HIPAA Compliance Statement
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Contact Fill is required by law to maintain the privacy of Protected Health Information (“PHI”) and to provide individuals with notice of our legal duties and privacy practices with respect to PHI. PHI includes information we have created or received that may identify you and that relates to your past, present or future health or condition and related health care services. Contact Fill is committed to maintaining the privacy of your health care information. This notice explains how we may use and disclose information about you when providing you with mail order contact lenses services, and it explains your rights with respect to PHI we maintain about you.
How Contact Fill Uses and Discloses PHI
Contact Fill is permitted by the Privacy provisions of HIPAA to use and disclose your PHI without your authorization, for the following purposes:
• Payment: We are permitted to use and disclose PHI to receive payment for our services. For example, we may bill you or your insurance company for the cost of the contact lenses dispensed to you. Also, we may contact your insurer or benefit administrator to determine whether it will pay for the particular contact lenses prescription or whether there are applicable co-payments under your benefit plan.
• Treatment: We are permitted to use and disclose your health information for treatment. For example, we may use PHI in order to fill and dispense your contact lenses prescription, refill your prescription, or notify you of particular safety issues or product storage information concerning your contact lenses. We may also contact your eye care provider to resolve questions about your prescriptions, or provide prescription information to your doctors to supplement their records.
• Healthcare Operations: We are permitted to use and disclose PHI for our mail order contact lenses operations, including conducting audits and compliance programs to monitor the quality of our performance and to train personnel. Addition healthcare operations which may require our use or disclosure of PHI include detection and investigation of fraud, data and information systems management, customer service and other general administrative activities.
Contact Fill may also use and disclose PHI as follows:
• To You-to provide health related communications, refill reminders or other health related services that may be of interest to you.
• To a Family Member, friend or other personal representative-provided that person is involved with your health care or payment for your health care. For example, a family member or caregiver can contact us to confirm that a contact lenses prescription has been filled or to pick up a prescription for you, provided that person can identify certain information about you or your prescription order.
• To Business Associates-persons or entities who provide services to us so that we may carry out our responsibilities to you. To protect PHI, we require business associates to appropriately safeguard PHI in their control.
• For Public Health and Safety Purposes-including to the Food and Drug Administration or other public health or legal authorities charged with preventing or controlling disease or injury.
• For Law Enforcement Purposes-to law enforcement officials, or in response to a valid subpoena, discovery request or other legal process.
• As Required By Law-to governmental entities as required by local, state or federal law, including worker’s compensation or similar programs established by law.
• For Research-provided we receive prior approval from an institutional review board.
• To the Department of Health and Human Services-at its request, to investigate complaints and review our compliance with the HIPAA Privacy Standards.
For other uses and disclosures than those listed above, Contact Fill will obtain your written authorization prior to releasing your Protected Health Information. This includes:
• uses and disclosure for marketing purposes,
• Disclosures that constitute a sale of your protected health information
You may revoke your authorization, in writing, at any time.
State Specific Requirements
Some states have separate privacy laws that may apply additional legal requirements regarding uses and disclosures of medical information about you. If the state privacy laws are more stringent than federal privacy laws, the state law preempts the federal law.
Your Legal Rights
Under the HIPAA privacy law, you have the right to make certain requests with respect to your protected health information as follows:
• Obtain a copy of your health information as contained in a “designated record set”, consisting of your prescription records maintained by us. To inspect or copy your PHI, you must send a written request to us, and we may charge a reasonable copying and mailing fee.
• Request Amendments to PHI, if you believe the PHI we maintain is incorrect or incomplete. You must request such an amendment in writing and include the reasons for your request. In certain cases, we may deny your request for an amendment. If we deny the request, you may file a statement of disagreement.
• Obtain an Accounting of disclosures of your PHI that we have made to various third parties other than for payment, treatment or health care operations. You must request this accounting in writing and you will be entitled to receive one accounting per year free of charge.
• Request Restrictions on certain uses and disclosures of PHI. We will consider, but may not agree, to such requests. Upon your request, and except as otherwise required by law, we will not disclose your health information to a health plan for purposes of payment or health care operations when the information relates solely to a service/product for which you paid out-of-pocket in full. You also have the right to request that we limit disclosure of your PHI to family members or others involved in your care.
• Request Confidential Communications of PHI be sent to alternative places or by alternative means. For example, you may request, in writing, that we contact you about your contact lenses prescription only in writing or at your office address instead of your home address. We will try to accommodate all reasonable requests.
• Receive a Paper Copy of This Notice at any time by making a request in writing.
If a breach of your unsecured PHI occurs, Contact Fill will notify you.
You have the right to file a complaint if you think your privacy rights have been violated by contacting our Privacy Officer or by writing to the Secretary of the U.S. Department of Health and Human Services., office for Civil Rights at http://www.hhh.gov/ocr/privacy/hipaa/complaints/index.html You will not be penalized for filing a complaint.
To exercise any of the privacy rights outlined above, please put your request in writing and mail it to: Privacy Office, Contact Fill, 5040 Ritter Road, Mechanicsburg, PA 17055.
Changes To This Notice
Contact Fill reserves the right to change this notice at any time. We reserve the right to apply the revised notice to all PHI we already maintain, as well as any information we receive in the future. If we change any of the practices described in this notice, we will post the revised notice on our website at www.contactfill.com. If you receive this Notice on our Website or by electronic mail (e-mail), you are entitled to receive this Notice in written form as well.