Privacy Policy

Beyond Eyecare

2539 John Milton Drive

Herndon VA 20171


Sami Khaldieh, O.D., Privacy Official

Origination Date: June 2023

Revised Effective Date: March 2024

Notice of Privacy Practices

The law mandates that Beyond Eyecare diligently communicates your rights concerning your personal health information. We are unwavering in our commitment to honoring the legal obligation to safeguard private health information that may identify you. In compliance with legal requirements, we are obligated to furnish you with notice of our privacy practices and adhere to the policies outlined within. This notice serves to delineate how we secure your health information and elucidates the rights you possess in relation to it.

Information Collected

We collect and utilize information to ensure the provision of quality healthcare services. This includes, but is not limited to, essential details such as the desired appointment date, purpose of visit, your first and last name, email address, date of birth, residential address, phone number, and pertinent insurance information. In addition, supplementary information may be collected during interactions on our website or within our office premises. This may encompass hobbies and lifestyle information, which can contribute to a more personalized and effective healthcare approach. Furthermore, as part of our online interaction, we may collect technical information such as your browser's IP address and utilize cookies to enhance your browsing experience. Rest assured, the confidentiality and security of all collected information are paramount, and we adhere to strict privacy measures in accordance with the Health Insurance Portability and Accountability Act (HIPAA) to safeguard your personal and medical data. Consumer information is not shared with third-parties for marketing purposes. We do not sell patient information to any third-party vendors.

Treatment, Payment, and Health Care Operations

The primary reasons for utilizing or disclosing your health information at Beyond Eyecare typically revolve around treatment, payment, or business operations. Within the office, we routinely engage in the use and disclosure of medical information for various purposes. Permission to use or disclose your medical information in the following scenarios is not explicitly required, although you retain the right to request otherwise.

Examples of how we may use or disclose health information for treatment purposes encompass, but are not limited to:

  • Setting up or modifying appointments, including leaving messages devoid of personal health information with individuals at your home or office who may answer the phone or on answering machines, voice mails, texts, or email.
  • Calling your name in a reception room environment.
  • Prescribing glasses, contact lenses, or medications and communicating this information to suppliers through phone, fax, or other electronic means, including initial prescriptions and refill requests.
  • Notifying you when your ophthalmic goods are ready, including leaving messages with no personal health information with individuals at your home or office who may answer the phone, or on answering machines, voice mails, texts, or emails.
  • Referring you to another doctor for care not provided by this office.
  • Obtaining copies of health information from doctors you have seen prior to us.
  • Discussing your care directly with you or with family or friends you have indicated or agreed may receive information about your health.
  • Sending postcards, letters, or leaving messages with no personal health information with individuals at your home who may answer the phone or on answering machines, voice mails, texts, or emails as reminders for continued care.
  • Providing you with a copy of your medical records via secured fax, secured email, secured patient portal, or printed copies delivered in person or through US mail at your request.

Examples of how we may use or disclose health information for payment purposes encompass, but are not limited to:

  • Inquiring about your vision or medical insurance plans or other payment sources.
  • Preparing and sending bills to your insurance provider or to you.
  • Furnishing any information required by third-party payors to ensure payment for services rendered to you.
  • Sending notices of payment due on your account to the person designated as a responsible party or head of household on your account, with fee explanations that could include procedures performed and for what diagnosis.
  • Collecting unpaid balances either directly or through a collection agency, attorney, or district attorney's office.
  • At your request, refraining from disclosing to a health plan or health care operation information related to care that you have paid for out of pocket. This applies solely to those encounters related to the care you wish to be restricted and only to the extent that disclosure is not otherwise required by law.

Examples of how we may use or disclose health information for business operations include, but are not limited to:

  • Financial or billing audits.
  • Internal quality assurance programs.
  • Participation in managed care plans.
  • Defense of legal matters.
  • Business planning.
  • Certain research functions.
  • Informing you of products or services offered by our office.
  • Compliance with requests for information from local, state, or federal government agencies.
  • Oversight activities, such as licensing of our doctors.
  • Medicare or Medicaid audits.
  • Providing information about your vision status to the Department of Public Safety, a school nurse, or an agency qualifying for disability status.
  • In the event that Beyond Eyecare or any of its affiliated office(s) is subject to acquisition, merger, or consolidation with another entity, or if there is a sale of any of our assets, the potential transfer of your information may transpire to the acquiring entity or the entity that perseveres through the merger or consolidation process.

Uses and Disclosures for Other Reasons Not Needing Permission

In specific limited situations, the law permits us to use or disclose your medical information without requiring your explicit permission. While many of these circumstances are unlikely to apply to you, it's important to be aware of the potential scenarios:

  • When state or federal law mandates reporting of certain health information for a specific purpose.
  • For public health reasons, such as reporting contagious diseases, investigations, surveillance, and communication with the federal Food and Drug Administration regarding drugs or medical devices.
  • Disclosures to government or law authorities regarding victims of suspected abuse, neglect, domestic violence, or suspected crimes.
  • Disclosures for judicial and administrative proceedings, including responses to subpoenas or court/administrative orders.
  • Disclosures to a medical examiner for identification of a deceased person, determining the cause of death, or to funeral directors for burial assistance.
  • Disclosures to organizations handling organ or tissue donations.
  • Uses or disclosures for health-related research.
  • Uses or disclosures to prevent a serious threat to the health or safety of an individual or individuals.
  • Uses or disclosures to aid military purposes or lawful national intelligence activities.
  • Disclosures of de-identified information.
  • Disclosures related to a workers' compensation claim.
  • Disclosures of a 'limited data set' for research, public health, or health care operations.
  • Incidental disclosures that are an unavoidable by-product of permitted uses and disclosures.
  • Disclosure of information needed for completing forms related to school-related vision screenings, information to the Department of Public Safety (driver's license), and information related to certification for occupational or recreational licenses (such as a pilot's license).
  • Disclosures to business associates who perform health care operations for Beyond Eyecare and who commit to respecting the privacy of your information. We also require any business associate to mandate compliance with our privacy policies for any subcontractor.
  • Unless you object, disclosure of relevant information to family members or friends assisting you with your care or those you permit to be present, allowing us to assume your approval for their exposure to pertinent information about your health.

Uses or Disclosures To Patient Representatives

It is the established policy of Beyond Eyecare that our staff may accept phone calls from individuals acting on a patient's behalf, seeking information related to scheduling or modifying appointments, or inquiring about the status of eyeglasses, contact lenses, or other optical goods ordered for or by the patient. Additionally, Beyond Eyecare staff is authorized to assist individuals on a patient's behalf in the receipt of eyeglasses, contact lenses, or other optical goods. During telephone or in-person interactions, rigorous efforts will be made to restrict the conversation to the specific details necessary for completing the required transaction. No disclosure of information regarding the patient's vision or health status will occur without proper patient consent.

Furthermore, Beyond Eyecare staff and doctors will reasonably infer that if you permit another person to accompany you into an examination room, treatment room, dispensary, or any business area within the office during testing or discussions about your vision, health care, or account, you thereby grant consent to the presence of that individual. This policy is implemented to uphold confidentiality and respect patient privacy in all interactions.

Other Uses and Disclosures

We will refrain from making any other uses or disclosures of your health information, including those involving marketing, unless you provide a written Authorization for Release of Identifying Health Information. The content of this authorization will adhere to applicable state and federal law. The initiation of a request for authorization may come from Beyond Eyecare or from you, the patient. We commit to complying with your request, provided it aligns with federal policies regarding authorizations.

Should we request you to sign an authorization, you have the option to decline. However, if you choose not to sign the authorization, we may not proceed with the use or disclosure of the information originally intended. On the contrary, if you opt to sign the authorization, you retain the right to revoke it at any time. Revocation requests must be submitted in writing to the Privacy Officer, whose name is provided at the beginning of this Notice.

Your Rights Regarding Your Health Information

  • The law affords you various rights concerning your personal health information. You have the right to request restrictions on our uses and disclosures for treatment (except in emergency care), payment, or business operations. Such requests must be submitted in writing to the Privacy Officer named at the beginning of this Notice. While we are not obligated to agree to your request, if we do, we must honor the agreed-upon restrictions.
  • You also have the right to request confidential communication, specifying, for instance, contact only by telephone at your home or using a designated email address. We may accommodate these requests if they are reasonable, and you agree to cover any additional costs incurred. Requests for special communication should be directed to the Privacy Officer.
  • You may request to review or obtain copies of your health information. We generally welcome such requests, but rare situations may restrict information release. In such cases, a written denial will be provided, and another licensed health care practitioner selected by Beyond Eyecare may review your request and our denial.
  • Requests for review or copies may be made in writing to the Privacy Officer, although this is not mandatory. While we aim to respond promptly, we are subject to timeframes specified by State or Federal law, and extensions may be requested in certain situations.
  • Health care information can be delivered in the format you request, including secure email, an authorized Electronic Health Information system, or media supplied by Beyond Eyecare.
  • If you believe your health care information is incorrect or incomplete, you can request an amendment. If we agree, changes will be made within thirty (30) days, and corrected information will be sent to you and others as needed. If we disagree, you will receive a written notification, and you can submit a statement to be included in your medical record.
  • You have the right to request a list of non-routine disclosures made within the past six (6) years. Routine disclosures, related to treatment, payment, and business operations, are excluded. You are entitled to one free list per year, and additional lists may be obtained for a fee.
  • Additional copies of this Notice of Privacy Practices can be obtained from our business office or online at the website address provided at the beginning of this Notice.

Breach Notification Policy

In the event of a reportable breach of patient information, Beyond Eyecare hereby pledges to adhere to the breach notification requirements outlined by the HIPAA Breach Notification Rule or any specific State requirements. In the occurrence of a breach, Beyond Eyecare is committed to taking all requisite measures to ensure compliance with this rule. This includes, as applicable, notifying affected individuals, Business Associates, the Secretary of Health and Human Services, and prominent media outlets, in accordance with the stipulations of the respective breach notification regulations.

Whistleblower Protection Rule

Beyond Eyecare commits to refraining from taking any retaliatory action against any individual who, in good faith, provides information to the Office of Civil Rights, Office of the Inspector General, or an individual state Attorney General's Office pertaining to concerns related to privacy and security procedures or actions at Beyond Eyecare. We uphold the principles of transparency and accountability and appreciate individuals who contribute to maintaining the integrity of our privacy and security practices.

Changing Our Notice of Privacy Practices

According to legal requirements, we are obligated to adhere to the stipulations outlined in this Notice of Privacy Practices unless significant changes are made to the Notice. We retain the right to modify this Notice at our discretion. In the event of such modifications, the updated privacy practices will be applicable not only to your existing health information but also to any additional information generated in the future. Any alterations to this Notice will be promptly communicated through the posting of a revised Notice in our office and on our official website.


If you believe that your health information privacy has been compromised by any member of the Beyond Eyecare team, we strongly urge you to address your concerns with the designated Privacy Officer mentioned at the outset of this Notice. For a thorough examination of your concerns, we kindly request that you submit a written statement outlining the specifics of the issue. We are fully committed to addressing and resolving any concerns you may have. While we strive for internal resolution, you also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, or the state Attorney General's Office. We assure you that there will be no retaliation against you for making such a complaint. Our priority is to ensure the highest standards of privacy protection, and your feedback is integral to maintaining these standards. We appreciate your cooperation and commitment to the confidentiality of your health information.

Office Policies

By signing the Notice of Privacy Practices, you expressly acknowledge and accept, without limitation, our comprehensive set of policies, including but not limited to, our standard of care policies, financial policies, optical policies, contact lens policies, insurance policies, communications policy, privacy policies, patient liability policies, and other legal policies herein. These policies may be accessible within this document, on our official website, or within our physical office premises. These office policies, carefully crafted for the exclusive benefit of Beyond Eyecare patients, are strictly confidential and proprietary. Unauthorized copying, distribution, or sharing of these policies is expressly prohibited. Please note that by default, patients are automatically opted into receiving marketing communications unless otherwise specified or opted out. For clarification or additional information on any aspect of our policies, we encourage you to reach out to us with your specific inquiries before affixing your signature. Your signature on the Notice of Privacy Practices signifies your full understanding and unreserved acceptance of these policies, forming a legally binding agreement between you and Beyond Eyecare.

Communications Policy

By signing this form or receiving services from Beyond Eyecare, you acknowledge and agree to our communication practices regarding sensitive healthcare information covered by HIPAA. We reserve the right to communicate with you through various channels, including phone calls, voicemails, emails, text messages, or written correspondence, for purposes such as marketing, appointment reminders, scheduling appointments, informing you of available treatments or services, health-related discussions, and notifying you when materials such as glasses or contact lenses are ready for collection. Message and data rates may apply.

You may choose to receive communications containing HIPAA-sensitive information via the above listed communications, acknowledging the associated risks of non-secure electronic channels. Requesting HIPAA-sensitive information through an insecure electronic channel explicitly constitutes a waiver of your entitlement to health record privacy, as we cannot assure confidentiality when transmitting such data through these channels. You have the right to opt out of such communications by providing written notification to our office for each specific method, though opting out may limit our ability to efficiently communicate certain health-related information.


In the event of any inquiries or concerns regarding privacy matters, it is strongly recommended that you communicate with the designated Privacy Officer. The Privacy Officer can be reached directly at the phone number specified in this notice. Your prompt engagement with the Privacy Officer is vital for the resolution of any issues or clarification of queries related to privacy concerns.

I acknowledge and agree that deliberately checking a box, typing an implied signature, or directly digitally signing on any of the digital or remote forms presented to me by Beyond Eyecare signifies my explicit consent to the use and acceptance of digital signatures. I understand and affirm that such actions constitute legally valid and binding signatures in accordance with applicable laws and regulations.