Riley York Cardiology Associates

Riley York Cardiology Associates

This Notice describes the privacy practices of Riley York Cardiology Associates, PLLC (the “Practice”). The Practice is required by law to maintain the privacy of medical and health information about you (“Protected Health Information” or “PHI”) and to provide you with this Notice of the Practice’s legal duties and privacy practices with respect to PHI. When the Practice uses or discloses PHI, the Practice is required to abide by the terms of this Notice (or other notice in effect at the time of the use or disclosure).

How the Practice May Use and Disclose Your PHI

The following categories describe ways the Practice may use and disclose your PHI (however, not every use or disclosure in a category is listed). Your written authorization is not required before the Practice may use or disclose your PHI for the purposes listed below, unless otherwise noted.

Treatment – The Practice uses PHI to provide treatment and other services to you – for example, to diagnose and treat your cardiac needs. With your consent, the Practice may disclose information about you to other health care providers who are involved in your care and treatment.

Payment – The Practice may use, and with your consent, disclose your PHI so that the services you
receive may be billed and payment collected from you, an insurance company or third party payor.

For example, the Practice may disclose your PHI to file claims and obtain payment from your health insurer for the medical services provided by the Practice. With your consent, the Practice also may disclose PHI to other health care providers so that they may seek payment for services they rendered to you.

Health Care Operations – The Practice may use, and with your consent, disclose your PHI as necessary to support the day-to-day activities and management of the Practice. For example, the Practice may use and disclose your PHI for purposes of internal administration and planning, quality review and improvement, legal services, etc.

Information Related to Your Care – The Practice may use your PHI to communicate with you about products or services relating to your treatment, case management or care coordination, or alternative treatments, therapies, providers or care settings. The Practice also may use your PHI to identify health-related services and products provided by the Practice that may be beneficial to your health and then contact you about the services and products. The Practice will not use or disclose your PHI for purposes of marketing (as defined by federal privacy laws) without first obtaining your prior authorization.

Communication with Family and Others – The Practice may disclose your PHI to a family member, other relative, close personal friend or others who are identified by you, who are involved in your care or payment for your care, when you are present for, or otherwise available prior to, the disclosure, and you do not object to such disclosure after being given the opportunity to do so. The Practice also may disclose your PHI to such person with your verbal agreement or written consent.

If you are incapacitated or in an emergency circumstance, the health care providers at the Practice may exercise their professional judgment to determine whether a disclosure is in your best interest.

If the Practice discloses PHI in such event, the Practice would disclose only PHI that we believe is directly relevant to the person’s involvement with your health care or with payment related to your health care. The Practice also may disclose your PHI in order to notify (or assist in notifying) such persons of your location, general condition or death.

Public Health Reporting – Your PHI may be disclosed for public health purposes as required by
law. For instance, the Practice is required to:

  1. report cases of child abuse and neglect, elder abuse, disabled persons abuse, rape, and sexual assault;
  2. report medical information for the purpose of preventing or controlling disease, injury or disability;
  3. report information about products and services under the jurisdiction of the U.S. Food and Drug Administration;
  4. report information to your insurer and/or the Massachusetts Industrial Accident Board (and any party involved in the Workers’ Compensation matter) as required under laws addressing work-related illnesses and injuries or workplace medical surveillance;
  5. if we know or have reason to believe that you are infected with a venereal disease, to alert your fiancée, if you are engaged, or your spouse, if you are married; and
  6. file a death certificate.

Health Oversight Activities – Your PHI may be disclosed to health oversight agencies as required by law. Health oversight activities include audit, investigation, inspection, licensure or disciplinary actions, and civil, criminal or administrative proceedings or actions. The Practice also is required to disclose your PHI to the Secretary of Health and Human Services, upon request, to determine our compliance with the Health Insurance Portability and Accountability Act.

Health or Safety – The Practice may use or disclose PHI to prevent or lessen a serious and imminent danger to you or to others if the disclosure is to a person who is reasonably able to lessen or prevent the threat, including the target of the threat.

Judicial and Administrative Proceedings – The Practice may disclose PHI in the course of a judicial or administrative proceeding in response to a legal order or other lawful process.

Law Enforcement Officials – Your PHI may be disclosed to the police or other law enforcement officials as required or permitted by law or in compliance with a court order or a grand jury or administrative subpoena accompanied by a court order.

Specialized Government Functions – The Practice may use and disclose your PHI to units of the government with special functions, such as the U.S. military or the U.S. Department of State under certain circumstances as required by law.

Ordered Examinations – The Practice may release your PHI when required to report findings from an examination ordered by a court or detention facility.

Decedents – The Practice may disclose your PHI to a coroner or medical examiner as authorized by law.

Organ and Tissue Procurement – If you are an organ donor, the Practice may disclose your PHI to organizations that facilitate organ, eye or tissue procurement, banking or transplantation.

Research – The Practice may use or disclose your PHI without your consent or authorization for research purposes if an Institutional Review Board/Privacy Board approves a waiver of authorization for such use or disclosure.

Required by Law – The Practice may use and disclose your PHI when required to do so by federal, state or local law.


Sale of PHI, Marketing, and Other Uses and Disclosures Require Your Authorization – The Practice will not sell your PHI or otherwise use or disclose it for purposes of marketing (as defined by federal privacy laws) without obtaining your prior written authorization. Furthermore, use or disclosure of your PHI for any purpose other than those listed above requires your written authorization or that of your legal representative. We will not deny medical treatment if you do not sign the authorization. Furthermore, you may revoke the authorization at any time, in writing. If you revoke your authorization, we will no longer use or disclose information about you for the reason covered by your written revocation.

Highly Confidential Information – Federal and state law require special privacy protections for certain highly confidential information about you (“Highly Confidential Information”), including:

  1. your HIV/AIDS status;
  2. genetic testing information;
  3. substance use disorder information protected under 42 CFR Part 2;
  4. confidential communications with a psychotherapist, psychologist, social worker, sexual assault counselor, domestic violence counselor, or other allied mental health professional, or human services professional;
  5. venereal disease information;
  6. mammography records;
  7. mental health community program records;
  8. research involving controlled substances;
  9. abortion consent form(s); and
  10. family planning services.

In order for us to disclose your Highly Confidential Information, we must obtain your separate, specific written consent and/or authorization unless we are otherwise permitted by law to make such disclosure.

Most uses and disclosures involving Psychotherapy Notes (as defined in the Federal privacy regulations) require your authorization. If you are an emancipated minor, certain information relating to your treatment or diagnosis may be considered “Highly Confidential Information” and as a result will not be disclosed to your parent or guardian without your consent. Your consent is not required, however, if a physician reasonably believes your condition to be so serious that your life or limb is endangered. Under such circumstances, we may notify your parents or legal guardian of the condition, and will inform you of any such notification. Please note that if you are a parent or legal guardian of an emancipated minor, certain portions of the emancipated minor’s medical record (or, in certain instances, the entire medical record) may not be accessible to you.

Your Rights Regarding Your PHI

Although your health records are the physical property of the Practice, you have certain rights with regard to the information we maintain about you in those records.

Notice – You have the right to receive a paper copy of this Notice (even if you have agreed to receive this Notice electronically).

Revoke Your Authorization – You have the right to revoke your authorization (or consent) to our use/disclosure of your PHI, as long as you make your request in writing to the Practice. You can revoke your authorization (or consent) for future disclosures, but not for any disclosures made prior to when you first gave your notice of revocation.

Request Restrictions – You have the right to request restrictions on uses and disclosures of your PHI:

(i) for treatment, payment and health care operations;

(ii) to individuals (such as a family member, other relative, close personal friend or any other person identified by you) involved with your care or with payment related to your care, or

(iii) to notify or assist in the notification of such individuals regarding your location and general condition.

The Practice will consider your request; however, we are not required to agree to the restriction (with one limited exception relating to disclosures to a health plan where you pay out of pocket in full for the health care item or service).

Restrictions we have agreed to do not apply to disclosures that are made mandatory by health oversight activities or law. If you wish to request restrictions, please submit a written request to our Privacy Officer. We will send you a written response.

Receive Confidential Communications – You have the right to receive confidential communications of your PHI from the Practice by alternative means or at alternative locations. We are required to accommodate any reasonable request you make. Requests must be submitted in writing to the Practice.


Inspect and Copy Your PHI – You have the right to inspect and copy your PHI that we hold in a designated record set. This usually includes medical records (excluding psychotherapy notes) and billing records. To the extent that electronic health records are available, you have a right to an electronic copy of your record, and, if you choose, to direct us to transmit a copy of the electronic health record to a designated individual or entity. We may charge a fee for copies of your records.
If you wish to access your records, please submit a written request to our Privacy Officer.

Questions about fees may be directed to our Privacy Officer as well.


Amend Your PHI – You have a right to request that we amend your PHI if you feel that the information we have is inaccurate or incomplete, as long as the Practice created the information you wish to amend. We will not make changes to medical information created by another health care provider or changes that would make your medical record inaccurate or incomplete. If you wish to request an amendment to your records, please submit a written request to our Privacy Officer.

Accounting – You have a right to receive a list of how and to whom certain of your medical information has been disclosed, called an “accounting of disclosures”. If you would like to request an accounting, please submit a written request to our Privacy Officer.

Notice of a Breach – You have a right to receive a breach notification that complies with applicable Federal and State laws and regulations in the event of a breach of your unsecured PHI.


Revisions to the Practice’s Privacy Policies and Practices

The Practice is required by law to: make sure that the privacy of your PHI is maintained, provide you with this Notice of our legal duties and privacy practices and abide by the terms of the Notice that is currently in effect. The Practice reserves the right to change its privacy policies and practices, including this Notice, and to make the new policies and practices, including the revised Notice provisions, effective for all PHI that we maintain. We will have the current Notice available in our office for you to request to take with you and post the current Notice in a clear and prominent location in our office, and post the current Notice on our website. You may request a copy of it at any time.

Questions Regarding the Privacy of Your Health Information

If you have questions regarding information contained in this Notice, if you would like to obtain additional information about our privacy practices, or if you wish to exercise your rights as listed in this Notice, you may contact our Privacy Officer.

How to File a Complaint

If you would like to submit a comment or complaint about our privacy practices, you can do so by contacting our Privacy Officer (see below). You may also contact the Secretary of the Department of Health and Human Services. You will not be penalized or otherwise retaliated against for filing a complaint.


Office for Civil Rights
Department of Health and Human Services
200 Independence Ave., SW
Rm. 509F, HHH Building
Washington, D.C. 20201
Email: [email protected]
Website: https://www.hhs.gov/hipaa/filing-a-complaint/index.html

Practice Contact Information

You may contact our Privacy Officer at:
Name: Anne Riley
Phone Number: 617-431-3237
Mailing Address: 65 Walnut Street, Suite 301 Wellesley, MA 02481

Effective Date
This Notice is effective as of July 1, 2024.