Apex logo

Privacy Policy

William D. Tumlin, M.D.

3651 Mars Hill Road, Suite 1300A
Watkinsville, GA 30677
Phone (678)726-2025

Apex Assisted Recovery of Athens

Notice of Privacy Practices


Understanding Your Health Record Information

Each time you visit a hospital, a physician, or another health care provider, the provider makes a record of your visit. Typically, this record contains your health history, current symptoms, examination and test results, diagnoses, treatment and plan for future care or treatment. This information, often referred to as your medical record, serves as the following:
Basis for planning your care or treatment.
Means of communication among the many health professionals who contribute to your care.
Legal document describing the care you received.
Means by which you or a third party payer can verify that you actually received the services billed for.
Tool in medical education.
Source of information for public health officials charged with improving the health of regions they serve.
Tool to assess the appropriateness and quality of care that you received.
Tool to improve the quality of health care and achieve better patient outcomes.

Understanding what is in your health records and how your health information is used helps you to:
Ensure its accuracy and completeness.
Understand who, what, where, why, and how others may access your health information.
Make informed decisions about authorizing disclosure to others.
Better understand the health information rights detailed below.

Your Rights under the Federal Privacy Standard

Although your health records are the physical property of the health care provider who completed the records,
you have the following rights with regard to the information contained therein:
Request restrictions on uses and disclosures of your health information for treatment, payment, and health care operations.
Health care operations consist of activities that are necessary to carry out the operations of the provider, such as quality assurance and peer review. The right to request restrictions does not extend to uses or disclosures permitted or required under the following section of the federal privacy regulations: § 164.502(a)(2)(i) (disclosures to you), §164.510 (a) (for facility directories, but note you have the right to object to such uses), or § 164.512 (uses and disclosures not requiring a consent or an authorization). The latter disclosures include those required by law such as mandatory communicable disease reporting. In those cases you do not have the right to request restriction. The consent to use and disclose your individually identifiable health information provides the ability to request restriction. We do not, however, have to agree to the restriction, except in the situation explained below. If we do, we will adhere to it unless you request otherwise or we give you advance notice. You may also ask us to communicate with you by alternative means, and if the method of communication is reasonable, we must grant the alternate communication request. You may request restriction or alternate communications on the consent form for treatment, payment, and health care operations. If, however, you request restriction on a disclosure to a health plan for purposes of payment or health care operations (not for treatment), we must grant the request if the health information pertains solely to an item or a service for which we have been paid in full.

Obtain a copy of this notice of information practices.
Although we have posted a copy in a prominent location in the office and on our website, you have the right to a hard copy upon request.

Inspect and copy your health information upon request.
Again, this right is not absolute. In certain situations, such as if access would cause harm, we can deny access. You do not have a right of access to the following: -Psychotherapy notes. Such notes consist of those notes that are recorded in any medium by a health care provider who is a mental health professional documenting or analyzing a conversation during a private, group, joint, or family counseling session and that are separated from the rest of your medical record. -Information compiled in reasonable anticipation of or for use in civil, criminal, or administrative actions or proceedings. -Protected Health Information (PHI) that is subject to the Clinical Laboratory Improvement Amendments of 1988(“CLIA”), 42 U.S.C. § 263a, to the extent that giving you access would be prohibited by law. -Information was obtained from someone other than a healthcare provider under a promise of confidentiality and the requested access would be reasonably likely to reveal the source of the information. In other situations, we may deny you access, but if we do, we must provide you a review of our decision denying access. These “reviewable” grounds for denial include the following: -A licensed health care professional, such as your attending physician, has determined, in the exercise of professional judgment, that the access is reasonably likely to endanger the life or physical safety of yourself or another person. -PHI makes reference to another person (other than a health care provider) and a licensed health care provider has determined, in the exercise of professional judgment, that the access is reasonably likely to cause substantial harm to such other person. -The request is made by your personal representative and a licensed health care professional has determined, in the exercise of professional judgment, that giving access to such personal representative is reasonably likely to cause substantial harm to you or another person. For these reviewable grounds, another licensed professional must review the decision of the provider denying access within 60 days. If we deny you access, we will explain why and what your rights are, including how to seek review. If we grant access, we will tell you what, if anything, you have to do to get access. We reserve the right to charge a reasonable, cost- based fee for making copies.

Request amendment or correction of your health information.
We do not have to grant the request if the following conditions exist: - We did not create the record. If, as in the case of a consultation report from another provider, we did not create the record, we cannot know whether it is accurate or not. Thus, in such cases, you must seek amendment / correction from the party creating the record. If the party amends or corrects the record, we will put the corrected record into our records. - The records are not available to you as discussed immediately above. - The record is accurate or complete. If we deny your request for amendment / correction, we will notify you why, how you can attach a statement of disagreement to your records (which we may rebut), and how you can complain. If we grant the request, we will make the correction and distribute the correction to those who need it and those whom you identify to us that you want to receive the corrected information.

Obtain an accounting of non-routine uses and disclosures, those other than for treatment, payment, and health are operations until a date that the federal Department of Health and Human Services will set after January 2011. After that date, we will have to provide an accounting to you upon request for uses and disclosures for treatment, payment, and health care operations. We do not need to provide an accounting of the following disclosures: -To you for disclosures of protected health information to you. -For the facility director or to persons involved in your care or for other notification purposes as provided in § 164.510 of the federal privacy regulations (uses and disclosures requiring an opportunity for the individual to agree or to object, including notification to family members, personal representatives, or other persons responsible for your care, of your general location, general condition, or death.) -For national security or intelligence purposes under § 164.512(k) (2) of the federal privacy regulations (disclosures not requiring consent, authorization, or an opportunity to object). - That occurred before April 14, 2003. We must provide the accounting within 60 days. The accounting must include the following information: - Date of each disclosure. - Name and address of the organization or person who received the protected health information. - Brief description of the information disclosed. - Brief statement of the purpose of the disclosure that reasonably informs you of the basis for the disclosure or, in lieu of such statement, a copy of your written authorization or a copy of the written request for disclosure. The first accounting in any twelve month period is free. Thereafter, we reserve the right to charge a reasonable, cost-based fee.

Revoke your consent or authorization to use or disclose health information
except to the extent that we have taken action in reliance on the consent or authorization.

Our Responsibilities under the Federal Privacy Standard

In addition to providing you your rights, as detailed above, the federal privacy standard requires us to take the following measures:
Maintain the privacy of your health information, including implementing reasonable and appropriate
physical, administrative, and technical safeguards to protect the information.
Provide you this notice as to our legal duties and privacy practices with respect to
individually identifiable health information that we collect and maintain about you.
Abide by the terms of this notice.
Train our personnel concerning privacy and confidentiality.
Implement a sanction policy to discipline those who breach privacy/ confidentiality or our policies with regard thereto.
Mitigate (lessen the harm of) any breach of privacy / confidentiality.
We will not use or disclose your health information without your consent or authorization,
except as described in this notice or otherwise required by law.

How to Get More Information, to Report a Problem or File a Complaint
If you have questions and / or would like additional information, you may contact our privacy officer and director of health information management, Katie Kirkpatrick at (678) 726-2025. If you believe your privacy rights have been violated, you may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. All complaints must be submitted in writing to Apex Assisted Recovery of Athens, 3651 Mars Hill road, Suite 1300A, Watkinsville, Ga 30677. You will not be penalized in any way for filing a complaint. WE RESERVE THE RIGHT TO CHANGE OUR PRIVACY PRACTICES AND TO MAKE THE NEW PROVISIONS EFFECTIVE FOR ALL INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION THAT WE MAINTAIN. IF WE CHANGE OUR INFORMATION PRACTICES, WE WILL MAIL A REVISED NOTICE TO THE ADDRESS YOU HAVE GIVEN US.

How We May Use and Disclose Medical Information About You.

Uses & Disclosures of Your Protected Health Information
You will be asked to sign an acknowledgement form; once you have signed the form(s) your physician will use or disclose your health information as described in this section. Your health information may be used and disclosed by your physician, our office staff and others outside of our office that are involved in your care or treatment for the purpose of providing health care services to you. Your health information may also be used and disclosed to pay your health care bills and to support the operation of the physicians practice.

Examples of Disclosures for Treatment, Payment, and Health Care Operations
If you give us consent, we will use your health information for treatment. Example: A physician, physicians assistant, counselor or another member of your health care team will record information in your record to diagnose your condition and determine the best course of treatment for you. The primary caregiver will give treatment orders and document what he or she expects other members of the health care team to do to treat you. Those other members will then document the actions that they took and their observations. In that way, the primary caregiver will know how you are responding to treatment. We also provide other physicians, other healthcare professionals, or a subsequent health care provider, copies of your records to assist them in treating you once we are no longer treating you.
If you give us consent, we will use your health information for payment. Example: We may submit PHI to you or a third party payer, such as a health insurer. The information may include information that identifies you, your diagnosis, treatment received and supplies used.
If you give us consent, we will use your health information for health operations. Example: Members of the medical centers management team may use your health information to assess the care and outcomes in your cases and the competence of the caregivers. We will use this information in an effort to continually improve the quality and effectiveness of the health care and services we provide.
Business Associates: We provide some services through contracts with business associates. Examples include certain diagnostic tests, a copy service to make copies of medical records, and the like. When we use these services, we may disclose your health information to the business associates so that they can perform the functions that we have contracted them to do and bill you or third party payers for the services provided. To protect your health information, however, we require the business associates to appropriately safeguard your information. After February 17, 2010, business associates must comply with the same federal security and privacy rules as we do.
Communication with family: Unless you object, health professionals, using their best judgment, may disclose to a family member, another relative, a close personal friend, or any other person that you identify health information relevant to that person’s involvement in your care or payment related to your care. Continuity of care: We may contact you to provide appointment reminders or information about treatment alternatives or other health-related benefits and services that may be of interest to you.
Emergencies: We may use or disclose your health information in an emergency treatment situation. If this happens your physician will try to obtain your consent as soon as reasonably practicable after the delivery of treatment. If your physician or another physician in the practice is required by law to treat you and the physician has attempted to obtain consent, he or she may still use or disclose your protected health information to treat you.
Food and Drug Administration (“FDA”): We may disclose to the FDA health information relative to the effects/ events with respect to food, drugs, supplements, product or product defects, or postmarketing surveillance information to enable product recalls, repairs, or replacement.
Funeral directors: We may disclose health information to funeral directors consistent with applicable law to enable them to carry out their duties.
Healthcare Operations: We may use and disclose medical information about you for healthcare operations. These uses and disclosures are necessary to support business activities of our practice and to make sure that all patients receive quality care. These activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, and arranging for other business activities.
Notification: We may use or disclose information to notify or assist in notifying a family member, a personal representative, or another person responsible for your care, location, or general condition.
To Avert a Serious Threat to Health or Safety: We may use health information about you when necessary to avert serious threat to your health and safety or the health and safety of another person or the public. Any disclosure, however, would only be to someone able to help prevent the threat.
Public Health: As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury or disability.
Correctional Institution: If you are an inmate of a correctional institution, we may disclose to the institution or agents thereof health information necessary for your health and the health and safety of other individuals.
Law enforcement: We may disclose health information for law enforcement purposes as required by law or in response to a valid subpoena.
Health oversight agencies and public health authorities: If members of our work force or business associates believe in good faith that we have engaged in unlawful conduct or otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers, or the public, they may disclose your health information to health oversight agencies and or public health authorities, such as the department of health.
The federal Department of Health and Human Services (DHHS): Under the privacy standards, we must disclose your information to DHHS as necessary to determine our compliance with those standards.
Military Activity and National Security: If you are a member of the armed forces, we may release health information about you as required by military command authorities. We may release health information about foreign military personnel to the appropriate foreign military authority. We may release health information for the purpose of determination by the Department of Veterans Affairs of your eligibility for benefits. We may disclose your health information to authorized federal officials for conducting national security and intelligence activities for the provision of protective services to the President and others legally authorized.

Effective Date: September 17, 2014
William D. Tumlin, M.D.
Medical Director
Apex Assisted Recovery of Athens