VITUS PROSTATE CENTER - PRIVACY POLICY

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

Prof. Dr. Stehling Institut für Bildgebende Diagnostik
Strahlenberger Straße 110
63067 Offenbach / Frankfurt am Main

Telephone: +49 69 50 50 00 90
Email: info@bilddiagnostik.de

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

Opposition to promotional emails

We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements with regard to sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company.

Kurt-Rolf Sannig

Telephone: +49 6103 36278
Email: rolf@sannig.net

4. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 paragraph 1, letter f of DSGVO. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest to ensure an optimized service provided free of technical errors. Therefore server log files have to be stored.

Contact form

Should you send us questions via the contact form, we will collect the data entered on the form, including the contact details you provide, to answer your question and any follow-up questions. We do not share this information without your permission.

We will, therefore, process any data you enter onto the contact form only with your consent per Art. 6 (1)(a) DSGVO. You may revoke your consent at any time. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected by this provision.

5. Analytics and advertising

Google Analytics

This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

Browser plugin

You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Objecting to the collection of data

You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site: Disable Google Analytics.

For more information about how Google Analytics handles user data, see Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Outsourced data processing

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic data collection by Google Analytics

This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "Refusal of data collection".

Google AdWords and Google Conversion Tracking

This website uses Google AdWords. AdWords is an online advertising program from Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States ("Google").

As part of Google AdWords, we use so-called conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. Cookies are small text files that your internet browser stores on your computer. These cookies expire after 30 days and are not used for personal identification of the user. Should the user visit certain pages of the website and the cookie has not yet expired, Google and the website can tell that the user clicked on the ad and proceeded to that page.

Each Google AdWords advertiser has a different cookie. Thus, cookies cannot be tracked using the website of an AdWords advertiser. The information obtained using the conversion cookie is used to create conversion statistics for the AdWords advertisers who have opted for conversion tracking. Customers are told the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, advertisers do not obtain any information that can be used to personally identify users. If you do not want to participate in tracking, you can opt-out of this by easily disabling the Google Conversion Tracking cookie by changing your browser settings. In doing so, you will not be included in the conversion tracking statistics.

Conversion cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

For more information about Google AdWords and Google Conversion Tracking, see the Google Privacy Policy: https://www.google.de/policies/privacy/.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our websites. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").

reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google.

The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place.

Data processing is based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in protecting its site from abusive automated crawling and spam.

For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/android.html.

Facebook Pixel

Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook").

These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.

The data collected is anonymous to us as operators of this website and we cannot use it to draw any conclusions about our users' identities. However, the data are stored and processed by Facebook, which may make a connection to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used.

Check out Facebook's privacy policy to learn more about protecting your privacy: https://www.facebook.com/about/privacy/.

You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

6. Plugins and tools

YouTube

Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.

If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.

Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

If your browser does not support web fonts, a standard font is used by your computer.

Further information about handling user data, can be found at https://developers.google.com/fonts/faq and in Google's privacy policy at https://www.google.com/policies/privacy/.

Google Maps

This site uses the Google Maps map service via an API. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use Google Maps, it is necessary to save your IP address. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

The use of Google Maps is in the interest of making our website appealing and to facilitate the location of places specified by us on the website. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.

Further information about handling user data, can be found in the data protection declaration of Google at https://www.google.de/intl/de/policies/privacy/.

NOTICE OF PRIVACY PRACTICES:

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY.

We at VITUS Prostate Center-San Diego, “VPC-SD”, understand that medical information about you and your health is personal.  We are required by law to maintain the privacy of individually identifiable patient health information (this information is known as “protected health information” and is referred to in this document as “PHI”).  We are required by law to provide patients with a copy of our notice of privacy practices regarding PHI.  We are also required to post the information contained in this notice in a prominent place within our facility.  A copy of this notice is also accessible on our website at www.vitus.staging.wpengine.com.  We will only use or disclose your PHI as is permitted under the terms of our Notice of Privacy Practices that may be currently in effect at any given time.

I.          Persons Governed by this Notice

This notice applies to the delivery of health care by employees and staff of VITUS Prostate Center-San Diego.“VPC-SD” and its employees and workforce (or “we”) have all agreed to be bound by the terms of this, or any subsequently applicable, Notice of Privacy Practices.  This Notice of Privacy Practices will apply to PHI obtained by “VPC-SD” in providing services to you at any VITUS Prostate Center facility.  In addition, all persons and entities participating in VITUS PROSTATE CENTERS may share your PHI with each other for the treatment, payment, or health care operations purposes and other purposes as described in this Notice. 

 II.        How “VPC-SD” May Use or Disclose Your PHI

“VPC-SD” may use and disclose PHI about you in different ways.  All of the ways which we may use or disclose information fall within one of the following described categories, however, not every potential use or disclosure within a category is listed in this Notice of Privacy Practices.

A.          Uses and Disclosures Which do not Require Patient Authorization or Permission
The following uses and disclosures of information by “VPC-SD” may be made without your permission or authorization and without notice to you:

i.               For Treatment.

“VPC-SD” may use your PHI to provide you with medical treatment, services, and supplies.  For example, we may use your PHI, such as a history of heart disease, to assess your health and perform requested diagnostic services.  In addition, we may disclose the findings of our treatment or diagnostic procedures to other health care providers, such as your referring physician, so that they may provide treatment to you, just as we may obtain PHI from other health care providers who have provided treatment to you, so that we may better provide treatment, services, or supplies to you.

  • Appointment and Other Reminders “VPC-SD” may use and disclose PHI to contact you as a reminder that you have an appointment, that you need to schedule an appointment, or what steps you need to take to prepare for an appointment, such as whether and for how long you must abstain from food or drink prior to your appointment.

ii.             For Payment.

“VPC-SD” will use and disclose PHI about you to bill for our services and to collect payment from you.  For example, we may give payor information about your medical condition so that payor will make payment to us for the imaging or other services that we have furnished to you.  We may also inform your payor of the tests you are going to receive, as well as other PHI about you, in order to obtain prior approval or to determine whether the services we are going to provide to you are covered by your insurance.  We also may provide PHI to other health care providers, payors, or other persons, including those responsible to make payment for services provided to you, to help secure payment for our services, or for other health care providers to obtain payment for their services.

iii.            For Health Care Operations.

We may use and disclose PHI about you for business, administrative and the general operations of VITUS PROSTATE CENTER-SAN DIEGO.  For example, we may utilize PHI to arrange for accreditation, organization review, use by auditors or other business and legal consultants to review our practice, to evaluate our operations, and to assist us in improving the quality and delivery of our services.

iv.            Business Associates.

“VPC-SD” may use or disclose your PHI to other persons or entities with whom VITUS PROSTATE CENTER-SAN DIEGO, or any of its members, have an agreement or an arrangement by which such other person or entity uses or discloses PHI for obtaining payment, health care operations, and other permissible functions on behalf of “VPC-SD” or its members.  An example of a business associate would include billing and collection companies, or persons who might provide auditing or legal services.  Any business associate of “VPC-SD” or its agents and subcontractors will be required to guarantee that they will maintain the confidentiality of your PHI to the same extent “VPC-SD” would if it were performing these tasks itself.  Furthermore, business associate and their subcontractors are directly accountable for protecting your PHI and they are required to promptly inform “VPC-SD” should your PHI be compromised.

v.             Public Policy and Other Uses and Disclosures Permitted By Law.

There are a number of reasons why we may disclose PHI about you pursuant to federal or state law, or applicable public policy.  We may disclose PHI about you when we are allowed or required to do so by federal, state, or local law.  Types of such use and disclosure of your PHI include the following:

(1)  Public Health Reporting.  We may disclose PHI about you in connection with public health reporting activities.  For example, we may disclose PHI to a public health authority authorized to collect or receive PHI for the purpose of preventing or controlling disease, injury, or disability.  Also, we may disclose PHI about you at the direction of a public health authority or to an official of a foreign government agency that is acting in collaboration with a public health authority.  A public health authority may include state health departments, the Center for Disease Control, the Food and Drug Administration, the Occupational Safety and Health Administration, and the Environmental Protection Agency, to name but a few.

(2)  Abuse and Neglect Reports and Patient Safety We are also permitted to disclose PHI about you to a governmental agency or other entity authorized by law to receive reports of child abuse or neglect, or neglect or abuse of vulnerable adults.  PHI about you may also be used or disclosed as necessary to prevent a serious threat to your health and safety or to the health and safety of others.

(3)  Food and Drug Reports We may disclose PHI to a person subject to the Food and Drug Administration’s oversight, including, for example, the following activities: to report adverse events, product defects or problems, or biological product deviations, to track products, to enable product recalls, repairs or replacements, or to conduct post marketing surveillance.

(4)  Health Oversight Activities We may disclose PHI concerning you in connection with certain health oversight activities of licensing and other agencies.  For example, health oversight activities include audit, investigation, inspection, licensure or discipline activities and actions, and civil, criminal, or administrative proceedings or actions or any other activity necessary for the oversight of the health care system; governmental benefit programs for which health information is relevant to determining beneficiary eligibility; entities subject to governmental regulatory programs for which health information is necessary to determine compliance with program standards, or subject to civil rights for which health information is necessary for determining compliance.

(5)  Law Enforcement and Legal Proceedings We may disclose PHI in response to a warrant, subpoena, or other order of a court or administrative hearing body, and in connection with certain government investigations and law enforcement activities, including identifying a criminal suspect or a missing person; or providing certain information about crime victims or criminal conduct, including to report a crime that we suspect occurred on our premises.  We may also disclose your PHI in connection to legal administrative proceedings that involve you.  We may release such information upon an order of a court or administrative tribunal.  We may release such PHI also in the absence of such an order and in response to discovery or other lawful requests, if efforts have been made to notify you or secure a protective order limiting or preventing the disclosure of PHI.

(6)       Coroners and Transplant Procurement We may also release PHI to a coroner or medical examiner to identify a deceased person or determine the cause of death.  We may release PHI to organ procurement organizations, transplant centers, and eye or tissue banks.

(7)       Workplace Injury or Illness “VPC-SD” may use or disclose your PHI to comply with workplace illness and injury laws, including obligations for workplace medical surveillance and worker’s compensation laws.

(8)       Military, Government and National Security If you are a member of the armed forces, we may release or use your PHI as required by military command authorities.  We may also release PHI about foreign military personnel to the appropriate foreign military authority.  Likewise, we may disclose PHI for national security intelligence activities, and for the provision of protective services of the President of the United States and other officials or foreign heads of state.

(9)       Disclosure Regarding Inmates If you are an inmate, we may release PHI about you to a correctional institution where you are incarcerated or to law enforcement officials who may have custody of you.

(10)    Certain Research Uses We may use or disclose PHI about your condition and treatment for research purposes where an institutional review board or similar body referred to as a privacy board, determines that your privacy interests will be adequately protected in this setting by the limited use of PHI.  We may also use and disclose your PHI to prepare or analyze a research protocol.  Researchers will be required to safeguard the PHI they receive.

III.       Permitted Use or Disclosure with the Opportunity for You to Agree or Object

“VPC-SD” and its members may use or disclose your PHI in certain circumstances without your authorization, but you have the opportunity to ask that such uses or disclosures not occur.  These uses and disclosures include the following:

A.        Family/Friends

“VPC-SD” may disclose PHI about you to a friend or family member who is involved in your medical care.  “VPC-SD” will also give information to someone who helps you pay for your care.  In addition, “VPC-SD” will disclose PHI about you to an agency assisting in a disaster relief effort so that your family can be notified about your condition, status, or location.  You have a right to request that your PHI NOT be shared with some or all of your family, friends, or otherwise as described above.

B.        Promotional Communications

“VPC-SD” does not share or sell your PHI to companies that market health care products or services directly to customers for use by those companies to contact you, such as drug companies.  “VPC-SD” may maintain a database of individuals for communications concerning disease management or detection, health promotion, and regarding products that “VPC-SD” believes may be of benefit to you and your health condition.  Individuals in this database under certain circumstances may receive information about the programs and services of Imaging Healthcare Specialists, Gem State Radiology, or SARMC.  You may request to be deleted from this database by contacting the “VPC-SD” Privacy Officer.

IV.       Use or Disclosure Requiring Your Authorization

The following disclosures or use of your PHI will occur only upon your providing written authorization for us to use or disclose the information for the purposes described below:

A.        Marketing

“VPC-SD” is not permitted to provide your PHI to any other person or entity for marketing any products or services to you, other than products or services, or otherwise as described in paragraph III (B) above, unless you have signed an authorization permitting such use or disclosure.

B.        Research

“VPC-SD” will use or disclosure your PHI as part of research that includes providing you with treatment if you have signed a written authorization permitting the use or disclosure for such research purposes.  For example, if you are part of a research study that includes treatment, “VPC-SD” will require that you sign an authorization to allow the researcher to use or disclose your PHI for this research.  However, ”VPC-SD” may condition the provision of such medical care or treatment that is part of the research upon your signing the research authorization.

C.       Other Uses

Any other uses or disclosures that are not for purposes of treatment, payment, or health care operations of VITUS PROSTATE CENTER-SAN DIEGO, or that are not otherwise permitted as described herein, will be made only with your written authorization.  When disclosure is permitted only with written authorization, the authorization will inform you of why we are requesting use or disclosure of your PHI and to whom the PHI may be disclosed or by whom it may be used.  If we are required to obtain an authorization that you signed, you may, in writing, revoke such authorization to the extent that “VPC-SD” has not already relied upon the authorization in the use and disclosure of your PHI.

V.        Your Health Information Privacy Rights

“VPC-SD” maintains records related to the care and services you receive at a “VPC-SD” location, which includes records pertaining to care, provided by VITUS Prostate Center-San Diego employees and work force members.  These records are owned by VITUS PROSTATE CENTER-SAN DIEGO, but you have the following rights concerning your PHI maintained by VITUS PROSTATE CENTER-SAN DIEGO:

A.        Right to Request Restrictions

You may ask “VPC-SD” to not use or disclose any part of your PHI for purposes of treatment, payment, or health care operations.  Your request must be put in writing and specify the restriction requested and the scope to which you would like the restriction to apply.  “VPC-SD” is not required to agree to such a restriction that you may request, however.  If “VPC-SD” does agree to the requested restriction, it will do so only in writing, and “VPC-SD” will not use or disclose your PHI to the extent agreed to in writing by VITUS PROSTATE CENTER-SAN DIEGO, unless it is necessary for you to receive emergency treatment, or if the restriction is terminated by you, or by “VPC-SD” by notifying you of our termination of agreement to the restriction. If, however, you pay for your care yourself, out of your own pocket, you may request we not share your PHI about this care with your health plan or health insurer, and “VPC-SD” is required to comply with this request.

B.        Right to Request to Receive Communication by Alternative Means

“VPC-SD” will accommodate reasonable requests to receive communications by alternative means or to an alternative location (e.g., by calling you at work or sending information to a different address).  Such requests must be made in writing.  “VPC-SD” may condition this accommodation by requiring you to provide information as to how payment will be handled and by requiring specification from you of an alternative address or other method of contact.  Such a request should be made in writing to our Privacy Officer.

C.       Right to Access your Private Health Information by Inspection and/or Copying

You have a right to access your PHI and to inspect and copy your PHI contained in your designated record set as long as it is maintained by “VPC-SD” except, that no such right of access shall apply to psychotherapy notes; information that will be used in a civil, criminal, or administrative action or proceeding; PHI to which by law, “VPC-SD” may elect or be required to deny you access.  Depending upon the basis for denial of a request to access your PHI, that decision to deny access may be reviewable by another health care professional that “VPC-SD” may choose, so long as that person was not involved in the original decision to deny your request for access.  Some denials are not subject to any right of review. To the extent we maintain your medical records in electronic format; you may request to receive a copy of such records in electronic form.   Before providing copies of your PHI, “VPC-SD” may require the payment by you of a reasonable cost-based copying charge for medical records and medical images. You must make your request to access and copy your PHI in writing to VITUS PROSTATE CENTER-SAN DIEGO’s Privacy Officer.  “VPC-SD” will respond to your request within thirty (30) days of the receipt of the written request. If “VPC-SD” cannot respond to your request within that time frame, “VPC-SD” will notify you in writing to explain the delay and the date by which “VPC-SD” will act upon your request.

D.       Right to Request Amendment

You may request an amendment of PHI about you that is maintained by “VPC-SD” in a designated record set for as long as “VPC-SD” maintains this information.  You must submit a written request for amendment that provides the reasons for the requested amendment.  “VPC-SD” may deny the request for amendment for any reason permitted by law, including for example, that “VPC-SD” did not create the information; the information is not part of VITUS PROSTATE CENTER-SAN DIEGO’s designated record set, the information is not of a type that would be available for you to access, or the information is accurate and complete.  If “VPC-SD” denies your request for amendment, you may file a statement of disagreement with us.  You may ask that “VPC-SD” include your request for amendment and the denial of the same any time that “VPC-SD” discloses the information about which you requested amendment.  “VPC-SD” may prepare a rebuttal to your statement of disagreement and will provide you with a copy of that rebuttal.  Please contact the “VPC-SD” Privacy Officer if you wish to make such a request for amendment to your PHI.

E.        Right to an Accounting of Certain Disclosures of PHI

You have the right to receive an accounting of certain disclosures of your PHI that “VPC-SD” has made.  However, “VPC-SD” does not and will not provide an accounting of the following disclosures:

1)   Disclosures to carry out treatment, payment, or health care operations, or that are incidental to such activities;

2)    Disclosures to you;

3)    Disclosures that are incidental;

4)    Disclosures to persons involved in your care such as family and friends;

5)    Disclosures pursuant to a written authorization

6)    Disclosures for national security or intelligence purposes;

7)    Disclosures to correctional institutions or law enforcement officials;

8)    Disclosures that occurred prior to April 14, 2003; and

9)    Other disclosures for which accounting is not required in accordance with applicable law.

The first accounting requested by you and provided within the twelve (12) month period will be provided without charge.  However, you will be charged for subsequent accountings requested by you within the same twelve (12) month period based upon a reasonable cost-based fee for preparing the accounting.

For each disclosure for which we must account, you will receive: the date of the disclosure, the name of the receiving organization and address if known, a brief description of the PHI disclosed and a brief statement of the purpose of the disclosure or a copy of the written request for the information, if there was one.  However, for certain research disclosures, we will provide more limited information to you.

You must make your request for an accounting of disclosure of your PHI in writing to VITUS PROSTATE CENTER-SAN DIEGO.  You must include the time period for which you are requesting the accounting, which may not be longer than six (6) years.  “VPC-SD” will respond to your request within sixty (60) days from the receipt of the written request.  “VPC-SD” will notify you within the sixty (60) day period in writing if it needs additional time to respond to your request.  In any event, “VPC-SD” will act on your request and provide such accounting within ninety (90) days of the receipt of the original request for accounting.

F.       Right to Receive a Copy of This Notice

If you received this Notice electronically, you have a right to receive a paper copy of this Notice of Privacy Practices upon request.

G.      Breach Notification

“VPC-SD” and/or its’ Business Associate(s) are required to notify when the privacy of your “unsecured” protected health information (PHI) is breached, unless it is determined, consistent with applicable regulations or laws, that we are not required to provide such notice because we determine you are not at risk of harm as a result of such breach.

VI.     Health Data Exchange

VITUS Prostate Center-San Diego does not currently participate with any health data exchange providers.

VII.      Changes to this Notice

“VPC-SD” reserves the right to make changes to this Notice at any time.  We reserve the right to make the revised notice effective for personal health information we already have about you as well as any information we receive in the future.  In the event there is a material change to this Notice, the revised Notice, or if permitted, a summary of such Notice will be posted at our facilities and on our website (www.vitus.staging.wpengine.com).  You may also obtain a copy of the current Notice by contacting the Privacy Officer or by going to any “VPC-SD” facility.

VII.      Complaints

We at “VPC-SD” are committed to compliance with this Notice of Privacy Practices and the requirements imposed upon us by applicable federal and state law.  If you believe that your privacy rights have been violated, you may file a complaint with VITUS PROSTATE CENTER-SAN DIEGO, or with the Secretary of the Department of Health and Human Services, Office of Civil Rights.  To file a complaint with VITUS PROSTATE CENTER-SAN DIEGO, please contact the “VPC-SD” Privacy Officer.  All complaints must be submitted in writing and directed to the “VPC-SD” Privacy Officer.  “VPC-SD” assures you that there will be no retaliation for filing of a complaint and that all complaints will be treated seriously.

VIII.    Additional Information and Privacy Officer Contact

For further information regarding the issues covered by this Notice of Privacy Practice, or any other questions regarding the privacy of your PHI as a patient of VITUS PROSTATE CENTER-SAN DIEGO, including to exercise any of the rights you have as explained in this Notice, please contact the following:

HIPAA Privacy Officer
VITUS Prostate Center-San Diego
4660 La Jolla Village Drive
Suite 100-245
San Diego, CA 92122

Phone: (866) 883-8262

January 30, 2017