charitable event. During these times, we may contact you to invite you to participate in the charitable activity. We may use or disclose to a business associate or to a institutionally related foundation, the following information about you for the purpose of raising funds for its own benefit, without your authorization: demographic information relating to you including name, address, other contact information, age, gender, and date of birth; dates of health care provided; department of service; treating physician; outcome information; and health insurance status. Effective March 26, 2013, PHI that requires a written patient authorization prior to fundraising communication include: diagnosis, nature of services and treatment. It is not our practice to disclose PHI about your condition for the purpose of fundraising events. We must provide you with this notice about fundraising and with each communication made to you regarding fundraising we will give you a clear and conspicuous opportunity to elect not to receive any further fundraising communications. If you have elected to opt out we are prohibited from making fundraising communication under the HIPAA Privacy Rule. Opting out of fundraising communications will not cause you to incur an undue burden and will not affect your treatment or payment status. We may supply you with a way to opt back in to receive fundraising communications.
1) General Rule: Except as otherwise permitted or required by this Notice, we may not use or disclose your PHI without a valid written authorization. The authorization must be current, true, and filled out completely. We will supply you with a copy of the authorization. You may revoke an authorization in writing except to the extent that we have taken action in reliance thereon.
2) Marketing Health-Related Services: We will not use your PHI for marketing purposes unless we have your written authorization to do so. Marketing is defined as a communication about a product or service that encourages you to purchase or use the product or service. Effective March 26, 2013, we are required to obtain an authorization for marketing purposes if communication about a product or service is provided and we receive financial remuneration (getting paid in exchange for making the communication) from a third party whose products or services are being marketed. No authorization is required if communication is made face-to-face, for promotional gifts of a nominal value, or for treatment recommendations made as part of your care coordination.
3) Sale of PHI: We must obtain your authorization for any disclosure of your PHI which is a sale of PHI. Such authorization must state that the disclosure will result in remuneration to the Center. We will stop any future sales of your information to the extent that you revoke that authorization. “Sale of PHI” does not include disclosures for public health, certain research purposes, treatment and payment, and for any other purpose permitted by the Privacy Rule, where the only remuneration received is “a reasonable cost-based fee” to cover the cost to prepare and transmit the PHI for such purpose or a fee otherwise expressly permitted by law. Corporate transactions (i.e., sale, transfer, merger, consolidation) are also excluded from the definition of “sale.”
4) Disclosure of genetic test information, psychotherapy notes, substance abuse treatment, HIV or Aids testing or treatment, except as required by law. Your written authorization is required before genetic test results, psychotherapy notes, substance abuse treatment information of treatment of HIV or AIDS is disclosed. The Center does not perform any of these tests or treatments with one exception. If a staff member is exposed to your blood and/or body fluid, you will be asked to provide us with a blood sample in order to determine if the staff member has been exposed to HIV or another blood borne infection. As per Delaware Code, the results of this test may be disclosed without your consent to the health care provider who needs the test results for emergency treatment.
1) You have the right to request restrictions on certain uses and disclosures of your PHI: You have the right to request that we place additional restrictions on our use or disclosure of your health information for the purposes of treatment, payment, or health care operations. For example, you can ask that your PHI not be shared with certain individuals, groups or companies. We must agree to your request not to disclose your PHI to a health plan if the disclosure is for the purpose of carrying out payment or health care operations, is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you have paid us in full. We do not have to agree to other restrictions, but if we do, we will abide by our agreement. These restrictions may not be honored in the case of an emergency. This request must be submitted in writing. A restriction may be terminated if you agree to or request the termination in writing. A restriction may be terminated orally if the agreement is documented. We may inform you that the restriction is terminated except in the case of notifying your health plan for services you have paid for in full, and only for PHI created or received after we have so informed you of the termination. Please contact our Privacy Officer if you want to further restrict access to your health care information.
2) You have the right to receive confidential communications of your PHI: You have the right to make reasonable requests to receive communications of your PHI from us by alternative means or at alternative locations. We will not require you to explain your request. We will ask you to specify an alternative address or method of contact and how payment will be handled.
3) You have the right to access your PHI: You have the right of access to inspect and obtain a copy of your PHI with the following exceptions: access to psychotherapy notes; information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding; or PHI that is subject to CLIA laws. We may require you to request access in writing and we must act on this request within 30 days after receiving your request. If we are unable to comply with your request within 30 days, we will notify you of the reasons for the delay and the date by which we will allow access. This extension of time will be no more than an additional 30 days. Access will be provided in the form and format you request if it is readily producible in such form and format. If not, a readable hard copy form or such other form and format as agreed to by you and the Center will be supplied.
Requesting copies. If you request a copy of your PHI that is stored electronically, the Center must provide you with access to your PHI in the electronic form and format if it is readily producible in such form and format. If not, your PHI will be given to you in a readable electronic form and format as agreed to by you and the Center. We may also provide you with a summary of your PHI in lieu of providing access to PHI if you agree to this in advance. We will arrange with you a time and place to inspect or obtain a copy of your PHI or mail it as you request. If you request that a copy of your PHI is transmitted to another person, your request must be in writing, signed, and clearly identify the designated person and where to send the copy of PHI. We may impose a reasonable, cost-based fee for a copy or summary of your PHI as determined by Delaware State Code. This fee will cover labor and supply costs for copying your PHI and postage if mailed. You may request from us a copy of our fee schedule for copying medical records. If the Center does not maintain the PHI that is the subject of your request, we will inform you where to direct the request for access.
Denial of access. We may deny your access to your PHI without providing the opportunity for review under the above situations: if we are acting under the direction of a correctional institution; if the PHI was created or obtained in the course of research; if required by other sections of the HIPAA Regulations; or if the PHI was obtained from someone other than a health care provider under a promise of confidentiality and the access requested would be reasonably likely to reveal the source of the information. We may deny access to PHI with the right to review the denial if access is likely to endanger the life or safety of you or another person, or the PHI makes reference to another person and access is likely to cause substantial harm to that person. If access is denied for the above reasons, you have the right to have the decision reviewed by a licensed health care professional whom we will designate. This person will review your request and promptly notify you in writing of the decision. If access to your PHI is denied, we will notify you in writing within 30 days of receipt of the request. The written denial will state the basis for the denial, how you may exercise your review rights, and the name and contact information of someone at the Center to which you can make a complaint. When access to some PHI is denied, access to other PHI will be made available after excluded PHI is removed.If you wish to examine your health information, you will need to complete and submit an appropriate request form. Contact our Privacy Officer for a copy of the Request Form. You may also request access by sending us a letter to the address at the end of this Notice. Once approved, an appointment can be made to review your records.
4) You have the right to make amendment to your PHI: You have the right to ask us to amend your PHI or a record about you in a designated record set for as long as the PHI is maintained in the designated record, if you feel it is inaccurate or incomplete. Your request must be in writing and must include an explanation of why the information should be amended. We must act on your request for an amendment no later than 60 days after receipt of the request. If we accept the requested amendment, in whole or in part, we will comply with the following requirements: (a) we must make the appropriate amendment to your PHI or record, identifying the records that are affected by the amendment or providing a link to the location of the amendment; (b) we must inform you in a timely fashion that the amendment is accepted and obtain your identification of an agreement to have us notify the relevant persons with which the amendment needs to be shared; (c) we must make reasonable efforts to inform and provide the amendment to persons identified by you as having received the PHI and needing the amendment; and (d) we must inform other persons, including business associates, that we know as having received the PHI that is subject of the amendment and that may have relied on the information to your detriment.
Denial of amendment. Under certain circumstances, your request to amend your PHI may be denied. We may deny your request if the PHI or record was not created by us, it is not part of the record set, it is unavailable for inspections as described under “access” above, or it is accurate and complete. If we deny the requested amendment, in whole or in part, we must provide you with a timely, written denial which: (a) explains the basis for the denial; (b) informs you of the right to submit a written statement disagreeing with the denial; (c) states that if a statement of disagreement is not submitted, you may request that we provide your request for amendment and the denial with any future disclosures of the PHI that is the subject of the amendment; and (d) provide a description of how you may complain to us or the Secretary of HHS. We may prepare a written rebuttal to your statement of disagreement and provide a copy to the individual who submitted the statement of disagreement. If we are informed by another covered entity of an amendment to your PHI, we must amend the PHI in our record set as per the request.
5) You have the right to an accounting of Non-routine Disclosures of your PHI: You have the right to request an accounting of non-routine disclosures of your PHI made by us in the six years prior to the date on which the accounting is requested. The accounting must include disclosures of PHI including disclosures to or by our business associates. The accounting will include the date of the disclosure, the name of the person who received the PHI, their address if known, a brief description of the PHI disclosed, and a brief statement of the purpose of the disclosure. We must act on your request for an accounting no later than 60 days after the receipt of such a request. If we are unable to provide the accounting within the time required, we may extend the time by no more then 30 days provided we inform you in writing of the reasons for the delay and the date by which we will provide the accounting. This right of accounting does not apply to the following: (a) disclosures made to carry out treatment, payment and health care operations; (b) disclosures made to you; (c) other permitted disclosures; (d) disclosures where authorization was obtained; (e) disclosures made for the Center’s directory or to persons involved in your care or other notification purposes; (f) disclosures made for national security or intelligence purposes; (g) disclosures made to correctional institutions or law enforcement officials; (h) disclosures as part of a limited date set; or (i) disclosures that occurred prior to our compliance date.
We must temporarily suspend your right to receive an accounting of disclosures we made to a health oversight agency or law enforcement official for the time specified by such agency or official, if they provide us with a written or oral statement to do so. The written statement must have a time frame for the suspension, and a temporary suspension will be no longer then 30 days from the date of the oral statement.
To request this list or accounting of disclosures, you must submit your request in writing to our Privacy Officer. The first accounting to an individual in any 12 month period will be free of charge. After this, there will be a reasonable, cost-based fee for each subsequent request for an accounting by the same individual within the 12 month period.
6.) You have the right to be notified of a breach of your PHI: A breach of PHI means the acquisition, access, use, or disclosure of PHI in a manner not permitted under the Privacy Rule which compromises the security or privacy of the PHI. If there is reason to believe that your PHI has been breached, we will conduct a thorough investigation and risk assessment. A breach excludes unintentional acquisition, access, or use of PHI by an employee or business associate of the Center if such acquisition, access, or use was made in good faith and within the scope of authority and does not result in further use or disclosure in a manner not permitted. It is not considered a breach if we believe that the unauthorized person to whom the disclosure was made would not reasonably have been able to retain the information or if we demonstrate that there is low probability that the PHI has been compromised based on a four factor risk assessment. Beginning September 23, 2009, following the discovery of a breach of unsecured PHI, we will notify each individual whose PHI has been, or is reasonably believed by us to have been accessed, acquired, used, or disclosed by such breach. Written notification will take place within 60 days of discovery and shall include: (a) a brief description of what happened; (b) the date of the breach; (c) the type of PHI that was involved; (d) any steps that you should take to protect yourself from potential harm resulting from the breach; (e) a brief description of what we are going to do to investigate the breach, mitigate harm to you and to protect against future breaches; and (f) contact procedures for you to ask questions or learn additional information. If the breach involves more than 500 residents of the state, we will notify media outlets serving the state, and the Secretary of HHS. If one of our business associates discovers a breach, they are required to notify us within 60 days. They will then make notification to you as described above.
You have the right to file a complaint with us concerning our policies and procedures required by the HIPAA Regulations or if you feel we have not complied with our policies and procedures as stated in this Notice. Your complaint should be directed to our Privacy Officer. If you feel we may have violated your privacy rights, or if you disagree with a decision we made regarding your access to your health information, you can complain to us in writing at the address below. You also have the right to file a complaint with the HHS Office of Civil Rights (OCR) if you believe that the Center or one of our business associates has not complied with the provisions of HIPAA Regulations or this Notice. A complaint to the OCR must be filed in writing, either on paper or electronically. The complaint must name the person that is the subject of the complaint, describe the acts or omission believed to be in violation of these provisions, and be filed within 180 days of when you knew or should have known that the act occurred. You may request a Complaint Form from our Privacy Officer or find it online here: HHS.gov. Complaints to OCR may be filed at the address below. We support your right to the privacy of your information and will not retaliate in any way if you choose to file a complaint with us or with the OCR.