Notice of Privacy Practices

Revised Date: August 8, 2023
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW THIS NOTICE CAREFULLY.
If you have any questions about this notice or need further information, please contact our Privacy Officer at info@theeyehealthgroup.com. Written requests should be addressed to:
  275 Route 22 East
  Springfield, NJ 08753
  Attention: Privacy Officer
This Notice applies to each of the Practices listed on this Notice, its physicians, employees and agents (the “Practice”). Each Practice separately adopts this Notice as its own and posts the Notice in its Office.
2340 Central Park Ave Yonkers, NY 10710 (914) 961-3737
341 Route 4 West Paramus, NJ 07602 (201) 489-6000
360 Route 46 East Totowa, NJ 07512 (973) 785-0900
275 Route 22 East Springfield, NJ 07081 (973) 376-7900
670 Route 1 North Iselin, NJ 08830 (732) 750 – 0300
328 US 202/206 Bridgewater, NJ 08807
326 Route 18 North East Brunswick, NJ 08816
255 Hwy 35 Eatontown, NJ 07724
1278 Hooper Ave Toms River, NJ 08753
OUR PLEDGE REGARDING YOUR PROTECTED HEALTH INFORMATION:
The privacy of your protected health information or “PHI” is important to us. This notice will tell you about the ways in which we may use and disclose your PHI, your rights regarding your PHI. This Notice is published on our webpage and available at the SUP practice locations. You will receive a copy at the first point of service and amendments will be made available on our webpage and at the service following an amendment.
HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:
We may access, use or disclose your PHI only as permitted by law. The following categories describe different ways that we may use and disclose your PHI without your authorization. Certain disclosures of PHI may be made electronically.
  • For Treatment: We may use your PHI to provide you with health care treatment or services. We may disclose your PHI to other healthcare providers such as pharmacies, physicians, nurses, technicians, health students, or other personnel who are involved in taking care of you. For example, your primary care physician may need to know your vision results.
  • For Payment: We may use and disclose your PHI so that the treatment and services you receive from us may be billed to and payment collected from you, an insurance company, or a third party. For example, we may need to disclose your health plan information about your use of our services so that your health plan will pay us or reimburse you for the treatment. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
  • For Health Care Operations: We may use and disclose your PHI to support the business and other healthcare operations of our Practice. For example, we may use health information to review our treatment and services and to evaluate the performance of our staff and business associates to perform peer review and quality assessments, accounting, consulting, auditing, licensing, accreditation, investigatory, and other services for the Practice.
  • Business Associates: Some of our activities are provided on our behalf through contracts with business associates. Examples of when we may use a business associate include electronic medical records companies, management services organization, cloud-hosting vendors, coding and claims submission performed by a third party billing company, consulting and quality assurance activities provided by an outside consultant, billing and coding audits performed by an outside auditor, and other legal, administrative and consulting which may arise from time to time. When we enter into contracts to obtain these services, we may need to disclose your PHI to our business associate so that the associate may perform the job which we have requested. To protect your PHI, however, our business associate is required to appropriately safeguard your information to the same extent we are.
  • For Research: We may disclose your PHI for the purpose of research. We will only disclose your PHI for research purposes upon your express authorization or if the research protocol has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI.
  • As Required By Law: We must disclose your PHI when required to do so by federal, state, or local law. For example, by court order or federal, state or local departments of health may require disclosure of PHI for purposes of reporting abuse, neglect, domestic violence or human trafficking.
  • To Avert a Serious Threat to Health or Safety: We may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
  • Military and Veterans: If you are a member of the armed forces or separated/discharged from military services, we may release your PHI as required by military command authorities or the Department of Veterans Affairs as may be applicable. We may also release health information about foreign military personnel to the appropriate foreign military authorities.
  • Workers’ Compensation: We may release your PHI as authorized by, and in compliance with, laws related to workers’ compensation and similar programs established by law that provide benefits for work-related illnesses and injuries without regard to fault.
  • Public Health Activities: We may disclose your PHI for public health activities. These activities generally include the following:
    • to prevent or control disease, injury, or disability;
    • to report births and deaths;
    • to report child abuse or neglect;
    • to report reactions to medications or problems with products;
    • to notify people of recalls of products they may be using;
    • to notify person or organization required to receive information on FDA-regulated products; and
    • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition.
  • Health Oversight Activities: We may disclose your PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
  • Lawsuits and Disputes: If you are involved in a lawsuit or a dispute, we must disclose your PHI in response to a court or administrative order. We may also be required to disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
  • Law Enforcement: We must disclose your PHI to law enforcement officials for law enforcement purposes including the following:
    • in reporting certain injuries, as required by law, gunshot wounds, burns, injuries to perpetrators of crime;
    • in response to a court order, subpoena, warrant, summons or similar process;
    • to identify or locate a suspect, fugitive, material witness, or missing person;
    • about the victim of a crime, if the victim agrees to disclose or under certain limited circumstances, we are unable to obtain the person’s agreement;
    • about a death we believe may be the result of criminal conduct;
    • about criminal conduct at our facility; and
    • in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description, or location of the person who committed the crime.
  • Organ and Tissue Donation: We may disclose your PHI to organizations involved in the procurement, banking, or transplantation of cadaveric organs, eyes or tissue, for the purpose of facilitating organ and tissue donation where applicable.
  • Abuse, Neglect and Domestic Violence: We must disclose your PHI to an appropriate governmental authority if we reasonably believe that you may be a victim of abuse, neglect, or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
  • Coroners, Health Examiners and Funeral Directors: We may disclose your PHI to a coroner or health examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose your PHI to funeral directors as necessary to carry out their duties.
  • National Security and Intelligence Activities: We may disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law, or for the purpose of providing protective services to the President or foreign heads of state.
  • Inmates: If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your PHI to the correctional institution or law enforcement official. This release would be necessary (a) for the institution to provide you with health care; (b) to protect your health and safety or the health and safety of others; or (c) for the safety and security of the correctional institution.
EXAMPLES OF OTHER PERMISSIBLE OR REQUIRED DISCLOSURES OF YOUR PROTECTED HEALTH INFORMATION WITHOUT YOUR AUTHORIZATION:
  • Appointment Reminders: We may use PHI that you provided us to remind you of your upcoming appointments, annual reminders of vision checkup, and other communications related to your vision care.
  • Notification: We may use or disclose your PHI to notify or assist in notifying a family member, personal representative, close personal friend, or other person responsible for your care of your location and general condition. We will not disclose your PHI to your family members, personal representative, or close personal friends as described in this paragraph if you object to such disclosure. Please notify our Privacy Officer if you object to such disclosures.
  • Communication with Family Members: Sometimes a family member or other person involved in your care will be present when we are discussing your PHI with you. If you object, please tell us and we won’t discuss your PHI while that person is present. There may be times when it is necessary to disclose your PHI to a family member or others involved in your care because there is an emergency or you lack the decision making capacity to agree or object. In those instances, we will use our professional judgement to determine if it’s in your best interest to disclose your PHI. If so, we will limit the disclosure to the PHI that is directly relevant to the person’s involvement with your health care. For example, we may disclose your potential exposure to an infectious disease that warrants immediate attention.
  • Unlawful Conduct: Federal law allows for the release of your PHI to appropriate health oversight agencies, public health authorities or attorneys, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.
WE MAY NOT USE OR DISCLOSE YOUR PROTECTED HEALTH INFORMATION FOR THE FOLLOWING PURPOSES WITHOUT YOUR AUTHORIZATION:
We will obtain your written permission through an authorization for other uses and disclosures of your PHI not covered by this Notice. If you provide us with written authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time.
Below are some specific situations:
  • Marketing Communications: We must obtain an authorization for any use or disclosure of your PHI for any marketing communications to you about a product or service that encourages you to use or purchase the product or service unless the communication is either (a) a face-to-face communication or; (b) a promotional gift of nominal value. However, we do not need to obtain an authorization from you to provide appointment reminders, prescription expiration reminders, follow-up care, information regarding your course of treatment, case management or care coordination, to describe health-related products or services that we provide, or to contact you in regard to treatment alternatives. We must notify you if the marketing involves financial remuneration.
  • Use of Photographs, Videos or Testimonials: We must obtain authorization from you to use photographs, videos or testimonials that contain PHI except for the purposes identified above. For example, if you agree, we may post your photo on our webpage, Facebook or other social media site.
  • Sale of PHI: We must obtain an authorization for any disclosure of your PHI which constitutes a sale of such PHI.
Note: Genetic information, information about sexually transmitted infections, alcohol and/or substance abuse records, mental health records, and other sensitive health information may have additional confidentiality protections under state and federal law. Any disclosures of these types of PHI will be subject to those additional protections as applicable.
YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION:
You have the following rights with respect to your PHI:
  • Right to Inspect and Copy: Generally, you have the right to inspect and/or receive a copy all or any part of your medical or health record. You may request and receive an electronic copy of your PHI if we maintain your PHI in an electronic health record.
    To inspect and copy your PHI, you must submit your request in writing to our Privacy Officer at the address listed at the beginning of this notice. A form for requesting a copy of your PHI will be provided by the Practice. If you live in New York, we shall comply with your request to inspect your records within 10 working days after receipt of the written request. Copies of medical records will be delivered within 30 days after receipt of the written request. We may charge a reasonable cost-based fee for paper copies and delivery.
    We may deny your request under certain limited circumstances.
  • Right to Amend: You have the right to request that we amend your PHI or a medical or health record about you if you feel that health information we have about you is incorrect or incomplete. To request an amendment, your request must be made in writing, submitted to our Privacy Officer at the address listed on the first page of this notice, and must provide a reason that supports your request for an amendment. We may deny your request under certain limited circumstances.
  • Right to an Accounting of Disclosures: You have the right to request a list accounting for any disclosures of your PHI we have made, except for disclosures made for the purpose of treatment, payment, health care operations and certain other purposes. If you request an accounting of disclosures of your PHI, the accounting may include disclosures made for the purpose of treatment, payment and health care operations to the extent that disclosures are made through an electronic health record.
    To request an accounting of disclosures, you must submit your request in writing to our Privacy Officer at the address listed on the first page of this notice. Your request must state a time period which may not be longer than 6 years. The first list you request within a 12 month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
  • Right to Request Restrictions: You have the right to request a restriction or limitation on the use and disclosure of your PHI, for example, disclosure of your PHI to someone who is involved in your care, such as a family member or friend.
    If you pay for a service entirely out-of-pocket, you may request that information regarding the service be withheld and not provided to a third party payor for purposes of payment or health care operations. We are obligated by law to abide by such restriction.
    To request a restriction on the use and disclosure of your PHI, you must make your request in writing to our Privacy Officer at the address listed on the first page of this notice. In your request, you must tell us what information you want to limit and to whom you want the limitations to apply. We will notify you of our decision regarding the requested restriction. If we do agree to your requested restriction, we will comply with your request unless the information is needed to provide you emergency treatment.
  • Right to Receive Confidential Communications: You have the right to request that we communicate with you about your PHI in a certain way or have such communications addressed to a certain location. For example, you can ask that we only contact you at work or by mail to a post office box.
    To request confidential communications, you must make your request in writing to our Privacy Officer at the address listed on the first page of this notice. Your request must specify how or where you wish to be contacted.
  • Right to a Paper Copy of this Notice: You have the right to obtain a paper copy of this notice at any time upon request. At the time of first service rendered, we are required to provide you with a paper copy of this notice. To obtain a copy of this notice at any other time, please request it from our Privacy Officer at the address listed on the first page of this notice.
  • Right to Revoke Authorization: If you execute any authorization(s) for the use and disclosure of your PHI, you have the right to revoke such authorization(s), except to the extent that action has already been taken in reliance on such authorization.
STATE LAWS
We may ask you for consent to share certain medical information to the extent required by either New York or New Jersey law and, if so, this consent allows us to be certain that we can share your medical information for all of the reasons explained in this notice. For example, we may ask for your consent to share your information for payment purposes.
BREACH NOTIFICATION:
In the event of a Breach of your PHI, you will receive notice of the Breach at your last known mailing address, on our website and/or by publication, as required by law.
CHANGES TO THIS NOTICE:
We reserve the right to change our privacy practices and any terms of this notice. If our privacy practices materially change, we will revise this notice and make copies of the revised notice available upon request. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any PHI we receive in the future.
TO MAKE A COMPLAINT:
If you believe your privacy rights have been violated, you may file a complaint with us by email to info@theeyehealthgroup.com. All complaints must be submitted in writing. You may submit a complaint to the Secretary of the United States Department of Health and Human Services here or https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf. There will be no retaliation against you for filing a complaint.