LASER EYE INSTITUTE NOTICE OF PRIVACY PRACTICES (NPP)
EFFECTIVE DATE: December 1st 2017 | LAST UPDATED: January 1st 2026
Your Information. Your Rights. Our Responsibilities.
This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.
We understand the importance of privacy and are committed to maintaining the confidentiality of your medical information. We make a record of the medical care we provide and may receive such records from others. We use these records to provide or enable other health care providers to render care, obtain payment for services provided to you as allowed by your health plan, and to enable us to meet our professional and legal obligations. We are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. We limit uses and disclosures of your health information to the minimum necessary to accomplish the intended purpose, as required by law.
Your Rights
You have the right to:
- Get a copy of your paper or electronic medical record
- Correct your paper or electronic medical record
- Request confidential communications
- Ask us to limit the information we share
- Get a list of those with whom we’ve shared your information
- Get a copy of this privacy notice
- Choose someone to act for you
- Be notified in the event of a breach of your unsecured protected health information
- Request restrictions on disclosures to your health plan for services paid out-of-pocket in full
- File a complaint if you believe your privacy rights have been violated
Your Choices
You have some choices in the way that we use and share information as we:
- Tell family and friends about your condition
- Provide disaster relief
- Market our services and sell your information
- Raise funds
Our Uses and Disclosures
We may use and share your information as we:
| Treat you Run our organization Bill for your services Help with public health and safety issues Do research Comply with the law Respond to organ and tissue donation requests Work with a medical examiner or funeral director Address workers’ compensation, law enforcement, and other government requests Respond to lawsuits and legal actions Handle a change of ownership To the extent that we have your substance use disorder patient records, subject to 42 CFR Part 2, we will not share that information for investigations or legal proceedings against you without (1) your written consent or (2) a court order and a subpoena. |
Your Rights
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Get an electronic or paper copy of your medical record
- You can ask to see or get an electronic or paper copy of your medical record and other health information we have about you. You may also direct us to send a copy to a third party you designate in writing. Ask us how to do this.
- We will provide a copy or a summary of your health information, within 30 days of your request. We may charge a reasonable, cost-based fee.
Ask us to correct your medical record
- You can ask us to correct health information about you that you think is incorrect or incomplete. Ask us how to do this.
- We may say “no” to your request, but we’ll tell you why in writing within 60 days.
Request confidential communications
- You can ask us to contact you in a specific way (for example: office or cell phone) or to send mail to a different address.
- We will say “yes” to all reasonable requests.
Ask us to limit what we use or share
- You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we may say “no,” for example, if it could affect your care. If we agree to your request, we may still share this information in the event that you need emergency treatment.
- If you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information for the purpose of payment or our operations with your health insurer. We will say “yes” unless a law requires us to share that information.
Get a list of those with whom we’ve shared information
- You can ask for a list of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
- We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one list for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.
Get a copy of this privacy notice
You can ask for a paper copy of this notice at any time, even if you agreed to receive it electronically. We will provide you with a paper copy promptly.
Choose someone to act for you
If someone has authority to act as your personal representative, such as: medical power of attorney or your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure they have this authority and can act for you before we take any action.
Be notified of a breach
You have the right to be notified in the event of a breach of your unsecured protected health information. Notification may be provided by mail, email (if you have provided an email address), or other appropriate means. In some cases, our business associates may provide notification on our behalf.
Restrict disclosures to your health plan
You have the right to request that we not disclose your health information to your health plan for payment or health care operations if the health care item or service has been paid for in full out-of-pocket. We will honor such requests unless disclosure is otherwise required by law.
File a complaint if you feel your rights are violated
You can complain if you feel we have violated your rights by contacting our Privacy Officer using the information at the end of this notice. You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by mail to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or www.hhs.gov/hipaa/filing-a-complaint/index.html. We will not retaliate against you for filing a complaint.
Your Choices
For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.
In these cases, you have both the right and choice to tell us to:
- Share information with your family, close friends, or others involved in your care or payment for your care
- Share information in a disaster relief situation
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
In these cases we never share your information unless you give us written permission:
- Marketing purposes
- Sale of your information
- Most sharing of psychotherapy notes
- We may contact you for fundraising efforts, but you can tell us not to contact you again.
If we have your substance use disorder patient records, subject to 42 CFR Part 2, we will give you clear and obvious notice in advance and a choice about whether to receive fundraising communications that use your Part 2 information.
Our Uses and Disclosures
How do we typically use or share your health information?
We typically use or share your health information in the following ways.
Treat you
We can use your health information and share it with other professionals who are treating you.
Example: A doctor treating you for an injury asks another doctor about your overall health condition.
Run our organization
We can use and share your health information to run our practice, improve your care, and contact you when necessary. We may also share your medical information with our “business associates,” such as our billing service, that perform administrative services for us. We have a written contract with each of these business associates that contains terms requiring them and their subcontractors to protect the confidentiality and security of your protected health information. Example: We use health information about you to manage your treatment and services.
Bill for your services
We can use and share your health information to bill and get payment from health plans or other entities.
Example: We give information about you to your health insurance plan so it will pay for your services.
Electronic communication and check-in
We may contact you by phone, email, or text message to remind you of appointments or provide information related to your care. We may also use and disclose information about you by having you sign in when you arrive, which includes calling out your name publicly.
How else can we use or share your health information?
We are allowed or required to share your information in other ways; usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes.
In all cases, including those listed below, if we have substance use disorder patient records about you, subject to 42 CFR Part 2, we cannot use or share information in those records in civil, criminal, administrative, or legislative investigations or proceedings against you without (1) your consent or (2) a court order and a subpoena.
Help with public health and safety issues
We can share health information about you for certain situations such as: preventing disease, helping with product recalls, reporting adverse reactions to medications, reporting suspected abuse, neglect, or domestic violence, preventing or reducing a serious threat to anyone’s health or safety
Do research
We can use or share your information for health research, including internal research studies in compliance with governing law.
Comply with the law
We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Respond to organ and tissue donation requests
We can share health information about you with organ procurement organizations.
Work with a medical examiner or funeral director
We can share health information with a coroner, medical examiner, or funeral director when an individual dies.
Address workers’ compensation, law enforcement, and other government requests
We can use or share health information about you: For workers’ compensation claims, law enforcement purposes, with health oversight agencies for activities authorized by law, special government functions such as military, national security, and correctional institutions.
Respond to lawsuits and legal actions
We can share health information about you in response to a court or administrative order, or in response to a subpoena, discovery request, or other lawful process if reasonable efforts have been made to notify you of the request.
Proof of immunization
We will disclose proof of immunization to a school where you have agreed to the disclosure on behalf of yourself or your dependent.
Change of ownership
In the event that this medical practice is sold or merged with another organization, your health information will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician.
Redisclosure of information
Health information disclosed by this medical practice to another party may be subject to redisclosure by the recipient and may no longer be protected by HIPAA. However, when other laws provide more stringent protections, we will comply with those requirements. For example, substance use disorder treatment records received under 42 CFR Part 2 remain subject to restrictions on redisclosure.
More stringent state and federal laws
Certain federal and state laws may provide additional protections for specific types of health information, such as substance use disorder treatment, mental health, HIV/AIDS, genetic information, or other sensitive data. When these laws apply, we will comply with the more stringent requirements.
When this medical practice may not use or disclose your health information
Except as described in this Notice of Privacy Practices, this medical practice will, consistent with its legal obligations, not use or disclose health information which identifies you without your written authorization. If you do authorize this medical practice to use or disclose your health information for another purpose, you may revoke your authorization in writing at any time.
Our Responsibilities
- We are required by law to maintain the privacy and security of your protected health information.
- We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
- We must follow the duties and privacy practices described in this notice and give you a copy of it.
- We will not use or share your information other than as described in this notice unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
How We Protect and Manage Your Information
Security of medical information
We maintain administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your protected health information. This includes the use of secure systems, access controls, and encryption of data in transit and at rest, where appropriate. We routinely review and update our security practices to help protect your information from unauthorized access, use, or disclosure. Additional information about our security practices is available upon request by contacting our Privacy Officer.
Data retention policy
We retain medical and related records in accordance with applicable laws and regulatory requirements. In general, medical records are retained for at least seven (7) years after the last date of service. Records of minors are retained for the period required by law following the age of majority. Certain communication records (such as phone calls, emails, or other interactions) may be retained for a limited period as necessary for operational, legal, or compliance purposes. Records may be securely destroyed or de-identified when no longer required to be retained.
Authorization of electronic communication
We may contact you by phone, email, or text message to provide appointment reminders, important updates, and other information related to your care. These communications may include limited health information necessary for these purposes. Email and text messaging are not always secure methods of communication. By providing your contact information, you agree that we may communicate with you using these methods. You may opt out of email or text communications at any time by contacting our office or following the opt-out instructions provided in the message. If you prefer to receive communications through alternative or more secure methods, please notify our Privacy Officer.
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, in our office, and on our website at www.lasereyeinstitute.com.
Filing a Complaint
You may file a complaint if you believe your privacy rights have been violated or if you have concerns about how this medical practice handles your health information. Complaints may be submitted by mail or email to the Privacy Officer listed below and should be filed within 180 days of when you knew or should have known that the issue occurred. You will not be penalized or retaliated against for filing a complaint.
If you are not satisfied with the manner in which this office handles your complaint, you may submit a formal complaint to:
Office for Civil Rights (OCR), U.S. Department of Health and Human Services
Region V, 233 N. Michigan Ave., Suite 240, Chicago, IL 60601
A complaint form is available online at: www.hhs.gov/ocr/privacy/hipaa/complaints/hipcomplaint.pdf
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html
Privacy Officer
Privacy Officer: Pat Lombardi
Address: Laser Eye Institute, Attention: Privacy Officer 355 E Big Beaver Rd, Troy MI 48083
Phone: (248) 689-4247
Email: plombardi@lasereyeinstitute.com
You will not be retaliated against or penalized for filing a complaint. You have a right to a copy of this document upon request. Your signature is acknowledgement that you have received this Notice of Privacy Practices (NPP).