HIPAA Regulations

1. What is HIPAA?

Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) was enacted to improve the efficiency and effectiveness of the health care system through the establishment of standards and requirements for the electronic transmission of certain health information. To achieve that end, HIPAA requires the Secretary of the U.S. Department of Health and Human Services (“Secretary”) to issue a set of interlocking regulations establishing standards and protections for the health industry (collectively, the “HIPAA Standards”). The HIPAA Standards apply to Covered Entities which are defined as health plans, health care clearing houses and those health care providers who transmit any health information in electronic form in connection with certain administrative and billing transactions.

On December 28, 2000, the Secretary published a final rule setting forth standards for the privacy of individually identifiable health information (“Protected Health Information”) maintained by Covered Entities (“Privacy Standards”). This rule was subsequently revised on August 14, 2002. In addition, on August 12, 1998, the Secretary issued a final (February 20, 2003) rule setting forth standards relating to the security of health information and the use of electronic signatures by Covered Entities (“Security Standards”).

2. Notice of HIPAA Privacy Practices.


I. We May Use or Disclose Your Health Information for Purposes of Treatment, Payment or Healthcare Operations without Obtaining Your Prior Authorization and Here is One Example of Each:

1) We may provide your Health Information to health care professionals including doctors, nurses and technicians — for purposes of providing you with care.
2) Our billing department may access your information and send relevant parts to other insurance companies to allow us to be paid for the services we render to you.
3) We may access or send your information to our attorneys or accountants in the event we need the information in order to address one of our own business functions.

II. We May Also Use or Disclose Your Health Information Under the Following Circumstances without Obtaining Your Prior Authorization:

1) To Notify and/or Communicate with your Family. Unless you tell us you object, we may use or disclose your Health Information in order to notify your family or assist in notifying your family, your personal representative or another person responsible for your care about your location, your general condition or in the event of your death. If you are unable or unavailable to agree or object, our health professionals will use their best judgment in any communications with your family and others.
2) As Required by Law.

• For Public Health Purposes: We may use or disclose your health information to provide information to state or federal public health authorities, as required by law to prevent or control disease, injury or disability; to report child abuse or neglect; report domestic violence; report to the Food and Drug Administration problems with products and reactions to medications; and report disease or infection exposure.
• For Health Oversight Activities: We may use or disclose your health information to health agencies during the course of audits, investigations, certification and other proceedings.
• In Response to Subpoenas or for Judicial and Administrative Proceedings. We may use or disclose your health information in the course of any administrative or judicial proceeding. However, in general, we will attempt to ensure that you have been made aware of the use or disclosure of your health information prior to providing it to another person.
• To Law Enforcement Personnel. We may use or disclose your health information to a law enforcement official to identify or locate a suspect, fugitive, material witness or missing person, comply with a court order or subpoena and other law enforcement purposes.
• To Coroners or Funeral Directors. We may use or disclose your health information for purposes of communicating with coroners, medical examiners and funeral directors.
• For Purposes of Organ Donation. We may use or disclose your health information for purposes of communicating to organizations involved in procuring, banking or transplanting organs and tissues.
• For Public Safety. We may use or disclose your health information in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
• To Aid Specialized Government Functions. If necessary, we may use or disclose your health information for military or national security purposes.
• For Worker’s Compensation. We may use or disclose your health information as necessary to comply with worker’s compensation laws.
• To Correctional Institutions or Law Enforcement Officials, if you are an inmate.

III. For All Other Circumstances, We May Only Use or Disclose Your Health Information After You Have Signed an Authorization. If you authorize us to use or disclose your Health Information for another purpose, you may revoke your authorization in writing at any time.

IV. You Should Be Advised that We May Also Use or Disclose Your Health Information for the Following Purposes:

1) Appointment Reminders. We may use your health information in order to contact you to provide appointment reminders or to give information about other treatments or health-related benefits and services that may be of interest to you.
2) Change of Ownership. In the event that our entity is sold or merged with another organization, your health information/record will become the property of the new owner.
3) Providing Information to Our Plan Sponsor [If a Health Plan]. We may disclose your health information to our plan sponsor.

V. Your Rights

1) You have the right to request restrictions on the uses and disclosures of your health information. However, we are not required to comply with your request.
2) You have the right to receive your health information through confidential means through a reasonable alternative means or at an alternative location.
3) You have the right to inspect and copy your health information. We may charge you a reasonable cost-based fee to cover copying, postage and/or preparation of a summary.
4) You have a right to request that we amend your health information that is incorrect or incomplete. We are not required to change your health information and will provide you with information about our denial and how you can disagree with the denial.
5) You have a right to receive an accounting of disclosures of your health information made by us, except that we do not have to account for disclosures: authorized by you; made for treatment, payment, health care operations; provided to you; provided in response to an authorization; made in order to notify and communicate with family; and/or for certain government functions, to name a few.
6) You have a right to a paper copy of this Notice of Privacy Practices. If you would like to have a more detailed explanation of these rights or if you would like to exercise one or more of these rights, contact us.

Our Duties:
7) We are required by law to maintain the privacy of your health information [and to provide you with a copy of this Notice.]8) We are also required to abide by the terms of this Notice.
9) We reserve the right to amend this notice at any time in the future and to make the new notice provisions applicable to all your health information even if it was created prior to the change in the notice. If such amendment is made, we will immediately display the revised notice at our office and provide you with a copy of the amended notice. We will also provide you with a copy, at any time, upon request.

VI. Complaints to the Government.

You may make complaints to the Secretary of the Department of Health and Human Services (DHHS) if you believe your rights have been violated.
We promise not to retaliate against you for any complaint you make to the government about our privacy practices.

VII. Contact Information.

You may contact us about our privacy practices by calling the Privacy Officer,
Chang Hee Kim, L.Ac., Director of Clinical Operations
Virginia University of Integrative Medicine
9401 Mathy Drive Suite 100 • Fairfax, VA 22031
Phone No. (703) 323-5691 • Fax No. (703) 323-5692

You may contact the DHHS at:
U.S. Department of Health & Human Services
200 Independence Avenue
S.W. Washington, D.C. 20201

Telephone: 202-619-0257
Toll Free: 1-877-696-6775

3. What does VUIM clinic do?

-The review and revision of policies and procedures as needed.
-The creation of new policies to support the process changes needed.
-The education of employees on HIPAA.
-The review of our computer systems to ensure security of patient information.
-The review of our process for transmitting electronic data for payment purposes.

4. For more information please download and read our HIPAA handbook.