HIPAA PRIVACY NOTICE

Last Revised: January 1, 2017

Financial Policy

Welcome to Privia Medical Group! We are pleased that you have chosen us as your health care provider. Our mission is to provide you with the highest level of professional medical care with the highest degree of patient satisfaction. To avoid any misunderstandings and ensure timely payment for services, it is important that you understand your financial responsibilities with respect to your health care.

We require that all patients sign our Authorization and Consent for Treatment Form before receiving medical services. This form confirms that you understand that the services provided are necessary and appropriate, and advises you of your financial responsibility with respect to services received.

PATIENT RESPONSIBILITY

Patients or their legal representative are ultimately responsible for all charges for services provided. We expect your payment at the time of your visit for all charges owed for that visit as well as any prior balance. Some insurance plans tell us exactly what you will owe at the time of your visit; in that case, we may request full payment for your share when you check in or out. Other insurance plans do not provide immediate information regarding patient responsibility; in that case, you will be asked to save a credit card on file to settle your account or pay a deposit when you check in or out.

If you save a credit card on file, we will charge your card for the balance due when your insurance company notifies us of your patient responsibility. When you make a deposit, you will pay an estimate of the expected patient responsibility; when your insurance company notifies us of your patient responsibility, we will either send you a statement for the balance due or issue a refund.

If you have an Annual Wellness Visit or Physical Exam but need additional services, we may bill you for those additional services. All services for patients who are minors will be billed to the custodial parent or legal guardian. If you demonstrate financial need and complete the required paperwork, financial assistance may be available. If you have a large balance, payment plans may be available.

TYPES OF PAYMENTS

  1. Co-payments. Insurance carriers require that we collect your co-payment at the time of your visit. If you are not prepared to make your co-payment, you may reschedule your appointment.
  2. Deductibles. Most insurance plans require you to pay a predetermined amount (the “deductible”) before insurance will cover certain charges. Our technology allows us to view your remaining deductible and help you understand what you will owe for your visit so we can collect the amount due at the time of your visit.
  3. Co-insurance. Some insurance plans require that you pay a certain percentage (for example, 20%) of the allowable charge amount. Our technology allows us to view the details of your insurance plan, including your coinsurance amount, and calculate the expected out-of-pocket cost for you. If we can determine the amount, we will ask that you pay your co-insurance at the time of your visit.
  4. Uninsured Patients / Self-Pay. If you do not have insurance or if the services provided are not covered by your insurance, payment for all services is due at the time of your visit. Two options are available: 1) a prompt pay discount is available if you pay in full at the time of service; or 2) we can bill you if you do not pay at the time of service. If the total charge amount is not available at the time of checkout, you may be required to pay a deposit that will be applied to your charges. If the deposit exceeds actual charges then a refund will be issued.
    • Deposit amounts are:
      • New patients: total charge or a minimum $200 deposit.
      • Established patients: total charge or a minimum $150 deposit.
      • Procedures: total charge or a minimum $200 payment
  5. Out-of-Network. We participate with most major insurance plans. You can contact your insurance company to confirm if your provider is in network prior to making your appointment. If we do not participate with your insurance plan, you will be required to pay for your visit at the time of service. We may send a courtesy bill to your insurance company. If the total charge amount is not available at the time of check out, you may be required to pay a deposit as described above.
  6. Non-Covered Services. It is your responsibility to contact your insurance plan to determine whether a particular service is covered. If we provide you non-covered services, you are expected to pay for the services at the time of your visit. Our billing staff will assist you in attempting to resolve any appeals. If you are a Medicare patient, we will inform you of any non-covered services prior to your treatment. Your provider will review options with you and document your decision and acceptance of financial responsibility using the Centers for Medicare and Medicaid Services (CMS) form CMS-R-131 (03/08), Advance Beneficiary Notice (ABN).

INSURANCE

We ask all patients to provide their insurance card (if applicable) and proof of identification (such as a photo ID or driver’s license) at every visit. If you do not provide current proof of insurance, you may be billed as an uninsured patient (i.e., self-pay). If you provide your insurance card(s) at a later time, we may be able to retroactively bill the services to your insurer depending on the insurance plan’s requirements. We accept assignment of benefits for many third party carriers, so in most cases, we will submit charges for services rendered to your insurance carrier. You are expected to pay the entire amount determined by your insurance to be the patient responsibility. Our fees are for physician services only; you may receive additional bills from laboratory, radiology, or other diagnostic related providers.

You are responsible to:

  • Know if a referral or authorization is necessary for office visits. (If it is required and you do not have the appropriate referral or authorization, you may be billed as an uninsured patient).
  • Check with your insurance plan to determine if prescribed testing (lab, radiology, etc.) is covered under your insurance policy. (If you choose to have non-covered testing, we will require full payment at the time of your visit.)
  • Check with your insurance plan to review the schedule of benefits and whether a co-payment or deductible applies.
  • File any appeals with your insurance plan, if needed.
  • Coordinate benefits if you have more than one insurance plan. You may be required to contact your insurance company to clarify which plan is primary or to correct any demographic or other issues.
  • Arrive for appointments with all required documentation.

Insurance Verification. We will attempt to verify your insurance eligibility two (2) business days prior to your visit. If we are unable to confirm active insurance coverage, we will contact you about your insurance eligibility. If you are unable to present an alternative form of active insurance coverage prior to the visit, you will be required to either pay at the time of your visit or reschedule your appointment. For same day appointments, we will check eligibility when the appointment is made.

Outstanding Balances. After your visit, we will send you a statement for any outstanding balances. All outstanding balances are due on receipt. If you come for another visit and have an outstanding balance, we will request payment for both the new visit and your outstanding balance. Your outstanding balances can be paid conveniently via our patient portal.

We generally send statements every twenty-eight (28) days, beginning when the balance becomes patient responsibility. If you have an outstanding balance for more than ninety (90) days, you may be referred to an outside collection agency and charged a $20 collection fee in addition to the balance owed. In addition, if you have unpaid delinquent accounts, we may discharge you as a patient and you may not be allowed to schedule any additional services unless special arrangements have been made.

LATE ARRIVALS, CANCELLATIONS, AND NO-SHOWS

Late arrivals. If you arrive late for a scheduled appointment, you may be asked to reschedule your appointment or wait for an open appointment time on that day’s schedule.

Cancellations. If you are unable to keep a scheduled appointment, you must call at least one (1) business day in advance or we may consider you a “no-show.”

No-shows. If you miss your appointment, you may be charged a $50.00 fee for a missed appointment, a $75.00 fee for a missed pediatric appointment, a $100.00 fee for a missed physical, or a $200 fee for a missed procedure or surgery. This fee will need to be paid prior to rescheduling. This fee cannot be billed to insurance.

As permitted by state law, you may be discharged as a patient following three (3) no-shows in a one-year period (365 days).

CARD-ON-FILE PROCESS

When you check into a hotel or rent a car, you are required to provide a credit card to cover the cost of any incidental charges and/or pay your bill. This process benefits both you and the hotel or rental company by making the checkout process easier, faster, and more efficient.

We have implemented a similar process at Privia. You will be requested to provide a credit card when you check-in for your visit and we will scan the card into our system. The information will be held securely until your insurance has paid their share and notified us of any additional amount owed by you. At that time, we will notify you that the remaining balance owed will be charged to your credit card five (5) days from the date of the notice. You may call our office if you have a question about your balance. We will send you a receipt for the charge.

The “Card-on-File” program simplifies payment for you and eases the administrative burden on your provider’s office. This reduces paperwork and ultimately helps lower the cost of healthcare. Your statements will be available via your patient portal and our Customer Support line is available to answer any questions about the balance due.

If you have any questions about the card-on-file payment method, please let us know.

Thank you for helping us run a better practice!

Notice of Privacy Practices

This Notice is provided to you pursuant to the privacy regulations enacted as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This joint notice of privacy practices describes how your medical information may be used and disclosed and how you can get access to your information. This Notice applies to all your medical information created or maintained by Privia Medical Group, Privia Quality Network, and/or Dwell Family Doctors (collectively referred to as “Privia”). PLEASE REVIEW THIS NOTICE CAREFULLY.

A. OUR COMMITMENT TO YOUR PRIVACY

Privia is committed to maintaining the privacy of your health information. We are required by law to (i) maintain the privacy of your health information; (ii) provide you with this notice of our legal duties and privacy practices with respect to your health information; (iii) follow the terms of the notice of privacy practices currently in effect; and (iv) notify you if there is a breach of your health information. We must also provide you with the following important information: (a) how we may use and disclose your health information; (b) your privacy rights; and (c) our obligations concerning the use and disclosure of your health information.

This Notice of Privacy Practices is NOT an authorization. Rather it describes how we, our Business Associates, and their subcontractors may use and disclose your Protected Health Information to carry out treatment, payment, or health care operations, and for other purposes as permitted or required by law. It also describes your rights to access and control your Protected Health Information.

“Protected Health Information” (“PHI”) means information that identifies you individually; including demographic information, and information that relates to your past, present, or future physical or mental health condition and/or related health care services.

The terms of this notice apply to all your PHI created or maintained by Privia. We reserve the right to revise or amend this Notice at any time. Any revision or amendment to this notice will be effective for all of your records that we created or maintained in the past and for any of your records that we may create or maintain in the future. We will post a copy of our current Notice online at: http://www.priviahealth.com/HIPAA and you may request a copy of our most current Notice at any time.

B. SUMMARY OF THIS NOTICE

  1. We may use and share your information as we:
    • Treat you
    • Run our organization
    • Bill for your services
    • Help with public health and safety issues
    • Conduct research
    • Comply with the law
    • Respond to organ and tissue donation requests
    • Work with a medical examiner or funeral director
    • Address workers’ compensation, law enforcement, and other government requests
    • Respond to lawsuits and legal actions
    • For more information see Section E below.
  2. You may have certain choices about how we use and share information when we:
    • Tell family and friends about your condition
    • Provide disaster relief
    • Include you in a hospital directory
    • Provide mental health care
    • Market our services or sell your information
    • Raise funds
    • For more information see Section F below.
  3. You have the right to:
    • Get a copy of your paper or electronic medical record
    • Request the correction of your medical record
    • Request confidential communication
    • Ask us to limit the information we share
    • Get a list of those with whom we’ve shared your information
    • Get a copy of this privacy notice
    • Choose someone to act for you
    • File a complaint if you believe your privacy rights have been violated
    • For more information see Section G below.

C. CONTACT FOR QUESTIONS

For more information or questions about Privia Medical Group’s privacy policies, please contact:

Privacy Officer
950 N Glebe Rd, Suite 4000
Arlington, VA 22203
(571) 317-0679
compliance@priviahealth.com

D. PERSONS/ENTITIES COVERED BY THIS NOTICE

Your provider’s care center is part of an Affiliated Covered Entity (“ACE”) by virtue of its affiliation with Privia Medical Group, Privia Quality Network (Privia Health’s Clinically Integrated Network and Accountable Care Organization), or Dwell Family Doctors (collectively these entities are referred to as “Privia”). For the purposes of complying with federal privacy and security requirements, the above-described facilities have designated themselves as an ACE. These facilities are under common ownership and control and have agreed to treat themselves as a single “covered entity” under HIPAA. Additionally, the Privia providers, and those who share electronic health records with Privia, have agreed to follow the terms of this Notice when providing services through Privia. Although each care center is legally separate and responsible for its own acts, Privia will coordinate privacy practices among the Privia care centers. Patient information is shared across the ACE for treatment, payment, and healthcare operations related to the ACE. Your PHI can be shared across the ACE for the purposes of your treatment, payment, and healthcare operations. When PHI is shared for healthcare operations, the person or organization using your PHI must have a relationship with you, unless your PHI is used for quality assurance, utilization review, and peer review purposes.

NOTE: This notice applies to all care centers affiliated with Privia. The complete list of Privia providers for whom this Notice of Privacy Practices applies can be viewed at: http://www.priviahealth.com/HIPAA.

IMPORTANT: Privia may disclose your PHI to members of Privia’s medical staff and other independent medical professionals in order to provide treatment, payment and healthcare operations. Although those professionals have agreed to follow this Notice and participate in the Privia privacy program, they are independent professionals and Privia expressly disclaims any responsibility or liability for their acts or omissions relating to your care or privacy/security rights.

E. USE AND DISCLOSURE OF YOUR INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION (PHI)

  1. Treatment. Privia may use or share your PHI to provide medical treatment or services for you and in order to manage and coordinate your medical care. Privia may disclose medical information about you to physicians and health care providers, DME vendors, surgery centers, hospitals, rehabilitation therapists, home health providers, laboratories, nurse case managers, worker’s compensation adjusters, etc. to ensure that your medical providers have the necessary information to diagnose and provide treatment to you. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may affect the healing process. Privia also may disclose your PHI to individuals who are involved in your care, including family members or other care providers.
  2. Payment. Privia may use and disclose your PHI in order to bill and collect payment from health plans or other entities. For example, we may disclose PHI to your health insurance plan so it will pay for your services, determine your eligibility for coverage, or to obtain prior approval from the insurer to cover payment for treatment. Privia also may use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, including family members. Privia may disclose your information to a collection agency to obtain overdue payment. Privia may also disclose your PHI to a regulatory agency or other entity to determine whether the services we provided were medically necessary or appropriately billed.
  3. Health Care Operations. Privia may use and disclose your PHI to run our practices, improve your care, and contact you when necessary. For example: We may use or disclose your PHI: (1) to conduct quality or patient safety activities, population-based activities relating to improving health or reducing health care costs, case management and care coordination, and contacting your health care providers and you with information about treatment alternatives; (2) when conducting training programs or performing accreditation, licensing, or credentialing activities; (3) when conducting or arranging for medical review, legal services, and auditing functions; and (4) for our proper management and administration, including customer service, resolving complaints, strategic planning, etc. In addition, we may use or disclose de-identified information or a limited data set for certain healthcare operations purposes.
  4. Appointment Reminders, Check-In and Results. Privia may use and disclose your PHI to contact you and remind you of an appointment. Privia may use a sign-in sheet at the registration desk and call you by name in the waiting room when your provider is ready to see you. Privia may also use your PHI to contact you about test results. Privia may leave a message reminding you of an appointment or the results of certain tests, but will leave the minimum amount of information necessary to communicate this information.
  5. Treatment Options and Health-Related Benefits and Services. Privia may use and disclose your PHI to inform you of treatment options or alternatives as well as certain health-related benefits or services that may be of interest to you. Privia may also use and disclose your PHI to describe health-related products or services (or payment for such products or services) provided through your benefit plan or to offer information on other providers participating in a healthcare network that we participate in.
  6. Disclosures to Family or Friends. Privia may disclose your PHI to individuals involved in your care or treatment or responsible for payment of your care or treatment. If you are incapacitated, we may disclose your PHI to the person named in your Durable Power of Attorney for Health Care or your personal representative (the individual authorized by law to make health-related decisions for you). In the event of a disaster, your PHI may be disclosed to disaster relief organizations to coordinate your care and/or to notify family members or friends of your location and condition.
  7. Required By Law. Privia will use and disclose your PHI when we are required to do so by federal, state or local law. For example, Privia may disclose PHI to comply with child and elder abuse reporting laws or to report certain diseases, injuries or deaths to state or federal agencies.

F. USE AND DISCLOSURE OF YOUR PHI IN CERTAIN SPECIAL CIRCUMSTANCES

    1. Public Health Reporting. Privia may disclose and may be required by law to disclose your PHI for certain public health purposes. For example, Privia may disclose your PHI to the Food and Drug Administration (FDA) regarding the quality and safety of an FDA-regulated product or activity; to prevent or control disease; report births and deaths; to report child abuse and/or neglect; to report reactions to medications or problems with health products; to provide notification of recalls of products; or report a person who may have been exposed to a disease or may be at risk of contracting and/or spreading a disease or condition. In addition, Privia may provide proof of immunizations to a school that requires a patient’s immunization record prior to enrollment or admittance of a student if you have informally agreed to the disclosure for yourself or on behalf of your legal dependent.
    2. Health Oversight Activities. Privia may disclose your PHI to a health oversight agency for investigations, inspections, audits, surveys, licensure and disciplinary actions, and in certain civil, administrative, and criminal procedures or actions, or other health oversight activities as authorized by law.
    3. Lawsuits and Disputes. Privia may disclose your PHI in response to a court or administrative order, subpoena, request for discovery, or other legal processes. However, absent a court order, Privia will generally disclose your PHI if you have authorized the disclosure or efforts have been made to inform you of the request or obtain an order protecting the information requested. Your information may also be disclosed if required for our legal defense in the event of a lawsuit.
    4. Law Enforcement. Privia may disclose your PHI if requested by a law enforcement official: (a) regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement; (b) about a death we believe resulted from criminal conduct; (c) regarding criminal conduct on our premises; (d) in response to a warrant, summons, court order, subpoena or similar legal process; (e) to identify/locate a suspect, material witness, fugitive or missing person; or (f) in an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator).
    5. Deceased Patients. Privia may disclose your PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. In addition, we may disclose PHI necessary for funeral directors to fulfill their responsibilities.
    6. Organ and Tissue Donation. Privia may disclose your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation or blood banks, as necessary to facilitate donation and transplantation if you are a donor.
    7. Research. Privia may use and disclose your PHI to researchers for the purpose of conducting research with your written authorization or when the research has been approved by an Institutional Review or Privacy Board and is in compliance with law governing research.
    8. Serious Threats to Health or Safety. Privia may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
    9. Military, National Security, and other Specialized Government Functions. If you are in the military or involved in national security or intelligence, Privia may disclose your PHI to authorized officials. Privia also may disclose your PHI to authorized federal officials in order to protect the President, other officials or foreign heads of state, or to conduct certain investigations.
    10. Workers’ Compensation. Privia will disclose only the PHI necessary for worker’s compensation in compliance with worker’s compensation laws. This information may be reported to your employer and/or your employer’s representative in the case of an occupational injury or illness.
    11. Inmates. If you are an inmate or in the custody of a law enforcement official, Privia may disclose your PHI to correctional institutions or law enforcement officials as necessary: (a) for the institution to provide health care services to you; (b) for the safety and security of the law enforcement officer or the correctional institution; and/or (c) to protect your health and safety or the health and safety of other individuals.
    12. Minors. If you are a minor (generally an individual under 18 years old), we may disclose your PHI to your parent or guardian unless otherwise prohibited by law.

G. YOUR PRIVACY RIGHTS REGARDING YOUR PHI

        1. Inspection and Copies. You may request a copy of or inspect the PHI that is used to make decisions about you, including medical and billing records and laboratory and imaging reports. You have the right to obtain an electronic copy if it is readily producible by us in the form and format requested. We will provide a copy or a summary of your health information, to you or whomever you designate to receive it, usually within thirty (30) days of your request. Privia may charge a reasonable cost-based fee to cover the costs of copying, mailing, labor and supplies associated with your request. Privia may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. There may be times that your provider, in his or her professional judgment, may not think it is in your best interest to have access to your medical record. Depending on the reason for the decision to deny a request, we may ask another licensed provider chosen by us to conduct a review of your request and its denial.
        2. Confidential Communications. You may request in writing that we communicate with you in a specific way or send mail to a different address. For example, you may request that we contact you at home, rather than work or by mail. Privia will accommodate all reasonable requests. You do not need to give a reason for your request.
        3. Amendment. You may request a correction or amendment of your PHI if you believe it is incorrect or incomplete. You may make a written request for a correction or amendment for as long as your PHI is maintained by or for Privia. Requests must provide a reason or explanation that supports the request. Privia will deny your request if it is not in writing or if, in the provider’s opinion, the information is: (a) accurate and complete; (b) not part of the PHI maintained by or for Privia; (c) not part of the PHI that you have the right to inspect and copy; or (d) not created by Privia, unless the individual or entity that created the information is not available to amend the information. Privia will notify you in writing within sixty (60) days if we cannot fulfill your request.
        4. Accounting of Disclosures. You may request an accounting of certain disclosures that Privia has made of your PHI. This accounting will list the disclosures that we have made of your PHI but will not include disclosures made for the purposes of treatment, payment, health care operations, disclosures required by law, and certain other disclosures (such as any you asked us to make). Your request must be in writing and state the time period for which you want the accounting (not to exceed six (6) years prior to the date you make the request). Privia will provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within twelve (12) months. Privia will notify you of the costs involved with any additional request and you may withdraw your request before you incur any costs.
        5. Requests for Restrictions. You have the right to request that Privia not use or share your PHI for treatment, payment, or health care operations. We are not required to agree to your request, and we may say “no” if we believe it might affect your care. If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. In that case, we will approve your request unless a law requires us to share that information.
        6. Health Information Exchange Opt-Out. You have the right to opt-out of disclosure of your medical records to or via an electronic health information exchange (“HIE”) (For example, Surescripts, Commonwell, ConnectVirginia and/or the Chesapeake Regional Information System for our Patients, Inc. (“CRISP”)). However information that is sent to or via an HIE prior to processing your opt-out may continue to be maintained by and be accessible through the HIE. You must opt out of disclosures to or via an HIE through each of your individual treating providers who may participate in any given HIE. See I. USING TECHNOLOGY TO IMPROVE HEALTHCARE below for more information regarding HIE.
        7. Right to Receive a Notice of a Breach of Unsecured Medical/Billing Information. You have the right to receive prompt notice in writing of a breach of your PHI that may have compromised the privacy or security of your information.
        8. Right to a Paper Copy of This Notice. You have the right to receive a paper copy of this notice at any time even if you have agreed to receive the notice electronically. You may also obtain a copy of this notice at our website: http://www.priviahealth.com/HIPAA.
        9. Right to File a Complaint. If you believe your rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services (“HHS”), Office for Civil Rights, 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

H. ADDITIONAL INFORMATION

        1. Portal and Other Patient Electronic Correspondence. Privia may use and disclose your PHI through various secure patient portals that allow you to view, download and transmit certain medical and billing information and communicate with certain health care providers in a secure manner when using the portal. For more information on the Privia patient portal, please visit our website at http://www.priviahealth.com/signin.html.
        2. Your Contact Information: Home and Email Addresses/Phone Numbers. If you provide us with a home or email address, home/work/cell telephone number, or other contact information during any registration or administrative process we will assume that the information you provided us is accurate and that you consent to our use of this information to communicate with you about your treatment, payment for service and health care operations. You are responsible to notify us of any change of this information. Privia reserves the right to utilize third parties to update this information for our records as needed.
        3. Email or Downloading PHI. If you email us medical or billing information from a private email address (such as a Yahoo, Gmail, etc. account), your information will not be encrypted unless you use a secure messaging portal to send it to us. If you request that Privia email your PHI to a private email address, we send it in an encrypted manner unless you request otherwise. If you request us to post your information in drop-boxes, on flash drives, CDs, etc., your information may not be secure. Privia is not responsible for the privacy or security of your PHI if you request that we send it to you in an unsecured manner or download or post it on a drop-box, flash drive, CD or other unsecure medium. In addition, Privia is not responsible if your PHI is redisclosed, damaged, altered or otherwise misused by an authorized recipient. In addition, if you share an email account with another person (for example, your spouse/partner/roommate) or choose to store, print, email, or post your PHI, it may not be private or secure.
        4. Sensitive Health Information. Federal and state laws provide special protection for certain types of health information, including psychotherapy notes, information about substance use disorders and treatment, mental health and AIDS/HIV or other communicable diseases, and may limit whether and how we may disclose information about you to others.
        5. Substance Use Disorder Records and Information. The confidentiality of patient records maintained by federally assisted substance use disorder rehabilitation programs is protected by Federal law and regulations. Generally, such programs may not disclose any information that would identify an individual as having or being treated for a substance use disorder unless:
          • the individual consents in writing;
          • the disclosure is allowed by a court order;
          • the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation; or
          • as otherwise permitted by law.

          Violation of these laws and regulations is a crime. Suspected violations may be reported to appropriate authorities in accordance with Federal regulations. Federal law and regulations do not protect any information about a crime committed by a patient either at the program or against any person who works for the program or about any threat to commit such a crime. Federal laws and regulations do not prevent any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.

        6. Consent to Disclose Sensitive Health and Substance Use Disorder Information. During the registration process, you consent to the release of federally assisted substance use disorder information, information regarding treatment of communicable diseases and mental health information. If you do not wish for this information to be disclosed, you must notify us in writing.
        7. Incidental Disclosures. Despite our efforts to protect your privacy, your PHI may be overheard or seen by people not involved in your care. For example, other individuals at your provider’s office could overhear a conversation about you or see you getting treatment. Such incidental disclosures are not a violation of HIPAA.
        8. Business Associates. Your PHI may be disclosed to individuals or entities who provide services to or on behalf of Privia. Pursuant to HIPAA, Privia requires these companies sign business associate or confidentiality agreements before we disclose your PHI to them. However, Privia generally does not control the business, privacy, or security operations of our business associates.
        9. Authorization for Other Uses and Disclosures. Privia will obtain your written authorization for uses and disclosures that are not identified by this notice or otherwise required or permitted by applicable law. Any authorization you provide regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. However, your revocation will not affect actions we have already taken; in other words, we are unable to take back any disclosures of PHI we have already made.

I. USING TECHNOLOGY TO IMPROVE HEALTHCARE

Health Information Exchange (HIE) enables your healthcare providers to quickly and securely share your health information electronically among a network of healthcare providers, including physicians, hospitals, laboratories and pharmacies. Your health information is transmitted securely and only authorized healthcare providers with a valid reason may access your information.

How does HIE Help You?

Improved access to information will enable us to provide better care for our patients.

        • Improved Care – Access to information about your health history and medical care gives your healthcare provider a more complete picture of your overall health. This can help your provider make better decisions about your care. The information may also prevent you from having repeat tests, saving you time, money and worry.
        • Emergency Treatment – In an emergency, your providers may immediately check to see if you have allergies, health problems, test results, medications or previous concerns that may help them provide you with emergency care.
        • Helps to Protect Privacy and Information Security – By sharing information electronically through a secure system, the risk that your paper or faxed records will be misused or misplaced is reduced.

How does HIE help protect your medical information and keep it secure?

Privia is committed to protecting the privacy and security of your health information, including the sharing and accessing of your information through HIE.

        • Every HIE and its participants must protect your private medical information under HIPAA law, as well as applicable state laws and regulations.
        • Information shared via HIE is encrypted, meaning it can be accessed only by authorized users. This prevents hackers from accessing your information.
        • Every individual who can access your information must have their own user name and password and must receive training before they can access your information.
        • The HIE records every time someone accesses your information. Upon request, the HIE can track who accessed your information and provide a report to the Privia Privacy Officer.

What HIEs does Privia participate in?

Privia participates in a number of HIEs, including, but not limited to, Surescripts, Commonwell, ConnectVirginia and CRISP. (Note: This list is subject to change.)

You have choices about participating in HIE.

Privia recognizes you have certain rights related to how we share your information. You have the following choices:

Choice 1: Say Yes. No further action needed.

If you agree to have your medical information shared through HIE and you have a current Authorization and Consent to Treat form on file, you do not need to do anything. By signing the form, you have granted us permission to share your health information to HIE.

Choice 2: Say No Thanks. Follow the Instructions on the HIE Opt-Out Form.

We recognize your right to choose not to participate in HIE, also referred to as opting-out. If you decide to opt-out of HIE, healthcare providers will not be able to access your health information through HIE. You should understand that providers may still request and receive your medical information from other providers using other methods permitted by law, such as fax, mail or other electronic communication.

If you want to opt-out of participating in HIE, please follow the appropriate procedure as outlined on the Privia HIE Opt-Out Request Form and/or contact the HIE directly. You may download and print the form on your computer or ask for a copy at any Privia care center location. Please read the Opt-Out Request Form carefully and follow the instructions on the form to opt out of HIE.

Please note, your opt-out does not affect health information that was disclosed through HIE prior to the time that you opted out.

Choice 3: You can change your mind at any time.

You can consent today to the sharing of your information via HIE and change your mind later by following the instructions on the opt-out form described under Choice 2.

You can opt out of HIE today and change your mind later by submitting a Privia HIE Reinstatement of Participation Form or, in certain cases, by contacting the HIE directly. The reinstatement form is available to download and print on your computer or you may ask for a copy of the form at any Privia care center location. Please follow the instructions on the form to opt back in to HIE.

If you have any questions about HIE or for more information, please email us at Privacy@PriviaHealth.com or call the Privia Privacy Officer at (571) 317-0679.

J. CHANGES TO THIS NOTICE.

Privia reserves the right to change this Notice at any time. Privia reserves the right to make the revised or changed Notice effective for medical information we already have about you, as well as for any information we receive in the future. Privia will post the current Notice at registration sites throughout Privia and on our website at http://www.priviahealth.com/HIPAA.

K. CONTACT INFORMATION.

If you have any questions about this Notice or wish to file a privacy complaint, please contact:

Privacy Officer
950 N Glebe Rd, Suite 4000
Arlington, VA 22203
(571) 317-0679
compliance@priviahealth.com

Privia Notice of Privacy Practices
Effective: December 2016

PMG Care Centers
Financial Policy and Notice of Privacy Practices