Contact Us

Privacy

Women’s Health Care of Western Colorado, P.C.

Revisions to privacy notice: effective 05/19/2014

NOTICE OF BREACH

Women’s Health Care is committed to the security of your protected health information (PHI). If a breach of unsecured protected health information is discovered by WHC, we will provide notification of the breach to affected individuals, the secretary of Health and Human Services, and, in certain circumstances, to the media. In addition, any business associate will notify us on your behalf if a breach should occur by an agent of the business associate. The business associate is responsible to provide any contact information available to assist us in notifying you.

Notice will be given to you by first-class mail, or alternatively, by e-mail if you have given us permission to send such notices electronically. If we do not have sufficient patient information or out-of-date contact information and 10 or more individuals are involved, we may post this notice on our webpage for at least 90 days or provide notice in newsprint or broadcast media where you are likely to reside. We will include our toll-free phone number for a period of 90 days, where individuals can learn if their information was involved in the breach. If your contact information is insufficient or out-of-date we may provide substitute notice by an alternative form of written notice, by telephone, or other means without unreasonable delay, but no later than 60 days following the discovery of a breach. We will include a brief description of the breach, a description of the types of information that were involved in the breach, the steps affected individuals should take to protect themselves from potential harm. We will let you know what we are doing to investigate the breach, mitigate harm and prevent further breaches.

Should a breach that affects 500 residents of Colorado be discovered we will notify those individuals through media outlets serving the State and will likely provide notification in the form of a press release without unreasonable delay, and no later than 60 days following the discovery of a breach of PHI. We will include the same information required for the individual notice.

In addition to notifying affected individuals and the media (where appropriate), we will notify the Secretary of Health and Human Services of any breach of unsecured PHI by submitting such notice at http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html by submitting the HHS electronic breach report form. If a breach affects 500 or more individuals, we will notify Secretary without unreasonable delay, but in no case later than 60 days following a breach. If, however, a breach affects fewer than 500 individuals, we may notify the Secretary of such breaches on an annual basis.