Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. Sterling Medical Group (“SMG”) and its affiliates and subsidiaries understand the importance of privacy, and are committed to maintaining the confidentiality of your medical information. We make a record of the medical care we provide, and may receive such records from others. We use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and as allowed by law to enable us to meet our professional and legal obligations to operate this medical practice properly.
We are required by law to provide you with this Notice explaining SMG’s Privacy Practices with regard to your medical information and how we may use and disclose your protected health information (“PHI”) for treatment, payment, and for health care operations, as well as for other purposes that are permitted or required by law. You have certain rights regarding the privacy of your protected health information and we also describe those rights in this Notice.
We are required by law to make sure that medical information about you is kept private. We are required to give you this Notice of our legal duties and privacy practices with respect to medical information about you. Each time you register for treatment, we will make available a copy of the current notice in effect. We are required to abide by the terms of the Notice currently in effect; and SMG reserves the right to change the provisions of our Notice and make new provisions effective for all PHI we maintain. We are required to obtain from you a written acknowledgment stating the receipt of this Notice. If SMG makes a material change to our Notice, we will post the changes promptly on our website at www.sterlingmedgroup.com.
What is protected health information?
PHI consists of individually identifiable health information, which may include demographic information SMG collects from you or creates or receives from a health care provider, a health plan, your employer or a health care clearinghouse and that relates to:
- your past, present or future physical or mental health or condition;
- the provision of health care to you; or
- the past, present or future payment for the provision of health care to you.
This Notice of Privacy Practices became effective on April 14, 2003 and was amended on March 14, 2014 and February 10, 2016.
Ways in which we may use and disclose your protected health information:
We will use and disclose your protected health information to provide, coordinate or manage your health care and any related services. We will also disclose your health information to other providers who may be treating you. Additionally we may from time to time disclose your health information to another provider who has been requested to be involved in your care. For example, we may share information about you with referring physicians, your primary care physician, a medical specialist or a pharmacy.
We may disclose protected health information (PHI) to your family member(s) or individuals identified by you, as long as the protected health information disclosed is relevant to the person’s involvement with your care or payment related to your health care.
Health care operations
We will use and disclose your protected health information to support the business activities of our facilities. For example, we may use medical information about you to review and evaluate our treatment and services or to evaluate our staff’s performance while caring for you. In addition, we may disclose your health information to third-party business associates who perform billing, consulting or transcription or other services for our facility.
Other ways we may use and disclose your protected health information:
As required by law
In certain situations, we may disclose your protected health information without your consent, authorization or the opportunity to agree or object, as required by applicable state and federal laws.
We may use and disclose protected health information to remind you about appointments. Telephone messages and appointment reminders may be left with the person answering your phone or on answering machines and voice mail systems, unless you have requested an alternative means of communication with us.
We may disclose your protected health information to our contracted business associates for the purpose of providing services, including our business associates that provide radiography, laboratory tests, billing clearinghouse services, or financial institutions providing financing or advance payment on medical claims related to your care in order that they perform their duties. SMG requires our business associates to appropriately safeguard your information.
Lawsuits and disputes
We may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain a court order protecting the information requested.
Health oversight activities
SMG and its associates may disclose protected health information without written authorization, to appropriate state or federal health authorities conducting public health investigations or interventions, and to the Food and Drug Administration for regulatory oversight. We will release your PHI and other required information in accordance with federal laws and regulations to the manufacturer (and the Food and Drug Administration, if applicable) of any medical device(s), you have implanted or explanted by SMG. This information may be used to locate you should there be a need with regard to such medical device(s).
Victims of abuse, neglect or domestic violence
When required by law or if you agree to the report and if we believe that you have been a victim of abuse, neglect or domestic violence, we may use and disclose your protected health information to notify a government agency.
To avert a serious threat to public health or safety
We may, consistent with applicable law and ethical standards, use or disclose protected health information (PHI) if SMG Associates, in good faith, believe such use and disclosure
- is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and the disclosure is to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat; or
- is necessary for law enforcement authorities to identify or apprehend an individual who
- has made a statement admitting participation in a violent crime that SMG Associates reasonably believes may have caused serious physical harm to the victim (provided that no disclosure may be made under this circumstance if the disclosure is made during the course of treatment to affect the propensity to commit the criminal conduct that is the basis for the disclosure, or actual counseling or therapy, or if the disclosure is made during a request to initiate such treatment); or
- escaped from a correctional institution or from lawful custody.
We may use or disclose your protected health information (PHI) when necessary to prevent a serious and imminent threat to your health or safety, or the health or safety of another person or the public. In such cases, we will only disclose your information with someone able to help prevent the threat or to law enforcement officers if you tell us that you participated in a violent crime that may have caused serious physical harm to another person, or if we determine that you escaped from lawful custody.
National security/intelligence activities/protective services/military and veterans
We may disclose your PHI to authorized government officials who are conducting national security and intelligence activities or providing protective services to the President of the United States or other officials. If you are a military personnel, we may disclose health information about you to appropriate military command authorities for activities they deem necessary to carry out their military mission.
Inmates and correctional institutions
If you are an inmate or you are in the lawful custody of a law enforcement officer, we may disclose your health information to the prison officers or law enforcement officers if necessary to provide you with health care, or to carry out activities to maintain safety, security and good order at the place where you are confined; including disclosing information that is necessary to protect the health and safety of other inmates or persons involved in supervising or transporting inmates.
We may use or disclose your protected health information as a research participant, which has been de-identified, and is in accordance with law; though, in most cases, we will ask for your written authorization as a research participant before your health information is used or disclosed to others, in order to conduct research.
In accordance with the law and only in certain circumstances; during the preparation of future research, we may also use or disclose your protected health information without your written authorization to determine if you are eligible to participate in a research study. If you are eligible for inclusion in a study, we will contact you to discuss your potential participation and the related consent process.
We may, without obtaining your authorization and so long as we do not receive payment from a third party for doing so: provide you with marketing materials in a face-to-face encounter, give you a promotional gift of nominal value, or tell you about our own health care products and services. We will ask your permission to use your health information for any other marketing activities.
We will use and disclose your protected health information for workers’ compensation or similar programs that provide benefits for work-related injuries or illness.
Uses and disclosures that require SMG to give the opportunity to object or opt-out:
Others involved in your care
We may provide relevant portions of your PHI to a family member, a relative, a close friend or any other person you identify as being involved in your medical care or payment for care. In an emergency or when you are not capable of agreeing or objecting to these disclosures, we will disclose PHI as we determine is in your best interest, but will tell you about it after the emergency, and give you the opportunity to object to future disclosures to family and friends.
Unless you object, we may use and disclose certain limited information about you in our directory while you are in our facilities. This information may include your name and your location within our facility, but will not include specific medical information about you and we may disclose directory information to people who ask for you by name.
Uses or disclosures not covered by this Notice:
Uses or disclosures of your health information not covered by this Notice or the laws that apply to us may only be made with your written authorization. You may revoke such authorization in writing at any time and we will no longer disclose health information about you for the reasons stated in your revocation. Disclosures made in reliance on the authorization prior to the revocation are not affected by the revocation.
Patient rights related to protected health information:
Although your health record is the physical property of the facility that compiled it, the information belongs to you. You have the right to:
Request an amendment
You have the right to request that we amend your medical information if you feel that it is incomplete or inaccurate. You must make this request in writing to the Medical Records Custodian, stating what information is incomplete or inaccurate and the reasoning that supports your request.
We are permitted to deny your request if it is not in writing or does not include a reason to support the request. We may also deny your request if:
- The information was not created by us, or the person who created it is no longer available to make the amendment.
- The information is not part of the record which you are permitted to inspect and copy.
- The information is not part of the designated record set kept by this facility or if it is the opinion of the health care provider that the information is accurate and complete.
You have the right to request a restriction of how we use or disclose your medical information for treatment, payment or health care operations. For example, you could request that we not disclose information about a prior treatment to a family member or friend who may be involved in your care or payment for care. Your request must be made in writing to the Medical Records Team. We are not required to agree to your request if we feel it is in your best interest to use or disclose that information. If we do agree, we will comply with your request except for emergency treatment.
As stated later in this Notice, under the Health Information Technology for Economic and Clinical Health Act (“HITECH”), if a patient pays in full for his or her services out of pocket they can demand that the information regarding the service not be disclosed to the patient’s third-party payer since no claim is being made against the third-party payer.
Inspect and copy
You have the right to inspect and copy the protected health information that we maintain about you in our designated record set for as long as we maintain that information. This designated record set includes your medical and billing records as well as any other records we use for making decisions about you. We may charge you a fee for the costs of copying, mailing or other supplies used in fulfilling your request.
If you wish to inspect or copy your medical information, you must submit your request in writing to SMG’s Medical Records Department:
Sterling Medical Group
Attention: Medical Records Custodian
1561 West Fairbanks Avenue, 3rd Floor
Winter Park, FL 32789
You may mail your request to the address listed or bring the request to the Executive Director at our facility. We will have thirty (30) days to respond to your request for information that we maintain at our facility. If the information is stored off-site, we are allowed up to sixty (60) days to respond but must inform you of this delay. As stated later, HITECH expands this right, giving individuals the right to access their own e-health record in an electronic format and to direct SMG to send the e-health record directly to a third party. SMG may only charge for labor costs under electronic transfers of e-health records.
An accounting of disclosures
You have the right to request a list of the disclosures of your health information we have made outside of our facility that were not for treatment, payment or health care operations. Your request must be in writing and must state the time period for the requested information. You may not request information for any dates prior to April 14, 2003, nor for a period of time greater than six (6) years (our legal obligation to retain information).
Your first request for a list of disclosures within a twelve (12) month period will be free. If you request an additional list within twelve (12) months of the first request, we may charge you a fee for the costs of providing the subsequent list. We will notify you of such costs and afford you the opportunity to withdraw your request before any costs are incurred.
Request confidential communications
You have the right to request how we communicate with you to preserve your privacy. For example, you may request that we call you only at your work number, email or by mail at a special address or postal box. Your request must be made in writing and must specify how or where we are to contact you. We will accommodate all reasonable requests.
File a complaint
If you believe we have violated your medical information privacy rights, you have the right to file a complaint with SMG which we recommend you do in writing. Provide as much detail as you can about the suspected violation and send to:
Sterling Medical Group
Attention: Hans Kennon, Esq
1561 West Fairbanks Avenue, 3rd Floor
Winter Park, FL 32789
You may also file a complaint directly to the Secretary of the United States Department of Health and Human Services:
U.S. Department of Health & Human Services
200 Independence Ave. SW
Washington, D.C. 20201
Phone: 1-202-690-7000; toll free: 1-877-696-6775
You will not be retaliated against for filing a complaint.
A paper copy of this Notice
You have the right to receive a paper copy of this Notice, even if you agreed to receive this Notice electronically. You may request a copy of this Notice at any time by contacting our office in writing or by phone.
SMG is including HITECH Act provisions to its Notice as follows:
HITECH notification requirements
Under HITECH, SMG is required to notify patients whose PHI has been breached. Notification must occur by first class or certified mail within thirty (30) days of the event. A breach occurs when an unauthorized use or disclosure that compromises the privacy or security of PHI poses a significant risk for financial, reputational or other harm to the individual. This Notice must:
- Contain a brief description of what happened, including the date of the breach and the date of discovery;
- The steps the individual should take to protect themselves from potential harm resulting from the breach;
- A brief description of what SMG is doing to investigate the breach, mitigate losses and to protect against further breaches.
SMG’s Business Associate Agreements have been amended to provide that all Health Insurance Portability and Accountability Act (“HIPAA”), security administrative safeguards, physical safeguards, technical safeguards and security policies, procedures and documentation requirements apply directly to the business associate.
HITECH states that if a patient pays in full for his or her services out of pocket they can demand that the information regarding the service not be disclosed to the patient’s third-party payer since no claim is being made against the third-party payer.
About the Information we collect
What Information Do We Collect?
When you visit our websites or other media, you may provide us with two types of information: personal information you knowingly choose to disclose that is collected on an individual basis and website or media use information collected on an aggregate basis as you browse our website or media content. If you just browse our site and don't interact with any forms or online services, you browse anonymously. Information that identifies you personally — such as your name, address, phone number and email address — is not collected as you browse.
- Personal Information You Choose to Provide
- Registration Information.
If you choose, you may provide us information about yourself, your firm or company when you register for certain services, or register for email newsletters and alerts.
- Email Information.
If you choose to correspond with us through email, we may retain the content of your email messages together with your email address and our responses.
- Registration Information.
- Website Use Information
Similar to other websites, our site and other media content utilize a standard technology called "cookies" (see explanation below, "What Are Cookies?") and Web server logs to collect information about how our website and media content are used. Information gathered through cookies and Web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website. We, our advertisers and ad serving companies, if any, may also use small technology or pieces of code to determine which content users have seen and how users responded to them.
How Do We Use the Information That You Provide to Us?
Broadly speaking, SMG uses personal information for purposes of administering our activities, providing customer service and making available other products and services to you. Occasionally, we may also use the information we collect to notify you about important changes to our website, new services and special offers we think you will find valuable. You may notify us at any time if you do not wish to receive these offers.
What Are Cookies?
How Do We Use Information We Collect from Cookies?
How Do We Protect Your Information?
How Do We Secure Information Transmissions?
Email is not recognized as a secure medium of communication. For this reason, we request that you do not send private information to us by email. Some of the information you may enter on our website may be transmitted securely via Secure Sockets Layer SSL, 128 bit encryption services. Pages utilizing this technology will have URLs that start with HTTPS instead of HTTP. Please contact us if you have any questions or concerns.
Health and Medical Information.
Certain health and medical information about you is protected under the Health Insurance Portability and Accountability Act (“HIPAA”) and applicable state law. This information may be provided by you online or offline, or may be collected by us from other methods such as through a health care provider. We protect covered health and medical information as required by HIPAA and applicable state law. Similarly, we may use covered health and medical information as permitted by HIPAA and applicable state law.
We may disclose your personal information if required to do so by law or subpoena or if we believe that such action is necessary to (a) conform to the law or comply with legal process served on us or affiliated parties; (b) protect and defend our rights and property, our site, the users of our site, and/or our affiliated parties; (c) act under circumstances to protect the safety of users of our site, us, or third parties.
What About Other Websites Linked to Our Website?
We are not responsible for the practices employed by websites linked to or from our website nor the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our website.