TMC is pleased to provide an example of an updated NPP, which includes verbiage required by  the recently published Omnibus HIPAA Rules. Please review the NPP carefully to ensure it  reflects the current process of your facility. This NPP can be located in electronic format on our  website in the Client Portal under HIPAA Forms. 

∙ Be sure to insert the name of your practice or facility. 

∙ Contact information of the Privacy Officer should be included. The actual name of the  person can be included, but PRIVACY OFFICER and contact information is sufficient. The  rationale behind not including the actual name of the person is that if they should leave  your organization, the NPP would need to be updated to include the current person  holding the title. 

∙ The effective date is the original date your facility adopted a NPP, which for many will  be the April 2003 date. The revision date is the date you adopt the updated Notice. 

∙ Review these pages carefully deleting any activities in which your facility does not  participate, for instance fundraising activities, or providing appointment reminders. ∙ On page 4 in the section which outlines disclosures requiring a signed authorization,  carefully review the definition of psychotherapy notes. If your facility does not create or  receive this type of protected health information you may delete this statement from  your Notice. The statement about marketing and disclosures for sale of PHI must  remain. 

Providing the updated Notice of Privacy Practices 

∙ Direct care providers are not required to print and hand out a revised NPP to all  individuals seeking treatment. Providers are only required to give a copy of the NPP to,  and obtain a good faith acknowledgment of receipt from, NEW patients. 

Posting of the updated Notice of Privacy Practices 

∙ Providers must post the revised NPP in a clear and prominent location and have copies  of the NPP at the delivery site for individuals to request to take with them. ∙ Health care providers are required to post the NPP in a clear and prominent location at  the delivery site, however providers may post a summary of the Notice in such a  location as long as the full notice is immediately available (such as on a table directly  under the posted summary) for individuals to pick up without any additional burden on  their part. It would not be appropriate, however, to require the individual to have to ask  the receptionist for a copy of the full NPP. 

∙ If the facility has a website, the updated NPP must be posted on the website.

[David B Gaddis, DDS PA]

Notice of Privacy Practices 

This notice describes how medical information about you may be used and disclosed and how you can  get access to this information. Please review it carefully.  

If you have any questions about this Notice please contact the Privacy Officer. [Privacy Officer 828 464 1732] 

Effective Date: February 9, 2004 Revised: June 1, 2013 

We are committed to protect the privacy of your personal health information (PHI). 

This Notice of Privacy Practices (Notice) describes how we may use within our practice or network and  disclose (share outside of our practice or network) your PHI to carry out treatment, payment or health  care operations. We may also share your information for other purposes that are permitted or required  by law. This Notice also describes your rights to access and control your PHI. 

We are required by law to maintain the privacy of your PHI. We will follow the terms outlined in this  Notice.  

We may change our Notice, at any time. Any changes will apply to all PHI. Upon your request, we will  provide you with any revised Notice by: 

∙ Posting the new Notice in our office. 

∙ If requested, making copies of the new Notice available in our office or by mail. ∙ Posting the revised Notice on our website: 

Uses and Disclosures of Protected Health Information

We may use or disclose (share) your PHI to provide health care treatment for you.  

Your PHI may be used and disclosed by your physician, our office staff and others outside of our  office that are involved in your care and treatment for the purpose of providing health care  services to you.  

EXAMPLE: Your PHI may be provided to a physician to whom you have been referred for  evaluation to ensure that the physician has the necessary information to diagnose or treat you.  We may also share your PHI from time-to-time to another physician or health care provider  (e.g., a specialist or laboratory) who, at the request of your physician, becomes involved in your  care by providing assistance with your health care diagnosis or treatment to your physician.  

We may also share your PHI with people outside of our practice that may provide medical care  for you such as home health agencies.

We may use and disclose your PHI to obtain payment for services. We may provide your PHI to others  in order to bill or collect payment for services. There may be services for which we share information  with your health plan to determine if the service will be paid for. 

PHI may be shared with the following: 

∙ Billing companies 

∙ Insurance companies, health plans 

∙ Government agencies in order to assist with qualification of benefits 

∙ Collection agencies 

EXAMPLE: You are seen at our practice for a procedure. We will need to provide a listing of services  such as x-rays to your insurance company so that we can get paid for the procedure. We may at  times contact your health care plan to receive approval PRIOR to performing certain procedures to  ensure the services will be paid for. This will require sharing of your PHI. 

We may use or disclose, as-needed, your PHI in order to support the business activities of this practice  which are called health care operations.  


∙ Training students, other health care providers, or ancillary staff such as billing personnel to  help them learn or improve their skills. 

∙ Quality improvement processes which look at delivery of health care and for improvement  in processes which will provide safer, more effective care for you. 

∙ Use of information to assist in resolving problems or complaints within the practice. We may use and disclosure your PHI in other situations without your permission: 

∙ If required by law: The use or disclosure will be made in compliance with the law and will be  limited to the relevant requirements of the law. For example, we may be required to report  gunshot wounds or suspected abuse or neglect. 

∙ Public health activities: The disclosure will be made for the purpose of controlling disease,  injury or disability and only to public health authorities permitted by law to collect or  receive information. We may also notify individuals who may have been exposed to a  disease or may be at risk of contracting or spreading a disease or condition. 

∙ Health oversight agencies: We may disclose protected health information to a health  oversight agency for activities authorized by law, such as audits, investigations, and  inspections. Oversight agencies seeking this information include government agencies that  oversee the health care system, government benefit programs, other government  regulatory programs and civil rights laws.  

∙ Legal proceedings: To assist in any legal proceeding or in response to a court order, in  certain conditions in response to a subpoena, or other lawful process. 

∙ Police or other law enforcement purposes: The release of PHI will meet all applicable legal  requirements for release.

∙ Coroners, funeral directors: We may disclose protected health information to a coroner or  medical examiner for identification purposes, determining cause of death or for the coroner  or medical examiner to perform other duties authorized by law 

∙ Medical research: We may disclose your protected health information to researchers when  their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health  information. 

∙ Special government purposes: Information may be shared for national security purposes, or  if you are a member of the military, to the military under limited circumstances. ∙ Correctional institutions: Information may be shared if you are an inmate or under custody  of law which is necessary for your health or the health and safety of other individuals. ∙ Workers’ Compensation: Your protected health information may be disclosed by us as  authorized to comply with workers’ compensation laws and other similar legally-established  programs.  

Other uses and disclosures of your health information. 

Business Associates: Some services are provided through the use of contracted entities called  “business associates”. We will always release only the minimum amount of PHI necessary so  that the business associate can perform the identified services. We require the business  associate(s) to appropriately safeguard your information. Examples of business associates  include billing companies or transcription services. 

Health Information Exchange: We may make your health information available electronically to  other healthcare providers outside of our facility who are involved in your care.  

Treatment alternatives: We may provide you notice of treatment options or other health related  services that may improve your overall health. 

Appointment reminders: We may contact you as a reminder about upcoming appointments or  treatment.  

We may use or disclose your PHI in the following situations UNLESS you object. 

∙ We may share your information with friends or family members, or other persons directly  identified by you at the level they are involved in your care or payment of services. If you  are not present or able to agree/object, the healthcare provider using professional  judgment will determine if it is in your best interest to share the information. For example,  we may discuss post procedure instructions with the person who drove you to the facility  unless you tell us specifically not to share the information. 

∙ We may use or disclose protected health information to notify or assist in notifying a family  member, personal representative or any other person that is responsible for your care of  your location, general condition or death. 

∙ We may use or disclose your protected health information to an authorized public or private  entity to assist in disaster relief efforts. 

The following uses and disclosures of PHI require your written authorization:

∙ Marketing 

∙ Disclosures of for any purposes which require the sale of your information 

All other uses and disclosures not recorded in this Notice will require a written authorization from you or your personal representative.

Written authorization simply explains how you want your information used and disclosed. Your written  authorization may be revoked at any time, in writing. Except to the extent that your doctor or this  practice has used or released information based on the direction provided in the authorization, no  further use or disclosure will occur. 

Your Privacy Rights

You have certain rights related to your protected health information. All requests to exercise your rights  must be made in writing. [Requests for written documents should be addressed to the Privacy Officer.] 

You have the right to see and obtain a copy of your protected health information. 

This means you may inspect and obtain a copy of protected health information about you that is  contained in a designated record set for as long as we maintain the protected health  information. If requested we will provide you a copy of your records in an electronic format.  There are some exceptions to records which may be copied and the request may be denied. We  may charge you a reasonable cost based fee for a copy of the records.  

You have the right to request a restriction of your protected health information. 

You may request for this practice not to use or disclose any part of your protected health  information for the purposes of treatment, payment or healthcare operations. We are not  required to agree with these requests. If we agree to a restriction request we will honor the restriction request unless the information is needed to provide emergency treatment. 

There is one exception: we must accept a restriction request to restrict disclosure of  information to a health plan if you pay out of pocket in full for a service or product unless it is  otherwise required by law. 

You have the right to request for us to communicate in different ways or in different locations. 

We will agree to reasonable requests. We may also request alternative address or other method  of contact such as mailing information to a post office box. We will not ask for an explanation  from you about the request. 

You may have the right to request an amendment of your health information.

You may request an amendment of your health information if you feel that the information is  not correct along with an explanation of the reason for the request. In certain cases, we may  deny your request for an amendment at which time you will have an opportunity to disagree. 

You have the right to a list of people or organizations who have received your health information from  us. 

This right applies to disclosures for purposes other than treatment, payment or healthcare  operations. You have the right to obtain a listing of these disclosures that occurred after April  14, 2003. You may request them for the previous six years or a shorter timeframe. If you request  more than one list within a 12 month period you may be charged a reasonable fee. 

Additional Privacy Rights

∙ You have the right to obtain a paper copy of this notice from us, upon request. We will  provide you a copy of this Notice the first day we treat you at our facility. In an emergency  situation we will give you this Notice as soon as possible. 

∙ You have a right to receive notification of any breach of your protected health information. Complaints

If you think we have violated your rights or you have a complaint about our privacy practices you can  contact: 

[Privacy Officer 828 464 1732] 

You may also complain to the United States Secretary of Health and Human Services if you believe your  privacy rights have been violated by us. 

If you file a complaint we will not retaliate against you for filing a complaint.  

This notice was published and becomes effective on April 13, 2003 or date practice adopted the Notice

©TMC all rights reserved