Privacy Policy

Notice of Privacy Practices of The Plastic Surgery Group

You can download a PDF of our HIPAA policy here.

  1. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
  2. WE HAVE A LEGAL DUTY TO SAFEGUARD YOUR PROTECTED HEALTH INFORMATION (PHI). Pursuant to the Privacy Rules established by the Health Insurance Portability and Accountability Act of 1996, we are legally required to protect the privacy of your health information. We call this information “protected health information,” or “PHI” for short. It includes information that can be used to identify you and that we’ve created or received about your past, present, or future health condition, the provision of health care to you, or the payment for this health care. We are required to provide you with this notice about our privacy practices. It explains how, when, and why we use and disclose your PHI. With some exceptions, we may not use or disclose any more of your PHI than is necessary to accomplish the purpose of the use or disclosure. We are legally required to follow the privacy practices that are described in this notice. We reserve the right to change the terms of this notice and our privacy policies at any time. Any changes will apply to the PHI we already have. Whenever we make an important change to our policies, we will promptly change this notice and post a new notice in the main reception area. You can also request a copy of this notice from the contact person listed in Section VI below at any time and can view a copy of this notice on our Web site at http://www.plasticsurgerygroupnewjersey.com.
  3. HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION. We use and disclose health information for many different reasons. For some of these uses and disclosures, we need your specific authorization. Below, we describe the different categories of uses and disclosures.
    1. Uses and Disclosures Which Do Not Require Your Authorization. We may use and disclose your PHI without your authorization for the following reasons:
      1. For treatment. We may disclose your PHI to hospitals, physicians, nurses, and other health care personnel in order to provide, coordinate or manage your health care or any related services, except where the PHI is related to HIV/AIDS, genetic testing, or federally-funded drug or alcohol abuse treatment facilities, or where otherwise prohibited pursuant to State or Federal law. For example, if you’re being treated for a knee injury, we may disclose your PHI to an x-ray technician in order to coordinate your care.
      2. To obtain payment for treatment. We may use and disclose your PHI in order to bill and collect payment for the treatment and services provided to you. For example, we may provide portions of your PHI to our billing staff and your health plan to get paid for the health care services we provided to you. We may also disclose patient information to another provider involved in your care for the other provider’s payment activities.
      3. For health care operations. We may disclose your PHI, as necessary, to operate this organization. For example, we may use your PHI in order to evaluate the quality of health care services that you received or to evaluate the performance of the health care professionals who provided health care services to you. We may also provide your PHI to our accountants, attorneys, consultants, and others in order to make sure we’re complying with the laws that affect us.
      4. When a disclosure is required by federal, state or local law, judicial or administrative proceedings, or law enforcement. For example, we may disclose PHI when a law requires that we report information to government agencies and law enforcement personnel about victims of abuse, neglect, or domestic violence; when dealing with gunshot or other wounds; for the purpose of identifying or locating a suspect, fugitive, material witness or missing person; or when subpoenaed or ordered in a judicial or administrative proceeding.
      5. For public health activities. For example, we may disclose PHI to report information about births, deaths, various diseases, adverse events and product defects to government officials in charge of collecting that information; to prevent, control, or report disease, injury or disability as permitted by law; to conduct public health surveillance, investigations and interventions as permitted or required by law; or to notify a person who has been exposed to a communicable disease or who may be at risk of contracting or spreading a disease as authorized by law.
      6. For health oversight activities. For example, we may disclose PHI to assist the government or other health oversight agency with activities including audits; civil, administrative, or criminal investigations, proceedings or actions; or other activities necessary for appropriate oversight as authorized by law.
      7. To coroners, funeral directors, and for organ donation. We may disclose PHI to organ procurement organizations to assist them in organ, eye, or tissue donations and transplants. We may also provide coroners, medical examiners, and funeral directors necessary PHI relating to an individual’s death.
      8. For research purposes. In certain circumstances, we may provide PHI in order to conduct medical research.
      9. To avoid harm. In order to avoid a serious threat to the health or safety of you, another person, or the public, we may provide PHI to law enforcement personnel or persons able to prevent or lessen such harm.
      10. For specific government functions. We may disclose PHI of military personnel and veterans in certain situations. We may also disclose PHI for national security and intelligence activities.
      11. For workers’ compensation purposes. We may provide PHI in order to comply with workers’ compensation laws.
      12. Appointment reminders and health-related benefits or services. We may use PHI to provide appointment reminders or give you information about treatment alternatives, or other health care services or benefits we offer. Please let us know if you do not wish to have us contact you for these purposes, or if you would rather we contact you at a different telephone number or address.
    2. Uses and Disclosures Where You to Have the Opportunity to Object: Disclosures to family, friends, or others. We may provide your PHI to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part.
    3. All Other Uses and Disclosures Require Your Prior Written Authorization. Other than as stated herein, we will not disclose your PHI without your written authorization. You can later revoke your authorization in writing except to the extent that we have taken action in reliance upon the authorization.
    4. Authorization for Marketing Communications. We will obtain your written authorization prior to using or disclosing your PHI for marketing purposes. However, we are permitted to provide you with marketing materials in a face-to-face encounter, without obtaining a marketing authorization. We are also permitted to give you a promotional gift of nominal value, if we so choose, without obtaining a marketing authorization. In addition, as long as we are not paid to do so, we may communicate with you about products or services relating to your treatment, case management or care coordination, or alternative treatments, therapies, providers or care settings. We may use or disclose PHI to identify health-related services and products that may be beneficial to your health and then contact you about the services and products.
    5. Sale of PHI. We will disclose your PHI in a manner that constitutes a sale only upon receiving your prior authorization. Sale of PHI does not include a disclosure of PHI for: public health purposes; research; treatment and payment purposes; sale, transfer, merger or consolidation of all or part of our business and for related due diligence activities; the individual; disclosures required by law; any other purpose permitted by and in accordance with HIPAA.
    6. Fundraising Activities. We may use certain information (name, address, telephone number, dates of service, age and gender) to contact you for the purpose of various fundraising activities. If you do not want to receive future fundraising requests, please write to the Privacy Officer at the below address.
    7. Incidental Uses and Disclosures. Incidental uses and disclosures of information may occur. An incidental use or disclosure is a secondary use or disclosure that cannot reasonably be prevented, is limited in nature, and that occurs as a by-product of an otherwise permitted use or disclosure. However, such incidental uses or disclosure are permitted only to the extent that we have applied reasonable safeguards and do not disclose any more of your PHI than is necessary to accomplish the permitted use or disclosure. For example, disclosures about a patient within the office that might be overheard by persons not involved in your care would be permitted. H. Business Associates. We may engage certain persons to perform certain of our functions on our behalf and we may disclose certain health information to these persons. For example, we may share certain PHI with our billing company or computer consultant in order to facilitate our health care operations or payment for services provided in connection with your care. We will require our business associates to enter into an agreement to keep your PHI confidential and to abide by certain terms and conditions.
  4. WHAT RIGHTS YOU HAVE REGARDING YOUR PHI. You have the following rights with respect to your PHI:
    1. The Right to Request Limits on Uses and Disclosures of Your PHI. You have the right to request in writing that we limit how we use and disclose your PHI. You may not limit the uses and disclosures that we are legally required to make. We will consider your request but are not legally required to accept it. Notwithstanding the foregoing, you have the right to ask us to restrict the disclosure of your PHI to your health plan for a service we provide to you where you have directly paid us (out of pocket, in full) for that service, in which case we are required to honor your request. If we accept your request, we will put any limits in writing and abide by them except in emergency situations. Under certain circumstances, we may terminate our agreement to a restriction.
    2. The Right to Choose How We Send PHI to You. You have the right to ask that we send information to you at an alternate address (for example, sending information to your work address rather than your home address) or by alternate means (for example, via e-mail instead of regular mail). We must agree to your request so long as we can easily provide it in the manner you requested. NOTE: IF YOU REQUEST THAT WE SEND YOUR HEALTH INFORMATION TO YOU THROUGH THE USE OF UNENCRYPTED EMAIL SERVICES, YOU RISK SUCH INFORMATION BEING ACCESSED BY AN UNAUTHORIZED THIRD PARTY. WE ARE NOT RESPONSIBLE FOR ANY UNAUTHORIZED ACCESS OR USE OF YOUR HEALTH INFORMATION THAT WE SEND TO YOU THROUGH UNENCRYPTED EMAIL SERVICES.
    3. The Right to See and Get Copies of Your PHI. In most cases, you have the right to look at or get copies of your PHI that we have, but you must make the request in writing. If we don’t have your PHI but we know who does, we will tell you how to get it. We will respond to you within 30 days after receiving your written request. In certain situations, we may deny your request. If we do, we will tell you, in writing, our reasons for the denial and explain your right to have the denial reviewed.

      If you request a copy of your information, we will charge you $1 per page or other reasonable fees for the costs of copying, mailing or other costs incurred by us in complying with your request. Instead of providing the PHI you requested, we may provide you with a summary or explanation of the PHI as long as you agree to that and to the cost in advance. Note also that, you have the right to access your PHI in an electronic format (to the extent we maintain the information in such a format) and to direct us to send the e-record directly to a third party. We may charge for the labor costs to transfer the information; and charge for the costs of electronic media if you request that we provide you with such media.

      Please note, if you are the parent or legal guardian of a minor, certain portions of the minor’s records may not be accessible to you. For example, records relating to care and treatment to which the minor is permitted to consent himself/herself (without your consent) may be restricted unless the minor patient provides an authorization for such disclosure.

    4. The Right to Get a List of the Disclosures We Have Made. You have the right to get a list of instances in which we have disclosed your PHI. The list will not include uses or disclosures made for purposes of treatment, payment, or health care operations, those made pursuant to your written authorization, or those made directly to you or your family. The list also won’t include uses and disclosures made for national security purposes, to corrections or law enforcement personnel, or prior to April 14, 2003.

      We will respond within 60 days of receiving your written request. The list we will give you will include disclosures made in the last six years unless you request a shorter time. The list will include the date of the disclosure, to whom PHI was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. We will provide one (1) list during any 12-month period without charge, but if you make more than one request in the same year, we will charge you $10 for each additional request.

      To the extent that we maintain your PHI in electronic format, we will account all disclosures including those made for treatment, payment and health care operations. Should you request such an accounting of your electronic PHI, the list will include the disclosures made in the last three years.

    5. The Right to Receive Notice of a Breach of Unsecured PHI. You have the right to receive notification of a “breach” of your unsecured PHI.
    6. The Right to Correct or Update Your PHI. If you believe that there is a mistake in your PHI or that a piece of important information is missing, you have the right to request, in writing, that we correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. We will respond within 60 days of receiving your request in writing. We may deny your request if the PHI is (i) correct and complete, (ii) not created by us, (iii) not allowed to be disclosed, or (iv) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial. If you don’t file one, you have the right to have your request and our denial attached to all future disclosures of your PHI. If we approve your request, we will make the change to your PHI, tell you that we have done it, and tell others that need to know about the change to your PHI.
    7. The Right to Get This Notice by E-Mail. You have the right to get a copy of this notice by e-mail. Even if you have agreed to receive notice via e-mail, you also have the right to request a paper copy of this notice.
  5. HOW TO COMPLAIN ABOUT OUR PRIVACY PRACTICES. If you think that we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI, you may file a complaint with the person listed in Section VI below. You also may send a written complaint to the Secretary of the Department of Health and Human Services at 200 Independence Ave., S.W.; Room 615F; Washington, DC 20201. We will take no retaliatory action against you if you file a complaint about our privacy practices.
  6. PERSON TO CONTACT FOR INFORMATION ABOUT THIS NOTICE OR TO COMPLAIN ABOUT OUR PRIVACY PRACTICES: If you have any questions about this notice or any complaints about our privacy practices, please contact our HIPAA Privacy Officer Rich Salvia at 973-233-1933 or rsalvia@psg1.com Written correspondence to the Privacy Officer should be sent to 37 North Fullerton Ave. Montclair, NJ 07042.
  7. EFFECTIVE DATE OF THIS NOTICE- September 23, 2013
    REVISED October 15, 2014
    REVISED August 8, 2015