Mass General Brigham Health & Essential Dermatology, PLLC Privacy Practices

Essential Dermatology, PLLC and Mass General Brigham are an integrated health care system, which includes all the entities listed on the back of the Privacy Notice.  These hospitals and entities, as well as the doctors, nurses, therapists, and other providers of health care who work in these organizations, are called “providers.”  These providers may share patient health information for treatment, billing, and health care operations.

Federal law requires that all patients be given a copy of the MGB HealthCare Privacy Notice.  The Privacy Notice describes in detail how patient health information is used and shared with others.

MGB HealthCare has reserved the right to change the Privacy Notice at any time.  You may obtain a current copy of the Privacy Notice by contacting the admitting office, the registration office, your doctor’s office, or by going to the MGB Website: https://www.massgeneralbrigham.org/content/dam/mgb-global/en/notices/documents/hipaa-privacy-notice-en.pdf

All reasonable efforts will be made to protect the privacy of patient health information, whether it is maintained on paper or electronically, and regardless of how it is communicated, for example, by e-mail or facsimile mail.   

Additional languages:

Espanol: https://www.partners.org/Assets/Documents/Notices/Partners-Urgent-Care-Privacy-Policy-Spanish.pdf
Portuguese:https://www.massgeneralbrigham.org/content/dam/mgb-global/pt-br/notices/documents/hipaa-privacy-notice-pt-br.pdf

Essential Dermatology, PLLC Privacy Practices

220 North Main Street, Suite 201, Natick, Massachusetts 01760
340 Maple Street, Suite 202, Marlborough, MA 01752
145 Rosemary Street, Suite C, Needham, MA 02494


NOTICE OF PRIVACY POLICY

Effective Date: June 20, 2022


This Notice describes how health information about you may be collected and used by us as described in the Health Insurance Portability and Accountability Act of 1996, commonly known as HIPAA. HIPPAA requires us to maintain your privacy with respect to your personal health information and to provide you with notice of your rights and our duties. We are required by law to comply with HIPPAA and its regulations at all times.

Amendments to this Privacy Policy

We reserve the right to revise or amend this Privacy Policy at any time and we will provide you with notice of any revisions or amendments to this Privacy Policy, or changes in the law affecting this Privacy Notice, by mail or electronically within 60 days of the effective date of the revision, amendment, or change. Any amendments we make may be effective for all personal health information we collect even if created or received prior to the effective date of the revision or amendment.

Access to Our Privacy Policy

We will provide you with a copy of the most recent version of this Privacy Policy at any time upon your written request sent to us at the address listed above. You may also request further information regarding the privacy of your personal health information by contacting us at that address.

Your Personal Health Information

We collect personal health information from you throughout your treatment, payment and related healthcare operations, during the application and enrollment process, through interaction with healthcare providers or health plans, or through other means. Personal health information that is protected by law broadly includes any information, oral, written or recorded, that is created or received by certain health care entities, including health care providers, such as physicians and hospitals, as well as, health insurance companies or plans. The law specifically protects health information that contains data, such as your name, address, social security number, and other information that could be used to identify you as the individual patient who is associated with that health information.

Use or Disclosures of Your Personal Health Information

As a general rule, we cannot use or disclose your personal health information without your permission. If your permission has been given, we must use or disclose your personal health information strictly in accordance with the specific terms of that permission. The following are the circumstances under which we are permitted by law to use or disclose your personal health information.

Permissible Disclosures/Use Without Your Consent

Without your consent, we may use or disclose your personal health information in order to provide you with services and the treatment you require or request, or to collect payment for those services, and to conduct other related health care operations otherwise permitted or required by law. We are also permitted to disclose your personal health information within our workforce in order to accomplish these same purposes. Even if you have granted permission, we are still required to limit our use or disclosure to the minimal amount of personal health information that is reasonably required to provide those services or complete those activities.

Examples of treatment activities include: (a) the provision, coordination, or management of health care and related services by health care providers; (b) consultation between health care providers relating to a patient; or (c) the referral of a patient for health care from one health care provider to another.

Examples of payment activities include: (a) billing and collection activities and related data processing; (b) actions by a health plan or insurer to obtain premiums or to determine or fulfill its responsibilities for coverage and provision of benefits under its health plan or insurance agreement, determinations of eligibility or coverage, adjudication or subrogation of health benefit claims; (c) medical necessity and appropriateness of care reviews, utilization review activities; and (d) disclosure to consumer reporting agencies of information relating to collection of premiums or reimbursement.

Examples of health care operations include:

(a) development of clinical guidelines; (b) contacting patients with information about treatment alternatives or communications in connection with case management or care coordination; (c) reviewing the qualifications of and training health care professionals; (d) underwriting and premium rating; (e) medical review, legal services, and auditing functions; and (f) general administrative activities such as customer service and data analysis.
We may use or disclose your personal health information to the extent that such use or disclosure is required by law and the use or disclosure complies with and is limited to the relevant requirements of such law. Examples of instances in which we are required to disclose your personal health information include: (a) public health activities, reporting adverse events to the Food and Drug Administration, medical surveillance of the workplace or to evaluate whether the individual has a work-related illness or injury; (b) disclosures regarding victims of abuse, neglect, or domestic violence including, reporting to social service or protective services agencies; (c) health oversight activities necessary for appropriate oversight of government benefit programs; (d) judicial and administrative proceedings in response to an order of a court a warrant, subpoena, discovery request, or other lawful process; (e) law enforcement purposes for the purpose of identifying or locating a suspect, fugitive, material witness, or missing person, or reporting crimes in emergencies, or reporting a death; (f) disclosures about decedents for purposes of cadaver donation of organs, eyes or tissue; (h) as other Federal of State regulatory stipulations.

All Other Situations, With Your Specific Authorization

Except as otherwise permitted or required, as described above, we may not use or disclose your personal health information without your written authorization. Further, we are required to use or disclose your personal health information consistent with the terms of your authorization. You may revoke your authorization to use or disclose any personal health information at any time.

Your Rights With Respect To Your Personal Health Information

Under HIPAA, you have certain rights with respect to your personal health information. The following is a brief overview of your rights and our duties with respect to enforcing those rights.

Right to Request Restrictions on Use or Disclosure

You have the right to ask for restrictions on the ways we use and disclose your health information for treatment, payment and health care operation purposes. You may request that we limit our disclosures to persons assisting in your care of payment for your care. We reserve the right to accept or reject your request, and will notify you of our decision. If we agree to a restriction, we are bound not to use or disclose your personal healthcare information in violation of such restriction, except in certain emergency situations. We will not accept a request to restrict uses or disclosures that are otherwise required by law.

Right to Receive Confidential Communications

You have the right to receive confidential communications of your personal health information. We may require written requests. We may condition the provision of confidential communications with a request for information as to how payment will be handled and an alternative method of contact. We may not require you to provide an explanation of the basis for your request as a condition of providing communications to you on a confidential basis. We must permit you to request and must accommodate reasonable requests by you to receive communications of personal health information from us by alternative means or at alternative locations.

Right to Inspect and Copy Your Personal Health Information

Your record set is a group of records we maintain that includes medical records and billing records about you, or enrollment, payment, claims adjudication, and case or medical management records systems, as applicable. You have the right of access in order to inspect and obtain a copy of your personal health information contained in your designated record set. We may require written requests and we may charge a reasonable fee for copying, postage and the costs of preparing an explanation or summary as agreed upon in advance. We reserve the right to deny you access to and copies of certain personal health information as permitted or required by law. Upon denial of a request for access or request for information, we will provide you with a written denial specifying the legal basis for denial, a statement of your rights, and a description of how you may file a complaint with us.

Right to Amend Your Personal Health Information

You have the right to request that we amend your personal health information or a record that you believe is incorrect or incomplete. We have the right to deny your request for amendment if: (i) we determine that the information or record that is the subject of the request was not created by us, unless you provide a reasonable basis to believe that the originator of the information is no longer available to act on the requested amendment, (ii) the information is not part of your designated record set maintained by us, (iii) the information is prohibited from inspection by law, or (iv) the information is accurate and complete. We may require that you submit written requests and provide a reason to support the requested amendment. If we deny your request, we will provide you with a written denial stating the basis of the denial, your right to submit a written statement disagreeing with the denial, and a description of how you may file a complaint with us or the Secretary of the U.S. Department of Health and Human Services (“DHHS”). Requests for amendment shall be sent to us at the address listed above.

Right to Receive an Accounting of Disclosures of Your Personal Health Information

You have the right to receive a written accounting of all disclosures of your personal health information that we have made within the six (6) year period immediately preceding the date on which the accounting is requested. You may request an accounting of disclosures for a period of time less than six (6) years from the date of the request. Such disclosures will include the date of each disclosure, the name and, if known, the address of the entity or person who received the information, a brief description of the information disclosed, and a brief statement of the purpose and basis of the disclosure or, in lieu of such statement, a copy of your written authorization or written request for disclosure pertaining to such information. We are not required to provide accountings of disclosures for the treatment, payment, and health care operations. We reserve our right to temporarily suspend your right to receive an accounting of disclosures to health oversight agencies or law enforcement officials, as required by law. We will provide the first accounting to you in any twelve (12) month period without charge, but will impose a reasonable cost based fee for responding to each subsequent request for accounting within that same twelve (12) month period. All requests for an accounting shall be sent to us at the address listed above.

Complaints

You may file a complaint with us and with the Secretary of DHHS if you believe that your privacy rights have been violated. You may submit your complaint in writing by mail to us at the address listed above. A complaint must name the entity that is the subject of the complaint and describe the acts or omissions believed to be in violation of the applicable requirements of HIPAA or this Privacy Policy. A complaint must be received by us or filed with the Secretary of DHHS within 180 days of when you knew or should have known that the act or omission complained of occurred. You will not be retaliated against for filing any complaint.

Social Media & Marketing / Facebook

Please be advised that we use Facebook marketing codes to log when viewers of our website click on specific pages or take specific actions on our website. These codes allow our practice to provide targeting advertising to website visitors in the future.