Smiths Medical (“Smiths Medical”) is committed to keeping your personal health information confidential and secure. We will protect your Protected Health Information, or PHI, by maintaining privacy policies and procedures that meet or exceed the requirements of the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”).
This Notice describes how we may use and disclose PHI about you. This Notice also describes how you may access your own PHI and other rights you have under HIPAA. Please note that we may change our privacy practices and this Notice at any time. If you have any questions about this Notice or your rights under HIPAA, please contact our HIPAA Privacy Officer at the address or phone number listed at the end of this Notice.
WHAT IS PHI?
PHI is information that may identify you and relates to your past, present, or future physical or mental health or condition and related health care services that you receive and how you pay for them. Related information that might identify you in connection with your PHI is also protected. This information would include, for example, your Social Security number, your telephone number or other identification numbers assigned to you.
HOW SMITHS MEDICAL MAY USE AND DISCLOSE PHI
Smiths Medical will usually use or disclose your PHI only for purposes of promoting quality treatment, securing insurance reimbursement for your care, and conducting our own company internal operations. Here are more specific descriptions of how we may use or disclose PHI:
- Treatment. We may use and disclose your PHI to help deliver, coordinate and manage your health care and related services. For example, we may consult with your physician in connection with custom products he or she may prescribe specifically for you of if questions arise in the course of using our products in providing care to you but only if sharing your PHI is necessary under the circumstances.
- Payment. We generally do not provide health care products for which patients make payments directly. While we expect such circumstances to arise infrequently, we may nevertheless use and disclose your PHI, as necessary, to obtain payment for the health care products we provide.
- Operations. We may use and disclose your PHI in order to support our business activities. These activities may include, but are not limited to, quality assessment and improvement activities, business planning, management and general administrative activities. For example, we may use your PHI to assess the performance of our products, determine how to improve our products, resolve complaints, and assess the performance of our staff.
Please note the above examples are for illustration purposes only since we cannot describe every possible use or disclosure.
OTHER REASONS WE MAY USE AND DISCLOSE YOUR PHI
Smiths Medical may use or disclose your PHI for other reasons in order to provide you with the best service possible and to comply with various public health and legal requirements. These reasons include:
Business Associates. Some activities are performed for us, or on our behalf, by our business associates. For example, our business associates may include contracted educators, third party administrators and accounting firms. We have contracts with our business associates requiring them to protect your PHI as required by law.
Individuals involved in your care or payment for your care. Unless you instruct us otherwise, we may release PHI about you to a family member, relative, or personal friend, or any other person identified by you. We will disclose only your PHI which is relevant to the person’s involvement with your health care or payment.
Education and Information. While we do not typically contact individual patients regarding our products, we may use or disclose your PHI to inform you about health-related benefits and services that we provide and that we think may be of interest to you, or to send you information relating to custom products that we make for you under your physician’s orders.
Government Agencies. We may disclose your PHI to the Food and Drug Administration or other agencies in the US Department of Health and Human Services, or share information with parties regulated under the jurisdiction of the these agencies, for purposes of complying with federal drug and medical device laws and other federal laws regulating delivering and paying for health care products and services.
Public Health. As required by law, we may disclose PHI about you to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
Law Enforcement. We may disclose PHI about you for law enforcement purposes as required by law or in response to a valid subpoena or other legal process.
Health oversight activities. We may disclose PHI about you to an oversight agency as required by law. Oversight activities may include audits, investigations, and inspections related to our business and for the government to monitor the health care system, government programs, and compliance with state and federal laws.
Judicial and administrative proceedings. If you are involved in a lawsuit or dispute, we may disclose PHI about you in response to a court or administrative order. We may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by another party involved in the dispute, but only if we are satisfied that efforts are first made to tell you about the request or to obtain a court order protecting the PHI.
Workers Compensation. We may disclose PHI about you as authorized by and as necessary to comply with laws relating to workers compensation or similar programs.
Research. We may disclose PHI about you to researchers when the research has been approved by an institutional review board or privacy board that has determined there are established protocols to protect the privacy of your information and waives the individual authorization requirements under HIPAA. We may also release to researchers a “limited data set”, as permitted by HIPAA, consisting of data stripped of your name and most other identifiers.
To avert a serious threat to health or safety. We may use and disclose PHI about you when necessary to prevent a serious threat to your health and safety or the health and safety of another person, which may include disease outbreaks, product recalls or identified threats to a particular person.
Coroners, medical examiners, and funeral directors. We may release PHI about you to a coroner or medical examiner, when necessary to identify a deceased person or determine cause of death.
Organ or tissue procurement. Consistent with applicable law, we may disclose PHI about you to an organ procurement organization or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
Victims of Abuse. We may disclose PHI about you to a government authority if we reasonably believe that you are a victim of abuse, neglect, or domestic violence.
National security. We may release PHI about you to authorized federal officials for intelligence and other national security activities authorized by law. This may include disclosures necessary for the protection of government officials and foreign dignitaries.
Military and veterans. If you are a member of the armed forces, we may release PHI about you as required by military command authorities for activities they deem necessary for their military mission.
Correctional institutions. If you are or become an inmate of a correctional institution, we may disclose PHI to the institution or its agents when necessary for your health or the health and safety of others.
ANY OTHER USE OR DISCLOSURE OF PHI
Smiths Medical will obtain your written authorization before using or disclosing PHI about you for any purposes other those described above, or otherwise permitted or required by law. You may also authorize others (e.g., family members) to act on your behalf, including controlling your PHI. Parents and guardians will generally have authorization over the PHI of minors under their care.
You may revoke an authorization in writing at any time. Upon receipt of your written revocation, we will stop using or disclosing PHI about you, except to the extent we have already taken action in reliance on your authorization. To revoke an authorization, please send your request in writing with a copy of the authorization being revoked (or, if not available, a detailed description of the authorization including the date) to our HIPAA Privacy Officer at the address below.
YOUR HEALTH INFORMATION RIGHTS
You have certain rights with respect to your personal PHI. If you have any questions about how to exercise these rights, please contact our HIPAA Privacy Officer, and we will guide you through our procedures. You have the right to:
- Obtain a copy of this Notice. If we provide treatment or equipment to you directly, you have the right to receive a written copy of this Notice. In those situations, we will provide you with our Notice either when we send you a new Patient Information Packet or upon our first delivery of health care products to you. We will ask you to acknowledge receipt of the Notice by sending back an acknowledgement form to Smiths Medical. If we provide treatment or equipment indirectly to you through another health care provider (such as a physician, medical clinic, or medical equipment supplier), you will have the right at any time to request a copy of this Notice by contacting our Privacy Contact Person.
- Request a Restriction on Use and Disclosure of PHI. You may ask us to limit our use or disclosure of your PHI. However we are not required to agree to your requested restrictions except in limited circumstances involving disclosures to health plans when you pay the provider in full for health care services provided to you. To request such a restriction, you must send a written request to our HIPAA Privacy Contact Person at the address shown at the end of this Notice.
- Inspect and obtain a copy of PHI. You have the right to review and copy PHI in our “designated record set” for as long as Smiths Medical maintains the PHI. The designated record set usually contains information about billing records, product service, and any limited medical information we may have about you. To review or copy this information, you must send a written request to our HIPAA Privacy Contact Person at the address shown at the end of this Notice. We may charge a fee for the costs of copying, mailing, and supplies necessary to fulfill your request. We may deny your request in certain limited circumstances, in which case you may request us to review the denial.
- Request an amendment of PHI. If you believe that PHI maintained by Smiths Medical is incomplete or incorrect, you may request an amendment. To request an amendment, you must send a written request to the HIPAA Privacy Contact Person at the address shown below. You must include a reason to support your request. If we deny your request for amendment, you have the right to file a statement of disagreement with our decision and we may give a rebuttal to your statement.
- Receive an accounting of disclosures of PHI. You have the right to receive an accounting of any disclosures of your PHI made by we have made in the last six years not including disclosures for treatment, payment, or health care operations (except in certain circumstances). This accounting will exclude certain disclosures, such as disclosures made directly to you, disclosures you authorized, disclosures to friends or family involved in your care, and disclosures for notification purposes. To request an accounting, you must submit a written request to our HIPAA Privacy Officer at the address shown at the end of this Notice. Your request must specify the time period covered by your request (which can include up to six years). You may be charged for this service if you make more than one request within a twelve-month period. We will notify you of the cost in advance and you may choose to withdraw or modify your request at that time.
- Request communications of PHI by alternative means or at an alternative location. You may request that we communicate with you other than through our normal means. For example, you may request that we communicate with you only in writing or at a different address or post office box. We will accommodate any reasonable request. To request confidential communication of PHI about you, you must submit your request in writing to our HIPAA Privacy Contact Person at the address shown at the end of this Notice.
SMITHS MEDICAL’S DUTIES UNDER HIPAA
As described in this Notice, Smiths Medical has the following obligations under the law with respect to protecting your privacy:
- We are required by law to maintain the privacy of protected health information and to provide our customers with notice of our privacy practices. We are also required to provide notice to individuals in certain circumstances in the event of an unauthorized disclosure of their PHI.
- Whenever we use or disclose your PHI, we are required to disclose only that necessary for the purpose of the use or disclosure and nothing more. In some cases, this means that we will use or disclose only information that does not identify you.
- We are required to abide by the terms of this Notice while it is in effect.
- We reserve the right to change the terms of this Notice. In that event we will make the revised notice applicable to all health records maintained by Smiths Medical, regardless of whether the records were created before or after the revision to the Notice; make the changes available to our customers on request; and post a copy of the revised notice on our website.
If you believe your privacy rights have been violated in any way, you may file a complaint in writing with our HIPAA Privacy Officer. We will attempt to resolve your complaint promptly. You also have the right to file a complaint with the Secretary of the U.S. Department of Health and Human Services. We will not retaliate against you for filing a complaint under any circumstances.
This Notice is effective November 30, 2011.
OUR HIPAA PRIVACY CONTACT PERSON
Any questions or concerns relating to Smiths Medical’s privacy policies and practices should be directed to our Privacy Contact Person::
HIPPA Privacy Officer
1265 Grey Fox Road
St. Paul, MN 55112
Telephone: (+1) 651.628.7057