NOTICE OF PRIVACY PRACTICES OF BASHA DIAGNOSTICS, P.C.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

This Notice of Privacy Practices (Notice) is being provided to you as required by the Health Insurance Portability and Accountability Act of 1996, as amended (HIPAA). It has been drafted in accordance with the HIPAA Privacy Rule, contained in the Code of Federal Regulations at 45 CFR Parts 160 and 164. Terms not defined in this Notice have the same meaning as they have in the HIPAA Privacy Rule.

This Notice describes how Basha Diagnostics, P.C. may use and disclose your protected health information (PHI) to carry out diagnostic testing, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your PHI in some cases. Your “PHI” is any of your written, oral and electronic health information, including demographic data that can be used to identify you. This is health information that is created or received by your health care provider, and that relates to your past, present, or future physical or mental health or condition or payment for health care services.

I. USES AND DISCLOSURES OF PHI

Basha Diagnostics may use and disclose your PHI for all activities that are included within the definitions of “treatment” (including diagnostic testing services), “payment” and “health care operations” as defined in the HIPAA Privacy Rule. Disclosures of your PHI for the purposes described in this Notice may be made in writing, orally, electronically, or by facsimile.

A. Diagnostic Testing. We will use and disclose your PHI to provide, coordinate, or manage your diagnostic testing and any related services. This includes the coordination or management of your testing with a third party for treatment purposes. For example, we may disclose your PHI to a health care provider when needed by the provider to render treatment to you or to a home health agency that is providing care in your home. We may also disclose PHI to other physicians who may be consulting with your physician with respect to your care. In some cases, we may also disclose your PHI to an outside treatment provider for purposes of the treatment activities of the other provider.

B. Payment. Your PHI will be used and disclosed, as needed, to obtain payment for the services that we provide. This may include certain communications to your health insurer to get approval for the diagnostic testing that has been recommended. For example, if a hospital admission is recommended, we may need to disclose PHI to your health insurer to get prior approval for the hospitalization.

We may also disclose PHI to your insurance company to determine whether you are eligible for benefits or whether a particular service is covered under your health plan. In order to get payment for our services, we may also need to disclose your PHI to your insurance company to demonstrate the medical necessity of the services or, as required by your insurance company, for utilization review. We may also disclose PHI to another provider involved in your care for the other provider’s payment activities.

C. Health Care Operations. We may use and disclose your PHI, as necessary, for our own health care operations in order to facilitate the functions of Basha Diagnostics and to provide quality care to all patients. Health care operations include such activities as:

Quality assessment and improvement activities.
Employee review activities.
Accreditation, certification, licensing or credentialing activities.
Review and auditing, including compliance reviews, medical reviews, legal services and maintaining compliance programs.
Business management and general administrative activities.

In certain situations, we may use and disclose your PHI to assist health care providers in connection with their treatment or payment activities, or to assist other covered entities in connection with certain health care operations. For example, we may use and disclose your PHI for health care operations in the areas of quality assurance and improvement activities, or accreditation, certification, licensing, or credentialing. We may disclose or share your PHI with health care programs or insurance carriers (such as Medicare, Blue Cross Blue Shield, etc.) or health plans in order to coordinate benefits, if you or your family members have other health insurance or coverage.

D. Disclosures to You and Your Personal Representatives. We will disclose your PHI to you and to an individual who has been designated by you as your personal representative or who has qualified for such designation in accordance with applicable law. Prior to such a disclosure, however, we must be given written documentation that supports and establishes the basis for the personal representation. We may elect not to treat the person as your personal representative if we have a reasonable belief that you have been, or may be, subjected to domestic violence, abuse, or neglect by such person; that treating such person as your personal representative could endanger you; or if we determine, in the exercise of professional judgment, that it is not in your best interest to treat the person as your personal representative.

E. Other Uses and Disclosures. We may contact you to provide you with appointment reminders or information concerning health issues, benefits and services, or diagnostic testing alternatives based upon your PHI that we believe may be of interest to you. With limited exceptions, where the sending of such communications involves receipt of financial remuneration by Basha Diagnostics, we must obtain your authorization for any use or disclosure of PHI.

F. Fundraising. We may contact you to raise funds for Basha Diagnostics and you have the right to opt out of receiving such communications.

II. USES AND DISCLOSURES BEYOND DIAGNOSTIC TESTING, PAYMENT, AND HEALTH CARE OPERATIONS PERMITTED WITHOUT AUTHORIZATION OR OPPORTUNITY TO OBJECT

Basha Diagnostics may use or disclose your PHI without your permission or authorization for a number of reasons including the following:

A. When Legally Required. We will disclose your PHI when we are required to do so by any Federal, State, or local law, including disclosures to the Secretary of U.S. Department of Health and Human Services in connection with determining whether Basha Diagnostics is in compliance with the applicable laws.

B. When There Are Risks to Public Health. We may disclose your PHI for the following public activities and purposes:

To prevent, control, or report disease, injury or disability as permitted by law.
To report vital events such as birth or death as permitted or required by law.
To conduct public health surveillance, investigations and interventions as permitted or required by law.
To collect or report adverse events and product defects, track FDA regulated products, enable product recalls, repairs or replacements to the FDA and to conduct post marketing surveillance.
To notify a person who has been exposed to a communicable disease or who may be at risk of contracting or spreading a disease as authorized by law.
To report to an employer information about an individual who is a member of the workforce as legally permitted or required.

C. To Report Abuse, Neglect, or Domestic Violence. We may notify government authorities if we believe that a patient is the victim of abuse, neglect or domestic violence. We will make this disclosure only when specifically required or authorized by law or when the patient agrees to the disclosure.

D. To Conduct Health Oversight Activities. We may disclose your PHI to a health oversight agency for activities including audits; civil, administrative, or criminal investigations, proceedings, or actions; inspections; licensure or disciplinary actions; or other activities necessary for appropriate oversight as authorized by law. We will not disclose your PHI if you are the subject of an investigation and your PHI is not directly related to your receipt of health care or public benefits.

E. In Connection with Judicial and Administrative Proceedings. We may disclose your PHI in the course of any judicial or administrative proceeding in response to an order of a court or administrative tribunal as expressly authorized by such order or in response to a signed authorization.

F. For Law Enforcement Purposes. We may disclose your PHI to a law enforcement official for law enforcement purposes as follows:

As required by law for reporting of certain types of wounds or other physical injuries.
Pursuant to court order, court-ordered warrant, subpoena (in certain circumstances), summons, or similar process.
For the purpose of identifying or locating a suspect, fugitive, material witness or missing person.
Under certain limited circumstances, when you are the victim of a crime.
To a law enforcement official if Basha Diagnostics has a suspicion that your death was the result of criminal conduct.
In an emergency in order to report a crime.

G. To Correctional Institution or Law Enforcement Officials. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the correctional institution or to a law enforcement official for: (1) the institution to provide health care to you; (2) your health and safety, and the health and safety of others; or (3) the safety and security of the correctional institution.

H. To Coroners, Funeral Directors, and for Organ Donation. We may disclose PHI to a coroner or medical examiner for identification purposes, to determine cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose PHI to a funeral director, as authorized by law, in order to permit the funeral director to carry out their duties. We may disclose such information in reasonable anticipation of death. PHI may be used and disclosed for cadaveric organ, eye, or tissue donation and transplantation purposes.

I. For Research Purposes. We may use or disclose your PHI for research when the use or disclosure for research has been approved by an institutional review board or privacy board that has reviewed the research proposal and research protocols to address the privacy of your PHI.

J. In the Event of A Serious Threat to Health Or Safety. We may, consistent with applicable law and ethical standards of conduct, use or disclose your PHI if we believe, in good faith, that such use or disclosure is necessary to prevent or lessen a serious and imminent threat to your health or safety or to the health and safety of the public.

K. For Specified Government Functions. In certain circumstances, we use or disclose your PHI to facilitate specified government functions relating to military and veterans activities, national security and intelligence activities, protective services for the President and others, medical suitability determinations, and law enforcement custodial situations.

L. For Worker’s Compensation. We may disclose your PHI to comply with workers’ compensation laws and other similar programs that provide benefits for work-related injuries or illnesses.

M. To Business Associates. Basha Diagnostics contracts with service providers, called business associates, to perform various functions on its behalf. For example, we may contract with a service provider to perform the administrative functions necessary to pay your medical claims. To perform these functions or to provide the services, business associates will receive, create, maintain, use, and/or disclose PHI, but only after Basha Diagnostics and the business associate agree in writing to contract terms requiring the business associate to appropriately safeguard your PHI and to comply with other applicable legal requirements.

III. USES AND DISCLOSURES PERMITTED WITHOUT AUTHORIZATION BUT WITH OPPORTUNITY TO OBJECT

We may disclose your PHI to your family member or a close personal friend if it is directly relevant to the person’s involvement in your care or payment related to your care. We can also disclose your PHI in connection with trying to locate you or notify family members or others involved in your care concerning your location, condition or death.

You may object to or request a restriction (See Section V.B) on these disclosures. If you do not object to these disclosures or place restrictions on them, or we can infer from the circumstances that you do not object or we determine in the exercise of our professional judgment, that it is in your best interests for us to make disclosure of information that is directly relevant to the person’s involvement with your care, we may disclose your PHI as described.

IV. USES AND DISCLOSURES WHICH YOU AUTHORIZE

Most uses and disclosures of PHI for marketing purposes, and disclosures that constitute a sale of PHI, as well as other uses and disclosures of your PHI that are not described in this Notice, will be made only with your written authorization. You may revoke your authorization in writing at any time except to the extent that we have taken action in reliance upon the authorization.

V. YOUR RIGHTS

You have the following rights regarding your PHI:

A. The Right to Inspect and Copy Your PHI. You may inspect and obtain an electronic or paper copy of your PHI that is contained in a designated record set for as long as we maintain the PHI. A “designated record set” contains the medical and billing records and any other records that your physician and Basha Diagnostics use for making decisions about you.

Under Federal law, however, you may not inspect or copy the following records: information compiled in reasonable anticipation of, or for use in civil, criminal, or administrative action or proceeding; and PHI that is subject to a law that prohibits access to PHI. Depending on the circumstances, you may have the right to have a decision to deny access reviewed.

We may deny your request to inspect or copy your PHI if, in our professional judgment, we determine that the access requested is likely to endanger your life or safety or that of another person, or that it is likely to cause substantial harm to another person referenced within the information. You have the right to request a review of this decision.

To inspect and copy your PHI, you must submit a written request to the Privacy Officer. We will provide a copy or a summary of your PHI, usually within 30 days of your request. We may charge you a reasonable, cost-based fee for providing copies, as allowed by law. Please contact our Privacy Officer if you have questions about access to your medical record.

B. The Right to Request a Restriction on Uses and Disclosures of Your PHI. You have the right to request that we do not to use or disclose certain part of your PHI for the purposes of diagnostic testing, payment or health care operations. You also have a right to request that we not disclose your PHI to family members or others involved in your health care as described in this Notice. Your request must be in writing and include the PHI you wish to restrict, whether you want to restrict our use, disclosure, or both, and (if applicable), to whom you want the limitations to apply (for example, disclosures to your spouse). A request for restrictions must be made in writing to the Privacy Officer.

We are not required to agree to any restriction that you may request, except that we must agree to a request to restrict disclosure of PHI to a health plan for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you, or a person other than the health plan on your behalf, has paid Basha Diagnostics in full.

We will notify you if we agree or deny your request to a restriction. If Basha Diagnostics agrees to the requested restriction, we will not use or disclose your PHI in violation of the agreed upon restrictions except that, if the individual who requested the restriction is in need of emergency treatment and the restricted PHI is needed to provide the emergency treatment, we may use the restricted PHI, or may disclose such information to a health care provider, to provide such treatment to the individual. If restricted PHI is disclosed to a health care provider for emergency treatment, Basha Diagnostics shall request that such health care provider not further use or disclose the information.

Basha Diagnostics may terminate its agreement to a restriction if 1) you agree to or request the termination in writing, 2) you orally agree to the termination and the oral agreement is documented; 3) or Basha Diagnostics notifies you that it is terminating its agreement to a restriction, except that such termination is not effective with respect to PHI for which we must agree to a restriction as described above and is only effective with respect to PHI created or received after Basha Diagnostics provides such a notice.

C. The Right to Request to Receive Confidential Communications from us by Alternative Means or at an Alternative Location. You have the right to request that we communicate with you by alternative means or at alternative locations. We will accommodate reasonable requests. We may condition this accommodation by asking you for information as to how payment will be handled or specification of an alternative address or other method of contact. We will not require you to provide an explanation for your request. A request for confidential communications must be made in writing to the Privacy Officer.

D. The Right to Request Amendment of Your PHI. You may request an amendment of PHI about you in a designated record set for as long as we maintain this information if you believe that information is incorrect or incomplete. In certain cases, we may deny your request for an amendment. If we deny your request for an amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. A request for amendment must be made in writing to our Privacy Officer and provide a reason to support the requested amendments.

E. The Right to Receive an Accounting of Disclosures. You have the right to request an accounting of certain disclosures of your PHI made by Basha Diagnostics. This right does not apply to disclosures for purposes of diagnostic testing, payment and health care operations, disclosures that you requested or agreed to by signing an authorization, disclosures for a facility directory, to friends or family members involved in your care, or certain other disclosures we are permitted to make without your authorization. A request for an accounting must be made in writing to our Privacy Officer. You can request an accounting of disclosures made up to six years prior to the date of your request, and the request should specify the time period sought for the accounting. We will provide the first accounting you request during any 12-month period without charge. Subsequent accounting requests may be subject to a reasonable cost-based fee. We will notify you in advance of the cost involved and you may choose to withdraw or modify your request before any costs are incurred.

F. The Right to Obtain a Paper Copy of this Notice. Upon request, we will provide a separate paper copy of this Notice even if you have already received a copy of the Notice or have agreed to accept this Notice electronically.

G. Right to Receive Notifications of Breaches of Unsecured PHI. You have the right to and will receive timely notifications of breaches of your Unsecured PHI.

VI. OUR RESPONSIBILITIES

Basha Diagnostics is required by law to maintain the privacy and security of your PHI, to provide you with a copy of this Notice setting forth our legal duties and privacy practices with respect to your PHI, and to notify you following a breach of unsecured PHI. We are required to abide by the terms of this Notice. We reserve the right to change our privacy practices and revise this Notice at any time, as permitted or required by applicable law, and make the new provisions effective for all PHI that we maintain. Any revisions to the Notice may be retroactive. If we make a material change to this Notice, we will provide a revised Notice to you during your next visit to one of our offices and upon request as required by law.

VII. COMPLAINTS

You have the right to complain to Basha Diagnostics and to the Secretary of the U.S. Department of Health and Human Services if you believe that your privacy rights have been violated. You may complain to Basha Diagnostics by contacting our Privacy Officer verbally or in writing, using the contact information below. We encourage you to express any concerns you may have regarding the privacy or security of your PHI. You will not be retaliated against in any way for filing a complaint.

VIII. CONTACT PERSON

Basha Diagnostics’ contact person for all issues regarding patient privacy and your rights under HIPAA is the Privacy Officer. Information requests, complaints or questions regarding matters covered by this Notice can be addressed to our Privacy Officer at the following address:

Basha Diagnostics, P.C.
30701 Woodward Ave, Suite LL
Royal Oak, Michigan 48073
Attn: HIPAA Privacy Officer

The Privacy Officer can also be contacted by telephone at (248) 288-1600.

IX. EFFECTIVE DATE

This Notice is effective April 14, 2003

First Revision Effective Date: October 5, 2009

Second Revision Effective Date (compliance with Final Rule): September 23, 2013

NOTICE OF PRIVACY PRACTICES OF BASHA DIAGNOSTICS, P.C