Notice of Privacy Practices
This notice describes how medical information about you may be used and disclosed
and how you can get access to this information. Please review it carefully.
If you have any questions about this Notice please contact: Our Privacy Officer at 919-782-2152
Effective Date: April 14, 2003
Revised: May 22, 2018
We are committed to protect the privacy of your personal health information (PHI).
This Notice of Privacy Practices (Notice) describes how we may use within our practice or network and disclose (share outside of our practice or network) your PHI to carry out treatment, payment or health care operations. We may also share your information for other purposes that are permitted or required by law. This Notice also describes your rights to access and control your PHI.
We are required by law to maintain the privacy of your PHI. We will follow the terms outlined in this Notice.
We may change our Notice, at any time. Any changes will apply to all PHI. Upon your request, we will provide you with any revised Notice by:
- Posting the new Notice in our office.
- If requested, making copies of the new Notice available in our office or by mail.
- Posting the revised Notice on our website: southernderm.com
Uses and Disclosures of Protected Health Information
We may use or disclose (share) your PHI to provide health care treatment for you.
Your PHI may be used and disclosed by your physician, our office staff and others outside of our office that are involved in your care and treatment for the purpose of providing health care services to you.
EXAMPLE: Your PHI may be provided to a physician to whom you have been referred for evaluation to ensure that the physician has the necessary information to diagnose or treat you. We may also share your PHI from time-to-time to another physician or health care provider (e.g., a specialist or laboratory) who, at the request of your physician, becomes involved in your care by providing assistance with your health care diagnosis or treatment to your physician.
We may also share your PHI with people outside of our practice that may provide medical care for you such as home health agencies.
We may use and disclose your PHI to obtain payment for services. We may provide your PHI to others in order to bill or collect payment for services. There may be services for which we share information with your health plan to determine if the service will be paid for.
PHI may be shared with the following:
- Billing companies
- Insurance companies, health plans
- Government agencies in order to assist with qualification of benefits
- Collection agencies
EXAMPLE: You are seen at our practice for a procedure. We will need to provide a listing of services such as x-rays to your insurance company so that we can get paid for the procedure. We may at times contact your health care plan to receive approval PRIOR to performing certain procedures to ensure the services will be paid for. This will require sharing of your PHI.
We may use or disclose, as-needed, your PHI in order to support the business activities of this practice which are called health care operations.
- Training students, other health care providers, or ancillary staff such as billing personnel to help them learn or improve their skills.
- Quality improvement processes which look at delivery of health care and for improvement in processes which will provide safer, more effective care for you.
- Use of information to assist in resolving problems or complaints within the practice.
We may use and disclosure your PHI in other situations without your permission:
- If required by law: The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. For example, we may be required to report gunshot wounds or suspected abuse or neglect.
- Public health activities: The disclosure will be made for the purpose of controlling disease, injury or disability and only to public health authorities permitted by law to collect or receive information. We may also notify individuals who may have been exposed to a disease or may be at risk of contracting or spreading a disease or condition.
- Health oversight agencies: We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and civil rights laws.
- Legal proceedings: To assist in any legal proceeding or in response to a court order, in certain conditions in response to a subpoena, or other lawful process.
- Police or other law enforcement purposes: The release of PHI will meet all applicable legal requirements for release.
- Coroners, funeral directors: We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law
- Medical research: We may disclose your protected health information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information.
- Special government purposes: Information may be shared for national security purposes, or if you are a member of the military, to the military under limited circumstances.
- Correctional institutions: Information may be shared if you are an inmate or under custody of law which is necessary for your health or the health and safety of other individuals.
- Workers’ Compensation: Your protected health information may be disclosed by us as authorized to comply with workers’ compensation laws and other similar legally-established programs.
Other uses and disclosures of your health information.
Business Associates: Some services are provided through the use of contracted entities called “business associates”. We will always release only the minimum amount of PHI necessary so that the business associate can perform the identified services. We require the business associate(s) to appropriately safeguard your information. Examples of business associates include billing companies or transcription services.
Health Information Exchange: We may make your health information available electronically to other healthcare providers outside of our facility who are involved in your care.
Treatment Alternatives: We may provide you notice of treatment options or other health related services that may improve your overall health.
Appointment Reminders: We may contact you as a reminder about upcoming appointments or treatment.
We may use or disclose your PHI in the following situations UNLESS you object.
- We may share your information with friends or family members, or other persons directly identified by you at the level they are involved in your care or payment of services. If you are not present or able to agree/object, the healthcare provider using professional judgment will determine if it is in your best interest to share the information. For example, we may discuss post procedure instructions with the person who drove you to the facility unless you tell us specifically not to share the information.
- We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, general condition or death.
- We may use or disclose your protected health information to an authorized public or private entity to assist in disaster relief efforts.
The following uses and disclosures of PHI require your written authorization:
- Disclosures of for any purposes which require the sale of your information
- Release of psychotherapy notes: Psychotherapy notes are notes by a mental health professional for the purpose of documenting a conversation during a private session. This session could be with an individual or with a group. These notes are kept separate from the rest of the medical record and do not include: medications and how they affect you, start and stop time of counseling sessions, types of treatments provided, results of tests, diagnosis, treatment plan, symptoms, prognosis.
All other uses and disclosures not recorded in this Notice will require a written authorization from you or your personal representative.
Written authorization simply explains how you want your information used and disclosed. Your written authorization may be revoked at any time, in writing. Except to the extent that your doctor or this practice has used or released information based on the direction provided in the authorization, no further use or disclosure will occur.
Your Privacy Rights
You have certain rights related to your protected health information. All requests to exercise your rights must be made in writing. Please submit your written request for your PHI to the attention of the Practice Administrator at Southern Dermatology.
You have the right to see and obtain a copy of your protected health information.
This means you may inspect and obtain a copy of protected health information about you that is contained in a designated record set for as long as we maintain the protected health information. If requested we will provide you a copy of your records in an electronic format. There are some exceptions to records which may be copied and the request may be denied. We may charge you a reasonable cost based fee for a copy of the records.
You have the right to request a restriction of your protected health information.
You may request for this practice not to use or disclose any part of your protected health information for the purposes of treatment, payment or healthcare operations. We are not required to agree with these requests. If we agree to a restriction request we will honor the restriction request unless the information is needed to provide emergency treatment.
There is one exception: We must accept a restriction request to restrict disclosure of information to a health plan if you pay out of pocket in full for a service or product unless it is otherwise required by law.
You have the right to request for us to communicate in different ways or in different locations.
We will agree to reasonable requests. We may also request alternative address or other method of contact such as mailing information to a post office box. We will not ask for an explanation from you about the request.
You may have the right to request an amendment of your health information.
You may request an amendment of your health information if you feel that the information is not correct along with an explanation of the reason for the request. In certain cases, we may deny your request for an amendment at which time you will have an opportunity to disagree.
You have the right to a list of people or organizations who have received your health information from us.
This right applies to disclosures for purposes other than treatment, payment or healthcare operations. You have the right to obtain a listing of these disclosures that occurred after April 14, 2003. You may request them for the previous six years or a shorter timeframe. If you request more than one list within a 12 month period you may be charged a reasonable fee.
Additional Privacy Rights
- You have the right to obtain a paper copy of this notice from us, upon request. We will provide you a copy of this Notice the first day we treat you at our facility. In an emergency situation we will give you this Notice as soon as possible.
- You have a right to receive notification of any breach of your protected health information.
If you think we have violated your rights or you have a complaint about our privacy practices you can contact:
The Practice Administrator at Southern Dermatology 919-782-2152
You may also complain to the United States Secretary of Health and Human Services if you believe your privacy rights have been violated by us.
If you file a complaint we will not retaliate against you for filing a complaint.
This notice was published and became effective on April 13, 2003, revision date: March 27, 2015.
1.2 We are committed to safeguarding the privacy of our website visitors. This policy applies where we are acting as a data controller with respect to personal data of our website users.
1.4 In this policy, “we”, “us” and “our” refer to Southern Dermatology.
2. Collection and use
In this section, we have set out:
- The general categories of personal data we may process
- The purpose for which we may process personal data; and
- The legal bases of the processing
2.2 Website Visitors
If you are a Visitor to our website only, and not a Respondent to a survey, then this section is relevant for you.
By visiting this website, you consent to the collection and use of your Personal Data as described herein. If you do not agree with the terms set out herein, please do not visit this website. If required by applicable law, we will seek your explicit consent to process Personal Data collected on this website or volunteered by you. Kindly note that any consent will be entirely voluntary. However, if you do not grant the requested consent to the processing of your Personal Data, the use of this website may not be possible.
Such Personal Data may comprise your IP address, first and last name, your postal and email address, your telephone number, your job title, data for social networks, your areas of interest, interest in Southern Dermatology services pr products, and certain information about the company you are working for (company name and address), as well as information as to the type of relationship that exists between Southern Dermatology and yourself.
Southern Dermatology gathers data about visits to the website, including numbers of Visitors and visits, Geo-location data, length of time spent on the site, pages clicked on or where Visitors have come.
2.2.1 Purpose of processing personal data
Southern Dermatology uses the collected data to communicate with Visitors, to customize content for Visitors, to show ads on other websites to Visitors, and to improve its website by analyzing how Visitors navigate its website.
2.2.2 Sharing personal data
Southern Dermatology may also share such information with service vendors or contractors in order to provide a requested service or transaction or in order to analyze the Visitor behavior on its website.
Cookies are alphanumeric identifiers that we transfer to your computer’s hard drive through your Web browser to enable our systems to recognize your browser and provide features to facilitate purchases, maintain your profile, and organize your history. The Help portion of the toolbar on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the settings or visiting the Website of its manufacturer. However, please note, that without cookies you may not be able to take full advantage of all of our sites’ features. In addition, disabling cookies may cancel opt-outs that rely on cookies, such as web analytics or targeted advertising opt-outs. Hence, we recommend that you leave them turned on.
2.2.4 Links to other sites
2.2.5 Web Beacons
If you wish to inquire about your Personal Data that may have been collected in a Southern Dermatology survey, please call our office at (919) 782 2152.
2.3.1 Collection of Respondent data
Respondent data includes data from individuals uploaded, transferred or manually entered by a Respondent for the purpose of providing feedback to Southern Dermatology by responding to surveys. Personal Data may include, personal contact information such as name, home address, home telephone or mobile number, email address, and company information. Answers to questions by Respondents, may also include Personal Data.
The purpose of collecting Personal Data as part of a survey will vary depending on the survey, as set up by Southern Dermatology.
2.3.3 Processing in the European Economic Area (EEA)
For Respondents in the European Data Region, all processing of Personal Data is performed in accordance with privacy rights and regulations following the EU Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (the Directive), and the implementations of the Directive in local legislation. From May 25th, 2018, the Directive and local legislation based on the Directive will be replaced by the Regulations (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR), and Southern Dermatology’s processing will take place in accordance with the GDPR.
2.3.4 Processing in the United States Of America (US)
For Respondents in the US Data Region, Southern Dermatology processes data solely in data centers located in the US.
All data collected by Southern Dermatology Respondents through surveys will be stored exclusively in secure hosting facilities provided by SiteGround and WordPress. Southern Dermatology’s contract with its hosting provider ensures that all hosting is performed in accordance with the highest security regulations. Southern Dermatology’s policy is to protect and safeguard any personal information obtained by Southern Dermatology in accordance with United States state or federal laws governing the protection of personal information and data. Accordingly, Southern Dermatology adheres to practices and policies that aim to safeguard the data.
2.3.5 Processing in other regions
For Respondents with accounts in other Data Regions, Southern Dermatology processes data solely in data centers located in the United States. Southern Dermatology has adopted reasonable physical, technical and organizational safeguards which substantially mirror the EU safeguards against accidental, unauthorized or unlawful destruction, loss, alteration, disclosure, access, use or processing of the Respondents data in Southern Dermatology’s possession. Southern Dermatology will promptly notify the User in the event of any known unauthorized access to, or use of, the Respondents data.
3. Retention and deletion
Southern Dermatology will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.
4. Acceptance of these Conditions
If you choose to visit Southern Dermatology, your visit and any dispute over privacy is subject to this Notice and our Terms of Service, including limitations on damages, resolution of disputes, and application of the law of the state of North Carolina. If you have any concern about privacy at Southern Dermatology, please contact us at the telephone numbers provided, describe the issue, and we will try to resolve it.
Our business changes constantly, and our Privacy Notice and the Terms of Service will change as well. We may email periodic reminders of our notices and conditions, unless you have instructed us not to, but you should check our Web site frequently to see recent changes. Unless stated otherwise, our current Privacy Notice applies to all information that we have about you and your account. We stand behind the promises we make, however, and will never materially change our policies and practices to make them less protective of customer information collected in the past without the consent of affected customers.