HIPAA stands for the Health Insurance Portability and Accountability Act. This act, approved by Congress in 1996, provides patients with uniform access to their medical records and more control over how their personal health information is used and disclosed. It also requires health care providers to safeguard the security and confidentiality of medical records. Full information about the Act is provided on the US Department of Health & Human Services web site.
Buckingham Pediatrics P.C. has taken all required steps to be in compliance with HIPAA regulations. We have adopted a privacy plan and trained our employees on its procedures. We have identified an employee who is responsible for ensuring that the procedures are implemented and up-to-date with current regulations. We have adopted an Electronic Medical Records (EMR) system that is certified in compliance with the Act. In short, we take our obligations very seriously.
An important aspect of HIPAA is patient notification. When you first visit our offices, you will be asked to read and acknowledge receiving a copy of the following guidelines. You can also download a copy to your computer at any time. Please read them carefully and feel free to ask any questions about how your child’s medical records will be maintained.
Notice of Privacy Policies and Practices (effective January 1, 2011)
Buckingham Pediatrics, P.C. is committed to protecting our patients’ privacy. The confidentiality of our patients is of greatest concern to our physician and employees alike. This notice details how our practice collects, handles, and protects personal information about our patients. This policy will be distributed to all patients and will also be available for viewing at our web site. We will review this policy on an annual basis and monitor our compliance with this policy. Should it be necessary to revise this policy more often due to circumstances, we will do so in a timely fashion.
Information we collect and maintain
We collect non-public personal information about:
- Past medical history
- Review of Systems
- History of the present illness/complaint
- Family and social history
- Medications and allergies
- Insurance and billing information
- Patient demographics
How we protect your information
Our staff is trained to adhere to the following privacy measures with regards to Protected Health Information (PHI):
- There are only three (3) reasons why an employee needs to access a patient’s chart or computer information: to treat or care for the patient, to process billing for services, or to respond to a medical records request.
- Patient medical information is located out of the patient flow area. Patients do not have access to this area.
- Confidential patient information is not placed anywhere but in the patient’s chart.
- Employees will not discuss any patient in a public area. We will not make inquiries or access the chart of a friend or relative out of curiosity unless we have permission of the patient.
- Pennsylvania State Immunization Information Systems (PA-SIIS) – This central repository of immunization records is maintained by the Department of Health. Access is restricted to authorized healthcare workers with a demonstrated need to know your vaccination history.
- Doylestown Clinical Network (DCN) – This database was created by all the physicians in the Doylestown community who have some category of membership on the Medical Staff of Doylestown Hospital. It consists of patient medical records from participating practices in the Doylestown community. The only physicians allowed to access your records are those who are currently treating you. The DCN is designed to enhance the quality of care provided to you and reduce the risk that you will be prescribed inappropriate or excess medications.
PHI disclosures to the DCN are limited to clinical information such as allergies, medications, problems, and lab results, so it will be available to any physician member of the DCN who is treating you. This information is available to participating referring physicians and clinicians at any time they are providing you with care and/or in the event of an emergency visit to Doylestown Hospital.
Information we may disclose and purpose
Except as described above, no PHI will be released without proper consent from the patient or parent or guardian of the minor patient, unless the request is during an emergency. Occasions for release of PHI are the following:
- Workman’s compensation – The patient signs a record release at the time of the visit, as the chart notes must accompany the insurance billing.
- Legal pursuit – Attorney request (also includes medical record service) or subpoena
- Patient request – Moving or transferring records to another physician
- Disability Documentation
- Auto Accident
- Insurance company chart audit
- Driver’s Form
- Insurance Claim adjudication
Patient’s rights
Our patients have the following rights to privacy and respect regarding their personal information:
- The right to access and copy health records with reasonable notice.
- The right to request amendment or correction.
- The right to an accounting of disclosures.
- The right to specify how confidential information is communicated.
- The right to request restriction on how health information is disclosed or used.
- The right to file a complaint if they believe that our safeguards and procedures have not been followed.
Any privacy issue complaints should be directed to the Privacy Officer. If satisfaction is not received, the patient may notify the Department of Health & Human Services.