Patient Information – Madison Medical Associates

Our Responsibilities Under HIPAA

In the course of providing health care we generate, collect and share health-related information pertaining to our patients. Traditionally that information was kept confidential by ethical traditions and a patchwork of regulations that vary by State. We have certain responsibilities regarding that information due to Congressional enactment of HIPAA, the Health Insurance Portability and Accountability Act. Under HIPAA, all information in your medical record along with associated billing and payments plus other related demographic data which can be traced back to you as an individual is considered PHI (Protected health Information). This Notice explains how we use and disclose medical information about you and inform you of your rights to access and control that information.

Download our Notice of Privacy Practices

The following are examples of the types of uses and disclosures of your PHI that might occur. Some are more likely to happen than others, some may never happen. These examples are neither exhaustive nor an indication of what we intend to do. They are simply examples of the types of uses and disclosures that could be made by our medical practice without your permission as allowed by HIPAA.

Medical Treatment – We use previously given medical information about you to provide you with current or prospective medical treatment or services. Therefore, we may and most likely will disclose medical information about you to doctors, nurses, technicians, medical students, hospital personnel and surgery center personnel who are involved in taking care of you. For example, a doctor to whom we refer you for ongoing or further care may need your medical record. Different areas of the Practice also may share medical information about you including your records, prescriptions, requests of lab work and x-rays. We may also discuss your medical information with you to recommend possible treatment options or alternatives that may be of interest to you. We also may disclose medical information about you to people outside the Practice who may be involved in your medical care after you leave the Practice, this may include your family members or other personal representatives authorized by you or by a legal mandate (a guardian or other person who has been named to handle your medical decisions, should you become incompetent.)

Payment – We may use and disclose medical information about you for services and procedures so that they may be billed and collected from you, an insurance company, or any other third party. For example, we may need to give your health care information about treatment you received at the Practice to obtain payment or reimbursement for the care. We may also tell your health plan and/or referring physician about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment to facilitate payment of a referring physician or the like.

Health Care Operations – We may use and disclose medical information about you so that we can run our Practice more efficiently and make sure that all our patients receive quality care. These uses may include reviewing our treatment and services to evaluate the performance of our staff, deciding what additional services to offer and where, deciding what services are not needed and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students and other personnel for review and learning purposes. We may also combine the medical information we have with medical information from other medical practices to compare how we, are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning who the specific patients are. We may also use or disclose information about you for internal or external utilization review and/or quality assurance to business associates for purposes of helping us to comply with our legal requirements, to auditors to verify our records, to billing companies to aid us in this process and the like. We shall endeavor at all times when business associates are used to advise them of their continued obligation to maintain the privacy of your medical record.

Required by Law – We will disclose medical information about you when required to do so by federal, state or local law.

To Avert Serious Threat to Health or Safety – We may use and disclose medical information about you when necessary to prevent a serious threat either to your specific health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

Research, Death & Organ Donation – We may use or disclose your PHI in limited circumstances for research purposes. When necessary, we must disclose PHI to a coroner, medical examiner, funeral director or to an organ procurement organization for them to carry out their duties.

Worker’s Compensation – We may release medical information about you for Worker’s Compensation or similar programs. These programs provide benefits for work-related injuries or illness.

Oversight of Health and Public Policy – We disclose PHI to federal, state and local health and government agencies that oversee activities authorized by law. These include audits, investigations, inspections, licensure and determination of your eligibility for services. These activities may be necessary for the government to monitor the health care system, public programs, its contractors and entities subject to civil rights laws.  For example, we must disclose PHI to the US Department of Health and Human Services for purposes of determining whether we are in compliance with federal privacy laws.

Monitoring Public Health Risk and Safety – As required by law, we may disclose your PHI to public health authorities, the Food and Drug Administration or entities that receive information for the purposes of the following:

  • To prevent or control disease, injury or disability
  • To report births and deaths
  • To report child abuse or neglect
  • To report reactions to medications or problems with products
  • To notify people of recalls of products they may be using
  • To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition
  • To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.

Investigative, Government & Security Activities – We may disclose medical information to a local, state or federal agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, licensure and national security. These activities are necessary for the payer, the government and other regulatory agencies to monitor the health care system, government programs and compliance with civil rights laws.

Lawsuits and Disputes – If you are involved in a lawsuit or a dispute, or other public civil or criminal proceeding, we may disclose your PHI in response to a court order, summons, warrant, administrative order, grand jury subpoena, discovery request or other lawful process to the extent requested.

Law Enforcement and Criminal Activity – We may disclose PHI to a law enforcement official concerning a suspect, fugitive, material witness, crime victim or missing person, or to protect against fraud and other illegal activities. We may also do so when necessary to assist law enforcement officials to capture an individual who has admitted to participation in a crime or who has escaped from lawful custody. In the case of inmates or other persons in lawful custody, we may disclose PHI to law enforcement officials or correctional institutions that are responsible for their care.

Changes to this Notice – We reserve the right to change this notice at any time. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we may receive from you in the future. We will post a copy of the current notice in the Practice. The notice will contain on the first page, top-center, the date of the last revision and effective date. In addition, each time you visit the Practice for treatment or health care services you may request a copy of the current notice in effect.

Complaints – If you believe your privacy rights have been violated, you may file a complaint with the Practice or with the Secretary of the Department of Health and Human Services. To file a complaint with the Practice, contact our Compliance Officer who will direct you on how to

file an official complaint. All complaints must be submitted in writing, and all complaints shall be investigated without repercussion to you. You will not be penalized for filing a complaint.

Disclosures and Uses of PHI with your Written Permission – We will not disclose your PHI for any purpose not previously referenced in this notice without first obtaining your written authorization. When we need your permission, you may grant it by signing an authorization form.  You may later revoke it in writing, except to the extent an action, use or disclosure was already performed as a result of your prior authorization.

Business Associates – Companies who provide services to our Practice who may have access to our patient’s PHI will be required to sign a Business Associate Agreement protecting the Practice from PHI disclosures without authorization. An example of a business associate would be a medical transcription service.

Access to Your Health Information – You have the right to inspect and obtain copies of your PHI that may be used to make decisions related to our care for you, generally within 30 days. Upon proof of an appropriate legal relationship, records of others related to you or under your care (guardian or custodial) may also be disclosed.

To inspect and copy your PHI, you must submit your request in writing to our Compliance Officer. If you request a copy of the information, we may charge a fee for the costs of copying and mailing.

We may deny your request to access and disclose in certain very limited circumstances, such as when disclosure would reasonably endanger you or another person. If you are denied access to medical information, you may request that the denial be reviewed.

Right to Amend – If you feel that the medical information we have about you in your records is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the Practice maintains your medical record.

To request an amendment, your request must be submitted in writing to the Compliance Officer, along with your intended amendment and a reason that supports your request to amend. The amendment must be dated and signed by you and notarized.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. If we believe that the PHI is already accurate and complete, we will deny your request. We will likely deny requests for amendment to any PHI that was not created by us (unless you provide reasonable evidence that the person or entity that created the information is no longer available to make the amendment).

We cannot grant requests to amend PHI, which is not kept by the practice or which is not part of the PHI that you are permitted to inspect.

As part of your access right, you have the right to authorize and later revoke in writing the use or disclosure of your PHI to anyone for any purpose with limited exceptions.

Right to an Accounting of Disclosures – You have the right to request an accounting of disclosures. This is a list of the disclosures we made of medical information about you to others.

To request this list, you must submit your request in writing. Your request must state a time period not longer than six (6) years back. We will notify you of any cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to Request Restrictions – You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care (a family member or friend). For example, you could ask that we not use or disclose information about a particular treatment you received. Your request must be made in writing and (1) state what information is to be limited (2) to whom the restriction applies and (3) if the restriction applies to use, disclosure or both.

We are not required to agree to these additional restrictions, but if we do, we will comply with your request except in cases of emergency or when we are otherwise required to disclose the information by law.

Right to Request Confidential Communications – You have the right to request that we communicate with you about medical matters in a certain way or at a certain time. For example, you can ask that we only contact you at work or by mail, that we not leave voice mail messages, or the like.

To request confidential communications, you must make your request in writing. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish us to contact you.

Right to a Paper Copy of this Notice – You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.


I hereby acknowledge that I received a copy of this medical practice’s Notice of Privacy Practices. I further acknowledge that a copy of the current notice will be posted in the reception area, and that I will be offered a copy of any amended Notice of Privacy Practices at each appointment