Graham Eye Associates PLLC
10700 Kuykendahl Road, Suite J
The Woodlands, Texas 77381
(832) 585-1300
GrahamEye.com
Tammi Graham, Privacy Official
We respect our legal obligation to keep health information that might identity you
private. We are obligated by law to provide you with notice of our privacy practices
and abide by the policies in it. This notice describes how we protect your health
information and what rights you have regarding it.
The most common reasons we would use or disclose your health information is for
treatment, payment, or business operations. We routinely use and disclose your medical
information within the office on a daily basis. We do not need specific permission to use
or disclose your medical information in the following matters, although you have the
right to request that we do not.
Examples of how we might use or disclose health information for treatment purposes
might include:
• Setting up or changing appointments including leaving messages containing no
information about your personal health information with those at your home or
office who may answer the phone or leaving messages on answering machines,
voicemails, texts, or emails;
• Calling your name out in a reception room environment;
• Prescribing glasses, contact lenses, or medications as well as relaying this
information to suppliers by phone, fax, or other electronic means including initial
prescriptions and requests from suppliers for refills;
• Notifying you that your ophthalmic goods are ready, including leaving messages
containing no personal health information with those at your home or office who
may answer the phone, or leaving messages on answering machines, voicemails,
texts, or emails;
• Referring you to another doctor for care not provided by this office;
• Obtaining copies of health information from doctors you have seen before us;
• Discussing your care with you directly or with family or friends you have inferred
or agreed may listen to information about your health;
• Sending you postcards or letter or leaving messages containing no personal health
information with those at your home who may answer the phone or on answering
machines, voicemails, texts, or emails reminding you it is time for continued care;
• At your request, we can provide you with a copy of your medical records via
secured fax, secured email, secured patient portal, or printed copies delivered in
personal or through the US mail.
Examples of how we might use or disclose health information for payment purposes
might include:
• Asking you about your vision or medical insurance plans or other sources of
payment;
• Preparing and sending bills to your insurance provider or to you;
• Providing any information required by third party payors in order to ensure
payment for services rendered to you;
• Sending notices of payment due on your account to the person designated as
responsible party or head of household on your account with fee explanations
that could include procedures performed and for what diagnosis: collecting
unpaid balances either ourselves or through a collection agency, attorney, or
district attorney’s office. At the patient’s request we may not disclose to a health
plan or health care operation information related to care that you have paid for
out of pocket. This only applies to those encounters related to the care you want
restricted and only to the extent a disclosure is not otherwise required by law.
Examples of how we might use or disclose health information for business operations
might include:
• Financial or billing audits;
• Internal quality assurance programs, participation in managed care plans,
defense of legal matters;
• Business planning;
• Certain research functions, informing you of products or services offered by
our office;
• Compliance with local, state, or federal government agencies request for
information;
• Oversight activities such as licensing of our doctors;
• Medicare or Medicaid audits;
• Providing information regarding your vision status to the Department of Public
Safety, a school nurse, or agency qualifying for disability status.
In some other limited situations, the law allows us to use or disclose your medical
information without your specific permission. Most of these situations will never apply
to you but they could.
• When a state or federal law mandates that certain health information be
reported for a specific purpose;
• For public health reasons, such as reporting of a contagious disease,
investigations or surveillance, and notices to and from the federal Food and Drug
Administration regarding drugs or medical devices;
• Disclosures to government or law authorities about victims of suspected abuse,
neglect, domestic violence, or when someone is or suspected to be a victim of a
crime;
• Disclosures for judicial and administrative proceedings, such as in response to
subpoenas or orders of courts or administrative hearings;
• Disclosures to a medical examiner to identify a deceased person or determine
cause of death or to funeral directors to aid in burial;
• Disclosures to organizations that handle organ or tissue donations;
• Uses or disclosures for health-related research;
• Uses or disclosures to prevent a serious threat to health or safety of an individual
or individuals;
• Uses or disclosures to aid military purposes or lawful national intelligence
activities;
• Disclosures of de-identified information;
• Disclosures related to a workman’s compensation claim;
• Disclosures of a “limited data set” for research, public health, or health care
operations;
• Incidental disclosures that are an unavoidable by-product of permitted uses and
disclosures;
• Disclosure of information needed in completing form from a school related vision
screening, information to the Department of Public Safety, information related to
certification for occupational or recreational licenses such as pilot’s license;
• Disclosures to any business associate who perform health care operations for
Graham Eye Associates PLLC and who commit to respect the privacy of your
information. We also require any business associate to require any sub-contractor
to comply with our privacy policies;
• Unless you object, disclosure of relevant information to family members or
friends who are helping you with your care or by their allowed presence cause us
to assume you approve their exposure to relevant information about your health.
It is the policy of Graham Eye Associates PLLC for our staff to take phone calls from
individuals on a patient’s behalf requesting information about making or changing an
appointment; the status of eyeglasses, contact lenses, and other ophthalmic/optical
goods ordered by or for the patient. Graham Eye Associates PLLC staff will also assist
individuals on a patient’s behalf in the delivery of eyeglasses, contact lenses, or other
ophthalmic/optical goods. During a telephone or in person contact, every effort will be
made to limit the encounter to only the specifics needed to complete the transaction
required. No information about the patient’s vision or health status may be disclosed
without proper patient consent. Graham Eye Associates PLLC staff and doctors will also
infer that if you allow another person in an examination room, treatment room, optical
or contact lens dispensary, or any business area within the office with you while testing
is performed or discussions held about your vision or health care or your account that
you consent to the presence of that individual.
We will not make any other uses or disclosures of your health information or uses and
disclosures involving marketing unless you sign a written Authorization for Release of
Identifying Health Information. The content of this authorization is determined by
applicable state and federal law. The request for signing an authorization may be
initiated by Graham Eye Associates PLLC or by you as the patient. We will comply with
your request if it is applicable to the federal policies regarding authorizations. If we ask
you to sign an authorization, you may decline to do so. If you do not sign the
authorization, we may not use or disclose the information we intended to use. If you do
elect to sign the authorization, you may revoke it at any time. Revocation requests must
be made in writing to the Privacy Officer named at the beginning of this Notice.
The law gives you many rights regarding your personal health information.
• You may ask us to restrict our uses and disclosures for purposes of treatment
(except in emergency care), payment, or business operations. This request must
be made in writing to the Privacy Officer named at the beginning of this Notice.
We do not have to agree to your request, but if we agree, must honor the
restrictions you ask for;
• You may ask us to communicate with you in a confidential manner. Examples
might be only contacting you by telephone at your home or suing some special
email address. We may accommodate these requests if they are reasonable and if
you agree to pay any additional cost, if any, incurred in accommodating your
request. Requests for special communication requests must be made to the
Privacy Officer named at the beginning of this Notice;
• You may ask to review or get copies of your health information. For the most part
we are happy to provide you with the opportunity to either review or obtain a
copy of your medical information, but rare situations may restrict release of the
information. In such cases we will provide you such denial in writing. Another
licensed health care practitioner chose by Graham Eye Associates PLLC may
review your request and your denial. In such cases we will abide by the outcome
of that review. We ask that requests for review or copy of medical information be
made in writing to the Privacy Officer named at the beginning of this Notice, but
this is not a requirement. While we usually respond to these requests in just a day
or so, by law we have a short period of time specified by State or Federal law to
respond to your request. We may request an additional extension of time in
certain situations;
• Health care information you request copies of may be delivered to you in the
format you request. The e-formats Graham Eye Associates PLLC has approved
include secure email, an authorized Electronic Health Information system and
media supplied by Graham Eye Associates PLLC;
• You may ask us to amend or change your health care information if you think it is
incorrect or incomplete. If we agree, we will make the amendment to your
medical record within thirty (30) days of your written request for change sent to
the Privacy Officer named at the beginning of this Notice. We will then send the
corrected information to you or any other individual you feel needs a copy of the
corrected information. If we do not agree, you will be notified in writing of our
decision. You may then write a statement of your position and we will include it in
your medical record along with any rebuttal statement we may wish to include;
• You may request a list of any non-routine disclosures of your health information
that we might have many within the past six (6) years. Routine disclosures would
include those used in your treatment, payment, and business operations of
Graham Eye Associates PLLC. These routine disclosures will not be included in
your list of disclosures. You are entitled to one such list per year without charge. If
you want more frequent lists, you must pay for them in advance at a fee of $30
per list. We will usually respond to your written request made to the Privacy
Officer named at the beginning of this Notice within thirty (30) days but we are
allowed one thirty (30) day extension if we need the time to complete your
request;
• You may obtain additional copies of this Notice of Privacy Practices from our
office or online at our website address shown at the beginning of this Notice.
In the event of a reportable breach of patient information, Graham Eye Associates PLLC,
agrees to abide by the breach notification requirements as established by the HIPAA
Breach Notification Rule or specific State requirement. If a breach occurs, Graham Eye
Associates PLLC, will take all necessary steps to remain in compliance with this rule
including as applicable notification of individuals, Business Associates, the Secretary of
Health and Human Services, and prominent media outlets.
Graham Eye Associates PLLC will take no action against any individual who provides
information to the Office of Civil Rights, Office of the Inspector General, or individual
state Attorney General’s Office regarding concerns related to the privacy and security
procedures or actions at Graham Eye Associates PLLC.
By law, we must abide by the terms of this Notice of Privacy Practices until we choose to
substantially change the Notice. We reserve the right to change this Notice at any time.
If we change this Notice, then new Privacy Practices will apply to your existing health
information as well as any additional information generated in the future. If we change
this Notice, we will post a new Notice in our office and on our website.
If you think that anyone at Graham Eye Associates PLLC has not respected the privacy of
your health information, we encourage you to discuss your concerns with the Privacy
Officer named at the beginning of this Notice. We request you submit your concerns in
writing. We are more than happy to try to resolve any concern you may have. We want
to resolve your concerns but you may also file a complaint with the U.S. Department of
Health and Human Services, Office of Civil Rights, or the state Attorney General’s Office.
We will not retaliate against you if you make such a complaint.
If you have any questions or concerns we encourage you to contact the Privacy Officer
at the number on this Notice.