LASER EYE INSTITUTE NOTICE OF PRIVACY PRACTICES (NPP)
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
EFFECTIVE DATE: December 1st 2017 LAST UPDATED: January 1st 2026
We understand the importance of privacy and are committed to maintaining the confidentiality of your medical information. We make a record of the medical care we provide and may receive such records from others. We use these records to provide or enable other health care providers to provide quality medical care, to obtain payment for services provided to you as allowed by your health plan and to enable us to meet our professional and legal obligations to operate this medical practice properly. We are required by law to maintain the privacy of protected health information, to provide individuals with notice of our legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information. This notice describes how we may use and disclose your medical information. It also describes your rights and our legal obligations with respect to your medical information. If you have any questions about this Notice, please contact our Privacy Officer listed below.
We limit uses and disclosures of your health information to the minimum necessary to accomplish the intended purpose, as required by law.
This medical practice collects health information about you and stores it in a combination of a paper chart and electronic systems. This is your medical record. The medical record is the property of this medical practice, but the information in the medical record belongs to you. The law permits us to use or disclose your health information for the following purposes:
Treatment.
We use medical information about you to provide your medical care. We disclose medical information to our employees and others who are involved in providing care. For example, we may share your medical information with other physicians or other health care providers who will provide services that we do not provide. Or we may share this information with a pharmacist who needs it to dispense a prescription to you, or a laboratory that performs a test. We may also disclose medical information to members of your family or others who can help you when you are sick or injured, or after you die.
Payment.
We use and disclose medical information about you to obtain payment for the services we provide. For example, we give your health plan the information it requires before it will pay us. We may also disclose information to other health care providers to assist them in obtaining payment for services they have provided.
Health Care Operations.
We may use and disclose medical information about you to operate this medical practice. For example, we may use and disclose this information to review and improve the quality of care we provide, or the competence and qualifications of our professional staff. Or we may use and disclose this information to get your health plan to authorize services or referrals. We may also use and disclose this information as necessary for medical reviews, legal services and audits, including fraud and abuse detection and compliance programs and business planning and management. We may also share your medical information with our “business associates,” such as our billing service, that perform administrative services for us. We have a written contract with each of these business associates that contains terms requiring them and their subcontractors to protect the confidentiality and security of your protected health information. We may also share your information with other health care providers, health care clearinghouses or health plans that have a relationship with you, when they request this information to help them with their quality assessment and improvement activities, their patient-safety activities, their population-based efforts to improve health or reduce health care costs, protocol development, case management or care-coordination activities, their review of competence, qualifications and performance of health care professionals, their training programs, their accreditation, certification or licensing activities, or their health care fraud and abuse detection and compliance efforts.
Electronic Communication.
We may contact you by phone, email, or text message to remind you of appointments or provide information related to your care. Please see the “Electronic Communications” section below for additional information.
Check-In.
We may use and disclose information about you by having you sign in when you arrive, this includes calling out your name publicly.
Communication with Family.
We may disclose your health information to notify or assist in notifying a family member, your personal representative or another person responsible for your care about your location, your general condition or, unless you had instructed us otherwise, in the event of your death. In the event of a disaster, we may disclose information to a relief organization so that they may coordinate these notification efforts. We may also disclose information to someone who is involved with your care or helps pay for your care. If you are able and available to agree or object, we will give you the opportunity to object prior to making these disclosures, although we may disclose this information in a disaster even over your objection if we believe it is necessary to respond to the emergency circumstances. If you are unable or unavailable to agree or object, our health professionals will use their best judgment in communication with your family and others.
Marketing Communications.
We may contact you to provide information about treatment alternatives, health-related benefits, or services that may be of interest to you. These communications are considered part of your care and do not require your authorization. We will not use or disclose your health information for marketing purposes or accept payment for marketing communications without your prior written authorization, except as permitted by law. You may opt out of receiving these communications at any time by contacting our Privacy Officer.
Sale of Health Information.
We will not sell your health information without your prior written authorization. If you provide authorization, it will disclose any compensation we may receive. You may revoke your authorization at any time in writing, and we will stop any future disclosures to the extent required by law.
Required by Law.
As required by law, we will use and disclose your health information, but we will limit our use or disclosure to the relevant requirements of the law. When the law requires us to report abuse, neglect or domestic violence, or respond to judicial or administrative proceedings, or to law enforcement officials, we will further comply with the requirement set forth below concerning those activities.
Public Health.
We may, and are sometimes required by law, to disclose your health information to public health authorities for purposes related to: preventing or controlling disease, injury or disability; reporting child, elder or dependent adult abuse or neglect; reporting domestic violence; reporting to the Food and Drug Administration problems with products and reactions to medications; and reporting disease or infection exposure. When we report suspected elder or dependent adult abuse or domestic violence, we will inform you or your personal representative promptly unless in our best professional judgment, we believe the notification would place you at risk of serious harm or would require informing a personal representative we believe is responsible for the abuse or harm.
Health Oversight Activities.
We may, and are sometimes required by law, to disclose your health information to health oversight agencies during the course of audits, investigations, inspections, licensure and other proceedings, subject to the limitations imposed by law.
Judicial and Administrative Proceedings.
We may, and are sometimes required by law, to disclose your health information in the course of any administrative or judicial proceeding to the extent expressly authorized by a court or administrative order. We may also disclose information about you in response to a subpoena, discovery request or other lawful process if reasonable efforts have been made to notify you of the request and you have not objected, or if your objections have been resolved by a court or administrative order.
Law Enforcement.
We may, and are sometimes required by law, to disclose your health information to law enforcement for purposes such as identifying or locating a suspect, fugitive, material witness or missing person, complying with a court order, warrant, subpoena and other law enforcement purposes.
Coroners.
We may, and are often required by law, to disclose your health information to coroners in connection with their investigations of deaths.
Organ or Tissue Donation.
We may disclose your health information to organizations involved in procuring or transplanting organs and tissues.
Public Safety.
We may, and are sometimes required by law, to disclose your health information to appropriate persons in order to prevent or lessen a serious and imminent threat to the health or safety of a particular person or the general public.
Proof of Immunization.
We will disclose proof of immunization to a school where you have agreed to the disclosure on behalf of yourself or your dependent.
Specialized Government Functions.
We may disclose your health information for military, national security purposes, correctional institutions, law enforcement officers that have you in their lawful custody.
Workers’ Compensation.
We may disclose your health information as necessary to comply with workers’ compensation laws. For example, to the extent your care is covered by workers’ compensation, we may make periodic reports to your employer about your condition. We are required by law to report cases of occupational injury or illness to the employer or workers’ compensation insurer.
Change of Ownership.
In the event that this medical practice is sold or merged with another organization, your health information will become the property of the new owner, although you will maintain the right to request that copies of your health information be transferred to another physician.
Breach Notification.
In the event of a breach of unsecured protected health information, we will notify you as required by law. Notification may be provided by mail, email (if you have provided an email address), or other appropriate means. In some cases, our business associates may provide notification on our behalf.
Research.
We may disclose your health information to researchers conducting research with respect to which your written authorization is not required as approved by an Institutional Review Board or privacy board, in compliance with governing law. We may use your health information for internal research studies as well.
Fundraising.
We may use or disclose your demographic information in order to contact you for our fundraising activities. If you do not want to receive these materials, notify the Privacy Officer listed at the bottom of this Notice of Privacy Practices and we will stop any further fundraising communications. Similarly, you should notify the Privacy Officer if you decide you want to start receiving these solicitations again.
Substance Use Disorder (SUD) Treatment Records
We may receive health information about you that is protected by federal confidentiality laws for substance use disorder treatment records (42 CFR Part 2). These records are subject to additional privacy protections beyond those provided by HIPAA.
If we receive such records, we will use and disclose them only as permitted by applicable law. In many cases, this may require your written consent or other authorization before the information can be shared. We will comply with all applicable restrictions on the use and disclosure of these records.
Redisclosure of Information
Health information disclosed by this medical practice to another party may be subject to redisclosure by the recipient and may no longer be protected by HIPAA. However, when other laws provide more stringent protections, we will comply with those requirements. For example, substance use disorder treatment records received under 42 CFR Part 2 remain subject to restrictions on redisclosure.
More Stringent State and Federal Laws
Certain federal and state laws may provide additional protections for specific types of health information, such as substance use disorder treatment, mental health, HIV/AIDS, genetic information, or other sensitive data. When these laws apply, we will comply with the more stringent requirements.
WHEN THIS MEDICAL PRACTICE MAY NOT USE OR DISCLOSE YOUR HEALTH INFORMATION
Except as described in this Notice of Privacy Practices, this medical practice will, consistent with its legal obligations, not use or disclose health information which identifies you without your written authorization. If you do authorize this medical practice to use or disclose your health information for another purpose, you may revoke your authorization in writing at any time.
YOUR HEALTH INFORMATION RIGHTS
Right to Request Special Privacy Protections. You have the right to request restrictions on certain uses and disclosures of your health information by a written request specifying what information you want to limit, and what limitations on our use or disclosure of that information you wish to have imposed. If you tell us not to disclose information to your commercial health plan concerning health care items or services for which you paid for in full out-of-pocket, we will abide by your request, unless we must disclose the information for treatment or legal reasons. We reserve the right to accept or reject any other request, and will notify you of our decision.
Right to Request Confidential Communications. You have the right to request that you receive your health information in a specific way or at a specific location. For example, you may ask that we send information to a particular e-mail account or to your work address. We will comply with all reasonable requests submitted in writing which specify how or where you wish to receive these communications.
Right to Access Your Health Information. You have the right to inspect and obtain a copy of your health information, with limited exceptions. You may request a copy in paper or electronic format, and we will provide it in the format you request if readily producible. You may also direct us to send a copy of your health information to a third party designated by you in writing. Reasonable, cost-based fees may apply. In certain limited circumstances, we may deny your request, and you may have the right to have that decision reviewed.
Right to Amend or Supplement. You have the right to request that we amend your health information if you believe it is incorrect or incomplete. Your request must be submitted in writing and include a reason for the request. We may deny your request in certain circumstances, but we will provide a written explanation and information about your right to submit a statement of disagreement.
Right to an Accounting of Disclosures. You have the right to request a list of certain disclosures we have made of your health information. This does not include disclosures made for treatment, payment, health care operations, or those made to you or with your authorization, as permitted by law.
Right to a Copy of this Notice. You have the right to receive a paper or electronic copy of this Notice of Privacy Practices at any time, even if you have previously agreed to receive it electronically. To request a copy or for more information, please contact our Privacy Officer.
Right to Notification of a Breach. You have the right to be notified in the event of a breach of your unsecured protected health information.
Right to Restrict Disclosures to Your Health Plan. You have the right to request that we not disclose your health information to your health plan for payment or health care operations if the health care item or service has been paid for in full out-of-pocket. We will honor such requests unless disclosure is otherwise required by law.
HOW WE PROTECT AND MANAGE YOUR INFORMATION
Security of Medical Information.
We maintain administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your protected health information. This includes the use of secure systems, access controls, and encryption of data in transit and at rest, where appropriate. We routinely review and update our security practices to help protect your information from unauthorized access, use, or disclosure. Additional information about our security practices is available upon request by contacting our Privacy Officer listed below.
Data Retention Policy.
We retain medical and related records in accordance with applicable laws and regulatory requirements.
In general: Medical records are retained for at least seven (7) years after the last date of service. Records of minors are retained for the period required by law following the age of majority. Certain communication records (such as phone calls, emails, or other interactions) may be retained for a limited period as necessary for operational, legal, or compliance purposes. Records may be securely destroyed or de-identified when no longer required to be retained.
Authorization of Electronic Communication.
We may contact you by phone, email, or text message to provide appointment reminders, important updates, and other information related to your care. These communications may include limited health information necessary for these purposes.
Email and text messaging are not always secure methods of communication. By providing your contact information, you agree that we may communicate with you using these methods. You may opt out of email or text communications at any time by contacting our office or following the opt-out instructions provided in the message.
If you prefer to receive communications through alternative or more secure methods, please notify our Privacy Officer.
CHANGES TO THIS NOTICE OF PRIVACY PRACTICES
We may update this Notice of Privacy Practices at any time. Any changes will apply to all health information we maintain. The current version of this notice is available in our office and on our website at www.lasereyeinstitute.com.
FILING A COMPLAINT
You may file a complaint if you believe your privacy rights have been violated or if you have concerns about how this medical practice handles your health information. Complaints may be submitted by mail or email to the Privacy Officer listed below and should be filed within 180 days of when you knew or should have known that the issue occurred. You will not be penalized or retaliated against for filing a complaint.
If you are not satisfied with the manner in which this office handles your complaint, you may submit a formal complaint to the Office for Civil Rights (OCR), U.S. Department of Health and Human Services, Region V, 233 N. Michigan Ave., Suite 240, Chicago, IL 60601. A complaint form is available online at: www.hhs.gov/ocr/privacy/hipaa/complaints/hipcomplaint.pdf.
Privacy Officer
Pat Lombardi – Laser Eye Institute, Attention: Privacy Officer
355 E Big Beaver Rd, Troy MI 48083
(248) 689-4247, plombardi@lasereyeinstitute.com
YOU WILL NOT BE RETALIATED AGAINST OR PENALIZED BY US FOR FILING A COMPLAINT. YOU HAVE A RIGHT TO A COPY OF THIS DOCUMENT UPON REQUEST. YOUR SIGNATURE IS ACKNOWLEDGEMENT THAT YOU HAVE RECEIVED THIS NOTICE OF PRIVACY PRACTICIES (NPP).
Updated 1/1/2026