Effective date: August 20, 2020
Central Virginia Family Physicians, Inc. ("us", "we", or "our") operates both the https://www.cvfp.net/ and https://www.cvfpmedicalgroup.com/ websites, as well as the myCVFP mobile application (hereinafter referred to as the "Service").
This page informs you of all policies regarding the collection, use and disclosure of personal data and health information when you use our Service and the choices you have associated with that data.
We do not knowingly collect any personal health information (PHI) via our website or mobile application. We only collect the Personal Data you enter into our optional online administrative contact form. See Definitions and Information Collection and Use below for more information.
Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Personal Health Information includes medical information about a living individual who can be identified from that information (or from those and other information either in our possession or likely to come into our possession).
Usage Data Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small files stored on your device (computer or mobile device).
We collect several different types of information for various purposes to provide and improve our Service to you.
While using our Service to fill a contact form, we require you to provide us with certain personal data that can be used to contact or identify you ("Personal Data"). Personally identifiable data includes:
We will not use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. We request you do not include any personal health information in this contact form to protect your information.
All contact and PHI entered through the application is sent directly to third party software providers and contracted HIPAA compliant data management systems used by Central Virginia Family Physicians, Inc., including Athena Health, Inc. and Privia Health. PHI required to use specific functions in the application is not captured by the application or our website(s).
We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device ("Usage Data").
This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
Central Virginia Family Physicians, Inc. uses the collected data for various purposes:
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.
Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
Central Virginia Family Physicians, Inc. may disclose your Personal Data in the good faith belief that such action is necessary to:
The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We may employ third party companies and individuals to facilitate our Service ("Service Providers"), provide the Service on our behalf, perform Service- related services or assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privac hl=en
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Our Service does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Neither Central Virginia Family Physicians, Inc., nor any third parties, provide any warranty or guarantee as to the accuracy, timeliness, performance, completeness or suitability of the Content found or offered on this Site for any particular purpose. The User acknowledges that such Content may contain inaccuracies or errors and use of any Content on this website is entirely at the User’s own risk, for which Central Virginia Family Physicians, Inc. shall not be liable. It shall be the User’s own responsibility to ensure that any Content available through this Site meet the User’s specific requirements.
This Site includes links to other web sites, but Central Virginia Family Physicians, Inc. does not endorse, sponsor, or accept responsibility for third-party sites. Content produced by Central Virginia Family Physicians, Inc. is neither affiliated with nor the responsibility of the clients or partners of Central Virginia Family Physicians, Inc.
Central Virginia Family Physicians, Inc. requests that, according to standard academic practice, if a User uses the Content for any research that results in an article, a book, or other publication, the User list Central Virginia Family Physicians, Inc. as a source in User’s bibliography.
This Site is moderated by Central Virginia Family Physicians, Inc., who reserves the right to exercise editorial control over user-generated content (e.g., blog comments). The User agrees that it will not contribute any Content that is infringing, libelous, defamatory, obscene, pornographic, abusive, offensive, or otherwise violates any law or right of any third party. Central Virginia Family Physicians, Inc. reserves the right to remove any Content from the Site at any time, for any reason or for no reason at all. The User agrees that all posted comments become the property of Central Virginia Family Physicians, Inc. By posting a comment on one of our blogs, the User agrees that the comment may be reused by Central Virginia Family Physicians, Inc. or quoted in other media.
Comments or opinions expressed via comments on our blogs are those of their respective contributors only. The views expressed by outside contributors do not represent the views of Central Virginia Family Physicians, Inc. Central Virginia Family Physicians, Inc. is not responsible and disclaims any and all liability for the content of comments.
Last Revised: February 2019
This Notice is provided to you pursuant to the privacy regulations enacted as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This joint notice of privacy practices describes how your medical information may be used and disclosed and how you can get access to your information. This Notice applies to all your medical information created or maintained by Privia (“Privia” is further defined in Section D of this Notice). Please review this notice carefully.
Privia is committed to maintaining the privacy of your health information. We are required by law to (i) maintain the privacy of your health information; (ii) provide you with this notice of our legal duties and privacy practices with respect to your health information; (iii) follow the terms of the notice of privacy practices currently in effect; and (iv) notify you if there is a breach of your health information. We must also provide you with the following important information: (a) how we may use and disclose your health information; (b) your privacy rights; and (c) our obligations concerning the use and disclosure of your health information.
This Notice of Privacy Practices is NOT an authorization. Rather it describes how we, our Business Associates, and their subcontractors may use and disclose your Protected Health Information to carry out treatment, payment, or health care operations, and for other purposes as permitted or required by law. It also describes your rights to access and control your Protected Health Information.
“Protected Health Information” (“PHI”) means information that identifies you individually; including demographic information, and information that relates to your past, present, or future physical or mental health condition and/or related health care services.
The terms of this notice apply to all your PHI created or maintained by Privia. We reserve the right to revise or amend this Notice at any time. Any revision or amendment to this notice will be effective for all of your records that we created or maintained in the past and for any of your records that we may create or maintain in the future. We will post a copy of our current Notice online at: http://www.priviahealth.com/HIPAA and you may request a copy of our most current Notice at any time.
For more information, see Section E below.
For more information see Section F below.
For more information see Section G below.
For more information or questions about Privia Medical Group’s privacy policies, please contact:
950 N Glebe Rd, Suite 4000
Arlington, VA 22203
Your provider is part of an Organized Health Care Arrangement (OHCA) by virtue of his or her affiliation with a member of the Privia Medical Group or Texas Health Care family and/or Privia Quality Network (Privia Health’s Clinically Integrated Networks and Accountable Care Organizations) (collectively these entities are referred to as “Privia”). For the purposes of complying with federal privacy and security requirements, the above-described entities have designated themselves as an OHCA. An OHCA is a clinically integrated care setting in which patients may receive care from multiple providers who share a common set of privacy practices. Privia providers have agreed to follow the terms of this Notice when providing services through Privia. Although each care center is legally separate and responsible for its own acts, Privia coordinates privacy practices among the Privia care centers. Patient information is shared across the OHCA for treatment, payment, and healthcare operations related to the OHCA. Your PHI can be shared across the OHCA for the purposes of your treatment, payment, and healthcare operations. When PHI is shared for healthcare operations, the person or organization using your PHI must have a relationship with you, unless your PHI is used for quality assurance, utilization review, and peer review purposes.
Note: This notice applies to all care centers affiliated with Privia, including those whose providers are members of Privia Medical Group Mid-Atlantic, Privia Medical Group – Georgia, Privia Medical Group – Gulf Coast, and Texas Health Care / Privia Medical Group – North Texas. The complete list of Privia providers for whom this Notice of Privacy Practices applies can be viewed at: http://www.priviahealth.com/HIPAA.
Important:Privia may disclose your PHI to members of a Privia medical group and other independent medical professionals in order to provide treatment, payment and healthcare operations. Although those professionals have agreed to follow this Notice and participate in the Privia privacy program, they are independent professionals and Privia expressly disclaims any responsibility or liability for their acts or omissions relating to your care or privacy/security rights.
Treatment. Privia may use or share your PHI to provide medical treatment or services for you and manage and coordinate your medical care. Privia may disclose your PHI to physicians and health care providers (including pharmacists), durable medical equipment (DME) vendors, surgery centers, hospitals, rehabilitation therapists, home health providers, laboratories, nurse case managers, worker’s compensation adjusters, etc. to ensure that your medical providers have the necessary information to diagnose and provide treatment to you. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may affect the healing process. Privia may also disclose your PHI to individuals who are directly involved in your care, including family members, friends or other care providers. If you participate in a virtual visit (telehealth), your information will be shared electronically via a secure transmission to facilitate the virtual visit.
Payment. Privia may use and disclose your PHI in order to bill for services provided and collect payment from health plans or other entities. For example, we may disclose PHI to your health insurance plan so it will pay for your services, determine your eligibility for coverage, or to obtain prior approval from the insurer to cover payment for treatment. Privia also may use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, including family members. Privia may also disclose your information to a collection agency to obtain overdue payment or to a regulatory agency or insurance company to determine whether the services we provided were medically necessary or appropriately billed.
Health Care Operations. Privia may use and disclose your PHI to run our practices, improve your care, and contact you when necessary. For example: We may use or disclose your PHI: (1) to conduct quality or patient safety activities, population-based activities relating to improving health or reducing health care costs, case management and care coordination, and contacting your health care providers and you with information about treatment alternatives; (2) when conducting training programs or performing accreditation, licensing, or credentialing activities; (3) when conducting or arranging for medical review, legal services, and auditing functions; and (4) for our proper management and administration, including customer service, resolving complaints, strategic planning, etc. In addition, we may use or disclose de-identified information or a limited data set for certain healthcare operations purposes. We may also record your visit in order to facilitate the documentation of your care by your provider via a scribe or virtual scribe service.
Appointment Reminders, Check-In and Results. Privia may use and disclose your PHI to contact you and remind you of an appointment. Privia may use a sign-in sheet at the registration desk and call you by name in the waiting room when your provider is ready to see you. Privia may also use your PHI to contact you about test results. Privia may leave a message reminding you of an appointment or the results of certain tests but will leave the minimum amount of information necessary to communicate this information.
Treatment Options and Health-Related Benefits and Services. Privia may use and disclose your PHI to inform you of treatment options or alternatives as well as certain health-related benefits or services that may be of interest to you. Privia may also use and disclose your PHI to describe health-related products or services (or payment for such products or services) provided through your benefit plan or to offer information on other providers participating in a healthcare network that we participate in.
Disclosures to Family or Friends. Privia may disclose your PHI to individuals involved in your care or treatment or responsible for payment of your care or treatment. If you are incapacitated, we may disclose your PHI to the person named in your Durable Power of Attorney for Health Care or your personal representative (the individual authorized by law to make health-related decisions for you). In the event of a disaster, your PHI may be disclosed to disaster relief organizations to coordinate your care and/or to notify family members or friends of your location and condition.
Disclosures Required by Law. Privia will use and disclose your PHI when we are required to do so by federal, state or local law. For example, Privia may disclose PHI to comply with child and elder abuse reporting laws or to report certain diseases, injuries or deaths to state or federal agencies.
Public Health Reporting. Privia may disclose and may be required by law to disclose your PHI for certain public health purposes. For example, Privia may disclose your PHI to the Food and Drug Administration (FDA) regarding the quality and safety of an FDA-regulated product or activity; to prevent or control disease; report births and deaths; to report child abuse and/or neglect; to report reactions to medications or problems with health products; to provide notification of recalls of products; or report a person who may have been exposed to a disease or may be at risk of contracting and/or spreading a disease or condition. In addition, Privia may provide proof of immunizations to a school that requires a patient’s immunization record prior to enrollment or admittance of a student if you have informally agreed to the disclosure for yourself or on behalf of your legal dependent.
Health Oversight Activities. Privia may disclose your PHI to a health oversight agency for investigations, inspections, audits, surveys, licensure and disciplinary actions, and in certain civil, administrative, and criminal procedures or actions, or other health oversight activities as authorized by law.
Lawsuits and Disputes. Privia may disclose your PHI in response to a court or administrative order, subpoena, request for discovery, or other legal processes. However, absent a court order, Privia will generally disclose your PHI if you have authorized the disclosure or efforts have been made to inform you of the request or obtain an order protecting the information requested. Your information may also be disclosed if required for our legal defense in the event of a lawsuit.
Law Enforcement. Privia may disclose your PHI if requested by a law enforcement official: (a) regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement; (b) about a death we believe resulted from criminal conduct; (c) regarding criminal conduct on our premises; (d) in response to a warrant, summons, court order, subpoena or similar legal process; (e) to identify/locate a suspect, material witness, fugitive or missing person; or (f) in an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator).
Deceased Patients. Privia may disclose your PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. In addition, we may disclose PHI necessary for funeral directors to fulfill their responsibilities.
Organ and Tissue Donation. Privia may disclose your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation or blood banks, as necessary to facilitate donation and transplantation if you are a donor.
Research. Privia may use and disclose your PHI to researchers for the purpose of conducting research with your written authorization or when the research has been approved by an Institutional Review and is in compliance with law governing research. In certain situations, the need for your individual consent may be waived by a Privacy Board.
Serious Threats to Health or Safety. Privia may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
Military, National Security, and other Specialized Government Functions: If you are in the military or involved in national security or intelligence, Privia may disclose your PHI to authorized officials. Privia also may disclose your PHI to authorized federal officials in order to protect the President, other officials or foreign heads of state, or to conduct certain investigations.
Workers’ Compensation. Privia will disclose only the PHI necessary for worker’s compensation in compliance with worker’s compensation laws. This information may be reported to your employer and/or your employer’s representative in the case of an occupational injury or illness.
Inmates. If you are an inmate or in the custody of a law enforcement official, Privia may disclose your PHI to correctional institutions or law enforcement officials as necessary: (a) for the institution to provide health care services to you; (b) for the safety and security of the law enforcement officer or the correctional institution; and/or (c) to protect your health and safety or the health and safety of other individuals.
Minors. If you are a minor (generally an individual under 18 years old), we may disclose your PHI to your parent or guardian unless otherwise prohibited by law.
Inspection and Copies. You may request a copy of, or request to inspect, the PHI that is used to make decisions about you, including medical and billing records and laboratory and imaging reports. You have the right to obtain an electronic copy if it is readily producible by us in the form and format requested, or you may request that we provide a paper copy of your record. You may also request a summary of your record. We will provide your health information, to you or whomever you designate to receive it, usually within thirty (30) days of your request, or fifteen (15) days if your provider is in Texas. Privia may charge a reasonable cost-based fee to cover the costs of copying, mailing, labor and supplies associated with your request. Privia may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. There may be times that your provider, in his or her professional judgment, may not think it is in your best interest to have access to your medical record. Depending on the reason for the decision to deny a request, we may ask another licensed provider chosen by us to conduct a review of your request and its denial.
Confidential Communications. You may request in writing that we communicate with you in a specific way or send mail to a different address. For example, you may request that we contact you at home, rather than work or by mail. Privia will accommodate all reasonable requests. You do not need to give a reason for your request. We will comply with your request if you are reasonably able to do so.
Amendment. You may request a correction or amendment of your PHI if you believe it is incorrect or incomplete. You may make a written request for a correction or amendment for as long as your PHI is maintained by or for Privia. Requests must provide a reason or explanation that supports the request. Privia will deny your request if it is not in writing or if, in the provider’s opinion, the information is: (a) accurate and complete; (b) not part of the PHI maintained by or for Privia; (c) not part of the PHI that you have the right to inspect and copy; or (d) not created by Privia, unless the individual or entity that created the information is not available to amend the information. Privia will notify you in writing within sixty (60) days if we cannot fulfill your request.
Accounting of Disclosures. You may request an accounting of certain disclosures that Privia has made of your PHI. This accounting will list the disclosures that we have made of your PHI but will not include disclosures made for the purposes of treatment, payment, health care operations, disclosures required by law, and certain other disclosures (such as any you asked us to make). Your request must be in writing and state the time period for which you want the accounting (not to exceed six (6) years prior to the date you make the request). Privia will provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within twelve (12) months. Privia will notify you of the costs involved with any additional request and you may withdraw your request before you incur any costs.
Requests for Restrictions. You have the right to request that Privia not use or share your PHI for treatment, payment, or health care operations. We are not required to agree to your request, and we may say “no” if we believe it might affect your care. If you pay for a service or health care item out-of-pocket in full, you may ask us not to share that information for the purpose of payment or our operations with your health insurer. In that case, we will approve your request unless a law specifically requires us to share that information.
Health Information Exchange Opt-Out: You have the right to opt-out of disclosure of your medical records to or via an electronic health information exchange (“HIE”) (For example, Surescripts, Commonwell, CareQuality aka The Sequoia Project, ConnectVirginia and/or the Chesapeake Regional Information System for our Patients, Inc. (“CRISP”)). However, information that is sent to or via an HIE prior to processing your opt-out may continue to be maintained by and be accessible through the HIE. You must opt out of disclosures to or via an HIE through each of your individual treating providers who may participate in any given HIE. See I. USING TECHNOLOGY TO IMPROVE HEALTHCARE below for more information regarding HIE.
Right to Receive a Notice of a Breach of Unsecured Medical/Billing Information. You have the right to receive prompt notice in writing of a breach of your PHI that may have compromised the privacy or security of your information.
Right to a Paper Copy of This Notice. You have the right to receive a paper copy of this notice at any time even if you have agreed to receive the notice electronically. You may also obtain a copy of this notice at our website: http://www.priviahealth.com/HIPAA.
Right to File a Complaint. If you believe your rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services (“HHS”), Office for Civil Rights, 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/ opens in a new window. All complaints must be submitted in writing. You will not be penalized for filing a complaint.
Patient Portal and Other Patient Electronic Correspondence. Privia may use and disclose your PHI through various secure patient portals that allow you to view, download and transmit certain medical and billing information and communicate with certain health care providers in a secure manner through the portal. For more information on the Privia patient portal, please visit our website at http://www.priviahealth.com/signin.html.
Your Contact Information: Home and Email Addresses/Phone Numbers. If you provide us with a home or email address, home/work/cell telephone number, or other contact information during any registration or administrative process we will assume that the information you provided us is accurate and that you consent to our use of this information to communicate with you about your treatment, payment for service and health care operations. You are responsible to notify us of any change of this information. Privia reserves the right to utilize third parties to update this information for our records as needed.
Email or Downloading PHI. If you email us medical or billing information from a private email address (such as a Yahoo, Gmail, etc. account), your information may not be secure in transmission. We therefore recommend you use your Privia patient portal to communicate with us regarding your care and/or billing issues. If you request that Privia email your PHI to a private email address, we will send it in an encrypted manner unless you request otherwise. Privia is not responsible for the privacy or security of your PHI if you request that we send it to you in an unsecured manner or download or post it on a dropbox, unencrypted USB drive, CD or other unsecure medium. In addition, Privia is not responsible if your PHI is redisclosed, damaged, altered or otherwise misused by an authorized recipient. In addition, if you share an email account with another person (for example, your spouse/partner/roommate) or you choose to store, print, email, or post your PHI, it may not be private or secure.
Sensitive Health Information. Federal and state laws provide special protection for certain types of health information, including psychotherapy notes, information about substance use disorders and treatment, mental health and AIDS/HIV or other communicable diseases, and may limit whether and how we may disclose information about you to others.
Substance Use Disorder Records and Information. The confidentiality of patient records maintained by federally assisted substance use disorder rehabilitation programs is protected by Federal law and regulations. Generally, such programs may not disclose any information that would identify an individual as having or being treated for a substance use disorder unless:
the individual consents in writing;
the disclosure is allowed by a court order;
the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation; or
as otherwise permitted by law.
(Notwithstanding the preceding, we may disclose certain information that could identify you as having a substance use disorder pursuant to paragraph 6, below.) Violation of these laws and regulations is a crime. Suspected violations may be reported to appropriate authorities in accordance with Federal regulations. Federal law and regulations do not protect any information about a crime committed by a patient either at the program or against any person who works for the program or about any threat to commit such a crime. Federal laws and regulations do not prevent any information about suspected child abuse or neglect from being reported under state law to appropriate state or local authorities.
Consent to Disclose Sensitive Health and Substance Use Disorder Information. The Privia Authorization & Consent to Treat form you sign as part of the registration process includes your consent to the release of federally assisted substance use disorder information, information regarding treatment of communicable diseases and mental health information for the purposes specified in this notice. If you do not wish for this information to be disclosed, you must notify us in writing, and we will determine if it is feasible for us to accept your request.
Incidental Disclosures. Despite our efforts to protect your privacy, your PHI may be overheard or seen by people not involved in your care. For example, other individuals at your provider’s office could overhear a conversation about you or see you getting treatment. Such incidental disclosures are not a violation of HIPAA.
Business Associates. Your PHI may be disclosed to individuals or entities who provide services to or on behalf of Privia. Pursuant to HIPAA, Privia requires these companies sign business associate or confidentiality agreements before we disclose your PHI to them. However, Privia generally does not control the business, privacy, or security operations of our business associates.
Authorization for Other Uses and Disclosures. Privia will obtain your written authorization for uses and disclosures that are not identified by this notice or otherwise required or permitted by applicable law. Any authorization you provide regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. However, your revocation will not affect actions we have already taken; in other words, we are unable to take back any disclosures of PHI we have already made.
Health Information Exchange (HIE) enables your healthcare providers to quickly and securely share your health information electronically among a network of healthcare providers, including physicians, hospitals, laboratories and pharmacies. Your health information is transmitted securely and only authorized healthcare providers with a valid reason may access your information.
Improved access to information will enable us to provide better care for our patients
Improved Care – Access to information about your health history and medical care gives your healthcare provider a more complete picture of your overall health. This can help your provider make better decisions about your care. The information may also prevent you from having repeat tests, saving you time, money and worry.
Emergency Treatment – In an emergency, your providers may immediately check to see if you have allergies, health problems, test results, medications or previous concerns that may help them provide you with emergency care.
Helps to Protect Privacy and Information Security – By sharing information electronically through a secure system, the risk that your paper or faxed records will be misused or misplaced is reduced.
Privia is committed to protecting the privacy and security of your health information, including the sharing and accessing of your information through HIE.
Every HIE and its participants must protect your private medical information under HIPAA law, as well as applicable state laws and regulations.
Information shared via HIE is encrypted, meaning it can be accessed only by authorized users. This prevents hackers from accessing your information.
Every individual who can access your information must have their own user name and password and must receive training before they can access your information.
The HIE records every time someone accesses your information. Upon request, the HIE can track who accessed your information and provide a report to the Privia Privacy Officer.
Privia participates in a number of HIEs, including, but not limited to, Surescripts (provider of medication history), Commonwell, CareQuality aka The Sequoia Project, ConnectVirginia and CRISP. (Note: This list is subject to change.)
You have choices about participating in HIE.
Privia recognizes you have certain rights related to how we share your information. You have the following choices:
Choice 1: Say Yes. No further action needed.
If you agree to have your medical information shared through HIE and you have a current Authorization and Consent to Treat form on file, you do not need to do anything. By signing the form, you have granted us permission to share your health information to HIE.
Choice 2: Say No. Follow the instructions on the HIE opt-out form.
We recognize your right to choose not to participate in HIE, also referred to as opting-out. If you decide to opt-out of HIE, healthcare providers will not be able to access your health information through HIE. You should understand that providers may still request and receive your medical information from other providers using other methods permitted by law, such as fax, mail or other electronic communication.
If you want to opt-out of participating in HIE, please follow the appropriate procedure as outlined on the Privia HIE Opt-Out Request Form and/or contact the HIE directly. You may download and print the form on your computer or ask for a copy at any Privia care center location. Please read the Opt-Out Request Form carefully and follow the instructions on the form to opt out of HIE.
Please note, your opt-out does not affect health information that was disclosed through HIE prior to the time that you opted out.
Choice 3: You can change your mind at any time.
You can consent today to the sharing of your information via HIE and change your mind later by following the instructions on the opt-out form described under Choice 2.
You can opt out of HIE today and change your mind later by submitting a Privia HIE Reinstatement of Participation Form or, in certain cases, by contacting the HIE directly. The reinstatement form is available to download and print on your computer or you may ask for a copy of the form at any Privia care center location. Please follow the instructions on the form to opt back in to HIE.
Privia reserves the right to change this Notice at any time. Privia reserves the right to make the revised or changed Notice effective for medical information we already have about you, as well as for any information we receive in the future. Privia will post the current Notice at registration sites throughout Privia and on our website at http://www.priviahealth.com/HIPAA.
If you have any questions about this Notice or wish to file a privacy complaint, please contact:
950 N Glebe Rd, Suite 4000
Arlington, VA 22203
If your concern relates to a Texas Health Care / Privia Medical Group – North Texas provider, please contact:
Texas Health Care / PMG – North Texas
2821 Lackland Road, Ste 300
Fort Worth, Texas 76116
You can also use Privia’s online Compliance portal to file a complaint online: https://priviahealth.complytrack.com/portal opens in a new window.
You can file a complaint directly with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to:
200 Independence Avenue, S.W
Washington, D.C. 20201
or online at: www.hhs.gov/ocr/privacy/hipaa/complaints/ opens in a new window.
If your provider is licensed in Texas, you can also file a complaint with:
Texas Department of State Health Services Investigations
P.O. Box 141369
Austin, Texas 78714-1369.
More information is at: https://dshs.texas.gov/hipaa/privacycomplaints.shtm opens in a new window.
We will not retaliate against you for filing a complaint.
Privia Notice of Privacy Practices
Effective: February 2019