Notice of Privacy Practices
2539 John Milton Drive, Herndon VA 20171
Sami Khaldieh, O.D., Privacy Official
Effective Date: May 2023
The law requires that Beyond Eyecare make every effort to inform you of your rights related to your personal health information. We respect our legal obligation to keep health information that might identify you private. We are obligated by law to provide you with notice of our privacy practices and abide by the policies in it. This notice describes how we protect your health information and what rights you have regarding it.
Treatment, Payment, and Health Care Operations
The most common reasons we would use or disclose your health information are for treatment, payment, or business operations. We routinely use and disclose your medical information within the office on a daily basis. We do not need specific permission to use or disclose your medical information in the following matters, although you have the right to request that we do not.
Examples of how we might use or disclose health information for treatment purposes might include:
- Setting up or changing appointments including leaving messages containing no information about your personal health information with those at your home or office who may answer the phone or leaving messages on answering machines, voice mails, texts or email;
- calling your name out in a reception room environment;
- prescribing glasses, contact lenses, or medications as well as relaying this information to suppliers by phone, fax or other electronic means including initial prescriptions and requests from suppliers for refills;
- notifying you that your ophthalmic goods are ready, including leaving messages containing no personal health information with those at your home or office who may answer the phone, or leaving messages on answering machines, voice mails, texts or emails;
- referring you to another doctor for care not provided by this office;
- obtaining copies of health information from doctors you have seen before us; discussing your care with you directly or with family or friends you have inferred or agreed may listen to information about your health;
- sending you postcards or letters or leaving messages containing no personal health information with those at your home who may answer the phone or on answering machines, voice mails, texts or emails reminding you it is time for continued care;
- at your request, we can provide you with a copy of your medical records via secured fax, secured email, secured patient portal, or printed copies delivered in person or through US mail.
Examples of how we might use or disclose health information for payment purposes might include:
- Asking you about your vision or medical insurance plans or other sources of payment;
- preparing and sending bills to your insurance provider or to you;
- providing any information required by third-party payors in order to ensure payment for services rendered to you;
- sending notices of payment due on your account to the person designated as a responsible party or head of household on your account with fee explanations that could include procedures performed and for what diagnosis: collecting unpaid balances either ourselves or through a collection agency, attorney, or district attorney's office. At the patient's request, we may not disclose to a health plan or health care operation information related to care that you have paid for out of pocket. This only applies to those encounters related to the care you want to be restricted and only to the extent disclosure is not otherwise required by law.
Examples of how we might use or disclose health information for business operations might include:
- Financial or billing audits;
- internal quality assurance programs; participation in managed care plans; defense of legal matters;
- business planning;
- certain research functions; informing you of products or services offered by our office;
- compliance with local, state, or federal government agencies requests for information;
- oversight activities such as licensing of our doctors;
- Medicare or Medicaid audits;
- providing information regarding your vision status to the Department of Public Safety, a school nurse, or agency qualifying for disability status
Uses and Disclosures for Other Reasons Not Needing Permission
In some other limited situations, the law allows us to use or disclose your medical information without your specific permission. Most of these situations will never apply to you but they could.
- When a state or federal law mandates that certain health information be reported for a specific purpose
- For public health reasons, such as reporting of a contagious disease, investigations or surveillance, and notices to and from the federal Food and Drug Administration regarding drugs or medical devices
- Disclosures to government or law authorities about victims of suspected abuse, neglect, domestic violence, or when someone is or suspected to be a victim of a crime
- Disclosures for judicial and administrative proceedings, such as in response to subpoenas or orders of courts or administrative hearings
- Disclosures to a medical examiner to identify a deceased person or determine cause of death or to funeral directors to aid in burial
- Disclosures to organizations that handle organ or tissue donations
- Uses or disclosures for health-related research
- Uses or disclosures to prevent a serious threat to the health or safety of an individual or individuals
- Uses or disclosures to aid military purposes or lawful national intelligence activities
- Disclosures of de-identified information
- Disclosures related to a workman's compensation claim
- Disclosures of a "limited data set" for research, public health, or health care operations
- Incidental disclosures that are an unavoidable by-product of permitted uses and disclosures
- Disclosure of information needed in completing forms from a school-related vision screening, information to the Department of Public Safety (driver's license), and information related to certification for occupational or recreational licenses such as pilots license.
- Disclosures to business associates who perform health care operations for Beyond Eyecare and who commit to respect the privacy of your information. We also require any business associate to require any sub-contractor to comply with our privacy policies.
- Unless you object, disclosure of relevant information to family members or friends who are helping you with your care or by you allowing them to be present may allow us to assume you approve their exposure to relevant information about your health.
Uses or Disclosures To Patient Representatives
It is the policy of Beyond Eyecare for our staff to take phone calls from individuals on a patient's behalf requesting information about making or changing an appointment; the status of eyeglasses, contact lenses, or other optical goods ordered by or for the patient. Beyond Eyecare staff will also assist individuals on a patient's behalf in the delivery of eyeglasses, contact lenses, or other optical goods. During a telephone or in-person contact, every effort will be made to limit the encounter to only the specifics needed to complete the transaction required. No information about the patient's vision or health status may be disclosed without proper patient consent. Beyond Eyecare staff and doctors will also infer that if you allow another person in an examination room, treatment room, dispensary, or any business area within the office with you while testing is performed or discussions are held about your vision or health care or your account that you consent to the presence of that individual.
Other Uses and Disclosures
1. We will not make any other uses or disclosures of your health information or uses and disclosures involving marketing unless you sign a written Authorization for Release of Identifying Health Information. The content of this authorization is determined by applicable state and federal law. The request for signing an authorization may be initiated by Beyond Eyecare or by you as the patient. We will comply with your request if it is applicable to the federal policies regarding authorizations. If we ask you to sign an authorization, you may decline to do so. If you do not sign the authorization, we may not use or disclose the information we intended to use. If you do elect to sign the authorization, you may revoke it at any time. Revocation requests must be made in writing to the Privacy Officer named at the beginning of this Notice.
Your Rights Regarding Your Health Information
The law gives you many rights regarding your personal health information.
- You may ask us to restrict our uses and disclosures for purposes of treatment (except in emergency care), payment, or business operations. This request must be made in writing to the Privacy Officer named at the beginning of this Notice. We do not have to agree to your request, but if we agree, must honor the restrictions you ask for.
- You may ask us to communicate with you in a confidential manner. Examples might be only contacting you by telephone at your home or using some special email address. We may accommodate these requests if they are reasonable and if you agree to pay any additional cost, if any, incurred in accommodating your request. Requests for special communication requests must be made to the Privacy Officer named at the beginning of this Notice.
- You may ask to review or get copies of your health information. For the most part, we are happy to provide you with the opportunity to either review or obtain a copy of your medical information, but rare situations may restrict the release of the information. In such cases, we will provide you with a denial in writing. Another licensed health care practitioner chosen by Beyond Eyecare may review your request and our denial. In such cases, we will abide by the outcome of that review. We ask that requests for review or copy of medical information be made in writing to the Privacy Officer named at the beginning of this Notice, but this is not a requirement. While we usually respond to these requests in just a day or so, by law we have a short period of time specified by State or Federal law to respond to your request. We may request an additional extension of time in certain situations.
- Health care information you request copies of may be delivered to you in the format you request. The e-formats Beyond Eyecare has approved include secure email, an authorized Electronic Health Information system and media supplied by Beyond Eyecare.
- You may ask us to amend or change your health care information if you think it is incorrect or incomplete. If we agree, we will make the amendment to your medical record within thirty (30) days of your written request for change sent to the Privacy Officer named at the beginning of this Notice. We will then send the corrected information to you or any other individual you feel needs a copy of the corrected information. If we do not agree, you will be notified in writing of our decision. You may then write a statement of your position and we will include it in your medical record along with any rebuttal statement we may wish to include.
- You may request a list of any non-routine disclosures of your health information that we might have made within the past six (6) years. Routine disclosures would include those used in your treatment, payment, and business operations of Beyond Eyecare. These routine disclosures will not be included in your list of disclosures. You are entitled to one such list per year without charge. If you want more frequent lists, you must pay for them in advance at a fee of $200 per list. We will usually respond to your written request (made to the Privacy Officer named at the beginning of this Notice) within thirty (30) days but we are allowed one thirty (30) day extension if we need the time to complete your request.
- You may obtain additional copies of this Notice of Privacy Practices from our business office or online at our website address shown at the beginning of this Notice.
Breach Notification Policy
In the event of a reportable breach of patient information, Beyond Eyecare agrees to abide by the breach notification requirements as established by the HIPAA Breach Notification Rule or specific State requirement. If a breach occurs, Beyond Eyecare will take all necessary steps to remain in compliance with this rule including as applicable notification of individuals, Business Associates, the Secretary of Health and Human Services and prominent media outlets.
Whistleblower Protection Rule
Beyond Eyecare will take no action against any individual who provides information to the Office of Civil Rights, Office of the Inspector General or individual state Attorney General's Office regarding concerns related to the privacy and security procedures or actions at Beyond Eyecare.
Changing Our Notice of Privacy Practices
By law, we must abide by the terms of this Notice of Privacy Practices until we choose to substantially change the Notice. We reserve the right to change this Notice at any time. If we change this Notice, the new privacy practices will apply to your existing health information as well as any additional information generated in the future. If we change this Notice, we will post a new Notice in our office and on our website.
If you think that anyone at Beyond Eyecare has not respected the privacy of your health information, we encourage you to discuss your concerns with the Privacy Officer named at the beginning of this Notice. We request you submit your concerns in writing. We are more than happy to try to resolve any concern you may have. We want to resolve your concerns but you may also file a complaint with the U.S. Department of Health and Human Services, Office of Civil Rights or the state Attorney General's Office. We will not retaliate against you if you make such a complaint.
Our standard of care policies, financial policies, optical policies, contact lens policies, insurance policies, privacy policies, patient liability policies, legal policies including but not limited to those herein, are all legally accepted by you once the Notice of Privacy Practices is signed and/or upon entering an implied Beyond Eyecare, LLC location. If you have additional questions about any of our policies or would like more information, please contact us with your specific questions prior to signature or entry.
We may call, email, text or write to remind you of scheduled appointments, or that it is time to make a routine appointment. We may also call, email, text or write to notify you of other treatments or services available at our office that might help you. We may additionally call, email, text, or write to you to inform you that your materials (such as glasses or contact lenses) are ready. Unless declined in writing otherwise, we will mail you an appointment reminder on a postcard, and/or leave you a reminder message on your home answering machine or with someone who answers your phone if you are not home.
Patient Own Frame Waiver
Beyond Eyecare will always go above and beyond to ensure the safety and care of your frame. However, we cannot guarantee the integrity of a patient’s own frame. A frame may break or sustain other unexpected damage. Beyond Eyecare, LLC and its associates will not be held liable in these situations.
I hereby certify that all information I have provided to Beyond Eyecare, LLC and its associates in regards to insurance is correct and true. I authorize Beyond Eyecare, LLC and its associates to act as my agent to assist in obtaining payment of my insurance and/or government/commercial program benefits for any services and/or materials provided to me. I certify that I am qualified to make the decision to do so. I authorize any holder and/or medical information about me to be released to Beyond Eyecare, LLC and its associates if necessary to determine these benefits payable to related services.
If you have any questions or concerns, we encourage you to contact the Privacy Officer at the number on this notice.
I understand that checking a box or typing in any of the digital or remote forms provided to me by Beyond Eyecare, LLC indicates I consent to digital signature and constitutes as legally valid.