HIPAA Notice of Privacy Practices

Effective September 17th, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

At Greater Boston Dermatology, we are committed to maintaining the privacy and security of your protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) regulations. This Notice of Privacy Practices outlines how we collect, use, disclose and safeguard your PHI.

1.       Information Collection, Use and Disclosure:

  • We collect PHI, including but not limited to, your name, contact information, medical history, and treatment records, to provide you with quality dermatological care. With your consent, we may disclose information about you to other health care providers who are involved in your care and treatment.

Treatment:

  • We may use your PHI to provide treatment, such as conducting tests and writing prescriptions. With your consent, we may share information with other providers involved in your care.

Payment:

  • We may use, and with your consent, disclose your PHI to bill for services, verify insurance coverage, collect payments from insurers or third parties, and bill you directly.

Health Care Operations:

  • We may use, and with your consent, disclose your PHI for operational purposes, such as evaluating care quality and planning, obtaining legal services, etc.

Messaging and Appointment Reminders:

  • We may use and disclose your PHI to remind you of and confirm upcoming appointments.

  • We may use and disclose your PHI to contact you about weather-related changes and changes in office hours.

  • We may use and disclose PHI when responding to messages you send us or to contact you about your care.

Treatment Options:

  • We may use and disclose your PHI to inform you about potential treatment options or alternatives.

Health-Related Benefits and Services:

  • We may use and disclose your PHI to inform you about health-related benefits or services that may interest you.

Business Associates:

  • We may disclose your PHI to business associates, such as contractors or billing companies, to assist with payment or health care operations.

  • If we disclose your PHI to a business associate, we will have a written contract that requires the business associate to protect the privacy of your PHI in accordance with applicable law.

Release of Information to Family/Friends or Individuals Involved in Your Care or Payment for Your Care:

  • Unless you tell us otherwise, we may share your PHI with a family member, close friend, or anyone else you identify if they are directly involved in your care or payment for your care.

  • If you are unable to agree or object, we may share the information if we believe it is in your best interest, using our professional judgment. In this case, we would disclose only PHI that we believe is directly relevant to the person’s involvement with your health care or with payment related to your health care.

  • We also may disclose your PHI in order to notify (or assist in notifying) such persons of your location, general condition or death.

  • You have the right to name a personal representative who may act on your behalf to control the privacy of your PHI. Parents and guardians will generally have the right to control the privacy of PHI about minors unless the minors are permitted by law to act on their own behalf.

2.       Disclosure to Third Parties:

  • Except as noted below, we do not share your PHI with third parties without your authorization.

  • We may disclose PHI for public health reporting – for example: (1) report child abuse or neglect, elder abuse, disabled persons abuse, rape and sexual assault; (2) report medical information for the purpose of preventing or controlling disease, injury or disability; (3) report information about products and services under the jurisdiction of the U.S. Food and Drug Administration; (4) report information to your insurer and/or the Massachusetts Industrial Accident Board (and any party involved in the Workers’ Compensation matter) as required under laws addressing work-related illnesses and injuries or workplace medical surveillance; (5) if we know or have reason to believe that you are infected with a venereal disease, to alert your fiancée, if you are engaged, or your spouse, if you are married; and (6) file a death certificate.

  • We may disclose your PHI in the course of legal or administrative proceedings in response to a legal order or other lawful process.

  • We may disclose your PHI to prevent or lessen a serious and imminent threat to your health, safety, or the safety of others, but only to someone who is reasonably able to lessen or prevent the threat, including the target of the threat.

  • PHI may be shared with health oversight agencies as required by law. Health oversight activities include audits, investigations, inspections, licensure or disciplinary actions, and civil, criminal or administrative proceedings or actions. We also are required to disclose your PHI to the Secretary of Health and Human Services, upon request, to determine our compliance with HIPAA.

  • We may disclose your health information to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena accompanied by a court order.

  • We may release PHI to a coroner, medical examiner, or funeral director as necessary for their duties, as authorized by law.

  • We may disclose PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities as required by law. PHI may also be released to protect the President, other authorized persons or foreign heads of state or to conduct special investigations as required by law.

  • We may disclose your PHI for research purposes with your written authorization, unless a special process determines that a waiver of authorization poses minimal risk to your privacy.

  • If you are an organ donor, we may disclose your PHI to organizations that facilitate organ, eye or tissue procurement, banking or transplantation.

  • We may use and disclose your PHI when required to do so by federal, state or local law.

3.       Patient Rights:

Right to Paper Copy of this Notice:

  • You have a right to receive a paper copy of this Notice, even if you have agreed to receive this Notice electronically.

  • Paper copies are available upon request. You can access an electronic version of this Notice at www.greaterbostondermatology.com.

Right to Inspect and Copy PHI:

  • You have the right to inspect and copy your PHI that we hold in a designated record set. This usually includes medical records (excluding psychotherapy notes) and billing records. 

  • You have the right to request and receive your PHI in an electronic format when available.

  • For paper copies, we may charge a reasonable fee for labor or related supplies.

  • For portable electronic copies, we may charge a reasonable fee for labor or related supplies.

  • We generally have up to 30 days to make your PHI available to you. If more time is needed to respond, we will notify you within the specified timeframe, explaining the delay and providing an updated response time.

  • If you wish to access your records, please submit your request in writing

Right to Amend:

  • If you feel that your PHI we have is incorrect or incomplete, you may make a written request to amend the information. We will not make changes to medical information created by another health care provider or changes that would make your medical record inaccurate or incomplete.

Right to an Accounting of Disclosure:

  • You can request a written list of certain disclosures of your PHI – that is, a list of how and to whom disclosures have been made. This request must be submitted in writing.

Right to Confidential Communications:

  • You have the right to request that we communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work.

  • We will accommodate reasonable written requests.

Right to Request Restrictions:

  • You have the right to request restrictions on the use or disclosure of your PHI for treatment, payment, or healthcare operations.

  • You may also ask us to limit the disclosure of your PHI to specific individuals, such as family members or friends involved in your care or payment for your care.

  • We will consider your request; however, we are not required to agree to the restriction, except as noted below.

  • If you pay in full, out-of-pocket for a service or item and request that we not share related PHI with your health plan, we will honor this request unless otherwise required by law.

  • You can revoke a restriction at any time, and in some cases, we may also revoke it with prior notification or your consent.

  • If we agree to a restriction, we will follow it unless the information is needed for emergency treatment.

  • Restriction requests must be submitted in writing and include: the information to be restricted, whether the restriction applies to use, disclosure, or both, and the individuals to whom it applies.

  • We are not required to agree to all requests, and some restrictions may not be allowed by law.

Right to Revoke Your Authorization

  • You have the right to revoke your authorization (or consent) to our use/disclosure of your PHI, as long as you make your request in writing to us. You can revoke your authorization (or consent) for future disclosures, but not for any disclosures made prior to when you first gave your notice of revocation.

4.       Authorization for Release of PHI:

  • Authorization is required to release highly sensitive PHI. This includes but is not limited to your HIV/AIDS status; behavioral health documentation; sexually transmitted diseases; psychotherapy notes; substance use disorder information protected by federal law; and certain genetic information.

  • Other uses and disclosures of PHI not covered by this Notice or the laws that apply to us will be made only with your written authorization. 

5.       Authorization for Marketing:

  • Your PHI will not be used for marketing or sold without your explicit written authorization. You have the right to revoke this authorization at any time.

6.       Security Measures:

  • We employ industry-standard security measures to protect your PHI from unauthorized access, disclosure, alteration, or destruction.

  • Incidental disclosures of your PHI may occur despite our efforts to safeguard privacy, such as other patients hearing your name during check-in.

7.       Data Retention and Disposal:

  • Your PHI is retained for the duration required by law and securely disposed of in compliance with applicable regulations when no longer needed.

8.       Breach Notification:

  • In the event of a breach of your unsecured PHI, we will notify you promptly and take appropriate steps to mitigate potential harm.

9.       Training and Accountability:

  • All members of our staff are trained on HIPAA regulations and are required to adhere to this Notice. Any violations are addressed promptly and appropriately.

10.    Patient Revocation of Consent or Authorization:

  • You have the right to revoke your consent or authorization for certain uses or disclosures of your PHI by submitting a written request.

11.    Changes and Amendments to this Notice:

  • We are required by law to: make sure the privacy of your PHI is maintained, provide you with this Notice of our legal duties and privacy practices, and abide by the terms of the Notice that is currently in effect.

  • We reserve the right to change this Notice and make the new Notice apply to PHI we already have as well as any information we receive in the future.

  • We will post a copy of our current Notice at our office in a clear and prominent location. The Notice will contain the effective date on the first page.

  • You may request a copy of the Notice at any time.

12.    Questions, Requests, and Complaints:

  • If you have any questions or concerns regarding your privacy rights or the information in this Notice, please contact your physician Dr. Rebecca Jacobson at the address below.

  • If you are making any written requests, please address the request to us at the following address:

    Greater Boston Dermatology PC, 85 Lincoln Street, Suite 510, Framingham, MA 01702.

  • If you would like to submit a comment or complaint about our privacy practices, you can do so by contacting your physician Dr. Rebecca Jacobson at the address above. You also may contact the Secretary of the Department of Health and Human Services. You will not be penalized or otherwise retaliated against for filing a complaint.

Office for Civil Rights

Department of Health and Human Services

200 Independence Ave., SW

Rm. 509F, HHH Building

Washington, D.C.  20201

Email: ocrprivacy.@hhs.gov

Website: https://www.hhs.gov/hipaa/filing-a-complaint/index.html