AVA T. SHAMBAN, M.D., INC.

NOTICE OF PRIVACY PRACTICES

This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review this Notice carefully. Effective Date: 10/10/23

I. GENERAL INFORMATION

This Notice describes the practices that [970 Monument LLC dba SKIN FIVE], (collectively “Covered Entity,” “us,” “our,” or “we”) will follow with regard to “protected health information” (“PHI”) about you. PHI is a special term, defined by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its regulations (the “Privacy Rule”). PHI means individually identifiable health information (including demographic information) that is created or received by certain health care providers, a health plan, or a health care clearinghouse and relates to: (i) your past, present, or future physical or mental health or condition; (ii) the delivery of health care to you; or (iii) the past, present, or future payment for the delivery of health care to you. For purposes of this Notice, PHI includes information related to our provision of health care services, which may include, without limitation, your symptoms, examination and test results, diagnoses, treatment, and billing and insurance records. We need this information to provide you with quality care, to receive payment for our services, to run our business, and to comply with certain legal requirements. This Notice applies to all PHI Covered Entity maintains. Other parties involved in the provision of your health services, such as other health care providers or your insurance company, may have different policies or notices related to their use and disclosure of PHI. You may have additional rights under state law. State laws that provide greater privacy protection or broader privacy rights will continue to apply.

II. OUR RIGHTS AND OBLIGATIONS

  • We are required by law to maintain the privacy of PHI about you.
  • We are required to give you this Notice about our privacy practices, our legal duties, and your rights concerning PHI about you.
  • We are required to follow the privacy practices described in this Notice. These privacy practices will remain in effect until we replace or modify them.
  • We are required to notify you following a breach of unsecured PHI about you.
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided that the change is permitted by law and we provide you with an updated Notice either in paper copy or electronically as the Notice is updated. We reserve the right to have such a change affect all PHI we maintain, including PHI we received or created before the change.

III.HOW COVERED ENTITY MAY USE AND DISCLOSE PHI ABOUT YOU.

Uses and Disclosures for Treatment, Payment, and Health Care Operations

  • For Treatment. We may use health information about you to provide you with medical treatment or services. For example, we might use PHI about you to help diagnose or treat a health condition or disclose it to our doctors, nurses, or technicians; to a hospital; or to others involved in taking care of you, such as a physician to whom you have been referred, to ensure that he or she has the necessary information to diagnose or treat you, to a home health agency that provides care to you, or to a pharmacy that fills your prescription.
  • For Payment. We may use and disclose PHI about you for all activities that are included within the definition of “payment” set out in the Privacy Rule. For example, we may use and disclose PHI about you to bill and collect payment from you, an insurance company, a governmental entity such as Medicare or Medicaid, or a third party. We may also use and disclose PHI about you to obtain prior authorization or to determine whether your health plan will cover a treatment.
  • For Health Care Operations. We may use and disclose PHI about you for all activities that are included within the definition of “health care operations” set out in the Privacy Rule. For example, we may use and disclose PHI about you to contact you about your appointments, to review our treatment and services, to evaluate the performance of our staff in caring for you, to educate our professionals, and for other administrative activities. We may also combine health information about many patients to decide what additional services we should offer, what services are not needed, and whether certain new treatments are effective.

Uses & Disclosures to Other Entities

  • Business Associates. We may disclose PHI about you to one or more “business associates.” Our business associates are the individuals and entities we engage to perform various duties on behalf of Covered Entity, or to provide services to Covered Entity. For example, our business associates might provide technology services or support, manage electronic medical records, assist with billing or payment activities, or provide legal or accounting services. Business associates are permitted to receive, create, maintain, use, or disclose PHI, but only as provided in the Privacy Rule, and only after agreeing in writing to appropriately safeguard PHI.
  • Other Covered Entities. We may use or disclose PHI about you to a HIPAA-covered health care provider, health plan, or health care clearinghouse, in connection with their treatment, payment, or health care operations.

Uses and Disclosures for Which Your Permission May Be Sought.

For purposes of this subsection only, the following conditions apply: If you are present and able to give your verbal permission, we will use or disclose PHI about you with your permission. This verbal permission will only cover a single encounter, and is not a substitute for a written authorization. If you are not present or are unable to give your permission, we will use or disclose PHI about you only if we determine (based on our professional judgment) that the use or disclosure is in your best interest.
  • To Others Involved in Your Care. We may use or disclose PHI about you to a relative or other individual who you have identified as being involved in your health care. If you are not present, our disclosure will be limited to the PHI that directly relates to the individual’s involvement in your health care.
  • For Limited Notification Purposes. We may use or disclose PHI about you to help notify a relative or other individual who is responsible for your health care, of your location, general condition, or death.
  • To Assist in Disaster Relief. We may disclose PHI about you to an authorized public or private entity in order to assist in disaster relief efforts, or to coordinate uses and disclosures to relatives or other individuals involved in your health care.

Other Permitted Uses and Disclosures

  • To the Secretary. We may disclose PHI about you to the Secretary of the Department of Health and Human Services, when required to do so, to enable the Secretary to investigate or determine our compliance with HIPAA and the Privacy Rule.
  • As Required By Law. We may disclose PHI about you when required to do so by federal, state, or local law.
  • For Public Health Activities. We may use or disclose PHI about you for public health activities that are permitted or required by law. For example, we may disclose PHI about you to a public health entity that is authorized by law to collect information for the purpose of reporting diseases, illnesses, births, or deaths.
  • Disclosures About Abuse, Neglect, and Domestic Violence. We may disclose PHI about you, consistent with applicable federal and state laws, if we believe that you have been a victim of abuse, neglect, or domestic violence. Such disclosure will be made to the governmental entity or agency authorized to receive such information.
  • Health Oversight Activities. We may disclose PHI about you to a health oversight agency for activities authorized by law. The relevant agencies include governmental units that oversee or monitor the health care system, government benefit and regulatory programs, and compliance with civil rights laws. The relevant activities include, for example, audits, investigations, inspections, and licensure.
  • Legal Proceedings. We may disclose PHI about you in the course of a judicial or administrative proceeding.
  • Law Enforcement. Under limited circumstances (such as required reporting laws or in response to a grand jury subpoena), we may disclose PHI about you to law enforcement officials.
  • Coroners, Medical Examiners, and Funeral Directors. We may disclose PHI about you to a coroner, medical examiner, or funeral director as necessary for them to carry out their duties.
  • Organ and Tissue Donation. If you are an organ donor, we may disclose PHI about you to organizations that handle organ procurement or organ, eye or tissue transplantation, or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
  • Research. We may disclose PHI about you to researchers when an institutional review board or a privacy board has (a) reviewed the research proposal and established protocols to ensure the privacy of the information; and (b) approved the research.
  • Serious Threat to Health or Safety. We may use and disclose PHI about you when necessary to prevent a serious threat to your health and safety, or to the health and safety of others. Any such disclosure will be made to someone who would be able to help prevent the threat.
  • Specialized Government Functions. We may disclose PHI about you, if you are in the Armed Forces, for activities deemed necessary by appropriate military command authorities, for determination of benefit eligibility by the Department of Veterans Affairs, or to foreign military authorities if you are a member of that foreign military service. We may disclose PHI about you to authorized federal officials for conducting national security and intelligence activities (including for the provision of protective services to the President of the United States) or to the Department of State to make medical suitability determinations. If you are an inmate at a correctional institution, then under certain circumstances we may disclose PHI about you to the correctional institution.
  • Workers’ Compensation. We may disclose PHI about you to the extent necessary to comply with laws concerning workers’ compensation or to comply with similar programs that are established by law and provide benefits for work-related injuries or illness.
  • Reminders. We may use and disclose PHI about you by sending you a reminder for important services, such as annual checkups.
  • Additional Services. We may use or disclose PHI about you to send you information about alternative medical treatments and programs, or about health-related products and services that may be of interest to you, provided we do not receive financial remuneration for making such communications.
  • Disclosure to Your Health Insurer. We may disclose your PHI to your health insurer so that they may carry out their health plan-related administrative functions.
  • Disclosures as Part of an Organized Health Care Arrangement (OHCA). If we are or become associated with other healthcare providers or HIPAA covered entities in a joint arrangement, we may be in an OHCA with those other entities. We may disclose your PHI to the other entities within the OHCA for any treatment, payment, or health care operations of the OHCA.

Uses and Disclosures with an Authorization.

Before we can use or disclose your PHI for a reason that is not listed in this Section III, we are required to obtain your written authorization. In addition, we are required to obtain your authorization under the following circumstances:
  • Psychotherapy Notes. Most uses and disclosures of psychotherapy notes will require your authorization. We do not generally generate or collect psychotherapy notes.
  • Marketing. Uses and disclosures of PHI for marketing purposes, unless allowed by HIPAA, the Privacy Rule, or applicable law, will require your authorization. Marketing communications allowed without authorization include communications pertaining to care or treatment and/or our services.
  • Sale of PHI. Disclosures that constitute a “sale” of PHI under HIPAA or the Privacy Rule will require your authorization.
You may revoke your authorization at any time, except when we have already relied on that authorization. Revocation of an authorization must be in writing. You can obtain an authorization form by contacting us as provided at the bottom of this Notice.

IV. YOUR RIGHTS REGARDING YOUR PHI

While we maintain PHI in our systems, some PHI may be maintained by our business associates. In order to help you exercise the rights discussed below, we may ask you to contact our business associates directly.

Right to Inspect and Copy

You have the right to inspect and receive an electronic or paper copy of PHI in your medical record and other health information we have about you. To inspect and copy the PHI, you must submit your request in writing by contacting us as provided at the bottom of this Notice. If you request a copy of PHI, we may charge a fee for the costs of copying, mailing, or other supplies associated with your request. We may deny your request to inspect and copy in certain very limited circumstances; if we deny you access to PHI about you, you may request that the denial be reviewed. The Privacy Rule contains a few exceptions to this right. You do not have the right to inspect or copy, among other things, psychotherapy notes or materials that are compiled in anticipation of litigation or similar proceedings.

Right to Request an Amendment

If you believe that the PHI we have about you is incorrect or incomplete, you may ask us to amend the PHI. You have the right to request an amendment for as long as the PHI is kept by or for us. Your request must be in writing and must include a reason or explanation that supports your request. Request forms are available from and must be submitted to us by contacting us as provided at the bottom of this Notice. If we approve your request, we will include the amendment in any future disclosures of the relevant PHI. If we deny your request for an amendment, you may file a written statement of disagreement, which we may rebut in writing. The denial, statement of disagreement, and rebuttal will be included in any future disclosures of the relevant PHI. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend PHI that: is not part of the PHI kept by or for us; was not created by us, unless the person or entity that created the information is no longer available to make the amendment; is not part of the information which you would be permitted to inspect and copy; or is accurate and complete. All denials will be made in writing.

Right to an Accounting of Disclosures

You have the right to request an “accounting” (list) of the instances in which we disclosed PHI about you. Certain disclosures are exempt from the accounting requirement. If the PHI was disclosed through an “electronic health record,” the accounting may include disclosures up to three years before the date of your request. If the PHI was not disclosed through an “electronic health record,” the accounting may include disclosures up to six years before the date of your request. Your request must be in writing. Your request must include the time frame that you would like us to cover. Request forms are available from and must be submitted to us by contacting us as provided at the bottom of this Notice. In certain circumstances, we may charge you for the cost of providing the accounting. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to Request Restrictions

You have the right to request that we restrict the PHI about you we use or disclose for treatment, payment or health care operations. You also have the right to request that we restrict the PHI about you we disclose to someone who is involved in your care or the payment of your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. We are not required to agree to your request except when a restriction has been requested related to a disclosure to a health plan in circumstances where you (or someone on your behalf) have paid for services in full and where the purpose of the disclosure is for payment. Your request must be in writing. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosure to your spouse. Request forms are available from and must be submitted to us by contacting us as provided at the bottom of this Notice.

Right to Request Confidential Communications

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. We will not ask you the reason for your request. Your request must be in writing. In your request, you must tell us how or where you wish to be contacted. Request forms are available from and must be submitted to us by contacting us as provided at the bottom of this Notice. We will make reasonable efforts to accommodate your request.

Right to a Paper Copy of This Notice

You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice. You may also obtain a paper copy of this Notice from any of our office locations or by contacting us as provided at the bottom of this Notice.

Right to Choose Someone to Act for You

If you have given someone medical power of attorney or if you have a legal guardian, that person can exercise your rights described in this Notice and make choices about your PHI. We will verify that the person has this authority and can act for you before we take any action.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us, or with the Secretary of the Department of Health and Human Services. To file a complaint with us, send a written complaint by contacting us as provided at the bottom of this Notice. We will not retaliate against you for filing a complaint, and you will not be penalized in any other way for filing a complaint. If you have questions, would like to file a complaint, or would like to exercise any of the rights identified above, please contact us as follows:
  • Alexis York, Practice Manager
  • alexis@skinfive.com

Tech- based face and body treatments for the best skin of your life.

Pacific Palisades

970 Monument Street | Suite #216

Pacific Palisades, CA 90272

(424) 322 8780

Book Now

Privacy Policy

© AVAMD 2024