Notice of Privacy Practices

Effective Date: 04/01/2025
Privacy Officer: Lana Soylu, MD
Phone: 813-328-2838
Email: admin@youandmepediatrics.com

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

This document describes the privacy policies of You and Me Pediatrics, by Dr Soylu, P.A. (the Practice), and applies to physicians, health care professionals, employees, staff and other personnel who provide services at the Practice. The people and organizations to which this notice applies (referred to as “we,” “our,” and “us”) have agreed to abide by the terms of this notice. This notice applies to any information in our possession that would allow someone to identify you and learn something about your health. This record may include details such as your symptoms, test results, diagnoses, treatment plans, and billing information, collectively referred to as Protected Health Information (PHI).  We may share your information with each other regarding the purposes of treatment, and as necessary for payment and operations activities as described below. It does not apply to information that could not reasonably be used to identify you.

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.

  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.

  • We must follow the duties and privacy practices described in this notice until a new one is adopted.

  • We are required to provide this notice of our privacy practices to anyone who asks for it.

  • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

How do we typically use or share your health information? For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us.

Information to Patients. We may use your health information to provide you with additional information. This may include sending you appointment reminders. This may also include giving you information about treatment options or other health-related services that we provide.

Treatment: We use your PHI to coordinate and manage your care, sharing it with healthcare providers and personnel as necessary. For example, we may share information with labs, imaging centers, or other specialists involved in your treatment. Our employees and staff and others who work under our direct control may read your health information to learn about your medical condition and use it to assist with your care.

 For Payment: We may use your PHI to bill and collect payment from you, your insurance, or third-party payers. For example, our office staff may use your health information to prepare a bill and send any necessary health information it contains to your insurance company. It may also be sent to companies which we contract for payment related services. We will not use or disclose more information for payment purposes than is necessary

For Healthcare Operations: Your PHI may be used to improve care quality, conduct audits, business operations, or fulfill legal and licensing requirements. For example, we may disclose your health information to a company that assists with quality assurance, administrative services, legal services, accreditation services, consultations and audits.

With Business Associates (BAs): We may share PHI with businesses who provide services like billing or software support. These businesses are contractually obligated to protect your information.

Family and Friends. We may disclose your health information to a member of your family or to someone else who is involved in your medical care or payment for care. We may notify family or friends if you are in the hospital and provide them with your general condition. You will be given the opportunity to further identify how and what information is shared in a separate document.

Natural Disasters and Emergencies: In the event of a disaster, we may provide information about you to a disaster relief organization so they can notify your family of your condition and location. We will not disclose your information to family or friends if you object. We may also disclose to your personal representatives who have the authority to act on your behalf (for example, to parents and guardians of minors or to someone with a Power of Attorney).

Public Health Oversight. We may disclose your health information to a public health agency for oversight activities authorized by law. This includes uses or disclosures in civil, administrative or criminal investigations; licensure or disciplinary actions (for example, to investigate complaints against health care providers); inspections; and other activities necessary for appropriate oversight of government programs (for example, to investigate Medicaid fraud).

To Report Abuse. We may disclose your health information when the information relates to a victim of abuse, neglect or domestic violence. We will make this report only in accordance with laws that require or allow such reporting, or with your permission.

Legal Requirement to Disclose Information. We will disclose your information when we are required by law to do so. This includes reporting information to government agencies that have the legal responsibility to monitor the health care system. For instance, we may be required to disclose your health information, and the information of others, if we are audited by Medicare or Medicaid.

Specialized Purposes. We may disclose your health information for several other specialized purposes. We will only disclose as much information as is necessary for the purpose requested. For instance, we may disclose your information to coroners, medical examiners and funeral directors; to organ procurement organizations (for organ, eye, or tissue donation); or for national security and intelligence purposes. We may disclose the health information of members of the armed forces as authorized by military command authorities. We also may disclose health information about an inmate to a correctional institution or to law enforcement officials to provide the inmate with health care, to protect the health and safety of the inmate and others, and for the safety, administration, and maintenance of the correctional institution. We may also disclose your health information to your employer for purposes of workers’ compensation and work site safety laws (OSHA, for instance).

To Avert a Serious Threat. We may disclose your health information if we decide that the disclosure is necessary to prevent serious harm to the public or to an individual. The disclosure will only be made to someone who is able to prevent or reduce the threat.

Research. We may disclose your health information in connection with medical research projects if allowed under federal and state laws and rules. The Provider may disclose PHI for use in a limited data set for purposes of research, public health or health care operations, but only if a data use agreement has been signed.

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

 

Your Rights

Authorization. We will ask for your written authorization if we plan to use or disclose your health information for reasons not covered in this notice, including but not limited to uses and disclosures relating to psychotherapy notes, marketing activities, and any sale of your PHI. If you authorize us to use or disclose your health information, you have the right to revoke the authorization at any time. If you want to revoke an authorization, send a written notice to the Privacy Official listed at the end of this notice. You may not revoke an authorization to the extent that we have already given out your information or taken other action in reliance on the authorization. If the authorization is to permit disclosure of your information to an insurance company, as a condition of obtaining coverage, other laws may allow the insurer to continue to use your information to contest claims or your coverage, even after you have revoked the authorization.

Ask us to limit what we use or share: You have the right to ask us to restrict how we use or disclose your health information. You must make this request in writing. We will consider your request, but we are not required to agree if it affects your care. If we do agree, we will comply with the request unless the information is needed to provide you with emergency treatment, and we cannot agree to restrict disclosures that are required by law.

Right to Request Restrictions for Self-Pay Procedures. You have a right to request that we not disclose PHI to health plans because you paid for services or items out of pocket and in full. However, you should be aware that if you choose to use a medical expense reimbursement/flexible spending account (FSA) or a health savings account (HSA) to pay for the health care items or services that you wish to have restricted, those plans will still require you to provide the necessary substantiation of the expenses in order to receive reimbursement.

Request Confidential Communication. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you may ask that we contact you only at home or only by mail. If you want us to communicate with you in a special way, you will need to give us details about how to contact you, including a valid alternative address. You also will need to give us information as to how payment will be handled. We may ask you to explain how disclosure of all or part of your health information could put you in danger. We will honor reasonable requests. However, if we are unable to contact you using the requested ways or locations, we may contact you using any information available to us.

Get an electronic or paper copy of your medical record: We use a secure electronic health record and you therefore have electronic access to your medical record. You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. We will provide a copy or a summary of your health information, usually within 30 days of your request. We may charge a reasonable, cost-based fee to the extent allowed by state and federal law.

Ask us to correct your medical record: You can ask us to adjust health information that you believe is incorrect or incomplete. Request in writing along with the reason you believe the information is incorrect or incomplete. We will respond to your request in writing within 30 days. We may deny your request if we did not create the information, if it is not part of the records we use to make decisions about you, the information is something you would not be permitted to inspect or copy, or if it is complete and accurate.

Get a list of those with whom we’ve shared information: You can request in writing for a list (accounting) of the times we’ve shared your health information, who we shared it with, and why. You can request up to six years prior to the date you ask. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one free request per year, but will charge a reasonable, cost-based fee if you ask for additional ones within 12 months.

Request a copy of this privacy notice: You can ask for a paper copy of this notice at any time by contacting the privacy officer listed on this document, even if you have previously agreed to receive the notice electronically.

Choose someone to act for you: If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.  We will make sure the person has this authority and can act for you before we take any action.

Breach Notification: If a breach of unsecured PHI occurs, you will be notified within 60 days, along with any required reports to state or federal agencies.

State Rights More Stringent Than HIPAA. In certain instances, protections afforded under applicable state law may be more stringent than those provided by HIPAA and are therefore not preempted.  For instance, certain records pertaining to substance abuse records are subject to more stringent protections pursuant to Section 397.501(7) Florida Statutes(F.S.), and certain mental health records are protected under Section 394.4615(2) F.S.  Disclosures of such records (i.e., if subpoenaed) typically require consent of the patient or a court order. 

File a complaint if you feel your rights are violated: Let us know if you feel we have violated your rights by contacting us using the information above.  You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.  We will not retaliate against you for filing a complaint.

Changes to the Terms of this Notice: We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our web site.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.