Date of Last Revision: 9/23/2013

Effective Date: 3/1/2003



This Notice describes our Practice’s policies, which extend to:

  • any health care professional authorized to enter information into your chart (including our physicians, optometrists, LPN’s, RN’s, COA’s, COT’s etc.);

  • all areas of the Practice (front desk, administration, billing and collection, etc.);

  • all employees, staff and other personnel that work for or with our Practice; and

  • our business associates (including our billing service, or facilities to which we refer patients, on-call physicians, and so on.)

The Practice provides this Notice to you to comply with the Privacy Regulations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). However, in some situations, New York State law is more protective of your information or your rights and, in those situations, we will follow NYS law.


We understand that your PHI is personal to you, and we are committed to protecting your PHI. As our patient, we create paper and electronic medical records about your health, our care for you, and the services and/or items we provide to you, which is your PHI. We need this record to provide for your care and to comply with certain legal requirements.

We are required by law to:

  • make sure that your PHI is kept private;

  • provide you with this Notice and your legal rights with respect to your PHI; and

  • follow the conditions of the Notice that is currently in effect.


The following categories describe different ways that we use and disclose your PHI without your authorization (i.e., permission). Each category provides a general explanation and some examples.

  • Medical Treatment. We use your PHI to provide you with current or prospective medical treatment or services. Therefore, we may, and most likely will, disclose your PHI to doctors, nurses, technicians, medical students, or hospital personnel who are involved in taking care of you. For example, a doctor to whom we refer you for ongoing or further care may need your PHI. Different areas of the Practice also may share your PHI when necessary for your care.

  • Payment. We use and disclose your PHI so that we may bill and collect payment from you, an insurance company, or any other third party. We may also tell your health plan and/or referring physician about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment, to facilitate payment of a referring physician, or the like.

  • Health Care Operations. We use and disclose your PHI so that we can run the Practice efficiently and make sure that all of our patients receive quality care. These uses may include reviewing our treatment and services to evaluate the performance of our staff, deciding what additional services to offer and where, deciding what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students, and other personnel for review and learning purposes. We may also combine the medical information we have with medical information from other practices to compare how we are doing and see where we can make improvements in the care and services we offer. We will remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning who you are. We may also use or disclose information about you for internal or external utilization review and/or quality assurance, to business associates for purposes of helping us to comply with our legal requirements, to auditors to verify our records, to billing companies to aid us in this process and the like. We shall endeavor, at all times when business associates are used, to advise them of their continued obligation to maintain the privacy of your medical records.

  • Appointment and Patient Recall Reminders. We will require that you register at the Receptionists' Desk upon your arrival for your appointment. We may use and disclose your PHI to contact you as a reminder that you have an appointment for medical care or that you are due to receive periodic routine care from us. This contact may be by phone, in writing (e-mail or otherwise) and may involve leaving a message on your answering machine or voice mail, mailing a reminder card to you or sending an e-mail, which could (potentially) be received or intercepted by others.

Use or Disclosure without your authorization

The following describes special situations in which we may use or disclose your PHI without your prior written authorization:

  • Emergency Situations. We may disclose your PHI to an organization assisting in a disaster relief effort or in an emergency situation so that your family can be notified about your condition, status and location.

  • Research. Under certain circumstances, we may use and disclose your PHI for research purposes regarding medications, efficiency of treatment protocols and the like. All research projects are subject to an approval process, which evaluates a proposed research project and its use of medical information. Before we use or disclose medical information for research, the project will have been approved through this research approval process. We will obtain an authorization from you before using or disclosing your individually identifiable health information unless the authorization requirement has been waived. If possible, we will make the information non-identifiable to a specific patient. If the information has been sufficiently de-identified, an authorization for the use or disclosure is not required.

  • Required By Law. We will disclose your PHI when required to do so by federal, state or local law.

  • To Avert a Serious Threat to Health or Safety. We may use and disclose your PHI when necessary to prevent a serious threat either to your specific health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

  • Organ and Tissue Donation. If you are an organ donor, we may release your PHI to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.

  • Workers' Compensation. We may release your PHI for workers' compensation or similar programs. These programs provide benefits for work-related injuries or illness.

  • Public Health Risks. Law or public policy may require us to disclose your PHI for public health activities. These activities generally include the following:

    • to prevent or control disease, injury or disability;

    • to report births and deaths;

    • to report child abuse or neglect;

    • to report reactions to medications or problems with products;

    • to notify people of recalls of products they may be using;

    • to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;

    • to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence.

  • Investigation and Government Activities. We may disclose your PHI to a local, state or federal agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the payor, the government and other regulatory agencies to monitor the health care system, government programs, and compliance with civil rights laws.

  • Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. This is particularly true if you make your health an issue. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute. We shall attempt in these cases to tell you about the request so that you may obtain an order protecting the information requested if you so desire. We may also use such information to defend ourselves or any member of our practice in any actual or threatened action.

  • Law Enforcement. We may release your PHI if asked to do so by a law enforcement official:

    • in response to a court order, subpoena, warrant, summons or similar process;

    • to identify or locate a suspect, fugitive, material witness, or missing person;
      about the victim of a crime if, under certain limited circumstances, we are unable
    • to obtain the person's agreement;

    • about a death we believe may be the result of criminal conduct;

    • about criminal conduct at our practice; and

    • in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.

  • Coroners, Medical Examiners and Funeral Directors. We may release your PHI to a coroner or medical examiner. This may be necessary, for example, to determine the cause of death. We may also release medical information about patients of our practice to funeral directors as necessary to carry out their duties.

  • Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release your PHI to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.


We reserve the right to change this Notice at any time. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well as any information we may receive from you in the future. We will post a copy of the current Notice in the Practice. The Notice will contain on the first page, in the top right-hand corner, the date of last revision and effective date. In addition, each time you visit the Practice for treatment or health care services you may request a copy of the current Notice.


If you believe your privacy rights have been violated, you may file a complaint with our Practice and/or with the Secretary of Health and Human Services, Office of Civil Rights. To file a complaint with the Secretary of HHS call 202-619-0257 or you can contact the regional office of the Office of Civil Rights at To file a complaint with us, contact our office manager who is our Privacy Officer, who will direct you on how to file an office complaint. All complaints must be submitted in writing, and all complaints shall be investigated, without repercussion to you. The Office Manager can be reached at 585-394-2020. You will not be penalized for filing a complaint.


Use or disclosure of your psychotherapy notes (if applicable) that do not fall within the limited exceptions, use or disclosure of your PHI for marketing purposes, use or disclosures resulting from the sale of your PHI, and any other use or disclosure not described above, will be made only with your written authorization. If you have provided us with your authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose your PHI for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to retain our records of the care that we provided to you.


This section describes your rights regarding the use and disclosure of your PHI:

  • Right to Inspect and Copy. You have the right to inspect and copy your PHI. You must submit your request in writing to our Privacy Officer. Ask one of the front desk personnel for the name of the Privacy Officer. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies (tapes, disks, etc.) associated with your request. We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access, you may request that our Compliance Committee review the denial. Another licensed health care professional chosen by our Practice will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome and recommendations from that review.

  • Right to Amend. If you feel that your PHI is incorrect or incomplete, then you may ask us to amend the information, following the procedure below. You have the right to request an amendment for as long as our Practice maintains your medical record. To request an amendment, your request must be submitted in writing, along with your intended amendment and a reason that supports your request to amend. The amendment must be dated and signed by you and notarized. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
    was not created by us, unless the person or entity that created the information is no longer available to make the amendment
    is not part of the medical information kept by or for the Practice;
    is not part of the information which you would be permitted to inspect and copy; or
    is inaccurate and incomplete.

  • Right to an Accounting of Disclosures. You have the right to request an "accounting of disclosures." This is a list of certain disclosures we made of your PHI. To request this list, you must submit your request in writing. Your request must state a time period not longer than six (6) years back. Your request should indicate in what form you want the list (for example, on paper, electronically). We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

  • Right to Request Restrictions. You have the right to request a restriction or limitation on the use or disclosure of your PHI. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care (a family member or friend). For example, you could ask that we not use or disclose information about a particular treatment you received. However, the Practice must agree to a request to restrict disclosure of your PHI to a health plan if: the disclosure is for the purpose of carrying out payment or health care operations and is not required by law, and the PHI pertains solely to a health care item or service for which you or someone else has paid the Practice in full. We are not required to agree to your request and we may not be able to comply with your request. If we do agree, we will comply with your request except that we shall not comply, even with a written request, if the information is exempt from the consent requirement or we are otherwise required to disclose the information by law. To request restrictions, you must make your request in writing. In your request, you must indicate:

    • what information you want to limit;

    • whether you want to limit our use, disclosure or both; and

    • to whom you want the limits to apply, (e.g., disclosures to your children,
    • parents, spouse, etc.)

  • Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail, that we not leave voice mail or e-mail, or the like. To request confidential communications, you must make your request in writing. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish us to contact you.

  • Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time

  • Breach Notification. You have a right to be notified following a breach of your unsecured PHI, if so required by law.