SavesTheDay Dermatology Privacy Practice and Security Notice - Prior to September 2014

At SavesTheDay Dermatology we respect your privacy and take safeguarding it very seriously. From the first moment of contact when you make an appointment to diagnosing and treating your concerns, we must both on ethical and legal grounds protect the information about you while it is being exchanged and stored. Federal law sets certain standards with respect to health care related information and our privacy policy abides by these standards. In general, the law permits the sharing of healthcare information between healthcare providers directly involved in your care, between providers, insurance claim clearing houses, and health care insurers which provide financial coverage for services rendered to you, and between heath care providers and law enforcement or public health and safety official entities. The law does not permit the sharing of healthcare information with any other person or entity unless you give written permission to us to do so.

The transmission and storage of your healthcare and demographic information is guarded by certain security features we implement. At SavesTheDay Dermatology, we utilize an electronic computerized Electronic Health Records (EHR) software-based system compliant with the CCHIT (Certification Commission for Health Information Technology) Standard, a Federal Government-recognized non-profit organization in charge of setting quality standards for EHR systems. We do not keep physical paper charts. All information is stored within our “in house” server, in other words, we do not use an outside facility such as a server farm or cloud computing. The information stored on the server is backed up to tape twice a day to provide an extra measure of data protection. The EHR requires our staff to provide passwords in order to access the system and the system automatically logs out after standing idle for 15 minutes. In addition, staff will only have access to that part of your record which pertains to the tasks the staff member fulfills. For example, our receptionists do not have access to the doctor's notes about your health and illnesses, only to your demographic information collected from you to make the appointment and to bill you or your insurance company for the services. The computer components which constitute our private network hosting the EHR are protected against security breaches from both the internet and from local wireless access attempts. We do not store any paper records about you with very few exceptions such as consent forms with your signature which require a physical record in order to be legally binding. All other paper records are shredded after use.

Our Privacy Policy also extends to how we meet and speak with you when you come to our office. For example, we will only address you by your first name to protect your identity. We will confine discussion about your healthcare to the patient rooms and not engage you about it in the waiting room or other common areas. If you bring friends or family members to the office, we will offer the option to be seen alone by the doctor while we host them in the waiting area. In general, we will always strive to disclose only the minimum necessary and reasonable amount of your protected private information even when permitted to disclose more unless we are required by law to disclose all. If you authorize us to disclose your private information we will give you the option to specify which part of your record you permit us to disclose on our release authorization form.

We are committed to protecting your privacy rights with this Bill of Patient Rights:

We must obtain written permission from you to release healthcare and demographic information (Protected Individually Identifiable Health Information) about you to any person or organization unless such person or organization is exempt by law as specified in the Privacy Rule of the U.S. Health Information Portability and Privacy Act of 1996 (HIPAA). The following persons and organizations are exempt:

We must notify you in writing, at the time of your first visit, of our Privacy Policy with this “Notice of Privacy Rights” which we will ask you to sign as proof that we presented it to you and that you consent to its content.

You have the right to ask us, in writing, to correct your medical record by amendment if you believe an error has occurred and we must note such request in your record even if we disagree with the correction.

You have the right to ask us in writing to further restrict or alter our privacy policy with respect to you and we have the right to refuse such request. If we honor the request, we are bound by it.

You have the right to receive a copy of your healthcare records by any means except when such means are deemed to be unsafe with respect to your privacy, such as unencrypted e-mail for example or a fax number which is not private and to which other people have access.

You have a right to ask us to account for all authorized disclosures of your private healthcare information to persons or organizations except those permitted by law without specific authorization listed above, for a period of 6 years prior to your request.

You have the right to your healthcare information except when such information may cause harm to you in which case you have the right to obtain a second opinion to confirm such risk of harm to you. You do not have the right to the physical means we employ to store your private healthcare information such as computers, servers, and backup tapes.

You have the right to evaluation and treatment regardless of whether or not you waive any rights granted to you by HIPAA or whether you object to a practice which you believe, in good faith, violates this rule.

The Federal Privacy Rule protects you against (preempts) any state or local law which may compromise your privacy and we will abide by it except where preemption does not apply when permitted by the Privacy Rule itself or when granted by exception by the US Department of Health and Human Services.

You have the right to request to view or receive a copy of this Privacy Policy.

If you believe that your health information privacy has been violated you can file a complaint with us in writing addressed to:

SavesTheDay Dermatology
M. Seyfzadeh
188 East 17th Street Suite 101
Costa Mesa, CA 92627

If we fail to or are unable to address the issue, you can contact the Federal Office of Civil Rights. Please refer to the following webpage for instructions:
How to File a Complaint

For a condensed version of your rights please refer to this pamphlet:Consumer Rights

For the complete legal text of the Privacy Rule contained in the HIPAA here:HIPAA Privacy Rule

By signing your consent to this Privacy Practice and Security Notice, usually presented to you at the time of your first visit, you accept its provisions and acknowledge that we presented it to you.