"I swear by Apollo the Physician and Asclepius and Hygeia and Panaceia and all the gods and goddesses, making them my witnesses, that I will fulfill according to my ability and judgment this oath and this covenant:

...Whatever, in connection with my professional practice or even in daily commerce, I see or hear in the life of men, which ought not to be spoken of abroad, I will not divulge, reckoning that all such should be kept secret."

Hippocrates, Greek physician, c 400 BC

2400 years ago the right of a patient to expect a sacred commitment by his or her physician to "keep secret" that which was shared in the course of treatment was enunciated and has been a cornerstone of the professional relationship ever since. Heritage Family Medicine honors that trust fully.

In August 1996, the U.S. Congress, seeking yet another way in which it could be helpful, passed and President Clinton signed into law, the Health Insurance Portability and Accountability Act (HIPAA). One part of this Act, referred to as Administrative Simplification" (irony was not intended), sought to make formally legal that which had always been an understood duty. This notice is provided to you in compliance with those regulations that came to full force in 2002. As you "sign-in" at each visit you will note an acknowledgment that you have read and understood this notice. Should any of the following not be clear, please seek the assistance of any staff member.

In Brief Summary:

Heritage Family Medicine will treat the medical records it generates or receives from others with great care, releasing them in whole or in part only in ways it believes are in your best interest or that you have requested -- and never, unless compelled by law, in a way you have prohibited. Further, under almost every circumstance, you may see and offer corrections to your record. Even minors may expect a reasonable commitment to privacy, specifically protected in WA state law regarding mental health and reproductive issues. Privacy will be violated to protect you or another from imminent or ongoing harm.

These policies are subject to change and will apply to protected information obtained prior to such change. You will be notified following any substantive changes at your next visit and a revised copy provided on request. Changes will also be posted on our website.

Protected Material

This privacy policy covers any material relating in a personally identifiable way to your symptoms, examination, diagnoses, treatment, test results, billing information or demographics (address, phone, e-mail), and similar materials received from others.

Normal Use - specific consent NOT required

No specific consent is required of a patient for most routine operations of Heritage Family Medicine. Information obtained by any member of the Heritage Family Medicine team may enter your records and be available to clinical, clerical, and financial personnel for the efficient provision of health care to you and the normal operations of the medical practice. It is the policy of Heritage Family Medicine that access to such records is on an "as needed" basis. Any employee found accessing portions of the records beyond that required for their assigned responsibility will be subject to discipline.

We will use or disclose protected material for the following or similar purposes:

1. Treatment. Access to your protected health information is required to provide to you health care both within Heritage Family Medicine and by others providing care such as consulting physicians, laboratories, visiting nurses, rehabilitation therapists, or hospitals.

2. Communication. Heritage Family Medicine may use your phone, e-mail or address to inform you or to seek information from you regarding appointments, tests results, medication changes, health care reminders, or financial obligations. We may notify you of changes in policies, procedures, office hours, new services, or to provide a practice newsletter.

3. Quality Assurance. To insure the quality of our care or the integrity of our business practices access to your records may be granted to expert consultants or auditors. Such use, however, will not result in the retention of personally identifiable protected information by others.

4. Financial. Your records may be used to collect payments due Heritage Family Medicine from you or a 3rd party you have designated to pay your bills such as an insurance company, family member, custodian, or legal guardian. Under highly unusual circumstances demographic information and dates of service (but not clinical information) may be released to a collection agency or attorney seeking to enforce a financial claim. Heritage Family Medicine seeks to avoid all such troublesome issues by expecting payment for services as rendered.

5. Family, Friends Or Agencies Involved In Your Care. Unless you specifically object in writing on a form available by request, we may release protected health information about you to a friend, family member or agency involved in your medical care. We will exercise our best judgment in good faith, releasing only such information we believe you would wish us to share (e.g., we may confirm to your secretary a change in your appointment time, but not that we are treating your hemorrhoids!).

6. Government. Several agencies of government have asserted their right to your protected information. Heritage Family Medicine will comply with such requests only to the extent compelled by law, subpoena, or court order. Examples of such recipients include the FDA (e.g., reporting of adverse reactions), Workman's Compensation (particularly if you have filed a claim), the Public Health Department (e.g., reporting of communicable diseases), law enforcement, military or national security agencies. The exceptions are required by the HIPAA regulation.

7. Abuse, Neglect or Danger. Suspected child (under 18) or "vulnerable" adult abuse or neglect must be reported to public authorities. A serious threat of suicide or of the intent to harm another will also be reported to those in a position to intervene.

8. Electronic Devices. Unless you specifically object in writing on a form available by request, we may release protected health information intended for your use to a telephone answering device, cell hone, or e-mail account (see separate policy), that you have provided to us. We will exercise our best judgment in good faith, releasing only such information we believe you would wish us to share for your own convenience. Under most circumstances very little information will be provided unless you have assured us that access to a particular device is secure (e.g., we might leave a message "the test recently done on the patient who gave us this number was normal" - not "the pregnancy test of Mary Jones was negative"). For situations more urgent, privacy concerns will be subordinated to your health (e.g., "John, DO NOT take more of the Motrin you have been on - it may cause bleeding with the Coumadin we started you on").

9. Miscellaneous. There are other uncommon situations where individuals may be given information from your records. These include medical researchers where your personal identity is protected, funeral directors, coroners, or organ procurement organizations. Should you be incarcerated we may share with prison officials information necessary to care for your health or to protect the health of others. In a disaster situation protected information may be shared with relief agencies.

It should also be recognized that while the mere fact that you have had (or have scheduled) an appointment with Heritage Family Medicine is also part of your protected information, your presence can not be hidden from those that share the reception room with you or observe your entrance or departure. We will address you by your name in the hearing of others. Your preliminary history (why you have come) may be discussed with you where others might pass by. The staff of Heritage Family Medicine are expected to exercise discretion in their language and voice, and the building has been designed to dampen sound carriage, but the possibility of being overheard can not be fully eliminated. We utilize a brief written intake questionnaire at each encounter to minimize unnecessary discussion in preparing your records, and the nurse will "call" you by a uniquely assigned (for that day) vibrating disk. If you have special concerns in this area, please make them clear to any member of the staff.

Other Disclosures Not Listed Above That Require Your Specific Consent

You have additional rights as listed below:

The health and billing records we create are the property of Heritage Family Medicine, but the information contained therein, generally, belongs to you. You have certain rights to direct in its use or disclosure including those listed below. It is the intent of Heritage Family Medicine to be helpful to you at all times, to meet any of your reasonable requests cheerfully and promptly. The following, however, reflect the law and regulations as promulgated by our government. We expect on most occasions to do better.

1. To Understand. If you have any questions or concerns about how your protected information will be utilized or if there are portions of this required notice that you do not understand - please ask any staff member for clarification. You may access this notice on the Heritage Family Medicine website or request a paper copy at any time.

2. To Restrict. You may ask us in writing on a form available by request to restrict certain uses or disclosures. (e.g. "Mary is now my ex-wife, do not share anything with her." or "I am now 18, even though I live at home, I want no information shared with my family.") We are not required to and may not be able to grant some requests (e.g. "Even though I gave them a signed consent for full information, do not tell the insurance company about...." or "do not respond to the court subpoena regarding...."), but we will notify you if we are unable to comply.

You may also request (up to once yearly, without charge) a listing of those to whom protected information has been released other than those not practical (or permitted) such as routine releases made for the purposes of providing treatment or to those involved in your care, obtaining payment, normal operations of the practice, to law enforcement while you were in their custody, those you have requested, or those compelled under a national security request.

3. To Inspect. You may request in writing on a form available by request a copy of your protected information. As the records of Heritage Family Medicine are stored electronically, the most convenient method of transmittal will by be by a digital medium or as a secure e-mail attachment. A paper copy may be requested. We may require up to 3 business days to comply with your request and a reasonable charge may apply. Under unusual circumstances (mostly related to mental health issues where a physician believes it detrimental to the patient) a request may be refused in whole or in part.

4. To Clarify. You may request in writing on a form available by request that we change or add to your protected information. If we do not agree, you may provide a statement of disagreement that will be included in any subsequent release of your records to others.

5. To Limit Means of Communication. You may request in writing on a form available by request that only certain means or locations be utilized to contact you (e.g. "only call or write me at the office" or "use only this e-mail address").

6. To Revoke or Change Instructions. You may request in writing on a form available by request a change to any instructions you have previously given regarding the use and disclosure of your protected information. Your changes, of course, will not affect information that has already been disclosed.

7. To Share or Transfer. You may request in writing on a form available by request that Heritage Family Medicine share or transfer your protected information to others (usually to a new physician or for a "second opinion"). Please understand that most professionals (whether physician, attorney, or accountant) prefer to request the records they will find helpful rather than receive unsolicited records they then become responsible for.

8. To Complain. If you feel your rights to privacy or to access have been violated please speak to any staff member or ask to speak to or submit a written summary of your concern to the Heritage Family Medicine Privacy Officer. We will do our best to explain or correct the situation.

If your concern can not be solved within Heritage Family Medicine, you may file a complaint with the Secretary of the Department of Health and Human Services at 200 Independence Ave. SW, Washington, DC 20201 or call them at 877.696.6775.

The Rights of Minors to Privacy in Washington State

Heritage Family Medicine does not encourage secrecy among family members, especially between adolescents or teenagers and their parents. But, occasionally, and for some subjects young patients expect and deserve from their physician the same privacy rights as all others. Under some circumstances the start of Washington requires that the rights of privacy be extended to minor children. Those are outlined below. At other times a practitioner may extend a commitment to privacy as a matter of professional judgment in the best interest of the patient.

Whether required by law or extended by professional prerogative, Heritage Family Medicine will honor the privacy of minors once granted, with the same intensity and under the same policies as they would and adult.

Further, parents should be sensitive to the potential desire for privacy by their child. A child of High School (or even Junior High) age has frequently already asserted their autonomy at home (e.g. "This is MY room and MY things"). It should not be surprising that they might also appreciate that opportunity in their health care.

Parents who accompany their maturing children to an appointment are encouraged to provide the child some time alone with their doctor or other practitioner. Where appropriate, subjects such as substance abuse, sexual activity, or emotional turmoil might be addressed at those opportunities. If a parent has a special concern that they wish addressed with their child, an e-mail (preferred), note, or phone call in advance can facilitate that conversation -but patents should not expect feedback from us regarding that conversation beyond which the maturing child may have authorized.

Heritage Family Medicine does support traditional family and social values, but we are also realists. While counseling young people (and adults) on the best choices, we must also seek to protect them from the consequences if they choose differently. We do not provide or facilitate abortion. But, neither do we abandon our patients or shame them for their own choice. We perform post abortion examination and counseling in the same routine way we provide all other care and do not seek to impose our own moral judgment on others.

While minors may request and be granted privacy, they too, must recognize the limits to that privacy as outlined in "Your Rights to Privacy and Access." Parents remain financially responsible for their children and except for the specific exemptions specified below must grant their consent for most medical procedures or prescriptions. Unless a minor is prepared to pay their own bills, they should expect their parents to learn of the fact of their visit even if not the content.

Washington State Law provides that minors over the age of 13 years can obtain or refuse outpatient treatment without parental consent for drug and alcohol dependency, mental health problems, and sexually transmitted diseases. In WA state parental consent (regardless of age) is not required to receive contraceptive or an abortion.

Addendum to HFM Privacy Policy - 8.25.13

The Federal Government has (finally) published its regulations implementing the (are you ready?) "Health Information Technology for Economic and Clinical Health (HITECH) Act," enacted as part of the "American Recovery and Reinvestment Act (ARRA)" of 2009.

The Feds took FOUR YEARS to write the rules. With no formal notice to physicians (some of us will read articles about it in the medical press, some will not notice) they have given us 9 MONTHS to comply with adding to or rewriting our own policies.

There really is not that much new impact on this practice. We have always protected your Personally Identifiable Protected Health Information (PHI) as an ethical obligation. The Feds just insist that we tell you HOW we intend to continue to do that (and when not - mostly when they demand otherwise as addressed in previous sections of this Policy).

Some of the new regulations we must inform you of include:

1. Notice of Breach. HFM must notify patients if there is a breach of their PHI unless, after completing a risk analysis it is determined there is more than a "low probability of PHI compromise." That consideration must include (1) the nature and extent of the PHI involved (i.e. how sensitive the material is) and the likelihood the information can be personally linked to a patient; (2) whether the breach resulted in someone actually acquiring information; (3) whether the person who gained access has an independent obligation of their own to protect the confidentiality of the PHI; and (4) whether the potential damage has been reduced by obtaining a signed pledge of confidentiality from the recipient. If the risk is judged real, there are specific regulations for the timing and extent of notifications including to the individual patient, HHS (Health and Human Services), and even the media.

2. May Opt-out of Disclosures to health plans. At the patient's request, physicians may not disclose information about care the patient has paid for out-of-pocket to health plans (i.e. insurance companies). As a practical matter, this must be addressed at the time of service when HFM will in the normal course of events bill a patient's insurance company vs accept payment in full at that time. Obviously, once the information has been released it cannot be retrieved.

3. Marketing communications. We may not tell a patient about a third-party product or service (that is something not provided from our own office) without the patient's written authorization unless in the usual course of your necessary medical care and we receive no extra profitable compensation for doing so. i.e. we can not encourage you to invest in a time-share in Alaska, nor promote a particular fitness club if we get a payment from them for referrals. Physicians have always considered such behavior unethical, but the Feds are reminding us.

4. Sale of PHI. HFM will not in the absence of the patient's written authorization sell your information for any purpose including research if it can be linked to a particular patient or if we profit from doing so.

5. Childhood immunizations. HFM may disclose immunizations to schools required to obtain proof of immunization prior to admitting a student so long as we have and document the patient or patient's legal representative's "informal agreement.

6. Descendants. HFM may release PHI to the deceased's family and friends under essentially the same circumstances such disclosures were permitted when the patient was alive; that is, when these individuals were involved in providing care or payment for care and the physician is unaware of any expressed preference to the contrary. There is no legal protection 50 years after a patient's death. HFM takes seriously an obligation to protect the reputation of a deceased patient and will continue to assume a "preference to the contrary" for any information we recognize might unnecessarily embarrass our former patient.

7. Copies of e-PHI. HFM has 30 days to respond to a patient's written request for his or her PHI with one 30-day extension for good reason in the electronic form and format requested or agreed to by the individual if the records are "readily reproducible." Hard copies are permitted only when the individual rejects all readily reproducible e-formats. In other words not only are the Feds strongly pushing physicians to adopt electronic medical records, they want our patients to do so also. Reasonable fees will be charged to provide such records.

8. Emailing PHI. HFM may send PHI in unencrypted emails only if the requesting individual is advised of the risk and still requests that form of transmission.