As required by the Privacy Regulations created as a result of the Health Insurance Portability & Accountability Act of 1996 (HIPAA).


Effective Date: This policy is in effect as of April 2003.

Revision Date: This policy was revised as of November 2020.

Expiration Date: This policy remains in effect until superseded or cancelled.



We understand that information about you and your health is personal. Our primary responsibility is to safeguard your personal health information. Our practice is dedicated to maintaining the privacy of your protected health information (PHI). In conducting our business, we will create records regarding you and the treatment and services we provide to you. We are required by law to maintain the confidentiality of health information that identifies you. We also are required by law to provide you with this notice of our legal duties and the privacy practices that we maintain in our practice concerning your PHI. By federal and state law, we must follow the terms of the notice of privacy practices that we have in effect at the time. We realize that these laws are complicated, but we must provide you with the following important information:

• How we may use and disclose your PHI

• Your privacy rights in your PHI

• Our obligation concerning the use and disclosure of your PHI

The terms of this notice apply to all records containing your PHI that are created or retained by our practice. We reserve the right to revise or amend this Notice of Privacy Practices. We reserve the right to make the revised or changed notice effective for health information we already have about you as well as any information we receive in the future. Our practice will always post a copy of our current Notice in our offices in a visible location, and you may request a copy of our most current Notice at any time. Our Notice of Privacy Practices may be found on our web site at and will be updated when changes are made.


Privacy Officer
10701 Nall Ave., Suite 100
Overland Park, KS 66211


The following categories describe the different ways in which we may use and disclose your PHI. We have not listed every use or disclosure within the categories, but all permitted uses and disclosures will fall within one of the following categories.

TREATMENT Our practice may use your PHI to treat you. For example, we may ask you to have laboratory tests and we may use the results to help us reach a diagnosis. We might use your PHI in order to write a prescription for you, or we might disclose your PHI to a pharmacy when we order a prescription for you. Many of the people who work for our practice— including, but not limited to, our doctors and nurses— may use or disclose your PHI in order to treat you or to assist others in your treatment. Additionally, we may disclose your PHI to others who may assist in your care, such as your spouse, children or parents. Finally, we may also disclose your PHI to other health care providers for purposes related to your treatment.

PAYMENT Our practice may use and disclose your PHI in order to bill and collect payment, from you, an insurance company or a third party, for the services and items you may receive from us. For example, we may contact your health insurer to certify that you are eligible for benefits, and we may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment. We also may use and disclose your PHI to obtain payment from third parties that may be responsible for such costs, such as family members. Also, we may use your PHI to bill you directly for services and items. We may disclose your PHI to other health care providers and entities to assist in their billing and collection efforts.

HEALTH CARE OPERATIONS — Our practice may use and disclose your PHI to operate our business. As examples of the ways in which we may use and disclose your information for our operations, our practice may use your PHI to evaluate the quality of care you received from us; to conduct cost-management and business planning activities for our practice; customer service activities, including investigation of complaints; and certain marketing and research activities. We may disclose your PHI to other health care providers and entities to assist in their health care operations. We, along with our affiliates and/or vendors, may use and disclose your contact information (landline or cellular phone numbers, email address). Some examples of how we may use your contact information include appointment reminders and to provide you with notification of other health-related benefits and services, all of which are discussed in more detail below. We may also contact you related to our health care operations concerning the quality of care you received, your satisfaction with the practice and its providers, and other customer service activities. By providing us with your contact information, you give your consent that we may use it. We may contact you by the following means (even if we initiate contact using an automated telephone dialing system (ATDS) and/or an artificial or prerecorded voice): (1) paging system; (2) cellular telephone service; (3) landline; (4) text message; (5) email message; or (6) facsimile. All calls or text messages using an automatic telephone dialing system and/or artificial voice are conducted in accordance with the Telephone Consumer Protection Act (TCPA). If you want to limit these communications to a specific telephone number or numbers, you need to request that only a designated number or numbers be used for these purposes. If you inform us that you do not want to receive such communications, we will stop sending these communications to you.

APPOINTMENT REMINDERS — Our practice may use and disclose your PHI to contact you and remind you of an appointment.

TREATMENT OPTIONS — Our practice may use and disclose your PHI to inform you of potential treatment option alternatives or research related opportunities.

HEALTH RELATED BENEFITS & SERVICES — Our practice may use and disclose your PHI to inform you of health related benefits or services that may be of interest to you.

FUNDRAISING ACTIVITIES We may use your PHI to contact you in an effort to raise money for our practice and its operations. We may disclose your PHI to a foundation related to our practice so that the foundation may contact you in raising money for the practice. We would only release the following: contact information, such as your name, address, and telephone number; the dates you received treatment or services; treating physicians; and outcome information.

If you do not want the practice to contact you for fundraising efforts you must notify the Privacy Officer at 10701 Nall Ave., Suite 100, Overland Park, KS 66211 (913) 981-1225.

RELEASE OF INFORMATION TO FAMILY/ FRIENDS — our practice may release your PHI to a family member or friend that is involved in your care, or who assists in taking care of your health care needs with your written permission. For example, a guardian may bring a patient to our office for treatment. In this example, the guardian may have access to your medical information. In addition, we may disclose your PHI to an entity assisting in a disaster relief effort so that your family can be notified about your location, status, and condition.

DISCLOSURE REQUIRED BY LAW Our practice will use and disclose your PHI when we are required to do so by federal or state law.

BUSINESS ASSOCIATES — Our practice may use and disclose your PHI to our contracted business associates. Examples of business associates include but are not limited to accreditation agencies, management consultants, quality assurance reviewers, collection agencies, transcription services, etc. We may disclose your PHI to our business associates so that they can perform the job we have asked them to do. To protect your health information, we require our business associates to sign a contract that states they will appropriately safeguard your PHI.


The following categories describe unique scenarios in which we may use or disclose your PHI, by law without any oral or written permission from you.

DECEASED PATIENTS — Our practice may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death.

PUBLIC HEALTH RISKS — Our practice may disclose your PHI to public health authorities that are authorized by law to collect information for the purpose of:

maintaining vital records, such as births and deaths

• reporting child abuse or neglect

• preventing or controlling disease, injury or disability

• notifying a person regarding potential exposure to a communicable disease

• notifying a person regarding a potential risk for spreading or contracting a disease or condition

• reporting reactions to drugs or problems with products or devices

• notifying individuals if a product or device they may be using has been recalled

• notifying appropriate government agency(ies) and authority(ies) regarding the potential abuse or neglect of an adult patient; however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information

• notifying your employer under limited circumstances related primarily to workplace injury or illness or medical surveillance

HEALTH OVERSIGHT ACTIVITIES — Our practice may disclose your PHI to a health oversight agency for activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, li censure and disciplinary actions; civil, administrative, and criminal procedures or actions; or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the health care system in general.

LAWSUITS AND SIMILAR PROCEEDINGS — Our practice may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. We also may disclose your PHI in response to a discovery request, subpoena, or other lawful process by another party involved in the dispute, but only if we have made an effort to inform you of the request or to obtain an order protecting the information the party has requested.

LAW ENFORCEMENT We may release PHI if asked to do so by a law enforcement official:

• regarding a crime victim in certain situations, if we are unable to obtain the person’s agreement

• concerning a death we believe has resulted from criminal conduct

• regarding criminal conduct at our offices

• in response to a warrant, summons, court order, subpoena or similar legal process

• to identify/locate a suspect, material witness, fugitive or missing person

• in an emergency, to report a crime (including the location or victim(s) of the crime, or the description, identity or location of the perpetrator)

ORGAN AND TISSUE DONATION — Our practice may release your PHI to organizations that handle organ, eye or tissue procurement or transplantation, including organ donation banks, as necessary to facilitate organ or tissue donation and transplantation if you are an organ donor.

MILITARY — Our practice may disclose your PHI if you are a member of US or foreign military forces (including veterans) and if required by the appropriate authorities.

NATIONAL SECURITY AND PROTECTIVE SERVICES FOR THE PRESIDENT AND OTHERS — Our practice may disclose your PHI to federal officials for intelligence and national security activities authorized by law. We also may disclose your PHI to federal officials in order to protect the President, other officials or foreign heads of state, or to conduct investigations.

INMATES Our practice may disclose your PHI to correctional facilities or law enforcement officials if you are an inmate or under the custody of a law enforcement official. Disclosure would be necessary: (1) for the facility to provide necessary care, (2) safety and security of the facility, and/or (3) to protect your health and safety or the health/safety of others.

WORKERS’ COMPENSATION — Our practice may release your PHI for workers’ compensation and similar programs to the extent necessary to comply with the law.

RESEARCH — Under certain circumstances, we may use and disclose medical information about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. Also, as part of the research process we may disclose medical information about you to individuals preparing to conduct the research project, for example, to help them look for patients with specific medical needs, but any such medical information will not be allowed to leave our practice. Where consistent with the research goals and purposes, we will use or disclose only de-identified information, so that your identity cannot be ascertained from the information disclosed. When research cannot be conducted with such de-identified information, we will usually ask for your specific authorization for such use or disclosure. However, some research projects that involve information gathering may be adversely affected by requiring prior patient authorization before confidential health information can be used or disclosed for research purposes. In those circumstances, the research project will be subject to a specific and comprehensive approval process. This process evaluates the proposed research project and its use of medical information, balancing research needs with patients’ right to privacy of medical information. Before we use or disclose medical information for research under such circumstances, the project will have been approved by an Institutional Review Board (IRB) or a specially designated Privacy Board, which will be required to determine whether the nature of the research is such that it could not properly be conducted if prior patient authorization was required. The IRB or Privacy Board will also be required to determine that adequate protections are in place to protect patient information from unauthorized use or disclosure.

SERIOUS THREATS TO HEALTH OR SAFETY Our practice may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.

REQUIRED BY LAW — Our practice will disclose PHI about you without your permission when required to do so by federal, state or local law.


You have the following rights regarding the PHI that we maintain about you and may request additional information in writing addressed to Privacy Officer, 10701 Nall Ave., Suite 100, Overland Park, KS 66211 regarding any of your rights:

CONFIDENTIAL COMMUNICATIONS — You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than at work. In order to request a type of confidential communication, you must make a written request specifying the requested method of contact, or the location where you wish to be contacted. Our practice will accommodate reasonable requests. You do not need to give a reason for you request.

REQUESTING RESTRICTIONS You have the right to request a restriction in our use of disclosure of your PHI for treatment, payment or health care operations. Additionally, you have the right to request that we restrict our disclosure of your PHI to only certain individuals involved in your care or the payment for your care. We are not required to agree to your request in most instances; however, if we do agree, we are bound by our agreement except when otherwise required by law, emergencies, or your treatment. Your request must be in writing and describe clearly:

1. the information you wish restricted;

2. whether you are requesting to limit our practice’s use, disclosure or both; and

3. to whom you want the limits to apply.

We are not required to agree to your request unless your request is that we restrict PHI disclosed to a health plan for payment or health care operations ( i.e., non-treatment) purposes if the information is about a service for which you paid us, out-of-pocket, in full.

INSPECTION AND COPIES You have the right to inspect and obtain a copy of the PHI that may be used to make decisions about you, including patient medical records and billing records, but not including psychotherapy notes. An inspection or copy request must be presented in writing. Our practice may charge a fee for the costs of copying, mailing, labor and supplies associated with your inspection/copy request. Our practice may deny your request to inspect/copy in certain limited circumstances; however you may request a review of our denial. Another licensed health care professional chosen by us will conduct reviews.

If we maintain your PHI in an electronic health record, you have the right to request a copy of your PHI in an electronic format. If you request a copy of your PHI in an electronic format, we may only charge you for the labor costs associated with the electronic copy.

AMENDMENT You may request to amend your PHI if you believe it is incorrect or incomplete, if the information is kept by or for our practice. To request an amendment, your request must be made in writing. You must provide us with a reason that supports your request for amendment. Our practice will deny your request if you fail to submit a reason in writing. Also, we may deny your request if you ask us to amend information that in our opinion is (a) accurate and complete; (b) not part of the PHI kept by or for the practice; (c) not part of the PHI which you would be permitted to inspect/copy; or (d) not created by our practice, unless the individual or entity that created the information is unavailable to amend the information. Please note that even if we accept your request, we are not required to delete any information from your health record.

ACCOUNTING OF DISCLOSURES All of our patients have the right to request an “accounting of disclosures.” An “accounting of disclosures” is a list of certain non-routine disclosures our practice has made of your PHI for non-treatment, non-payment or non-operations purposes. Use of your PHI as part of the routine patient care in our practice is not required to be documented. For example, the doctor which shares information with the nurse; or the billing department using your information to file your insurance claim. In order to obtain an “accounting of disclosures,” you must submit your request in writing. All requests must state a time period, which may not be longer than six (6) years from the date of disclosure. The first list you request within a 12-month period is free of charge, additional lists within the same 12-month period are subject to fees. Our practice will notify you of the fee involved allowing you the option to withdraw your request before incurring any cost.

RIGHT TO A PAPER COPY OF NOTICE You are entitled to receive a paper copy of our Notice of Privacy Practices by contacting our Privacy Officer in writing.

RIGHT TO FILE A COMPLAINT — If you believe your privacy rights have been violated, you may file a complaint with our practice. This complaint must be in writing to our Privacy Officer. You have the right to file a complaint to the Secretary of the Department of Health & Human Services, 200 Independence Ave. SW, Washington DC 20201 or by phone (202) 619-0257.

You will in no way be penalized for making a complaint.

RIGHT TO PROVIDE AUTHORIZATION FOR OTHER USES AND DISCLOSURES — Our practice will obtain your written authorization for uses and disclosures that are not identified by this notice or permitted by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization. Please note we are required to retain records of your care.

RIGHT TO NOTIFICATION OF A BREACH A “breach” occurs when your PHI is acquired, accessed, used or disclosed in a manner not permitted by HIPAA which compromises the security or privacy of your PHI. You are entitled to written notification of a breach in a timely manner.

DE-IDENTIFIED DATA AND LIMITED DATA SETS — It is the policy of the practice to disclose de-identified data only if it has been properly de-identified by a qualified statistician or by removing all the relevant identifying data. We will make use of limited data sets, but only after the relevant identifying data have been removed and then only to organizations with which we have adequate data use agreements and only for research, public health, or health care operations purposes.

TRAINING AND AWARENESS — It is the policy of this practice that all current members or our workforce are to be trained by the compliance date on the policies and procedures governing protected health information and how the practice complies with the HIPAA Privacy Rule. It is also the policy of the practice that new members of our workforce receive training on these matters within a reasonable time after they have joined the workforce. It is the policy of the practice to provide training should any policy or procedure related to the HIPAA Privacy Rule materially change. This training will be provided within a reasonable time after the policy or procedure materially changes.

RETENTION OF RECORDS — The HIPAA Privacy Rule records retention requirement is six years, which will be adhered to. All records designated by HIPAA in this retention requirement will be maintained in a manner that allow for access within a reasonable period of time. This records retention time requirement may be extended at the practice’s discretion to meet with other government regulations or other requirements, including state laws.

Download the Form

Notice Of Privacy Practices (PDF)

The patient form above is in Adobe Acrobat PDF format. If you are unable to open the file, download the free Adobe Reader software.