Infectious Disease Associates of Kansas City, P.C. is dedicated to protecting your medical information. A federal regulation, know as the “HIPAA Privacy Rule,” requires that we provide detailed notice in writing of our privacy practices. Your Protected Health Information (“PHI”) is information that identifies you and that relates to your past, present, or future health or condition, the provision of health care to you, or payment for that health care. We are required by law to maintain the privacy of your PHI and to give you this Notice about our privacy practices that explains your rights as our patient and how, when, and why we may use or disclose your PHI.

We are required by law to notify you following a breach of unsecured PHI. We are required by law to follow the privacy practices described in this Notice, though we reserve the right to change our privacy practices and the terms of this Notice at any time and to apply those changes to all PHI in our possession. If we change our privacy practices and the terms of this Notice, we will post a copy in our office in a prominent location, have copies of the revised Notice available at our office, and provide you with a copy of the revised Notice upon your request.


When we provide health care to you in a hospital or hospital outpatient clinic and you are registered as a patient of the hospital, we are included in the hospital’s organized health care arrangement for purposes of complying with federal privacy laws. As such, we will operate under the hospital’s Notice of Privacy Practices, which you will receive at the time of your registration. We operate under this Notice of Privacy Practices when we see patients outside these organized health care arrangements, but this Notice does not conflict with the Notices of any of the hospitals in which we provide services.


1. Treatment, Payment and Health Care Operations. As described below, we will use or disclose your PHI for treatment, payment, or health care operations. The examples below do not list every possible use or disclosure in a category.

Treatment: We may use and disclose PHI about you to provide, coordinate or manage your health care and related services. We may consult with other health care providers regarding your treatment and coordinate and manage your health care with others. For example, we may use and disclose PHI when you need a prescription, lab work, x-ray or other health care services. We may also use and disclose PHI about you when referring you to another health care provider. For example, if you are referred to another specialist, we may disclose PHI to the specialist regarding your symptoms. We may also disclose PHI about you for the treatment activities of another health care provider. For example, we may send a report about your care from us to another physician so that the other physician may treat you.

Payment: We may use and disclose PHI so that we can bill and collect payment for the treatment and services provided to you. For example, we may send your insurance company a bill for services or release certain PHI to your health insurance company so that it can determine whether your treatment is covered under the terms of your health insurance policy. We also may use and disclose PHI for billing, claims management, and collection activities. We may also disclose PHI to another health care provider or to a company or health plan required to comply with the HIPAA Privacy Rule for the payment activities of that health care provider, company, or health plan. For example, we may allow a health insurance company to review PHI relating to its enrollees to determine the insurance benefits to be paid for its enrollees’ care.

Health Care Operations: We may use and disclose PHI in performing certain business activities which are called health care operations. Some examples of these operations include our business, accounting and management activities. These health care operations also may include quality assurance, utilization review, and internal auditing, such as reviewing and evaluating the skills, qualifications, and performance of health care providers taking care of you and our other patients and providing training programs to help students develop or improve their skills. If another health care provider, company, or health plan that is required to comply with the HIPAA Privacy Rule has or once had a relationship with you, we may disclose PHI about you for certain health care operations of that health care provider, company or health plan. For example, such health care operations may include assisting with legal compliance activities of that health care provider, company or health plan.

2. Communications To You From Our Office. We may use or disclose medical information in order to contact you as a reminder that you have an appointment for treatment or other medical care, to tell you about or recommend possible treatment options or alternatives that may be of interest to you, or to inform you about health-related benefits or services that may be of interest to you.

3. Communications To Family or Friends If You Agree Or Do Not Object. We may disclose PHI to your relatives, close friends or any other person identified by you if the PHI is directly related to that person’s involvement in your care or payment for your care. Generally, except in emergency situations, we will inform you of our intended action prior to making any such uses and disclosures and will, at that time, offer you the opportunity to object. However, if you are not present or are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment. We may also use and disclose your PHI for the purpose of locating and notifying your relatives or close personal friends of your location, general condition or death, and to organizations that are involved in those tasks during disaster situations.

4. Marketing. We may use or disclose your PHI to send you information about products or services related to your treatment, case management or care coordination, or to direct or recommend other treatments, therapies, health care providers or settings of care that may be of interest to you, provided we do not receive payment from a third party for making such communications. We may similarly describe products or services provided by us and tell you which health plans we participate in. When we see you, we may also use your PHI to encourage you to maintain a healthy lifestyle and get recommended tests, recommend that you participate in a disease management program, provide you with promotional gifts of nominal value, tell you about government sponsored health programs or encourage you to purchase a product or service when we see you, for which we may be paid. Finally, we may receive compensation which covers our cost of reminding you to take and refill your medication, or otherwise communicate about a drug or biologic that is currently prescribed for you. We will not otherwise use or disclose your PHI for marketing purposes without your prior written authorization. The authorization will disclose whether we receive any compensation for any marketing activity you authorize, and we will stop any future marketing activity to the extent you revoke that authorization.

5. Sale of PHI. We will not sell your PHI without your prior written authorization. The authorization will disclose that we will receive compensation for your PHI if you authorize us to sell it, and we will stop any future sales of your PHI to the extent you revoke your authorization.

6. Other Uses And Disclosures Authorized By The HIPAA Privacy Rule. We may use and disclose PHI about you in the following circumstances, provided that we comply with certain legal conditions set forth in the HIPAA Privacy Rule.

Required By Law. We may use or disclose PHI as required by federal, state, or local law if the disclosure complies with the law and is limited to the requirements of the law.

Public Health Activities. We may disclose PHI to public health authorities or other authorized persons to carry out certain activities related to public health, including to:

  • Prevent or control disease, injury, or disability or report disease, injury, birth, or death;
  • Report child abuse or neglect;
  • Report information regarding the quality, safety, or effectiveness of products or activities regulated by the federal Food and Drug Administration;
  • Notify a person who may have been exposed to a communicable disease in order to control who may be at risk of contracting or spreading the disease; or
  • Report to employers, under limited circumstances, information related primarily to workplace injuries or illness or workplace medical surveillance.

Abuse, Neglect, or Domestic Violence. We may disclose PHI to proper government authorities if we reasonably believe that a patient has been a victim of domestic violence, abuse, or neglect.

Health Oversight. We may disclose PHI to a health oversight agency for oversight activities including, for example, audits, investigations, inspections, licensure and disciplinary activities and other activities conducted by health oversight agencies to monitor the health care system, government health care programs, and compliance with certain laws.

Legal Proceedings. We may disclose PHI as expressly required by a court or administrative tribunal order or in compliance with state law in response to subpoenas, discovery requests or other legal process when we receive satisfactory assurances that efforts have been made to advise you of the request or to obtain an order protecting the information requested.

Law Enforcement. We may disclose PHI to law enforcement officials under certain specific conditions where the disclosure is:

  • About a suspected crime victim if the person agrees or, under limited circumstances, we are unable to obtain the person’s agreement because of incapacity or emergency;
  • To alert law enforcement of a death that we suspect was the result of criminal conduct;
  • In response to authorized legal process or required by law;
  • To identify or locate a suspect, fugitive, material witness, or missing person;
  • About a crime or suspected crime committed on our premises; or
  • In response to a medical emergency not occurring on our premises, if necessary to report a crime.

Coroners, Medical Examiners or Funeral Directors. We may disclose PHI regarding a deceased patient to a coroner, medical examiner or funeral director so that they may carry out their jobs. We also may disclose such PHI to a funeral director in reasonable anticipation of a patient’s death or following a patient’s death.

Organ Donation. We may disclose PHI to organizations that help procure, locate, and transplant organs in order to facilitate organ, eye, or tissue donation and transplantation.

Threat to Health or Safety. In limited circumstances, we may disclose PHI when we have a good faith belief that the disclosure is necessary to prevent a serious and imminent threat to the health or safety of a person or to the public.

Specialized Government Functions. We may disclose PHI for certain specialized government functions, such as military and veteran activities, national security and intelligence activities, protective services for the president and others, medical suitability determinations, and for certain correctional institutions or in other law enforcement custodial purposes.

Compliance Review. We are required to disclose PHI to the Secretary of the United States Department of Health and Human Services when requested by the Secretary to review our compliance with the HIPAA Privacy Rule.

Workers’ Compensation. We may disclose PHI in order to comply with laws relating to workers’ compensation or other similar programs.

Research. For research purposes under certain limited circumstances for research projects that have been evaluated and approved through an approval process that takes into account patients’ need for privacy. We must obtain a written authorization to use and disclose PHI about you for research purposes except in situations where a research project meets specific, detailed criteria established by the HIPAA Privacy Rule to ensure the privacy of PHI.

Fundraising. We may use or disclose your demographic information, the dates that you received treatment, the department of service, your treating physician, outcome information and health insurance status in order to contact you for fundraising purposes. If you do not want to receive these materials, notify the Privacy Officer listed in this Notice and we will stop any further fundraising communications. Similarly, you should notify the Privacy Officer if you decide you want to start receiving these communications again.

7. Emergencies. We may use or disclose your PHI in an emergency treatment situation in compliance with applicable laws and regulations.

8. With Your Written Authorization. Certain uses and disclosures require an authorization:

  • Psychotherapy Notes: Most uses of psychotherapy notes will require your authorization.
  • Marketing: Uses and disclosures of PHI which result in us receiving financial payment from a third party whose product or services is being marketed will require your authorization.
  • Sale of PHI: Disclosures that constitute a sale of PHI will require your authorization.

All other uses and disclosures of your PHI will be made only with your written authorization. If you have authorized us to use or disclose PHI about you, you may revoke your authorization at any time, except to the extent we have taken action based on the authorization.


The HIPAA Privacy Rule gives you several rights with regard to your PHI. These rights include:

1. Right to Request Restrictions: You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment or health care operations, or that we disclose to those who may be involved in your care or payment for your care. While we will consider your request, we are not required to agree to it. If we do agree to your request, we will comply with your request except as required by law or for emergency treatment. To request restrictions, you must make your request on our Request for Additional Privacy Form to our Privacy Officer at the address listed on the last page of this Notice. If you tell us not to disclose your PHI to your health plan concerning health care items or services for which you have paid in full out-of-pocket, we will abide by your request, unless we must disclose your PHI for treatment or legal reasons.

2. Right to Receive Confidential Communications: You have the right to request that you receive communications regarding PHI in a certain manner or at a certain location. For example, you may request that we contact you at home, rather than at work. You must make your request in writing by submitting our Request for Alternative Communication Form specifying how you would like to be contacted (for example, by regular mail to your post office box and not your home) to our Privacy Officer. We will accommodate all reasonable requests.

3. Right to Inspect and Copy: You have the right to inspect and receive a copy of your PHI contained in records we maintain that may be used to make decisions about your care. These records usually include your medical and billing records but do not include psychotherapy notes; information gathered or prepared for a civil, criminal, or administrative proceeding; or PHI that is subject to law that prohibits access. To inspect and copy your PHI, please contact our Privacy Officer. If you request a copy of PHI about you, we may charge you a reasonable fee for the copying, postage, labor and supplies used in meeting your request. We may deny your request to inspect and copy PHI only under limited circumstances, and in some cases, a denial of access may be reviewable.

4. Right to Amend: If you feel that PHI we have about you is incorrect or incomplete, you may ask us to amend the information for as long as such information is kept by or for us. You must submit your request to amend in writing to our Privacy Officer and give us a reason for your request. We may deny your request in certain cases. If your request is denied, you may submit a written statement disagreeing with the denial, which we will keep on file and distribute with all future disclosures of the information to which it relates.

5. Right to Receive an Accounting of Disclosures: You have the right to request a list of certain disclosures of PHI made by us during a specified period of up to six years (or up to three years in the case of an electronic health record) prior to the request, except disclosures for treatment, payment or health care operations; made to you (unless made through an electronic health record); to persons involved in your care or for the purpose of notifying your family or friends of your whereabouts; for national security or intelligence purposes; made pursuant to your written authorization; incidental to another permissible use or disclosure; for certain notification purposes (including national security, intelligence, correctional, and law enforcement purposes); or disclosures to the Secretary of DHHS; or made before April 14, 2003. If you wish to make such a request, please contact our Privacy Officer. The first accounting that you request in a 12-month period will be free, but we may charge you for our reasonable costs of providing additional lists in the same 12-month period. We will tell you about these costs, and you may choose to cancel your request at any time before costs are incurred.

6. Right to a Paper Copy of this Notice: You have a right to receive a paper copy of this Notice at any time. You are entitled to a paper copy of this Notice even if you have previously agreed to receive this Notice electronically. To obtain a paper copy of this Notice, please contact our Privacy Officer or request a copy at our office.


If you believe your privacy rights have been violated, you may file a complaint with us, or the Secretary of the United States, Department of Health and Human Services. To file a complaint with our office, please contact our Privacy Officer. We will not take action against you or retaliate against you in any way for filing a complaint.


If you have any questions or need additional information about this Notice, please contact our Privacy Officer.


You may contact our Privacy Officer at the following address and phone number:

Administrator, Privacy Officer
Infectious Disease Associates of Kansas City, P.C.
2340 E Meyer Blvd, Bldg 2
Suite 392
Kansas City, MO 64132
(816) 822-8486

EFFECTIVE DATE: This notice was published and first became effective on April 11, 2003. This notice was revised effective September 23, 2013.