Carolina Endocrinology & Diabetes
Carolina Endocrinology & Diabetes

Notice of Privacy Practices

Please read this carefully. This notice explains how your medical information (called Protected Health Information or PHI) may be used and shared, and what rights you have to access this information.

Who is Presenting This Notice?

The terms “Facility” and “Health Professionals” in this notice refer to the members of Carolina Endocrinology & Diabetes.

  • Who is Bound by It? The Facility, its employees, and all members of Carolina Endocrinology & Diabetes involved in your care must follow this Notice of Privacy Practices.
  • Information Sharing within Carolina Endocrinology & Diabetes: Members of the Carolina Endocrinology & Diabetes will share your PHI with each other for your treatment, billing (payment), and day-to-day healthcare operations, as allowed by law (HIPAA) and this notice.
  • Need a List? For a full list of the organizations in the Carolina Endocrinology & Diabetes, contact the Privacy & Security Compliance Office.

Our Privacy Obligations

We are legally required to:

  1. Protect the privacy of your PHI.
  2. Provide you with this Notice, outlining our legal duties and privacy practices.
  3. Abide by the terms of this Notice.
  4. Notify you if there is a breach (unauthorized access, use, or disclosure) of your medical information.

Electronic Disclosure: We use computerized systems, meaning your PHI may be shared electronically for treatment, payment, and healthcare operations.

When We Can Share Your PHI Without Your Written Permission

We do not need your specific written permission for the following uses and disclosures:

Treatment, Payment, and Health Care Operations

Your PHI is used and shared to provide your care, get paid for that care, and run our facility smoothly.

  • Treatment: Sharing PHI to provide, coordinate, and manage your healthcare.
    • Examples: Sharing your chart with other doctors, nurses, or specialists involved in your care; contacting you with appointment reminders, treatment options, or information about other health services.
  • Payment: Sharing PHI to bill and get paid for your services.
    • Examples: Sending a bill to your Payor (your health insurer, HMO, or other company that pays for your care) to verify coverage and get payment; sharing billing details with a physician who read your X-ray so they can get paid.
  • Health Care Operations: Using and sharing PHI for internal activities that improve care quality and cost-effectiveness.
    • Examples: Reviewing medical records to evaluate the quality of care provided by staff; sharing PHI with the Privacy & Security Compliance Office to handle your complaints; providing PHI to government or accreditation bodies (like The Joint Commission) to maintain our license.
    • Business Associates: We may share PHI with other companies (called business associates) who perform services like billing or IT support on our behalf.
    • Training & Education: Sharing PHI for educational experiences, such as allowing students, residents, or others interested in healthcare to shadow staff or engage in a clinical program.

Sharing Information with Other Healthcare Networks

  • Health Information Organizations (HIOs): We may share your PHI through an HIO (a regional or statewide electronic health information exchange) with other providers for treatment, payment, and operations. This can lead to faster access to your records and better-coordinated care.
    • Your Choice: You have the right to opt out of the HIO and prevent providers from searching for your information through this exchange. You can do this by completing an Opt-Out Form at registration.

Other Permitted Uses and Disclosures

  • Facility Directory: Unless you object, we may include your name, location, general condition, and religious affiliation in our patient directory. We can share this information with anyone who asks for you by name. We can share your religious affiliation with clergy (e.g., a priest or minister) even if they don’t ask for you by name. You’ll have a chance to object upon admission.
  • Friends, Family, and Caregivers: We can share PHI with family members, friends, or any other person involved in your care or payment for your care if we believe it’s in your best interest (especially in an emergency or if you are unable to object). We’ll only share information directly relevant to their involvement.
  • Public Health Activities: Sharing PHI with public health authorities to prevent or control disease, report child abuse, report on FDA-regulated products, and more.
  • Victims of Abuse, Neglect, or Domestic Violence: Sharing PHI with a government authority if we reasonably believe you are a victim.
  • Health Oversight Activities: Sharing PHI with government agencies that oversee the healthcare system (e.g., Medicare or Medicaid).
  • Legal Proceedings: Sharing PHI in response to a court order, subpoena, or other lawful process in a judicial or administrative proceeding.
  • Law Enforcement: Sharing PHI with police or other law enforcement officials as required by law (e.g., to identify a suspect, locate a missing person, or report a crime at the facility).
  • Correctional Institutions: Sharing PHI with a correctional institution if you are an inmate.
  • Organ and Tissue Procurement: Sharing PHI with organizations that handle organ, eye, or tissue donation.
  • Research: Sharing PHI if an Institutional Review Board approves the research after waiving the requirement for your authorization.
  • Health or Safety: Sharing PHI to prevent a serious and immediate threat to a person’s or the public’s health or safety.
  • Specialized Government Functions: Sharing PHI with military command authorities (U.S. Military) or other government units (e.g., the Secret Service).
  • Workers’ Compensation: Sharing PHI as required by state laws related to workers’ compensation.
  • As Required by Law: Sharing PHI when any other law mandates it (e.g., to the FDA to monitor a medical device).
  • Appointment Reminders: Using your PHI to contact you about appointments.

When We Must Get Your Written Permission

For any purpose other than those listed above, we need your written authorization. This includes:

  • Non-Routine Disclosures: We need your written permission to send your PHI to parties like your life insurance company or an attorney representing the opposing party in a lawsuit.
  • Marketing: We need your written authorization (Your Marketing Authorization) before using your PHI to send you marketing materials.
    • Exceptions: We do not need your permission for face-to-face encounters, giving you a promotional gift of nominal value, or communicating with you about treatment options or care coordination.
  • Sale of PHI: We will not sell your PHI in exchange for payment without your authorization, except for limited, legally permitted circumstances (e.g., public health, research, or a sale/merger of the facility).
  • Highly Confidential Information: Certain information has extra legal protection and generally requires your written authorization for disclosure. This includes PHI about:
    • Psychotherapy notes
    • Mental health, mental retardation, and developmental disabilities
    • Alcohol or drug abuse/addiction
    • HIV/AIDS testing, diagnosis, or treatment
    • Communicable diseases
    • Genetic testing
    • Child or adult domestic abuse/neglect
    • Sexual assault

Revoking Your Authorization: You can cancel any written authorization at any time by sending a written statement to the Health Information Management Office, except to the extent we have already relied on your permission.

Your Rights Regarding Your PHI

You have the following rights concerning your medical information:

  1. Right to Request Additional Restrictions:
    • You can ask us to limit how we use or share your PHI for treatment, payment, operations, or to specific individuals (like family) involved in your care. We are not required to agree to all restrictions.
    • Exception We MUST Honor: We must agree to restrict disclosures to your health plan (for payment or operations, not treatment) if the disclosure relates to an item or service for which you have paid in full out-of-pocket, unless the disclosure is required by law.
    • To Request: Obtain and submit a request form from the Health Information Management Office.
  2. Right to Receive Confidential Communications:
    • You can request to receive your PHI by alternative means or at alternative locations (e.g., mailing your bill to a P.O. Box instead of your home address). We will accommodate reasonable written requests.
  3. Right to Inspect and Copy Your Health Information:
    • You can ask to see and get copies of your medical and billing records.
    • We may charge a fee for copies, except when the copies are needed for a federal or state disability benefits program application.
    • To Request: Obtain and submit a record request form from the Health Information Management Office.
  4. Right to Amend Your Records:
    • You can ask us to amend (change) the PHI in your medical or billing records if you believe it is inaccurate or incomplete.
    • We can deny the request if we believe the information is accurate and complete or if other special circumstances apply.
    • To Request: Obtain and submit an amendment request form from the Health Information Management Office.
  5. Right to Receive an Accounting of Disclosures:
    • You can request a list of certain disclosures of your PHI made over the past six years.
    • We may charge you for this statement if you request it more than once in a 12-month period.
  6. Right to Receive a Paper Copy of this Notice:
    • You can request and receive a paper copy of this Notice at any time, even if you previously agreed to receive it electronically.

For More Information or to File a Complaint

If you have questions, believe your privacy rights have been violated, or disagree with a decision we made about access to your PHI, please contact our Privacy & Security Compliance Office.

  • File a Complaint Externally: You can also file a written complaint with the Director, Office for Civil Rights of the U.S. Department of Health and Human Services (HHS). We will provide you with the correct address upon request.
  • No Retaliation: We will not take any action against you for filing a complaint.

Contact

Right to Change Terms: We may change the terms of this Notice at any time. Any changes will apply to all PHI we maintain, including information created before the new notice was issued. New notices will be posted in our facility waiting areas and on our website.

Facility Contacts:

Privacy & Security Compliance
1658 Highway 160 W., Fort Mill, SC 29708
E-mail: info@carolinaendo.org
Ethics Action Line (EAL): 803-548-3636