Locally owned. Locally loved.
Home IconFind Your Store
HIPAA Notice of Privacy Practice
HIPAA COMPLIANCE POLICIES AND PROCEDURES MANUAL Botica Del Sol 2331 Cesar E. Chavez Ave. Los Angeles, CA 90033 Phone: 323- 260-7531 Fax: 323-261-6782 Privacy Officer: Cyndie Lee Important Disclaimer This manual is not intended as legal advice. This information provided is to serve as sample ?Policies and Procedures Manual? for pharmacies to help in their compliance with HIPAA privacy rules. You may modify and or all of the included policies as they may relate to your unique pharmacy. The HIPAA privacy rules are complicated, subject to change and can be affected or superceded by state law. If you have any questions regarding HIPAA, contact an experienced privacy attorney to discuss legal advice regarding implementation of HIPAA requirements. NOTICE OF PRIVACY PRACTICES POLICY: It is the Pharmacy?s policy to provide patients with a HIPAA Notice of Privacy of Practices (?Notice?) upon their first receipt of items or services through the Pharmacy. In addition, the Pharmacy will post the Notice in a conspicuous location and will make the Notice available to all patients upon request. PURPOSE: The purpose of this policy is to explain: (I) the patient?s right to a Notice, (2) the relevant procedures the Pharmacy must follow when providing its Notice to patients and (3) the requirements for documentation of and revisions to the Pharmacy?s Notice. I. RIGHT TO A NOTICE OF PRIVACY PRACTICES A. Patient?s right to notice. Patients have the right to adequate notice of: 1. The uses and disclosures of PHI that the Pharmacy may make; 2. The patient?s rights with respect to PHI; and 3. The Pharmacy?s legal obligations regarding PHI. B. Basic notice requirements. This Notice must be written in plain language and contain specified elements. If a use or disclosure is prohibited by state law, the Notice?s description of such use or disclosure must reflect the more stringent state law. II. PROVISIONS OF THIS NOTICE TO PATIENTS A. General rules. The Pharmacy must follow these rules for providing a paper copy of the Notice to patients and the public in general. 1. The Pharmacy must make the Notice available upon request to any person, even if they are not current Pharmacy patients. 2. The Pharmacy must provide the Notice to the patient no later than the date that the Pharmacy first provides service to that patient, including service delivered electronically. In emergency treatment situations, the Notice will be provided as soon after the emergency as is reasonably practicable. The Pharmacy may send the Notice to all of its patients at once, give the notice to each patient as he or she comes into the Pharmacy or contracts the Pharmacy electronically, or by any combination of these approaches. 3. The Pharmacy must have the Notice available at the store for individuals to request to take with them. 4. The Pharmacy must post the Notice in a clear and prominent location in the store where patients will be able to read it. B. Electronic notice. The Pharmacy may be required to provide its Notice electronically under certain circumstances. 1. If the Pharmacy maintains a web site that provides information about the Pharmacy?s services or benefits, it must prominently post its Notice on the web site and make the Notice available electronically through the web site. 2. The Pharmacy may provide the Notice to an individual by e-mail, if the individual agrees to receive materials from the Pharmacy electronically and the individual had not withdrawn his or her agreement. If the Pharmacy knows that the e-mail transmission failed, the Pharmacy must provide a paper copy of the Notice to the individual. 3. If the first delivery of service to an individual is delivered electronically, the Pharmacy must provide electronic notice automatically and contemporaneously with the individual?s first request for service. For example, the first time a patient requests a prescription refill via the Internet, the Pharmacy must automatically and contemporaneously provide the patient with the Pharmacy?s Notice. 4. If an individual receives an electronic notice from the Pharmacy, he or she still has the right to obtain a paper copy of the Notice from the Pharmacy upon request. III. REVISIONS TO THE NOTICE A. The right to change this Notice. If the Pharmacy wishes to reserve the right to change its privacy practices and apply the revisions to PHI previously created or retained, it must make a statement to that effect in the Notice. If the Pharmacy does not make this statement, it may still change its privacy practices, but it can apply those revised practices only to PHI that it creates or obtains in the future, after the effective date of the change. B. Making material changes to the Notice. The Pharmacy must promptly revise and distribute its Notice whenever there is a material change to the uses or disclosures of PHI, the individuals? rights, the Pharmacy?s legal obligations, or other privacy practices state in the Notice. 1. Whenever the Notice is revised, the Pharmacy must make the Notice available upon request on or after the effective date of the revision, promptly make the Notice available at the store location, and post the revised Notice in a clear and prominent location in the store. 2. After giving a patient a copy of the Notice upon his or her first visit or delivery of service, the Pharmacy is not required to further distribute the Notice to the patient. Even if the Pharmacy revises the Notice, it is not required to distribute the Notice to all current and former patients. The Pharmacy only has to make the Notice available upon request and post the information in the store. C. Implementation of revised privacy practices. In general, the Pharmacy may not implement a material change to any term of the Notice before the effective date of this Notice that reflect material change to any term of the Notice before the effective date of the Notice that reflects the material change. This means that the Pharmacy must revise its Notice accordingly and make it available to patients before it may implement any new or different privacy practices. IV. DOCUMENT RETENTION REQUIREMENTS The Pharmacy must retain a copy of each Notice it issues for a period of six years from the date that the Notice was last in effect. AUTHORIZATION FOR USE OR DISCLOSURE OF PHI POLICY: The Pharmacy will obtain a valid, signed authorization from a patient prior to using or disclosing the patient?s PHI for purposes not otherwise permitted by a verbal agreement or the rules that allow uses or disclosures without the patient?s permission. PURPOSE: The purpose of this policy is to explain: (1) when a written patient authorization is required, and (2) the relevant procedures the Pharmacy must follow when using or disclosing PHI pursuant to a valid authorization. I. WHEN AN AUTHORIZATION IS REQUESTED A. An authorization is required before the Pharmacy uses or discloses PHI for ?non-routine? purposes beyond treatment, payment and health care operations, such as sales of PHI and certain marketing activities. B. Among the uses and disclosures for which an authorization is not required are uses and disclosures 1. For treatment, payment, and health care operations 2. For involvement in the patient?s care and notification purposes 3. Required by law 4. For public health activities 5. About victims of abuse, neglect, or domestic violence 6. For health oversight activities 7. For judicial and administrative proceedings 8. For law enforcement purposes 9. About decedents 10. For research purposes where a waiver has been obtained 11. To avert a serious threat to health or safety 12. For specialized government functions 13. For workers? compensation 14. To the patient 15. To the Department of Health and Human Services for enforcement of the privacy rules 16. For marketing communications that are made face-to-face or that involve promotional products of nominal value. II. CONTENT REQUIREMENTS A. Plain language. All authorizations must be written in ?plain language?. This means that the Pharmacy must make a reasonable effort to: 1. Organize material to serve the needs of the reader. 2. Write short sentences in the active voice using ?you? and other pronouns 3. Use common, everyday words in sentences 4. Divide material into short sections B. Core elements. All authorizations must contain the following core elements: 1. A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion. 2. The name or other specific identification of the person(s) or class of persons authorized to make the requested use or disclosure. 3. The name of other specific identification of the person(s) or class of persons to whom the Pharmacy will disclose the information. 4. A description of each purpose of the requested use or disclosure with enough information to allow patients to make informed decisions about whether to release the information. Broad or blanket authorizations requesting the use or disclosure of PHI for a wide range of unspecified purposes are prohibited, but if the patient is initiating the authorization the purpose may be described as ?at the request of the individual?. 5. An expiration date or an expiration event that relates to the patient or the purpose of the use or disclosure. The authorization may expire on a specific date, a specific time period (e.g., 3 years from the date of the signature), or an event directly relevant to the patient or the purpose of the use or disclosure (e.g., for the duration of the patient?s participation in a drug study). Authorizations may not have an indeterminate expiration date. 6. Signature or the patient and the date. 7. If the authorization is signed by a personal representative of the patient, a description of the representative?s authority to act for the patient. C. Required notifications. In addition to the core, authorizations must contain all of the following notifications: 1. A statement that the patient has the right to revoke the authorization in writing and either a discussion of the exceptions to the right to revoke, together with a description of how the patient make revoke the authorization, or, to the extent that this information is included in the Notice of Privacy Practices, a reference to the Notice 2. For most authorizations, a statement that the Pharmacy will not condition treatment, payment, enrollment, or eligibility on the patient?s providing authorization for the requested uses or disclosures. 3. A statement that information used or disclosed pursuant to the authorization may be subject to re-disclosure by the recipient and no longer be protected by the Privacy Regulations. D. Authorization for marketing. If the authorization is for marketing purpose, and the marketing involves any direct or indirect remuneration to the Pharmacy from a third party, the authorization must state this fact. E. Copy to the patient. The pharmacy must give the patient a copy of the signed authorization. F. Non-required elements. Valid authorizations may also contain non-required elements, so long as those additional elements are not inconsistent with the required elements. G. Defective authorizations. An authorization is not valid if it has any of the following defects 1. The expiration date has passed or the expiration event is known by the Pharmacy to have occurred. 2. The required elements of the authorization has not been filled out completely. 3. The authorization is known by the Pharmacy to have been revoked. 4. The authorization lacks a required element. 5. The authorization violates the rule on compound authorizations (see Section II. H. below) 6. Any material information in the authorization is known by the Pharmacy to be false. H. Combining Documents. An authorization for use or disclosure of PHI may not be combined with any other types of documents (e.g., The notice of privacy practices) to create a compound authorization. However, multiple authorizations for the use or disclosure of PHI may be combined, so long as the Pharmacy has not conditioned the provision of treatment or payment on obtaining the authorization. III. REVOCATION OF AUTHORIZATIONS A. A patient may revoke an authorization at any time by means of written revocation, except to the extent that the Pharmacy has taken action in reliance upon authorization. B. When a patient revokes an authorization, the Pharmacy must stop making uses and disclosures pursuant to the authorization to the greatest extent practical. IV. RECORD RETENTION REQUIREMENTS The Pharmacy must document and retain signed authorizations for six years after the date they were last in effect. GENERAL USE AND DISCLOSURE POLICY: The Pharmacy will use and disclose PHI only as specifically permitted or required by the privacy rules in accordance with the Pharmacy?s privacy policies and procedures. PURPOSE: The purpose of this policy is to explain the basic standards that must be met when using and disclosing PHI. I. INTRODUCTION A. Basic rule for use and disclosure of PHI. The Pharmacy may not use or disclose PHI unless permitted or required by the privacy rules. B. Permitted uses and disclosures. Some of the permitted uses and disclosures of PHI are: 1. To the patient; 2. To carry out treatment, payment, or health care operations; 3. In compliance with a valid authorization; 4. Pursuant to a verbal agreement from a patient that permits disclosure to a caregiver; and 5. For certain ?national priority? purposes such as disclosures required by law. C. Incidental uses and disclosures. Incidental uses and disclosures that occur as a byproduct of a use or disclosure otherwise permitted under the privacy rules are explicitly permitted, so long as the Pharmacy has applied reasonable safeguards and implemented the minimum necessary standard, where applicable D. Required disclosures. The privacy rules require the Pharmacy to disclose PHI in only two instances: 1. When the patient requests access to information about himself or herself; and 2. When HHS requests information to investigate or determine the Pharmacy?s compliance with the rules II. MINIMUM NECESSARY A. When using or disclosing PHI, and when requesting PHI from another entity, the Pharmacy must make reasonable efforts to use, disclose, or request the minimum amount of PHI reasonable necessary to accomplish the intended purpose of the use, disclosure, or request. B. Exceptions. Among the uses, disclosures, and requests to which the minimum necessary standard does not apply are: 1. Uses and disclosures for treatment purposes; 2. Disclosures to the patient who is the subject of the information; 3. Most uses or disclosures made pursuant to an authorization; 4. Uses or disclosures made in mandatory or situational fields of a HIPAA transactions standard; 5. Disclosures to HHS when required by HHS for compliance and enforcement purposes; and 6. Uses or disclosures that are required by other law. C. Required policies and procedures for uses of PHI. The Pharmacy must develop and implement policies that limit the use of PHI to the minimum PHI reasonable necessary to accomplish the intended purpose of the use or disclosure. 1. The policies and procedures for use of PHI must identify: a. The persons or classes of persons in the Pharmacy who need access to PHI to carry out their duties; b. The categories of PHI that each person or class of persons needs; and c. Any conditions necessary for such access. 2. The Pharmacy must have policies and procedures that limit access to only the identified persons and to only the identifiable PHI. These policies and procedures should be based on reasonable determinations about the persons or classes of persons who require PHI, and the nature of the PHI they require, for their particular job responsibilities. D. Required policies and procedures for disclosures of PHI. The Pharmacy also is required to develop certain policies and procedures of PHI. The regulatory requirements differ depending on whether the disclosure is a routine or non-routine disclosure. 1. For any type of disclosure that is made on a routine, recurring basis, the Pharmacy must develop and implement policies and procedures (which may be standard protocols) that permit only the disclosure on the minimum amount of PHI that is reasonably necessary to achieve the purpose of the disclosure. The policies and procedures identify the: a. Types of PHI to be disclosed; b. Types of persons who may receive the PHI; and c. Conditions necessary for such access. 2. For non-routine disclosures, the Pharmacy must develop reasonable criteria for determining and limiting disclosure to only the minimum amount of PHI necessary to accomplish the purpose of the disclosure. a. Among the factors that may be considered in making such a determination are: i. How much PHI will be disclosed? ii. To what extent would the disclosure increase the number of persons with access to the PHI? iii. What is the likelihood of further disclosures? iv. How important is the disclosure? v. Can substantially the same purpose be achieved using de-identified information? vi. Is there technology available to limit the amount of PHI disclosed? vii. What is the cost, financial or otherwise, or limiting the disclosure? b. The Pharmacy must also develop and implement procedures for reviewing non-routine requests for disclosures on an individual basis on accordance with established criteria. E. Requests for PHI. The minimum necessary standard applies to situations where the Pharmacy is requesting an individual?s PHI from another entity 1. For requests to other entities made on a routine and recurring basis, the Pharmacy must establish standard protocols describing what information is reasonably necessary for the purposes for which it is requested, and limit its requests to only that information. 2. For non-routine requests, the Pharmacy must develop policies and procedures that provide for review of the requests on an individualized basis. F. Reasonable reliance on requested disclosures. The pharmacy must rely, if reasonable under the circumstances, on statements by public officials of other covered entities or their business associates that they are requesting the minimum PHI necessary to achieve the stated purpose of the request. The Pharmacy may also reasonably rely on the statements of its own business associates or professionals within its workforce (such as pharmacists, attorneys, or accountants) that the information requested to provide professional services to the Pharmacy is the minimum necessary for such purposes. III. DE-IDENTIFICATION A. Basic Standard. Health Information is considered de-identified (i.e. not individually identifiable) under the rules if it does not identify a patient and the Pharmacy has no reasonable basis to believe it can be used to identify a patient. De-identified information is not PHI and therefore the requirements of the rules do not apply to such information. B. De-Identifying information. The Pharmacy may de-identify information in two ways: 1. If a person with appropriate knowledge and experience applying generally accepted statistical and scientific principles and methods for rendering information not individually identifiable makes a determination, and documents the analysis, that the risk is very small that the information could be used, either by itself or in combination with other available information, by anticipated recipients to identify a subject of the information; or 2. If the pharmacy removes a list of specified identifying information about the individual or his or her relatives, employers, or household members, and the Pharmacy has no actual knowledge that the information could be used alone or in combination to identify a subject of the information. C. Use of PHI to create-de-identified information. The Pharmacy may use PHI to create de-identified information, or may disclose PHI to a business associate for such purpose, whether or not the de-identified information will be used by the Pharmacy. D. Re-identification. If de-identified information is re-identified as some point by the Pharmacy, it becomes subject to the rules again and may only be used or disclosed in compliance with the regulations and the Pharmacy?s privacy policies. IV. DISCLOSURES TO FRIENDS AND RELATIVES A. Basic rule. The Pharmacy may disclose to a person involved in the current health care of the patient (such as a relative, close personal friend, or any other person identified by the patient) PHI directly related to the person?s involvement in the current health care of the patient or payment for the patient?s health care. Examples of persons who might be involved in the patient?s care include, but are not limited to: 1. Blood relatives; 2. Spouses; 3. Roommates; 4. Girlfriends and boyfriends; 5. Domestic partners; and 6. Neighbors. B. Disclosures of PHI when the patient is present. When the patient is present and has the capacity to make his or her own decisions, the Pharmacy may disclose PHI to the third party only if the Pharmacy: 1. Obtains the patient?s agreement to disclose to the third party involved in his or her care; 2. Provides the patient with an opportunity to object to such disclosure and the patient does not express an objections; or 3. Reasonably infers from the circumstances, based on the exercise of professional judgment, that the patient does not object to the disclosure C. Disclosures of PHI when the patient is not present. When a patient is not present (e.g. when a friend of the patient seeks to pick up the patient?s prescription at the Pharmacy) or when the Pharmacy cannot practically give the patient an opportunity to agree or object to the use or disclosure (e.g. because of the patient?s incapacity or an emergency circumstance), the pharmacist may, in the exercise of professional judgment, determine whether the disclosure is in the patient?s best interests and if so, disclose only the PHI that is directly relevant to the person?s involvement with the patient?s health care. For instance, this allows the pharmacist to disclose instructions for taking a particular prescription to an elderly patient?s caregiver. The pharmacist must follow these guidelines when deciding whether to disclose PHI when the patient is not present: 1. Only disclosure PHI that is directly related to the patient?s current condition. 2. Consider the patient?s best interests and construe this opportunity narrowly, allowing disclosures only to those persons with close relationships with the patient, such as family members. 3. Take into account whether the disclosure is likely to put the patient at risk of serious harm. 4. Pharmacy employees are not required to verify the identity of relatives or other persons involved in the patient?s care. When a patient brings a person to the Pharmacy counter with him or her to pick up a prescription, this is sufficient verification of the person?s identity. 5. A patient?s agreement to disclosure of PHI in one situation or on one occasion does not mean that the patient is agreeing to disclosures of PHI indefinitely in the future. Use professional judgment to determine the scope of the person?s involvement in the patient?s care and the time period during which the patient agrees to the other person?s involvement. V. ORAL COMMUNICATIONS A. Applicability of privacy standards. The rules apply to PHI in all forms- electronic, written, oral, and any other form. B. Use of PHI in oral communications. Employees may orally coordinate Pharmacy services. Employees may discuss a patient?s PHI over the telephone with the patient, a physician, or a family member. C. Documentation of oral communications. The Pharmacy is not required to document any information, including oral information, that is used or disclosed for treatment, payment, or health care operations. However, where the rules or the Pharmacy?s privacy policies require documentation of other types of disclosures, oral communications are included in this requirement. For example, oral disclosures of PHI for purposes other than treatment, payment, or health care operations must be documented in order to provide the patient with a complete accounting of disclosures. D. The Pharmacy?s duty to safeguard PHI. The Pharmacy must reasonably safeguard PHI, including oral information, from any intentional or unintentional use or disclosures that are in violation of the rules of the Pharmacy?s privacy policies. This means that the Pharmacy A. must make reasonable effort to prevent improper use and disclosures of PHI. Measures that the Pharmacy may implement to protect patients? privacy include: 1. Creating a private area, such as a small separate room, cubicle, or screened off or divided area, where the Pharmacist can counsel patients regarding treatment of their medical conditions. 2. Speaking quietly or asking that waiting patients stand a few feet back from the counter when Pharmacy employees are consulting with patients from behind the Pharmacy counter.

About Us

Welcome to Botica Del Sol. As your local Good Neighbor Pharmacy, we offer quality products at affordable prices, while providing the personalized attention and customer service you expect from a local business. As your neighbors, we live, work and play in the same community as you and your family. We’re the local business owners you see in the neighborhood, at the school play, and volunteering at the local charity. We believe it is our responsibility to take care of our community and our neighbors, and it’s one we take very seriously. We thrive on the opportunity to serve you and your family to the best of our abilities because your business and your health are very important to us. Get to know your neighbor – we’re here to help.

    HIPAA Notice of Privacy Practice
    HIPAA COMPLIANCE POLICIES AND PROCEDURES MANUAL Botica Del Sol 2331 Cesar E. Chavez Ave. Los Angeles, CA 90033 Phone: 323- 260-7531 Fax: 323-261-6782 Privacy Officer: Cyndie Lee Important Disclaimer This manual is not intended as legal advice. This information provided is to serve as sample ?Policies and Procedures Manual? for pharmacies to help in their compliance with HIPAA privacy rules. You may modify and or all of the included policies as they may relate to your unique pharmacy. The HIPAA privacy rules are complicated, subject to change and can be affected or superceded by state law. If you have any questions regarding HIPAA, contact an experienced privacy attorney to discuss legal advice regarding implementation of HIPAA requirements. NOTICE OF PRIVACY PRACTICES POLICY: It is the Pharmacy?s policy to provide patients with a HIPAA Notice of Privacy of Practices (?Notice?) upon their first receipt of items or services through the Pharmacy. In addition, the Pharmacy will post the Notice in a conspicuous location and will make the Notice available to all patients upon request. PURPOSE: The purpose of this policy is to explain: (I) the patient?s right to a Notice, (2) the relevant procedures the Pharmacy must follow when providing its Notice to patients and (3) the requirements for documentation of and revisions to the Pharmacy?s Notice. I. RIGHT TO A NOTICE OF PRIVACY PRACTICES A. Patient?s right to notice. Patients have the right to adequate notice of: 1. The uses and disclosures of PHI that the Pharmacy may make; 2. The patient?s rights with respect to PHI; and 3. The Pharmacy?s legal obligations regarding PHI. B. Basic notice requirements. This Notice must be written in plain language and contain specified elements. If a use or disclosure is prohibited by state law, the Notice?s description of such use or disclosure must reflect the more stringent state law. II. PROVISIONS OF THIS NOTICE TO PATIENTS A. General rules. The Pharmacy must follow these rules for providing a paper copy of the Notice to patients and the public in general. 1. The Pharmacy must make the Notice available upon request to any person, even if they are not current Pharmacy patients. 2. The Pharmacy must provide the Notice to the patient no later than the date that the Pharmacy first provides service to that patient, including service delivered electronically. In emergency treatment situations, the Notice will be provided as soon after the emergency as is reasonably practicable. The Pharmacy may send the Notice to all of its patients at once, give the notice to each patient as he or she comes into the Pharmacy or contracts the Pharmacy electronically, or by any combination of these approaches. 3. The Pharmacy must have the Notice available at the store for individuals to request to take with them. 4. The Pharmacy must post the Notice in a clear and prominent location in the store where patients will be able to read it. B. Electronic notice. The Pharmacy may be required to provide its Notice electronically under certain circumstances. 1. If the Pharmacy maintains a web site that provides information about the Pharmacy?s services or benefits, it must prominently post its Notice on the web site and make the Notice available electronically through the web site. 2. The Pharmacy may provide the Notice to an individual by e-mail, if the individual agrees to receive materials from the Pharmacy electronically and the individual had not withdrawn his or her agreement. If the Pharmacy knows that the e-mail transmission failed, the Pharmacy must provide a paper copy of the Notice to the individual. 3. If the first delivery of service to an individual is delivered electronically, the Pharmacy must provide electronic notice automatically and contemporaneously with the individual?s first request for service. For example, the first time a patient requests a prescription refill via the Internet, the Pharmacy must automatically and contemporaneously provide the patient with the Pharmacy?s Notice. 4. If an individual receives an electronic notice from the Pharmacy, he or she still has the right to obtain a paper copy of the Notice from the Pharmacy upon request. III. REVISIONS TO THE NOTICE A. The right to change this Notice. If the Pharmacy wishes to reserve the right to change its privacy practices and apply the revisions to PHI previously created or retained, it must make a statement to that effect in the Notice. If the Pharmacy does not make this statement, it may still change its privacy practices, but it can apply those revised practices only to PHI that it creates or obtains in the future, after the effective date of the change. B. Making material changes to the Notice. The Pharmacy must promptly revise and distribute its Notice whenever there is a material change to the uses or disclosures of PHI, the individuals? rights, the Pharmacy?s legal obligations, or other privacy practices state in the Notice. 1. Whenever the Notice is revised, the Pharmacy must make the Notice available upon request on or after the effective date of the revision, promptly make the Notice available at the store location, and post the revised Notice in a clear and prominent location in the store. 2. After giving a patient a copy of the Notice upon his or her first visit or delivery of service, the Pharmacy is not required to further distribute the Notice to the patient. Even if the Pharmacy revises the Notice, it is not required to distribute the Notice to all current and former patients. The Pharmacy only has to make the Notice available upon request and post the information in the store. C. Implementation of revised privacy practices. In general, the Pharmacy may not implement a material change to any term of the Notice before the effective date of this Notice that reflect material change to any term of the Notice before the effective date of the Notice that reflects the material change. This means that the Pharmacy must revise its Notice accordingly and make it available to patients before it may implement any new or different privacy practices. IV. DOCUMENT RETENTION REQUIREMENTS The Pharmacy must retain a copy of each Notice it issues for a period of six years from the date that the Notice was last in effect. AUTHORIZATION FOR USE OR DISCLOSURE OF PHI POLICY: The Pharmacy will obtain a valid, signed authorization from a patient prior to using or disclosing the patient?s PHI for purposes not otherwise permitted by a verbal agreement or the rules that allow uses or disclosures without the patient?s permission. PURPOSE: The purpose of this policy is to explain: (1) when a written patient authorization is required, and (2) the relevant procedures the Pharmacy must follow when using or disclosing PHI pursuant to a valid authorization. I. WHEN AN AUTHORIZATION IS REQUESTED A. An authorization is required before the Pharmacy uses or discloses PHI for ?non-routine? purposes beyond treatment, payment and health care operations, such as sales of PHI and certain marketing activities. B. Among the uses and disclosures for which an authorization is not required are uses and disclosures 1. For treatment, payment, and health care operations 2. For involvement in the patient?s care and notification purposes 3. Required by law 4. For public health activities 5. About victims of abuse, neglect, or domestic violence 6. For health oversight activities 7. For judicial and administrative proceedings 8. For law enforcement purposes 9. About decedents 10. For research purposes where a waiver has been obtained 11. To avert a serious threat to health or safety 12. For specialized government functions 13. For workers? compensation 14. To the patient 15. To the Department of Health and Human Services for enforcement of the privacy rules 16. For marketing communications that are made face-to-face or that involve promotional products of nominal value. II. CONTENT REQUIREMENTS A. Plain language. All authorizations must be written in ?plain language?. This means that the Pharmacy must make a reasonable effort to: 1. Organize material to serve the needs of the reader. 2. Write short sentences in the active voice using ?you? and other pronouns 3. Use common, everyday words in sentences 4. Divide material into short sections B. Core elements. All authorizations must contain the following core elements: 1. A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion. 2. The name or other specific identification of the person(s) or class of persons authorized to make the requested use or disclosure. 3. The name of other specific identification of the person(s) or class of persons to whom the Pharmacy will disclose the information. 4. A description of each purpose of the requested use or disclosure with enough information to allow patients to make informed decisions about whether to release the information. Broad or blanket authorizations requesting the use or disclosure of PHI for a wide range of unspecified purposes are prohibited, but if the patient is initiating the authorization the purpose may be described as ?at the request of the individual?. 5. An expiration date or an expiration event that relates to the patient or the purpose of the use or disclosure. The authorization may expire on a specific date, a specific time period (e.g., 3 years from the date of the signature), or an event directly relevant to the patient or the purpose of the use or disclosure (e.g., for the duration of the patient?s participation in a drug study). Authorizations may not have an indeterminate expiration date. 6. Signature or the patient and the date. 7. If the authorization is signed by a personal representative of the patient, a description of the representative?s authority to act for the patient. C. Required notifications. In addition to the core, authorizations must contain all of the following notifications: 1. A statement that the patient has the right to revoke the authorization in writing and either a discussion of the exceptions to the right to revoke, together with a description of how the patient make revoke the authorization, or, to the extent that this information is included in the Notice of Privacy Practices, a reference to the Notice 2. For most authorizations, a statement that the Pharmacy will not condition treatment, payment, enrollment, or eligibility on the patient?s providing authorization for the requested uses or disclosures. 3. A statement that information used or disclosed pursuant to the authorization may be subject to re-disclosure by the recipient and no longer be protected by the Privacy Regulations. D. Authorization for marketing. If the authorization is for marketing purpose, and the marketing involves any direct or indirect remuneration to the Pharmacy from a third party, the authorization must state this fact. E. Copy to the patient. The pharmacy must give the patient a copy of the signed authorization. F. Non-required elements. Valid authorizations may also contain non-required elements, so long as those additional elements are not inconsistent with the required elements. G. Defective authorizations. An authorization is not valid if it has any of the following defects 1. The expiration date has passed or the expiration event is known by the Pharmacy to have occurred. 2. The required elements of the authorization has not been filled out completely. 3. The authorization is known by the Pharmacy to have been revoked. 4. The authorization lacks a required element. 5. The authorization violates the rule on compound authorizations (see Section II. H. below) 6. Any material information in the authorization is known by the Pharmacy to be false. H. Combining Documents. An authorization for use or disclosure of PHI may not be combined with any other types of documents (e.g., The notice of privacy practices) to create a compound authorization. However, multiple authorizations for the use or disclosure of PHI may be combined, so long as the Pharmacy has not conditioned the provision of treatment or payment on obtaining the authorization. III. REVOCATION OF AUTHORIZATIONS A. A patient may revoke an authorization at any time by means of written revocation, except to the extent that the Pharmacy has taken action in reliance upon authorization. B. When a patient revokes an authorization, the Pharmacy must stop making uses and disclosures pursuant to the authorization to the greatest extent practical. IV. RECORD RETENTION REQUIREMENTS The Pharmacy must document and retain signed authorizations for six years after the date they were last in effect. GENERAL USE AND DISCLOSURE POLICY: The Pharmacy will use and disclose PHI only as specifically permitted or required by the privacy rules in accordance with the Pharmacy?s privacy policies and procedures. PURPOSE: The purpose of this policy is to explain the basic standards that must be met when using and disclosing PHI. I. INTRODUCTION A. Basic rule for use and disclosure of PHI. The Pharmacy may not use or disclose PHI unless permitted or required by the privacy rules. B. Permitted uses and disclosures. Some of the permitted uses and disclosures of PHI are: 1. To the patient; 2. To carry out treatment, payment, or health care operations; 3. In compliance with a valid authorization; 4. Pursuant to a verbal agreement from a patient that permits disclosure to a caregiver; and 5. For certain ?national priority? purposes such as disclosures required by law. C. Incidental uses and disclosures. Incidental uses and disclosures that occur as a byproduct of a use or disclosure otherwise permitted under the privacy rules are explicitly permitted, so long as the Pharmacy has applied reasonable safeguards and implemented the minimum necessary standard, where applicable D. Required disclosures. The privacy rules require the Pharmacy to disclose PHI in only two instances: 1. When the patient requests access to information about himself or herself; and 2. When HHS requests information to investigate or determine the Pharmacy?s compliance with the rules II. MINIMUM NECESSARY A. When using or disclosing PHI, and when requesting PHI from another entity, the Pharmacy must make reasonable efforts to use, disclose, or request the minimum amount of PHI reasonable necessary to accomplish the intended purpose of the use, disclosure, or request. B. Exceptions. Among the uses, disclosures, and requests to which the minimum necessary standard does not apply are: 1. Uses and disclosures for treatment purposes; 2. Disclosures to the patient who is the subject of the information; 3. Most uses or disclosures made pursuant to an authorization; 4. Uses or disclosures made in mandatory or situational fields of a HIPAA transactions standard; 5. Disclosures to HHS when required by HHS for compliance and enforcement purposes; and 6. Uses or disclosures that are required by other law. C. Required policies and procedures for uses of PHI. The Pharmacy must develop and implement policies that limit the use of PHI to the minimum PHI reasonable necessary to accomplish the intended purpose of the use or disclosure. 1. The policies and procedures for use of PHI must identify: a. The persons or classes of persons in the Pharmacy who need access to PHI to carry out their duties; b. The categories of PHI that each person or class of persons needs; and c. Any conditions necessary for such access. 2. The Pharmacy must have policies and procedures that limit access to only the identified persons and to only the identifiable PHI. These policies and procedures should be based on reasonable determinations about the persons or classes of persons who require PHI, and the nature of the PHI they require, for their particular job responsibilities. D. Required policies and procedures for disclosures of PHI. The Pharmacy also is required to develop certain policies and procedures of PHI. The regulatory requirements differ depending on whether the disclosure is a routine or non-routine disclosure. 1. For any type of disclosure that is made on a routine, recurring basis, the Pharmacy must develop and implement policies and procedures (which may be standard protocols) that permit only the disclosure on the minimum amount of PHI that is reasonably necessary to achieve the purpose of the disclosure. The policies and procedures identify the: a. Types of PHI to be disclosed; b. Types of persons who may receive the PHI; and c. Conditions necessary for such access. 2. For non-routine disclosures, the Pharmacy must develop reasonable criteria for determining and limiting disclosure to only the minimum amount of PHI necessary to accomplish the purpose of the disclosure. a. Among the factors that may be considered in making such a determination are: i. How much PHI will be disclosed? ii. To what extent would the disclosure increase the number of persons with access to the PHI? iii. What is the likelihood of further disclosures? iv. How important is the disclosure? v. Can substantially the same purpose be achieved using de-identified information? vi. Is there technology available to limit the amount of PHI disclosed? vii. What is the cost, financial or otherwise, or limiting the disclosure? b. The Pharmacy must also develop and implement procedures for reviewing non-routine requests for disclosures on an individual basis on accordance with established criteria. E. Requests for PHI. The minimum necessary standard applies to situations where the Pharmacy is requesting an individual?s PHI from another entity 1. For requests to other entities made on a routine and recurring basis, the Pharmacy must establish standard protocols describing what information is reasonably necessary for the purposes for which it is requested, and limit its requests to only that information. 2. For non-routine requests, the Pharmacy must develop policies and procedures that provide for review of the requests on an individualized basis. F. Reasonable reliance on requested disclosures. The pharmacy must rely, if reasonable under the circumstances, on statements by public officials of other covered entities or their business associates that they are requesting the minimum PHI necessary to achieve the stated purpose of the request. The Pharmacy may also reasonably rely on the statements of its own business associates or professionals within its workforce (such as pharmacists, attorneys, or accountants) that the information requested to provide professional services to the Pharmacy is the minimum necessary for such purposes. III. DE-IDENTIFICATION A. Basic Standard. Health Information is considered de-identified (i.e. not individually identifiable) under the rules if it does not identify a patient and the Pharmacy has no reasonable basis to believe it can be used to identify a patient. De-identified information is not PHI and therefore the requirements of the rules do not apply to such information. B. De-Identifying information. The Pharmacy may de-identify information in two ways: 1. If a person with appropriate knowledge and experience applying generally accepted statistical and scientific principles and methods for rendering information not individually identifiable makes a determination, and documents the analysis, that the risk is very small that the information could be used, either by itself or in combination with other available information, by anticipated recipients to identify a subject of the information; or 2. If the pharmacy removes a list of specified identifying information about the individual or his or her relatives, employers, or household members, and the Pharmacy has no actual knowledge that the information could be used alone or in combination to identify a subject of the information. C. Use of PHI to create-de-identified information. The Pharmacy may use PHI to create de-identified information, or may disclose PHI to a business associate for such purpose, whether or not the de-identified information will be used by the Pharmacy. D. Re-identification. If de-identified information is re-identified as some point by the Pharmacy, it becomes subject to the rules again and may only be used or disclosed in compliance with the regulations and the Pharmacy?s privacy policies. IV. DISCLOSURES TO FRIENDS AND RELATIVES A. Basic rule. The Pharmacy may disclose to a person involved in the current health care of the patient (such as a relative, close personal friend, or any other person identified by the patient) PHI directly related to the person?s involvement in the current health care of the patient or payment for the patient?s health care. Examples of persons who might be involved in the patient?s care include, but are not limited to: 1. Blood relatives; 2. Spouses; 3. Roommates; 4. Girlfriends and boyfriends; 5. Domestic partners; and 6. Neighbors. B. Disclosures of PHI when the patient is present. When the patient is present and has the capacity to make his or her own decisions, the Pharmacy may disclose PHI to the third party only if the Pharmacy: 1. Obtains the patient?s agreement to disclose to the third party involved in his or her care; 2. Provides the patient with an opportunity to object to such disclosure and the patient does not express an objections; or 3. Reasonably infers from the circumstances, based on the exercise of professional judgment, that the patient does not object to the disclosure C. Disclosures of PHI when the patient is not present. When a patient is not present (e.g. when a friend of the patient seeks to pick up the patient?s prescription at the Pharmacy) or when the Pharmacy cannot practically give the patient an opportunity to agree or object to the use or disclosure (e.g. because of the patient?s incapacity or an emergency circumstance), the pharmacist may, in the exercise of professional judgment, determine whether the disclosure is in the patient?s best interests and if so, disclose only the PHI that is directly relevant to the person?s involvement with the patient?s health care. For instance, this allows the pharmacist to disclose instructions for taking a particular prescription to an elderly patient?s caregiver. The pharmacist must follow these guidelines when deciding whether to disclose PHI when the patient is not present: 1. Only disclosure PHI that is directly related to the patient?s current condition. 2. Consider the patient?s best interests and construe this opportunity narrowly, allowing disclosures only to those persons with close relationships with the patient, such as family members. 3. Take into account whether the disclosure is likely to put the patient at risk of serious harm. 4. Pharmacy employees are not required to verify the identity of relatives or other persons involved in the patient?s care. When a patient brings a person to the Pharmacy counter with him or her to pick up a prescription, this is sufficient verification of the person?s identity. 5. A patient?s agreement to disclosure of PHI in one situation or on one occasion does not mean that the patient is agreeing to disclosures of PHI indefinitely in the future. Use professional judgment to determine the scope of the person?s involvement in the patient?s care and the time period during which the patient agrees to the other person?s involvement. V. ORAL COMMUNICATIONS A. Applicability of privacy standards. The rules apply to PHI in all forms- electronic, written, oral, and any other form. B. Use of PHI in oral communications. Employees may orally coordinate Pharmacy services. Employees may discuss a patient?s PHI over the telephone with the patient, a physician, or a family member. C. Documentation of oral communications. The Pharmacy is not required to document any information, including oral information, that is used or disclosed for treatment, payment, or health care operations. However, where the rules or the Pharmacy?s privacy policies require documentation of other types of disclosures, oral communications are included in this requirement. For example, oral disclosures of PHI for purposes other than treatment, payment, or health care operations must be documented in order to provide the patient with a complete accounting of disclosures. D. The Pharmacy?s duty to safeguard PHI. The Pharmacy must reasonably safeguard PHI, including oral information, from any intentional or unintentional use or disclosures that are in violation of the rules of the Pharmacy?s privacy policies. This means that the Pharmacy A. must make reasonable effort to prevent improper use and disclosures of PHI. Measures that the Pharmacy may implement to protect patients? privacy include: 1. Creating a private area, such as a small separate room, cubicle, or screened off or divided area, where the Pharmacist can counsel patients regarding treatment of their medical conditions. 2. Speaking quietly or asking that waiting patients stand a few feet back from the counter when Pharmacy employees are consulting with patients from behind the Pharmacy counter.
       
    • Diabetes Shoppe

      Good Neighbor Pharmacy can help you understand and manage your diabetes with monitoring, medications and recommendations that can help you independently maintain a healthy living.

      Learn More
    • Prescription Savings Club

      Enjoy great cost-savings on your medications, along with the personalized care and service that only your locally owned Good Neighbor Pharmacy can deliver.

      Learn More
    •  
       

    HIPAA Notice of Privacy Practice

    JOSEPH PHARMACY 216 WEST 72ND STREET NEW YORK, NY 10023 TEL (212) 875-1718 FAX (212) 875-0921 E-Mail: JOSEPHPHARMACY@YAHOO.COM OR WWW.JOSEPHPHARMACY.COM NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. JOSEPH PHARMACY is required by law to maintain the privacy of Protected Health Information ('PHI') and to provide individuals with notice of our legal duties and privacy practices with respect to PHI. PHI is information that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services. This Notice of Privacy Practices ('Notice') describes how we may use and disclose PHI to carry out treatment, payment or health care operations and for other specified purposes that are permitted or required by law. The Notice also describes your rights and with respect to PHI about you. JOSEPH PHARMACY is required to follow the terms of this Notice. We will not use or disclose PHI about you without your written authorization, expect as described in this Notice. We reserve the right to change our practices and this Notice and to make the new Notice effective for all PHI we maintain. Upon request, we will provide any revised Notice to you. Your Health Information Rights You have the following rights with respect to PHI about you: *Obtain a paper copy of the Notice upon request. You may request a copy of the Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. To obtain a paper copy, contact the Privacy Officer at (212) 875-1718 or e-mail request to JOSEPHPHARMACY@YAHOO.COM. *Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use and disclosure of PHI about you by sending a written request to the Privacy Officer or e-mailing the request to JOSEPHPHARMACY@YAHOO.COM. We are not required to agree to those restrictions. *Inspect and obtain a copy of PHI. You have the right to access and copy PHI about you contained in a designated record set for as long as JOSEPH PHARMACY maintains the PHI. The 'designated record set' usually will include prescription and billing records. To inspect or copy PHI about you, you must send a written request to the Privacy Officer or e-mail it to JOSEPHPHARMACY@YAHOO.COM. We may charge you a fee for the cost of copying, mailing and supplies that are necessary to fulfill your request. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to PHI about you, you may request that the denial be reviewed. *Request an amendment of PHI. If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. You may request an amendment for as long as we maintain the PHI. To request an amendment, you must send a written request to the Privacy Officer or e-mail it to: JOSEPHPHARMACY@YAHOO.COM. In addition, you must include a reason that supports your request. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with the decision, and we give you a rebuttal to your statement. *Receive an accounting of disclosure of PHI. You have the right to receive an accounting of the disclosures we have made of PHI about you after April 14, 2003 for most purposes other than treatment, payment, or health care operations. The accounting will exclude disclosures we have made directly to you, disclosures to friends or family members involved in your care, and disclosures for notification purposes. The right to receive an accounting is subject to certain other exceptions, restrictions, and limitations. To request an accounting, you must submit a request in to the Privacy Officer or e-mail it to JOSEPHPHARMACY@YAHOO.COM. Your request must specify the time period, but may not be longer than six years. The first accounting you request within a 12 month period will be provided free of charge, but you may be charged for cost of providing additional accountings. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time. *Request communications of PHI by alternative means or at alternative locations. For instance, you may request we contact you about medical matters only in writing or at a different residence or post office box. To request confidential communication of PHI about you, you must submit a request in writing to the Privacy Officer or e-mail it to JOSEPHPHARMACY@YAHOO.COM. Your request must state how or where you would like to be contacted. We will accommodate all reasonable requests. *Revoke your consent to use or disclose PHI. You may revoke consent in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing PHI about you, except to the extent that that we have already taken action in reliance on the consent. We may refuse to continue to treat a customer that revokes his or her consent. Example of How We May Use and Disclose PHI The following categories describe and provide examples of different ways we use and disclose PHI about you. We will use PHI for treatment. Example: Information obtained by the pharmacist will be used to dispense prescription medications to you. We will document in your record information related to the medications dispensed to you and services provided to you. We will use PHI for payment. Example: We will contact your insurer or pharmacy benefit manager to determine whether it will pay for your prescription and the amount of your co-payment. We will bill you or third-party payer for the cost of prescription medications dispensed to you. The information on or accompanying the bill may include information that identifies you, as well as the prescriptions you are taking. We will use PHI for health care operations. Example: JOSEPH PHARMACY may use information in your health record to monitor the performance of the pharmacists providing treatment to you. This information will be used in an effort to continually improve the quality and effectiveness of the health care and service we provide. We are likely to use or disclose PHI for the following purposes: Business associates: There are some services provided by us through contracts with business associates. Examples include the analysis of prescription costs and their trends for groups and sub- groups of patient populations. When these services are contracted for, we may disclose PHI about you to our business associates so that they can perform the job we have asked them to do and bill you or your third-party payer for services rendered. To protect PHI about you, we require the business associate to appropriately safeguard the PHI. Communication with individuals involved in your care or payment for your care: Health professionals such as pharmacists, using their professional judgment, may disclose to a family member, other relative, close personal friend or any person you can identify, PHI relevant to that person's involvement in your care or payment related to your care. Personal communications: We may contact you to provide refill reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you. Food and Drug Administration (FDA): We may disclose to the FDA, or persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacements. Worker's compensation: We may disclose PHI about you as authorized by and as necessary to comply with laws relating to worker's compensation or similar programs established by law. Public Health: As required by law, we may disclose PHI about you to public health or legal authorities charged with preventing or controlling disease, injury or disability. Law enforcement: We may disclose PHI about you for law enforcement purposes as required by law or in response to a valid subpoena or other legal process. Health Oversight activities: We must disclose PHI about you to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, and inspections, as necessary for our licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws. Judicial and administrative proceedings: If you are involved in a lawsuit or dispute, we may disclose PHI about you in response to a court or administrative order. We may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the requested PHI. We are permitted to use and disclose PHI about you for the following purposes: Research: We may disclose PHI about you to researchers when an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your information has approved their research. Coroners, medical examiners, and funeral directors: We may release PHI about you to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also disclose PHI to funeral directors consistent with applicable law to carry out their duties. Organ or tissue procurement organizations: Consistent with applicable law, we may disclose PHI about you to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant. Fundraising: We may contact you as part of a fundraising effort. Notification: We may use or disclose PHI about you to notify or assist in notifying a family member, personal representative, or another person responsible for your care, your location, and your general condition. Correctional institution: If you are or become an inmate of a correctional institution, we may disclose PHI to the institution or its agents when necessary for your health or the health and safety of others. To avert a serious threat to health and safety: We may use and disclose PHI about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Military or veterans: If you are a member of the armed forces, we may release PHI about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law. National Security and intelligence activities: We may release PHI about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law. Protective services for the President and others: We may disclose PHI about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations. Victims of abuse, neglect, or domestic violent: We may disclose PHI about you to a government authority, such as a social service, or protective service agency. If we reasonably believe you are a victim of abuse, neglect, or domestic violence. We will only disclose this type of information to the extent required by law, if you agree to the disclosure of if the disclosure is allowed by law and we believe it is necessary to prevent serious harm to you or someone else or the law enforcement or public official that is to receive the report represents that it is necessary and will not be used against you. Other Uses and Disclosures of PHI JOSEPH PHARMACY will obtain your written authorization before using or disclosing the PHI about you for purposes other than those provided above or as otherwise permitted or required by law. You may revoke an authorization in writing at any time. Upon receipt of the written revocation, we will stop using or disclosing PHI about you, except to the extent that we have already taken action in reliance on the authorization. For More Information or to Report a Problem If you have questions or would like additional information about Joseph Pharmacy's privacy practices, you may contact our privacy officer. If you believe your privacy right have been violated, you can file a complaint with our HIPAA privacy officer or with the Secretary of Health and Human Services. There will be no retaliation for filing a complaint. Effective Date

    Store Location & Directions

    2331 East Cesar Chavez Avenue
    Los Angeles, CA, 90033
    (323) 260-7531

    Get Directions

    Pharmacy Hours

    Mon-Fri: 9:00am - 8:00pm;Sat-Sun: 9:00am - 5:00pm;

    Store Hours

    Mon-Fri: 9:00am - 8:00pm;Sat-Sun: 9:00am - 5:00pm;
     
     
     
    • HIPAA
      Notice of Privacy
    • About HIPAA’s Notice of Privacy and how it protects you.

      Learn More
     
     
     
    • Care and Convenience,
      Wherever You Go.

      • Product information, a medication guide    and up-to-the minute health news
      • Store locator
      • Prescription refills
      Learn More

     
     
     
     
         
    Close
    MEDILANE DRUG CORP NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. LEGAL DUTY We are required by federal and state law to maintain the privacy of your health information. We are also required to give you this notice about our privacy practices, our legal duties and your rights concerning your health information. We must follow the privacy practices that are described in this Notice while it is in effect. This notice takes effect April 14, 2003 and will remain in effect until we replace it. You may request a copy of our Privacy Practice Notice at any time. For more information or additional copies of this Notice, please contact us at the telephone number listed in the Company Information section at the top of this Notice. If and when permitted by applicable law, we have the right to change our privacy practices; if we do so, we will notify you in writing of these changes. USE AND DISCLOSURES OF HEALTH INFORMATION We are permitted by law, to use and disclose health information about you for reasons concerning treatment, payment, and healthcare operations. Examples: Treatment: We may disclose your health information to a physician or healthcare provider that is providing treatment or other healthcare services to you. Payment: We may use and disclose your health information to obtain payment for services that we provide to you. Operations: We may use and disclose your health information in connection with our healthcare operations, which include administration and planning and other tasks that help us improve that quality. Family and Friends: We may disclose your health information to a family member, relative or a friend that has been identified by you while you are present. If you are not present, professional judgment will be utilized to determine whether a disclosure is required or in your best interest. We will only disclose information that is believed to be relevant to the person's involvement with your healthcare of payment related to your health care. We may also disclose your health information in order to notify such persons of your location, general condition or death. As required by law: We must disclose your health information when required to do so by law. Victims of Abuse or Neglect: We may disclose your health information to authorities if reasonable belief is that you are a possible victim of abuse, neglect or domestic violence. We may disclose information to the extent necessary to avert additional serious threat to your health or safety or the health or safety of others. Public Health Activities: We may disclose your health information to public health authorities for the purpose of preventing or controlling disease or preventing injury; to report information to a health oversight agency that is responsible for ensuring compliance with governmental rules and regulations, such as Medicare and Medicaid. National Security: We may disclose to military authorities the health information of Armed Forces personnel under certain circumstances. We may disclose to authorized federal officials health information required for lawful intelligence, counter intelligence, and other national security activities. Appointment Reminders: We may contact you to provide you with appointment reminders, such as voice messages; including essential information such as time, location, and the name of the company/provider. Workers' Compensation: We may use or disclose your health information to the extent necessary to comply with state laws relating to workers' compensation. Disclosures Requiring your Authorization: For any reasons other than those listed in this notice, we may only use or disclose your health information with your written authorization. You authorization must also be obtained prior to using your health information for any marketing activity. YOUR RIGHTS TO YOUR PERSONAL HEALTH INFORMATION Access to Record: You may have access to your health information, with limited exceptions. Request must be made in writing, utilizing our Records Access Request Form. We may charge a reasonable fee to compensate for time and materials. Revocation of your Authorization: You make revoke your authorization to disclose your health information at any time. Request must be made in writing, using our Authorization Revocation form. Restriction of Information: You may request that we place restrictions on our use or disclosure of your health information. You must make you request in writing by sending us a letter that specifies the type of information to be restricted and to whom the information is to be restricted from. Requests should be sent directly to the address listed in the heading of this Notice. We will consider all requests: however are not required to agree to the request. We will respond to all such requests in writing. Disclosure Accounting: You may request a list of instances in which we (or our business associates) disclosed your health information for purposes, other than treatment, payment, healthcare operations and certain other activities, for the last 6 years, but not before April 14, 2003. You must make your request in writing by sending us a letter that specifies the type of information and the time period involved. Requests should be sent directly to the address listed in the heading of this Notice. If you request this information more than once in a 12-month period, we may charge you a reasonable fee to compensate for our time and materials. Alternative Communication: You may request that we communicate with you about your health information by alternative means or to an alternative location. You must make your request in writing by sending a letter that specifies the alternative means of location and provide satisfactory explanation how payments will be handled under the alternative means or location you have requested. Requests should be sent directly to the address listed in the header of this Notice. Amendment: You have the right to request that we amend your health information. You must make your request in writing by sending a letter that explains why the information should be amended. Requests should be sent directly to the address listed in the header of this Notice. We will comply to your request unless we believe that the information to be amended is accurate and complete. Right to Receive Paper Copy of this Notice: Upon request, you may obtain a paper copy of this notice. QUESTIONS OR COMPLAINTS If you are concerned that we may have violated your privacy rights, or if you disagree with a decision we have made about a request for access to your health information, a request you have made to amend or restrict the use or disclosure of your health information or a request you have made for us to communication with your by alternative means or locations, you may complain to us using the contact information listed in the header of this Notice. You may also submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to the U.S. Department of Health and Human Services upon request. If you have any questions, concerns, or complaints about this Notice, please contact us.