Rheumatology Associates of Baltimore
Referring Providers Patient Portal
Make a Payment

Privacy Policy

Privacy Policy

Notice of Privacy Practices

Rheumatology Associates of Baltimore is committed to assuring the security and safety of your health and personal
information. The practice has adopted the following privacy practices.

About Your Protected Health Information (PHI)

Protected health information (PHI) about you is maintained as a written and/or electronic record of your visits and/or
contacts for healthcare services with our practice. PHI includes information about you, including demographic
information that may identify you and relates to your past, present, or future physical or mental condition and related
healthcare services.

Rheumatology Associates of Baltimore is required to follow specific rules on maintaining the confidentiality of your PHI,
using your information, and disclosing or sharing your information with other healthcare professionals involved in your
care and treatment. This notice describes your rights to access and control your PHI. It also describes how we follow
applicable rules, how we use and disclose your PHI to provide treatment, obtain payment for services rendered, manage
our healthcare operations, and for other purposes permitted by law.

What follows is a statement of your rights under the privacy rule with regard to your PHI.
Please feel free to discuss any questions with our staff.

Your Rights

You have the right to receive a copy of this Notice of Privacy Practices.
We are required to follow the terms of this notice and may update it. Upon request, we will provide a revised copy. The notice
will also be posted in a conspicuous location within the practice.

  1. Authorize Other Uses and Disclosures

    You may authorize any use or disclosure of PHI not specified in this notice (e.g., marketing, most psychotherapy notes,
    sale of PHI). You may revoke an authorization in writing at any time, except to the extent action has already been taken.

  2. Request Alternative Confidential Communications

    You may ask us to contact you using a different method (e.g., patient portal, cell phone) or at a different destination
    (e.g., alternate address/phone). Submit your request in writing using our practice form. We will honor all reasonable requests.

  3. Inspect and Copy Your PHI

    You may inspect and obtain a copy of your healthcare record. If maintained electronically, you may request an electronic copy.
    Reasonable fees for paper/electronic copies may apply as allowed by law.

  4. Request a Restriction on PHI

    You may request in writing that we not use or disclose your PHI for treatment, payment, or healthcare operations. We may deny
    certain requests, except we must accept a request to restrict disclosure to your health plan for a specific service
    you (or someone on your behalf) paid for in full out of pocket.

  5. Request an Amendment

    You may request an amendment to your PHI for as long as we maintain it. In certain cases, we may deny the request.

  6. Request an Accounting of Disclosures

    You may request a listing of disclosures we have made of your PHI to persons or entities outside our office, as permitted by law.

  7. Receive Breach Notification

    You have the right to receive written notice if we discover a breach of your unsecured PHI and determine notification is required.

How We May Use or Disclose PHI

Treatment

We use and disclose PHI to provide, coordinate, or manage your healthcare and related services, including coordination with
third parties (e.g., referring physicians, hospitals, laboratories) to ensure providers have necessary information to diagnose
and/or treat you.

Payment

We use and disclose PHI as needed to obtain payment for services (e.g., approvals for tests, procedures, medications, infusions).

Healthcare Operations

We use and disclose PHI for practice operations such as quality assessment, staff review, training, licensing, and related activities.
For example, we may disclose PHI to medical residents, call your name in the waiting room, or inform you of treatment alternatives or
health-related benefits and services of interest.

Disclosures Without Authorization

We may disclose PHI without your authorization as required or permitted by law, including: public health activities, reporting
communicable diseases, health oversight, abuse/neglect, FDA requirements, legal proceedings, law enforcement, criminal activity,
workers’ compensation, and other required uses and disclosures. We must also disclose PHI to you upon written request and to the
Secretary of Health and Human Services for compliance investigations.

Other Permitted/Required Uses

Other uses/disclosures will be made only with your consent, authorization, or opportunity to object, unless required by law.
We will not sell your PHI without authorization, will not use/disclose most psychotherapy notes, and will not disclose PHI containing
genetic information for underwriting purposes.

Chesapeake Regional Information System for our Patients (CRISP)

We participate in CRISP, a state-wide health information exchange. As permitted by law, your health information may be shared
through CRISP to provide faster access, better coordination of care, and support informed decision-making by providers and public
health officials. You may opt out and disable all access to your information via CRISP by calling 1-877-952-7477
or submitting an Opt-Out Form by mail, fax, or via www.crisphealth.org.

Complaints & Contact

You may complain to us or to the Secretary of Health and Human Services if you believe your privacy rights have been violated.
You may file a complaint with us by contacting our Practice Manager. We will not retaliate against you for filing a complaint.

Practice Manager: Brian Bartholomay
Phone: 410-494-1888
Email: bbartholomay@rheumatology-associates.com

If you would like a printed or electronic copy of this notice, please let our staff know.