Sarah Casey Performance Physical Therapy, LLC

Notice of Privacy Practices

Effective Date: 06/01/23

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.

If you have any questions about this notice, please contact our privacy officer: Sarah Casey, PT, DPT

622 New Loudon Rd.

Latham, NY 12110

518-765-7377

1. Summary of Rights and Obligations Concerning Health Information. Sarah Casey Performance Physical Therapy, LLC is committed to preserving the privacy and confidentiality of your health information, which is required

both by federal and state law. We are required by law to provide you with this notice of our legal duties, your rights, and our privacy practices, with respect to using and disclosing your health information that is created or retained by Sarah Casey Performance Physical Therapy, LLC. Each time you visit us, we make a record of your visit. Typically, this record contains your symptoms, examination and test results, our assessment of your condition, a record of your treatment interventions, and a plan for future care or treatment. We have an ethical and legal obligation to protect the privacy of your health information, and we will only use or disclose this information in limited circumstances. In general, we may use and disclose your health information to:

• plan your care and treatment;

• provide treatment by us or others;

• communicate with other providers such as referring physicians; • receive payment from you, your health plan, or your health insurer; • make quality assessments and work to improve the care we render and the outcomes we achieve, known as health care operations; • make you aware of services and treatments that may be of interest to you; and

• comply with state and federal laws that require us to disclose your health information.

We may also use or disclose your health information where you have authorized us to do so. Although your health record belongs to Sarah Casey Performance Physical Therapy, LLC the information in your record belongs to you. You have the right to:

• ensure the accuracy of your health record;

• request confidential communications between you and your physician and request limits on the use and disclosure of your health information; and

• request an accounting of certain uses and disclosures of health information we have made about you.

We are required to:

• maintain the privacy of your health information;

• provide you with notice, such as this Notice of Privacy Practices, as to our legal duties and privacy practices with respect to information we collect and maintain about you;

• abide by the terms of our most current Notice of Privacy Practices; • notify you if we are unable to agree to a requested restriction; and • accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations.

We reserve the right to change our practices and to make the new provisions effective for all your health information that we maintain.

Should our information practices change, a revised Notice of Privacy Practices will be available upon request. If there is a material change, a revised Notice of Privacy Practices will be distributed to the extent required by law. We will not use or disclose your health information without your authorization, except as described in our most current Notice of Privacy Practices. In the following pages, we explain our privacy practices and your rights to your health information in more detail.

2. We may use or disclose your medical information in the following ways:

Treatment. We may use and disclose your protected health information to provide, coordinate and manage your rehab care. That may include consulting with other health care providers about your health care or referring you to another health care provider for treatment including physicians, nurses, and other health care providers involved in your care. For example, we may we will release your protected health information to a specialist to whom you have been referred to ensure that the specialist has the necessary information he or she needs to diagnose and/or treat you.

Payment. We may use and disclose your health information so that we may bill and collect payment for the services that we provided to you. For example, we may contact your health insurer to verify your eligibility for benefits, and may need to disclose to it some details of your medical condition or expected course of treatment. We may use or disclose your information so that a bill may be sent to you, your health insurer, or a family member. The information on or accompanying the bill may include information that identifies you and your diagnosis, as well as services rendered, any procedures performed, and supplies used. If, however, you pay cash at the time of service, we will not disclose your protected health information to your health plan or any other responsible payer unless you sign an authorization for us to do so. If we agree to await payment from your health plan or put you on a payment plan, we may provide health information to a collection agency, small claims court or other court of competent jurisdiction in the event your claims for our services are not paid within 90 days and you have not made alternative payment arrangements with us.

Health Care Operations. We may use and disclose your health information to assist in the operation of our practice. For example, we may use information in your health record to assess the care and outcomes in your case and others like it as part of a continuous effort to improve the quality and effectiveness of the healthcare and services we provide. We may use and disclose your health information to conduct cost-management and business planning activities for our practice.

Students. Student/interns in rehabilitation or health service-related programs work in our facility from time to time to meet their educational requirements or to get health care experience. These students may observe or participate in your treatment or use your health information to assist in their training. You have the right to refuse to be examined, observed, or treated by any student or intern. If you do not want a student or intern to observe or participate in your care, please notify your provider.

Business Associates. Sarah Casey Performance Physical Therapy, LLC sometimes contracts with third-party business associates for services. Examples include answering services, transcriptionists, billing services, consultants, and legal counsel. We may disclose your health information to our business associates so that they can perform the job we have asked them to do. To protect your health information, however, we require our business associates to appropriately safeguard your information.

Appointment Reminders. We may use and disclose Information in your medical record to contact you as a reminder that you have an appointment. We usually will call you at home the day before your appointment and leave a message for you on your answering machine or with an individual who responds to our telephone call. However, you may request that we call you only at a certain number or that we refrain from leaving messages and we will endeavor to accommodate all reasonable requests.

Treatment Options. We may use and disclose your health information in order to inform you of alternative treatments.

Release to Family/Friends. Our staff, using their professional judgment, may disclose to a family member, other relative, close personal friend or any other person you identify, your health information to the extent it is

relevant to that person’s involvement in your care or for payment related to your care. We will provide you with an opportunity to object to such a disclosure whenever we practicably can do so. We may disclose the health information of minor children to their parents or guardians unless such disclosure is otherwise prohibited by law. However, please note that state law may prohibit us from disclosing medical information to a parent or guardian at the child’s request if the child is of a certain age.

Health-Related Benefits and Services. We may use and disclose health information to tell you about health-related benefits or services that may be of interest to you. In face- to-face communications, such as appointments with your provider, we may tell you about other products and services that may be of interest to you.

Newsletters and Other Communications. We may use your personal information in order to communicate to you via newsletters (including electronic newsletters – subject to applicable anti-spam laws), mailings, or other means regarding treatment options, health related information, disease management programs, wellness programs, or other community based initiatives or activities in which our practice is participating.

Disaster Relief. We may disclose your health information in disaster relief situations where disaster relief organizations seek your health information to coordinate your care, or notify family and friends of your location and condition. We will provide you with an opportunity to agree or object to such a disclosure whenever we practicably can do so.

Marketing. In most circumstances, we are required by law to receive your written authorization before we use or disclose your health information for marketing purposes. However, we may provide you with promotional gifts

of nominal value and market services or products to you in face-to-face communications. Under no circumstances will we sell our patient lists or your health information to a third party without your written authorization.

Public Health Activities. We may disclose medical information about you for public health activities. These activities generally include the following: • licensing and certification carried out by public health authorities; • prevention or control of disease, injury, or disability;

• reports of births and deaths;

• reports of child abuse or neglect;

• notifications to people who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; • organ or tissue donation; and

• notifications to appropriate government authorities if we believe a patient has been the victim of abuse, neglect, or domestic violence. We will make this disclosure when required by law, or if you agree to the disclosure, or when authorized by law and in our professional judgment disclosure is required to prevent serious harm.

Food and Drug Administration (FDA). We may disclose to the FDA and other regulatory agencies of the federal and state government health information relating to adverse events with respect to food, supplements, products and product defects, or post-marketing monitoring information to enable product recalls, repairs, or replacement.

Workers Compensation. We may disclose your health information to the extent authorized by and to the extent necessary to comply with laws relating to workers’ compensation or other similar programs established by law.

Law Enforcement. We may release your health information: • in response to a court order, subpoena, warrant, summons, or similar process of authorized under state or federal law;

• to identify or locate a suspect, fugitive, material witness, or similar person;

• about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;

• about a death we believe may be the result of criminal conduct; • about criminal conduct at Sarah Casey Performance Physical Therapy, LLC • to coroners or medical examiners;

• in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime;

• to authorized federal officials for intelligence, counterintelligence, and other national security authorized by law; and

• to authorized federal officials so they may conduct special investigations or provide protection to the President, other authorized persons, or foreign heads of state.

De-identified Information. We may use your health information to create "deidentified" information or we may disclose your information to a business associate so that the business associate can create de-identified information on our behalf. When we "de-identify" health information, we

remove information that identifies you as the source of the information. Health information is considered "de- identified" only if there is no reasonable basis to believe that the health information could be used to identify you.

Personal Representative. If you have a personal representative, such as a legal guardian, we will treat that person as if that person is you with respect to disclosures of your health information. If you become deceased, we may disclose health information to an executor or administrator of your estate to the extent that person is acting as your personal representative.

HLTV-III Test. If we perform the HLTV-III test on you (to determine if you have been exposed to HIV), we will not disclose the results of the test to anyone but you without your written consent unless otherwise required by law. We also will not disclose the fact that you have taken the test to anyone without your written consent unless otherwise required by law.

Limited Data Set. We may use and disclose a limited data set that does not contain specific readily identifiable information about you for research, public health, and health care operations. We may not disseminate the limited data set unless we enter into a data use agreement with the recipient in which the recipient agrees to limit the use of that data set to the purposes for which it was provided, ensure the security of the data, and not identify the information or use it to contact any individual.

3. Authorization for Other Uses of Medical Information. Uses of medical information not covered by our most current Notice of Privacy Practices or the laws that apply to us will be made only with your written authorization. You should be aware that we are not responsible for any further disclosures made by the party you authorize us to release information to. If you provide us with authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose medical information about you for the reasons covered by your written authorization, except to the extent that we have already taken action in

reliance on your authorization or, if the authorization was obtained as a condition of obtaining insurance coverage and the insurer has the right to contest a claim or the insurance coverage itself. We are unable to take back any disclosures we have already made with your authorization, and we are required to retain our records of the care that we provided to you.

4. Your Health Information Rights. You have the following rights regarding medical information we gather about you:

A. Right to Obtain a Paper Copy of This Notice. You have the right to a paper copy of this Notice of Privacy Practices at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy.

B. Right to Inspect and Copy. You have the right to inspect and copy medical information that may be used to make decisions about your care. This includes medical and billing records. To inspect and copy medical information, you must submit a written request to our privacy officer. We will supply you with a form for such a request. If you request a copy of your medical information, we may charge a reasonable fee for the costs of labor, postage, and supplies associated with your request. We may not charge you a fee if you require your medical information for a claim for benefits under the Social Security Act (such as claims for Social Security, Supplemental Security Income, and any other state or federal needs-based benefit program. If your medical information is maintained in an electronic health record, you also have the right to request that an electronic copy of your record be sent to you or to another individual or entity. We may charge you a reasonable cost-based fee limited to the labor costs associated with transmitting the electronic health record.

C. Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as we retain the information.

To request an amendment, your request must be made in writing and submitted to our privacy officer. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

• was not created by us, unless the person or entity that created the information is no longer available to make the amendment; • is not part of the medical information kept by or for Sarah Casey Performance Physical Therapy, LLC

• is not part of the information which you would be permitted to inspect and copy; or

• is accurate and complete.

If we deny your request for amendment, you may submit a statement of disagreement. We may reasonably limit the length of this statement. Your letter of disagreement will be included in your medical record, but we may also include a rebuttal statement.

D. Right to an Accounting of Disclosures. You have the right to request an accounting of disclosures of your health information made by us. In your accounting, we are not required to list certain disclosures, including: • disclosures made for treatment, payment, and health care operations purposes or disclosures made incidental

• to treatment, payment, and health care operations, however, if the disclosures were made through an electronic health record, you have the right to request an accounting for such disclosures that were made during the previous 3 years;

• disclosures made pursuant to your authorization;

• disclosures made to create a limited data set;

• disclosures made directly to you.

To request an accounting of disclosures, you must submit your request in writing to our privacy officer. Your request must state a time period which may not be longer than six years and may not include dates before June 01,

2023. Your request should indicate in what form you would like the accounting of disclosures (for example, on paper or electronically by e mail). The first accounting of disclosures you request within any 12-month period will be free. For additional requests within the same period, we may charge you for the reasonable costs of providing the accounting of disclosures. We will notify you of the costs involved and you may choose to withdraw or modify your request at that time, before any costs are incurred. Under limited circumstances mandated by federal and state law, we may temporarily deny your request for an accounting of disclosures.

E. Right to Request Restrictions. You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or health care operations. If you paid out-of-pocket for a specific item or service, you have the right to request that medical information with respect to that item or service not be disclosed to a health plan for purposes of payment or health care operations, and we are required to honor that request. You also have the right to request a limit on the medical information we communicate about you to someone who is involved in your care or the payment for your care.

Except as noted above, we are not required to agree to your request. If we do agree, we will comply with your request unless the restricted information is needed to provide you with emergency treatment. To request restrictions, you must make your request in writing to our privacy officer. In your request, you must tell us:

• what information you want to limit;

• whether you want to limit our use, disclosure, or both; and • to whom you want the limits to apply.

F. Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by e-mail. To request confidential communications, you must make your request in writing to your provider or our privacy officer. We will not ask you the reason for your request. We will accommodate all

reasonable requests. Your request must specify how or where you wish to be contacted.

G. Right to Receive Notice of a Breach. We are required to notify you by first class mail or by e-mail (if you have indicated a preference to receive information by e-mail), of any breaches of Unsecured Protected Health Information as soon as possible, but in any event, no later than 60 days following the discovery of the breach. “Unsecured Protected Health Information” is information that is not secured through the use of a technology or methodology identified by the Secretary of the U.S. Department of Health and Human Services to render the Protected Health Information unusable, unreadable, and undecipherable to unauthorized users. The notice is required to include the following information: • a brief description of the breach, including the date of the breach and the date of its discovery, if known;

• a description of the type of Unsecured Protected Health Information involved in the breach;

• steps you should take to protect yourself from potential harm resulting from the breach;

• a brief description of actions we are taking to investigate the breach, mitigate losses, and protect against further breaches;

• contact information, including a toll-free telephone number, e-mail address, Website or postal address to permit you to ask questions or obtain additional information. In the event the breach involves 10 or more patients whose contact information is out of date we will post a notice of the breach on the home page of our Web site or in a major print or broadcast media. If the breach involves more than 500 patients in the state or jurisdiction, we will send notices to prominent media outlets. If the breach involves more than 500 patients, we are required to immediately notify the Secretary. We also are required to submit an annual report to the Secretary of a breach that involved less than 500 patients during the year and will maintain a written log of breaches involving less than 500 patients.

5. Complaints. If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the U.S. Department

of Health and Human Services, 200 Independence Ave, S.W., Washington, D.C. 20201. To file a complaint with us, contact our privacy officer at the address listed above. All complaints must be submitted in writing and should be submitted within 180 days of when you knew or should have known that the alleged violation occurred. See the Office for Civil Rights website, www.hhs.gov/ocr/hipaa/ for more information. You will not be penalized for filing a complaint.

Follow Us On Social Media

Stay In The Know

Connect With Us