How We Protect Your Privacy – HIPAA and GDPR

2018-06-13

At Trifecta Med Spa, we take special steps to protect our patient’s privacy and the privacy of your medical records.  With 4 convenient locations in New York– downtown and midtown, UES in Manhattan and Hewlett, Long Island, state of the art equipment and wide range of services, Trifecta Med Spa offers complete privacy and discretion.

Private entrance ensures full confidentiality and highly professional staff will guarantee highest level of service combined with ability to use alias while getting services.

Many of our privacy requirements are mandated by the Health Insurance Portability and Accountability Act (HIPAA) that was passed by Congress in 1996. 

For our European patients, please see further below for how the new General Data Protection Regulation (GDPR) may affect you.

What Information Is Protected

  • Information your doctors, nurses, and other health care providers put in your medical record

  • Conversations your doctor has about your care or treatment with nurses and others

  • Information about you in your health insurer’s computer system

  • Billing information about you at your clinic

  • Most other health information about you held by those who must follow these laws

How This Information Is Protected

  • Covered entities must put in place safeguards to protect your health information and ensure they do not use or disclose your health information improperly.

  • Covered entities must reasonably limit uses and disclosures to the minimum necessary to accomplish their intended purpose.

  • Covered entities must have procedures in place to limit who can view and access your health information as well as implement training programs for employees about how to protect your health information.

  • Business associates also must put in place safeguards to protect your health information and ensure they do not use or disclose your health information improperly.

What Rights Does the Privacy Rule Give Me over My Health Information?

Health insurers and providers who are covered entities must comply with your right to:

 

  • Ask to see and get a copy of your health records

  • Have corrections added to your health information

  • Receive a notice that tells you how your health information may be used and shared

  • Decide if you want to give your permission before your health information can be used or shared for certain purposes, such as for marketing

  • Get a report on when and why your health information was shared for certain purposes

  • If you believe your rights are being denied or your health information isn’t being protected, you can

  • File a complaint with your provider or health insurer

  • File a complaint with HHS


You should get to know these important rights, which help you protect your health information.

You can ask your provider or health insurer questions about your rights.

Who Can Look at and Receive Your Health Information

The Privacy Rule sets rules and limits on who can look at and receive your health information

To make sure that your health information is protected in a way that does not interfere with your health care, your information can be used and shared:

  • For your treatment and care coordination

  • To pay doctors and hospitals for your health care and to help run their businesses

  • With your family, relatives, friends, or others you identify who are involved with your health care or your health care bills, unless you object

  • To make sure doctors give good care and nursing homes are clean and safe

  • To protect the public's health, such as by reporting when the flu is in your area

  • To make required reports to the police, such as reporting gunshot wounds

Your health information cannot be used or shared without your written permission unless this law allows it. For example, without your authorization, your provider generally cannot:

  • Give your information to your employer

  • Use or share your information for marketing or advertising purposes or sell your information

European Patients

We always try to follow best practices when it comes to information security and data protection.  As a result of the enactment of the new General Data Protection Regulation (GDPR) which became effective on May 25, 2018, we conducted an internal information audit to better understand how we store and share patient information, reviewed our privacy policies, ensured our opt-in process is compliant and confirmed we have procedures in place to handle a data breach.  If you are an EU-resident and have any questions about how we protect your data, please contact us at (800) 757-4026.