Free Phone Consultation: 603.718.8328
NOTICE OF PRIVACY PRACTICES
EFFECTIVE 03/01/2026
This notice is effective as of the date stated above and supersedes any prior notices. We reserve the right to revise this notice and make the new provisions effective for all protected health information we maintain, including information created or received prior to the effective date of the revised notice.
PLEASE REVIEW THIS NOTICE CAREFULLY.
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. IT INCLUDES YOUR RIGHTS WITH RESPECT TO YOUR HEALTH INFORMATION, AND HOW TO FILE A COMPLAINT CONCERNING A VIOLATION OF THE PRIVACY OR SECURITY OF YOUR HEALTH INFORMATION, OR REGARDING A VIOLATION OF YOUR RIGHTS CONCERNING YOUR INFORMATION, INCLUDING YOUR RIGHT TO INSPECT OR GET COPIES OF YOUR RECORDS UNDER HIPAA.
NOTICE FOR USE AND SHARING OF PROTECTED HEALTH INFORMATION
If you have any questions, please address them to the contact person listed at the bottom of this notice.
We at Acupuncture and Integrative Medicine Associates of Nashua, PLLC and AIMA Functional Medicine, hereinafter referred to as “AIMA”, pledge to give you the highest quality health care and to have a relationship with you that is built on trust. This trust includes our commitment to respect the privacy and confidentiality of your health information. The word “AIMA” in this notice includes Acupuncture and Integrative Medicine Associates of Nashua, PLLC, AIMA Functional Medicine, and all its employees. AIMA provides health care to our patients in partnership with other professionals and health care organizations. The information privacy practices in this notice will be followed by any health care professional that treats you at any of our locations. We must follow the duties and privacy practices described in this notice and give you a copy of it. While each of these facilities and affiliates operates independently, they may share your health information for coordination of care, treatment, payment and healthcare operations purposes. We understand that medical information about you is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive to provide quality care and to comply with legal requirements. This notice applies to all records of your care generated by any of the separate facilities and providers described above. We are required by law to keep medical information about you private, give you this notice of our legal duties and privacy practices with respect to medical information about you and follow the terms of the notice that is currently in effect. This notice is being given to you because federal law gives you the right to be told ahead of time about how we will handle your medical information, our legal duties related to your medical information, and your rights regarding your medical information. We will not use or share your information, other than as described here, unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind. You can use the contact information at the beginning of this notice. For more information, see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
A. HOW WE MAY USE AND DISCLOSE (SHARE) YOUR PROTECTED HEALTH INFORMATION
We are required by law to maintain the privacy and security of your protected health information. When you need health care, you give information about yourself and your health to doctors, nurses, and other health care workers and staff. This information, along with the record of the care you receive, is “protected health information” (or “health information”). The information in your medical record is kept in paper form and/or in an electronic form. AIMA uses your health information within its system, and shares your health information outside its system in order to give you excellent medical care. AIMA uses and shares your health information for other reasons that can include medical research and training new health care workers. AIMA may share your health information with outside health care providers for purposes such as treatment or research. This notice tells you how AIMA uses and shares your health information for these and other purposes. It also tells you when we need to get your specific permission to do so.
1. Treatment, Payment, and Health Care Operations
Except where prohibited by New Hampshire state or federal laws, AIMA may legally use and share your health information for treatment, payment, and health care operations. We do not need to ask for your specific permission to do these things, as explained below:
Treatment: AIMA health care providers will use and share your health information to provide and manage your health care and related services. We may send information about you to another professional as part of a referral or for coordination of care. For example, your health care provider may refer you to a specialist such as a surgeon. The specialist may tell you that you need to be admitted to the hospital for surgery. In this example, all of the health care providers will share medical information about you whether they are in the AIMA system or not. This is to coordinate your care before, during and after you go into the hospital. AIMA will share information with other third parties, such as home health agencies, visiting nurses, rehabilitation hospitals, and ambulance companies. It will also share information with those who treated you before you went into the hospital and with those who will treat you in the future. This helps to make sure that everyone caring for you has the information they need.
Billing and Payment: AIMA will use and share your health information to bill and collect payment for the health care services it gives to you. We may use and share your health information to bill and get payment from health plans or other entities.
Health Care Operations: AIMA may use and share your health information for activities that are known as health care operations. These are activities that are necessary to operate its facilities and carry out its mission. We can use and share your health information to run our practice, improve your care, and contact you when necessary. We use health information about you to manage your treatment and services. We may also share your health information with outside parties who help us in performing services that involve your health information, perform health care operations or other services on behalf of AIMA. For example, we may share your health information with our attorneys, accountants, billing agents, laboratories, and others. These parties are known as “business associates”. Business associates are also required to keep your health information private. Other examples of activities that make up health care operations include: monitoring the quality of care and making improvements where needed, comparing patient data to improve treatment methods, making sure health care providers are qualified to do their jobs, reviewing medical records for completeness and accuracy, meeting standards set by regulating agencies, teaching students and health professionals, using outside business services (for example: transcription, auditing, legal or other consulting services, storing your health information on computers and managing and analyzing medical information). In addition, we may use a sign-in sheet for registration where you may be asked to sign your name and indicate your health care provider, or we may call you by name in the waiting when you are ready to be seen.
We may use and disclose health information to contact you at the address, email address and telephone numbers you give to us (including leaving messages at the telephone numbers, sending text messages, and sending emails to the email addresses) including information about scheduled, rescheduled, cancelled or missed appointments, registration/insurance updates, and billing or payment matters. Unless you inform us otherwise, we may provide you with a reminder phone call, text message, or email reminder of your appointment date and time, general nature of the appointment and the name of the provider you will be seeing. We also may use and disclose health information to tell you about patient care issues, offer follow up care instructions, provide you with the opportunity to participate in a survey, tell you about other health care providers, treatment choices and treatment alternatives, or to tell you about products or health-related benefits and services that may be of interest to you. Let us know if you do not want us to use your health information for these purposes or if you want to limit how we use your information.
2. Uses and Disclosures (Sharing) of Your Health Information for Other Purposes
AIMA may legally use and/or share your health information with others for the following purposes without your specific permission: as required by state and federal laws and regulations, to help with product recalls, for reporting adverse medication reactions, for public health purposes and activities including disease prevention, for required reports to the state public health and child protection authorities, and to agencies such as cancer registries and the federal Food and Drug Administration, with regard to abuse and neglect reporting, domestic violence reporting, for health oversight activities, for audits or inspections, for legal and administrative proceedings or in response to valid judicial or administrative orders, in response to a subpoena, or other legal processes, for law enforcement purposes under specific conditions such as reporting when someone is the victim of a crime, with regard to people who have died, for funeral arrangements, to coroners, medical examiners and funeral directors, for organ, eye or tissue donation at death, to avert a serious threat to your health or safety or the health or safety of others, for emergencies, for national security and specialized government operations, for members of the Armed Forces as required by Military Command authorities, as authorized by and as necessary to comply with workers compensation laws, for permissible public health, health care operations, other situations as permitted or required by law, and for research purposes when limited identifiable information is used or shared, and for research that is approved by an AIMA Research Committee or its designee when written permission is not required by federal or state law. This may also include preparing for research or telling you about research studies in which you might be interested. You will never receive care solely for research purposes without your consent. We will share information about you if state or federal laws require it, including with the Department of Health and Human Services, if that agency wants to see that we are complying with federal privacy law, or with other governmental agencies as required by law. For more information, see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html.
However, in some cases, informational research may be done without your written authorization. For example, AIMA’s researchers may work with health information that does not include names or other personal information. AIMA may use or disclose health information for research that is approved by an AIMA Research Committee if it involves minimal risks, protects against misuse and disclosure, and meets other legal requirements. Staff may use health information to prepare for research or contact you about research studies for which you qualify. Health information acquired, used, or created for research may be used or disclosed for care, payment, health care operations, or other purposes where authorization is not required. For example, we may tell your doctors about clinical research activities that may affect your care.
Incidental uses and disclosures of your health information may occur while providing services to you and other patients, for example: other patients may overhear a discussion of your health information during your treatment or in the waiting area. We will implement reasonable safeguards to limit such uses and disclosures.
There is no protection after disclosure of your health information to others. We protect your health information while we have it. Sometimes, we may share your information with people or organizations that do not have to follow HIPAA, such as family members or others you choose. Once we share your information with someone who is not required to follow HIPAA, it may no longer be protected by HIPAA and could be shared again.
3. Uses and Disclosures (Sharing) of Information that Require Your Written Permission (Authorization)
Using and/or disclosing health information for most purposes other than treatment, payment, or health care operations (for example, for many, but not all, research and marketing purposes) requires your specific authorization. Your written permission is needed for any use or sharing of your health information not described in this notice. For example, we need written permission to use or share your information for marketing purposes or if we were to sell your information. Your authorization (permission) must describe who will use, disclose and/or receive your health information, the purpose of the use or disclosure, and your signature. You may cancel your permission in writing at any time by submitting your cancellation request to the same person to whom you gave your written authorization. Although we cannot take back any disclosure we already made with your authorization, we will make reasonable efforts to notify the persons we have shared it with of your wishes.
Furthermore, certain information that may be contained in your medical record is considered by state and federal law to be highly confidential, including, for example, HIV testing or test results, certain clinical therapy documentation and certain genetic information. Only limited psychiatric or HIV information may be disclosed for billing purposes without your authorization. If you are treated in a specialized substance abuse program, your special authorization will be needed for most disclosures other than emergencies. Therefore, this type of information gets additional protection from disclosure, often requiring your written authorization even before disclosure for treatment, payment or health care operations.
4. Uses and Disclosures That Require Us to Give You an Opportunity to Object and Opt Out
Fundraising Activities. We may contact you regarding our fundraising activities. You may opt out of receiving communications regarding our fundraising activities at any time. If you do not wish to be contacted for our fundraising efforts, please notify us in writing at the address or email address provided at the end of this notice.
Individuals Involved in Your Care or Payment for Your Care. Unless you object, we may disclose to a member of your family, a relative, a close friend, any other person you identify, or others involved in payment for your care, your protected health information that directly relates to that person’s involvement in your health care, including following your death. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment.
Disaster Relief. We may share information necessary for disaster relief activities with the Red Cross or other similar relief agencies so that we can tell your family members where you are, about your health condition, to coordinate your care, or to assist with coordination of other relief services.
Health or Safety. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
Display Items You Share with Us. We may display photographs, letters, cards, artwork or other items that you give us. We may display these items, but we will not show your full name, address or other identifying information. Please tell us if you do not want this information displayed when you give it to us.
B. YOUR RIGHTS WITH RESPECT TO YOUR HEALTH INFORMATION AND HOW TO EXERCISE THEM
The Right to Ask for Limits on the Use and Sharing of Your Health Information: You have the right to ask us not to use or share certain health information for treatment, payment, or health care operations. We are not required to agree to your request, except in the limited circumstance described in the next paragraph, and we may deny your request if it would affect your care. If we do agree to your request, we will comply with your request unless the information is needed to provide you with emergency treatment. You may not ask us to restrict uses and sharing of information that we are legally required to make. All requests must be made in writing to the contact person listed at the end of this notice.
If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or health care operations with your health insurer. We must agree to your request except where we are required by law to make a disclosure.
Right to Revoke an Authorization: You have the right to change your mind after you sign an authorization (permission) form allowing AIMA to release your protected heath information. You can cancel your written permission at any time. If you cancel your permission, we will not release any more of your information of which you are entitled to prevent us from disclosing. However, we cannot take back information we have already released. In many cases, written permission will require certain elements to be included in a document you sign, called a “HIPAA Authorization”. We will let you know when such a document is needed.
The Right to Ask that Your Health Information be Communicated to you in a Confidential Manner: You have the right to ask for your health information to be sent to you in specific ways. For example, you may ask that we not contact you with appointment reminders by telephone, via text message or email, only call your work or cell telephone number rather than home, or to send you mail at a different address. When we request an address, email address and telephone number(s) to contact you, it is your responsibility to give us contact information such as telephone number(s) and an address that will allow us to carry out our needs to reach you and care for you. We may request that you provide the method and location where you wish to be contacted be in writing and that you contact us with changes to this information. AIMA must agree to any reasonable request and will not ask you to explain the reason for your request, particularly if you indicate that disclosure could endanger you. We can require you to give information as to how a payment will be handled, and what address a bill should be mailed to.
The Right to Get Notice of a Breach: You have the right to be notified upon a breach of the privacy or security of your protected health information and we will notify you without unreasonable delay, and in no case later than 60 days after discovery, if a breach occurs that compromises the privacy or security of your information.
The Right to Get an Electronic or Paper Copy of Your Health Information: You can ask to see or get an electronic or paper copy of your health record and other health information we have about you. We will provide a copy or a summary of your health information within thirty (30) days of your request. In limited circumstances, we may extend this timeframe by up to thirty (30) additional days if we provide you with a written explanation of the delay within the initial thirty (30) day period. We may charge a reasonable, cost-based fee that includes only the cost of: (i) labor for copying the health information requested; (ii) supplies for creating the paper copy or electronic media; (iii) postage when the individual requests it be mailed; and (iv) preparation of an explanation or summary if agreed to by the individual. We will provide the first copy of medical records free of charge if requested for the purpose of supporting a claim or appeal for Social Security or veterans’ disability benefits and as otherwise required by law. Ask us about your right to access, inspect, and obtain a copy of your health record and other health information, at limited cost or, in some cases, free of charge; and your right to have us send an electronic copy of health information in an electronic health record to another person or entity.
The Right to Correct Your Health Record: You have the right to ask us to correct information about you that you think is incorrect or incomplete. Ask us how to do this. You must make your request in writing and give the reason for why you want the change.
We may deny your request only for specific reasons permitted by law, and we’ll tell you why in writing within sixty (60) days, or within ninety (90) days if we notify you in writing within the first sixty (60) days that we need additional time. If we extend the response time, we will explain the delay to you in writing and give you a new date of when to expect a response. We will charge a fee for your request, and we will notify you of the fee before we do the work. This will give you a chance to stop the request if you do not wish to pay the fee. You have the right to submit a written statement disagreeing with a denial of your request to amend your record, which we will include with your records.
Right to a List of Certain Disclosures of Your Medical Information: You can ask for a list (accounting) of the times we’ve shared your health information for six (6) years prior to the date you ask, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make, disclosures to you or your personal representative, disclosures for national security purposes, disclosures to correctional institutions or law enforcement officials, disclosures that are part of a limited data set, disclosures made prior to the HIPAA compliance date, disclosures made pursuant to an authorization, and disclosures for facility directories or to persons involved in your care). We’ll provide one (1) accounting a year for free, but will charge a reasonable, cost-based fee if you ask for another one within twelve (12) months. The accounting will include the date of the disclosure, the name and address of the recipient, a brief description of the information disclosed, and the purpose of the disclosure.
The Right to Ask for a Paper Copy of this Notice: You may ask for a paper copy of this notice from the contact person listed at the end of this notice. You can ask for a paper copy even if you agreed to receive this notice electronically.
The Right to Choose Someone to Act for You: If you have given someone health care power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action. Unless you are an emancipated minor or there is another law granting you legal authority to make your own healthcare decisions, your parent or legal guardian will make decisions regarding your health information.
C. OUR DUTIES WITH RESPECT TO YOUR HEALTH INFORMATION
AIMA is required by law to keep your health information private. We are required to give people notice of our legal duties and privacy practices with respect to your health information. AIMA must abide by the terms of the notice currently in effect. AIMA reserves the right to change its privacy practices and the terms of this notice at any time. Changes will apply to your protected health information we already have, as well as new information obtained after the change occurs. When we make a significant change in our policies, we will change our notice and post the new notice prominently and make it available upon request, at our office and on our website at www.aimaonashua.com. You can receive a copy of the current notice at any time by calling the contact person listed at the end of this notice. The effective date of this notice is listed below the title of this notice on the first page. You will be asked to acknowledge your receipt of this notice in writing.
On April 22, 2024, OCR issued a Final Rule, entitled HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule strengthens the Health Insurance Portability and Accountability Act of 1996 Privacy Rule by prohibiting the disclosure of protected health information related to lawful reproductive health care in certain circumstances.
HHS issued this Final Rule after hearing that changes were needed to better protect patient confidentiality and prevent medical records from being used against people for providing or obtaining lawful reproductive health care. This Final Rule bolsters patient-provider confidentiality and helps promote trust and open communication between individuals and their health care providers or health plans, which is essential for high-quality health care. Public Health as used in the terms ‘public health surveillance,” ”public health investigation,” and ”public health intervention,” means population level activities to prevent disease in and promote the health of populations. Such activities include identifying, monitoring, preventing, or mitigating ongoing or prospective threats to the health or safety of a population, which may involve the collection of protected health information; but such activities do not include those with any of the following purposes:
(1) To conduct a criminal, civil, or administrative investigation into any person for the mere act of seeking, obtaining, providing, or facilitating health care.
(2) To impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating health care.
(3) To identify any person for any activities described at paragraphs (1) or (2) of this definition.
Reproductive Health Care means health care, as defined in this section, that affects the health of an individual in all matters relating to the reproductive system and to its functions and processes. This definition shall not be construed to set forth a standard of care for or regulate what constitutes clinically appropriate reproductive health care. Reproductive health care provided by a person other than the regulated entity that receives the request for PHI is presumed lawful unless the regulated entity has any of the following:
•Actual knowledge that the reproductive health care was not lawful under the circumstances in which it was provided.
•Factual information supplied by the person requesting the PHI that demonstrates to the regulated entity a substantial factual basis that the reproductive health care was not lawful under the specific circumstances in which it was provided.
On February 8, 2024, the U.S. Department of Health & Human Services (HHS) through the Substance Abuse and Mental Health Services Administration (SAMHSA) and the Office for Civil Rights announced a final rule modifying the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 CFR Part 2 (“Part 2”). With this final rule, HHS is implementing the confidentiality provisions of section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (enacted March 27, 2020), which require the Department to align certain aspects of Part 2 with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules and the Health Information Technology for Economic and Clinical Health Act (HITECH). The Part 2 statute (42 U.S.C. 290dd-2) protects “[r]ecords of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance use disorder education, prevention, training, treatment, rehabilitation, or research, which is conducted, regulated, or directly or indirectly assisted by any department or agency of the United States.” Confidentiality protections help address concerns that discrimination and fear of prosecution deter people from entering treatment for SUD. The modifications in this final rule reflect the proposals published in the December 2, 2022, Notice of Proposed Rulemaking (NPRM), and public comments received from: substance use disorder and other advocacy groups; trade and professional associations; behavioral and other health providers; health information technology vendors and health information exchanges; state, local, tribal and territorial governments; health plans; academic institutions, including academic health centers; and unaffiliated or anonymous individuals.
The final rule includes the following modifications to Part 2 that were proposed in the NPRM:
SUD Treatment Information. If we receive or maintain any information about you from a substance use disorder treatment program that is covered by 42 CFR Part 2 (a “Part 2 Program”) through a general consent you provide to the Part 2 Program to use and disclose the Part 2 Program record for purposes of treatment, payment or health care operations, we may use and disclose your Part 2 Program record for treatment, payment and health care operations purposes as described in this notice. If we receive or maintain your Part 2 Program record through specific consent you provide to us or another third party, we will use and disclose your Part 2 Program record only as expressly permitted by you in your consent as provided to us. In no event will we use or disclose your Part 2 Program record, or testimony that describes the information contained in your Part 2 Program record, in any civil, criminal, administrative, or legislative proceedings by any Federal, State, or local authority, against you, unless authorized by your consent or the order of a court after it provides you notice of the court order. If we create or maintain records subject to 42 CFR Part 2 and intend to use or disclose those records for fundraising for our benefit, we will first provide you a clear and conspicuous opportunity to opt out of receiving fundraising communications.
Additional State and Federal Law Protections. There are certain types of highly confidential information that are specifically addressed in certain federal and state laws and regulations, which further restrict the use and disclosure of this type of highly confidential information. This highly confidential information, including alcohol and substance abuse treatment information (including but not limited to SUD records protected under 42 C.F.R. Part 2), HIV and sexually transmitted disease-related information, mental health information, psychotherapy information, genetic information, and pregnancy of minors, as well as some other sensitive information, is considered so sensitive that some federal and applicable state laws provide special protections for it. All uses or disclosures of such highly sensitive information must meet the requirements of such applicable law. Therefore, there may be greater protections under applicable law for such highly sensitive information. As mentioned above, please note that State confidentiality laws may impose additional or different requirements beyond HIPAA and Part 2. If you have questions or concerns about the ways this type of highly confidential information may be used or disclosed, or if you wish to request restrictions on the use or disclosure of such information, please let us know via the contact information provided at the end of this Notice.
D. HOW TO COMPLAIN IF YOU BELIEVE YOUR PRIVACY RIGHTS HAVE BEEN VIOLATED
If you think that we may have violated your privacy rights or disagree with any action we have taken regarding your health information, we want you, your family, or your guardian to speak with us. If you present a complaint, your care will not be affected in any way. It is the goal of AIMA to give you the highest quality of care while respecting your privacy. You can complain if you feel we have violated your rights by contacting us via the information listed at the end of this notice. You can file a complaint the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-800-368-1019, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.
E. PERSON TO CONTACT FOR INFORMATION OR WITH A COMPLAINT
You have a right to a copy of this notice in paper or electronic form, and to discuss it with us. Please contact Information Services if you have questions about this notice or if you have complaints: Information Services at AIMA Functional Medicine, 60 Main Street #310, Nashua, N.H. 03060, telephone number (603) 718-8328 or via email at info@aimaofnashua.com.