Beyond Eyecare
2539 John Milton Drive
Herndon VA 20171
703-239-6633 www.beyond-eyecare.com
Sami Khaldieh, O.D., Privacy Official
Origination Date: June 2023
Revised Effective Date: March 2024
Notice of Privacy Practices
The law mandates that Beyond Eyecare diligently communicates your rights concerning your personal health information. We are unwavering in our commitment to honoring the legal obligation to safeguard private health information that may identify you. In compliance with legal requirements, we are obligated to furnish you with notice of our privacy practices and adhere to the policies outlined within. This notice serves to delineate how we secure your health information and elucidates the rights you possess in relation to it.
Information Collected
We collect and utilize information to ensure the provision of quality healthcare services. This includes, but is not limited to, essential details such as the desired appointment date, purpose of visit, your first and last name, email address, date of birth, residential address, phone number, and pertinent insurance information. In addition, supplementary information may be collected during interactions on our website or within our office premises. This may encompass hobbies and lifestyle information, which can contribute to a more personalized and effective healthcare approach. Furthermore, as part of our online interaction, we may collect technical information such as your browser's IP address and utilize cookies to enhance your browsing experience. Rest assured, the confidentiality and security of all collected information are paramount, and we adhere to strict privacy measures in accordance with the Health Insurance Portability and Accountability Act (HIPAA) to safeguard your personal and medical data. Consumer information is not shared with third-parties for marketing purposes. We do not sell patient information to any third-party vendors.
Treatment, Payment, and Health Care Operations
The primary reasons for utilizing or disclosing your health information at Beyond Eyecare typically revolve around treatment, payment, or business operations. Within the office, we routinely engage in the use and disclosure of medical information for various purposes. Permission to use or disclose your medical information in the following scenarios is not explicitly required, although you retain the right to request otherwise.
Examples of how we may use or disclose health information for treatment purposes encompass, but are not limited to:
Examples of how we may use or disclose health information for payment purposes encompass, but are not limited to:
Examples of how we may use or disclose health information for business operations include, but are not limited to:
Uses and Disclosures for Other Reasons Not Needing Permission
In specific limited situations, the law permits us to use or disclose your medical information without requiring your explicit permission. While many of these circumstances are unlikely to apply to you, it's important to be aware of the potential scenarios:
Uses or Disclosures To Patient Representatives
It is the established policy of Beyond Eyecare that our staff may accept phone calls from individuals acting on a patient's behalf, seeking information related to scheduling or modifying appointments, or inquiring about the status of eyeglasses, contact lenses, or other optical goods ordered for or by the patient. Additionally, Beyond Eyecare staff is authorized to assist individuals on a patient's behalf in the receipt of eyeglasses, contact lenses, or other optical goods. During telephone or in-person interactions, rigorous efforts will be made to restrict the conversation to the specific details necessary for completing the required transaction. No disclosure of information regarding the patient's vision or health status will occur without proper patient consent.
Furthermore, Beyond Eyecare staff and doctors will reasonably infer that if you permit another person to accompany you into an examination room, treatment room, dispensary, or any business area within the office during testing or discussions about your vision, health care, or account, you thereby grant consent to the presence of that individual. This policy is implemented to uphold confidentiality and respect patient privacy in all interactions.
Other Uses and Disclosures
We will refrain from making any other uses or disclosures of your health information, including those involving marketing, unless you provide a written Authorization for Release of Identifying Health Information. The content of this authorization will adhere to applicable state and federal law. The initiation of a request for authorization may come from Beyond Eyecare or from you, the patient. We commit to complying with your request, provided it aligns with federal policies regarding authorizations.
Should we request you to sign an authorization, you have the option to decline. However, if you choose not to sign the authorization, we may not proceed with the use or disclosure of the information originally intended. On the contrary, if you opt to sign the authorization, you retain the right to revoke it at any time. Revocation requests must be submitted in writing to the Privacy Officer, whose name is provided at the beginning of this Notice.
Your Rights Regarding Your Health Information
Breach Notification Policy
In the event of a reportable breach of patient information, Beyond Eyecare hereby pledges to adhere to the breach notification requirements outlined by the HIPAA Breach Notification Rule or any specific State requirements. In the occurrence of a breach, Beyond Eyecare is committed to taking all requisite measures to ensure compliance with this rule. This includes, as applicable, notifying affected individuals, Business Associates, the Secretary of Health and Human Services, and prominent media outlets, in accordance with the stipulations of the respective breach notification regulations.
Whistleblower Protection Rule
Beyond Eyecare commits to refraining from taking any retaliatory action against any individual who, in good faith, provides information to the Office of Civil Rights, Office of the Inspector General, or an individual state Attorney General's Office pertaining to concerns related to privacy and security procedures or actions at Beyond Eyecare. We uphold the principles of transparency and accountability and appreciate individuals who contribute to maintaining the integrity of our privacy and security practices.
Changing Our Notice of Privacy Practices
According to legal requirements, we are obligated to adhere to the stipulations outlined in this Notice of Privacy Practices unless significant changes are made to the Notice. We retain the right to modify this Notice at our discretion. In the event of such modifications, the updated privacy practices will be applicable not only to your existing health information but also to any additional information generated in the future. Any alterations to this Notice will be promptly communicated through the posting of a revised Notice in our office and on our official website.
Complaints
If you believe that your health information privacy has been compromised by any member of the Beyond Eyecare team, we strongly urge you to address your concerns with the designated Privacy Officer mentioned at the outset of this Notice. For a thorough examination of your concerns, we kindly request that you submit a written statement outlining the specifics of the issue. We are fully committed to addressing and resolving any concerns you may have. While we strive for internal resolution, you also have the right to file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights, or the state Attorney General's Office. We assure you that there will be no retaliation against you for making such a complaint. Our priority is to ensure the highest standards of privacy protection, and your feedback is integral to maintaining these standards. We appreciate your cooperation and commitment to the confidentiality of your health information.
Office Policies
By signing the Notice of Privacy Practices, you expressly acknowledge and accept, without limitation, our comprehensive set of policies, including but not limited to, our standard of care policies, financial policies, optical policies, contact lens policies, insurance policies, communications policy, privacy policies, patient liability policies, and other legal policies herein. These policies may be accessible within this document, on our official website, or within our physical office premises. These office policies, carefully crafted for the exclusive benefit of Beyond Eyecare patients, are strictly confidential and proprietary. Unauthorized copying, distribution, or sharing of these policies is expressly prohibited. Please note that by default, patients are automatically opted into receiving marketing communications unless otherwise specified or opted out. For clarification or additional information on any aspect of our policies, we encourage you to reach out to us with your specific inquiries before affixing your signature. Your signature on the Notice of Privacy Practices signifies your full understanding and unreserved acceptance of these policies, forming a legally binding agreement between you and Beyond Eyecare.
Communications Policy
By signing this form or receiving services from Beyond Eyecare, you acknowledge and agree to our communication practices regarding sensitive healthcare information covered by HIPAA. We reserve the right to communicate with you through various channels, including phone calls, voicemails, emails, text messages, or written correspondence, for purposes such as marketing, appointment reminders, scheduling appointments, informing you of available treatments or services, health-related discussions, and notifying you when materials such as glasses or contact lenses are ready for collection. Message and data rates may apply.
You may choose to receive communications containing HIPAA-sensitive information via the above listed communications, acknowledging the associated risks of non-secure electronic channels. Requesting HIPAA-sensitive information through an insecure electronic channel explicitly constitutes a waiver of your entitlement to health record privacy, as we cannot assure confidentiality when transmitting such data through these channels. You have the right to opt out of such communications by providing written notification to our office for each specific method, though opting out may limit our ability to efficiently communicate certain health-related information.
Questions
In the event of any inquiries or concerns regarding privacy matters, it is strongly recommended that you communicate with the designated Privacy Officer. The Privacy Officer can be reached directly at the phone number specified in this notice. Your prompt engagement with the Privacy Officer is vital for the resolution of any issues or clarification of queries related to privacy concerns.
I acknowledge and agree that deliberately checking a box, typing an implied signature, or directly digitally signing on any of the digital or remote forms presented to me by Beyond Eyecare signifies my explicit consent to the use and acceptance of digital signatures. I understand and affirm that such actions constitute legally valid and binding signatures in accordance with applicable laws and regulations.