OMNIBUS Rule HIPAA NOTICE OF PRIVACY PRACTICES

for the Healthcare Facility of: Name of Facility : Mroz-Baier Breast Care Clinic P.C. Address: 6005 Park Avenue, Ste 700 Memphis, TN 38119

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION under the HIPAA Omnibus Rule of 2013.

PLEASE REVIEW IT CAREFULLY

For purposes of this Notice us we and our refers to the Name of this Healthcare Facility: Mroz-Baier Breast Care Clinic, P.C. and you or your refers to our patients (or their legal representatives as determined by us in accordance with state informed consent law). When you receive healthcare services from us, we will obtain access to your medical information (i.e. your health history). We are committed to maintaining the privacy of your health information and we have implemented numerous procedures to ensure that we do so. The Federal Health Insurance Portability & Accountability Act of 2013, HIPAA Omnibus Rule, (formally HIPAA 1996 & HI TECH of 2004) require us to maintain the confidentiality of all your healthcare records and other identifiable patient health information (PHI) used by or disclosed to us in any form, whether electronic, on paper, or spoken. HIPAA is a Federal Law that gives you significant new rights to understand and control how your health information is used. Federal HIPAA Omnibus Rule and state law provide penalties for covered entities, business associates, and their subcontractors and records owners, respectively that misuse or improperly disclose PHI. Starting April 14, 2003, HIPAA requires us to provide you with the Notice of our legal duties and the privacy practices we are required to follow when you first come into our office for health-care services. If you have any questions about this Notice, please ask to speak to our HIPAA Privacy Officer. Our doctors, clinical staff, employees, Business Associates (outside contractors we hire), their subcontractors and other involved parties follow the policies and procedures set forth in this Notice. If at this facility, your primary caretaker / doctor is unavailable to assist you (i.e. illness, on-call coverage, vacation, etc.), we may provide you with the name of another healthcare provider outside our practice for you to consult with. If we do so, that provider will follow the policies and procedures set forth in this Notice or those established for his or her practice, so long as they substantially conform to those for our practice. OUR RULES ON HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION Under the law, we must have your signature on a written, dated Consent Form and/or an Authorization Form of Acknowledgement of this Notice, before we will use or disclose your PHI for certain purposes as detailed in the rules below. Documentation You will be asked to sign an Authorization / Acknowledgement form when you receive this Notice of Privacy Practices. If you did not sign such a form or need a copy of the one you signed, please contact our Privacy Officer. You may take back or revoke your consent or authorization at any time (unless we already have acted based on it) by submitting our Revocation Form in writing to us at our address listed above. Your revocation will take effect when we actually receive it. We cannot give it retroactive effect, so it will not affect any use or

HIPAA made EASY All Rights Reserved

disclosure that occurred in our reliance on your Consent or Authorization prior to revocation (i.e. if after we provide services to you, you revoke your authorization / acknowledgement in order to prevent us billing or collecting for those services, your revocation will have no effect because we relied on your authorization/ acknowledgement to provide services before you revoked it). General Rule If you do not sign our authorization/ acknowledgement form or if you revoke it, as a general rule (subject to exceptions described below under Healthcare Treatment, Payment and Operations Rule and Special Rules), we cannot in any manner use or disclose to anyone (excluding you, but including payers and Business Associates) your PHI or any other information in your medical record. By law, we are unable to submit claims to payers under assignment of benefits without your signature on our authorization/ acknowledgement form. You will however be able to restrict disclosures to your insurance carrier for services for which you wish to pay "out of pocket under the new Omnibus Rule. We will not condition treatment on you signing an authorization / acknowledgement, but we may be forced to decline you as a new patient or discontinue you as an active patient if you choose not to sign the authorization/ acknowledgement or revoke it. Healthcare Treatment, Payment and Operations Rule With your signed consent, we may use or disclose your PHI in order:

To provide you with or coordinate healthcare treatment and services. For example, we may review your health history form to form a diagnosis and treatment plan, consult with other doctors about your care, delegate tasks to ancillary staff, call in prescriptions to your pharmacy, disclose needed information to your family or others so they may assist you with home care, arrange appointments with other healthcare providers, schedule lab work for you, etc.

To bill or collect payment from you, an insurance company, a managed-care organization, a health benefits plan or another third party. For example, we may need to verify your insurance coverage, submit your PHI on claim forms in order to get reimbursed for our services, obtain pre-treatment estimates or prior authorizations from your health plan or provide your x-rays because your health plan requires them for payment; Remember, you will be able to restrict disclosures to your insurance carrier for services for which you wish to pay "out of pocket under this new Omnibus Rule.

To run our office, assess the quality of care our patients receive and provide you with customer service. For example, to improve efficiency and reduce costs associated with missed appointments, we may contact you by telephone, mail or otherwise remind you of scheduled appointments, we may leave messages with whomever answers your telephone or email to contact us (but we will not give out detailed PHI), we may call you by name from the waiting room, we may ask you to put your name on a sign-in sheet, (we will cover your name just after checking you in), we may tell you about or recommend health-related products and complementary or alternative treatments that may interest you, we may review your PHI to evaluate our staffs performance, or our Privacy Officer may review your records to assist you with complaints. If you prefer that we not contact you with appointment reminders or information about treatment alternatives or health-related products and services, please notify us in writing at our address listed above and we will not use or disclose your PHI for these purposes.

New HIPAA Omnibus Rule does not require that we provide the above notice regarding Appointment Reminders, Treatment Information or Health Benefits, but we are including these as a courtesy so you understand our business practices with regards to your (PHI) protected health information.

Additionally you should be made aware of these protection laws on your behalf, under the new HIPAA Omnibus Rule:

That Health Insurance plans that underwrite cannot use or disclose genetic information for underwriting purposes (this excludes certain long-term care plans). Health plans that post their NOPPs on their web sites must post these Omnibus Rule changes on their sites by the effective date of the Omnibus Rule, as well as notify you by US Mail by the Omnibus Rules effective date. Plans that do not post their NOPPs on their Web sites must provide you information about Omnibus Rule changes within 60 days of these federal revisions.

Psychotherapy Notes maintained by a healthcare provider, must state in their NOPPs that they can allow use and disclosure of such notes only with your written authorization.

Special Rules Notwithstanding anything else contained in this Notice, only in accordance with applicable HIPAA Omnibus Rule, and under strictly limited circumstances, we may use or disclose your PHI without your permission, consent or authorization for the following purposes:

When required under federal, state or local law When necessary in emergencies to prevent a serious threat to your health and safety or

the health and safety of other persons When necessary for public health reasons (i.e. prevention or control of disease, injury or

disability, reporting information such as adverse reactions to anesthesia, ineffective or dangerous medications or products, suspected abuse, neglect or exploitation of children, disabled adults or the elderly, or domestic violence)

For federal or state government health-care oversight activities (i.e. civil rights laws, fraud and abuse investigations, audits, investigations, inspections, licensure or permitting, government programs, etc.)

For judicial and administrative proceedings and law enforcement purposes (i.e. in response to a warrant, subpoena or court order, by providing PHI to coroners, medical examiners and funeral directors to locate missing persons, identify deceased persons or determine cause of death)

For Workers Compensation purposes (i.e. we may disclose your PHI if you have claimed health benefits for a work-related injury or illness)

For intelligence, counterintelligence or other national security purposes (i.e. Veterans Affairs, U.S. military command, other government authorities or foreign military authorities may require us to release PHI about you)

For organ and tissue donation (i.e. if you are an organ donor, we may release your PHI to organizations that handle organ, eye or tissue procurement, donation and transplantation)

For research projects approved by an Institutional Review Board or a privacy board to ensure confidentiality (i.e. if the researcher will have access to your PHI because involved in your clinical care, we will ask you to sign an authorization)

To create a collection of information that is de-identified (i.e. it does not personally identify you by name, distinguishing marks or otherwise and no longer can be connected to you)

To family members, friends and others, but only if you are present and verbally give permission. We give you an opportunity to object and if you do not, we reasonably assume, based on our professional judgment and the surrounding circumstances, that you do not object (i.e. you bring someone with you into the operatory or exam room during treatment or into the conference area when we are discussing your PHI); we

reasonably infer that it is in your best interest (i.e. to allow someone to pick up your records because they knew you were our patient and you asked them in writing with your signature to do so); or it is an emergency situation involving you or another person (i.e. your minor child or ward) and, respectively, you cannot consent to your care because you are incapable of doing so or you cannot consent to the other persons care because, after a reasonable attempt, we have been unable to locate you. In these emergency situations we may, based on our professional judgment and the surrounding circumstances, determine that disclosure is in the best interests of you or the other person, in which case we will disclose PHI, but only as it pertains to the care being provided and we will notify you of the disclosure as soon as possible after the care is completed. As per HIPAA law 164.512(j) (i) (A) Is necessary to prevent or lessen a serious or imminent threat to the health and safety of a person or the public and (B) Is to person or persons reasonably able to prevent or lessen that threat.

Minimum Necessary Rule Our staff will not use or access your PHI unless it is necessary to do their jobs (i.e. doctors uninvolved in your care will not access your PHI; ancillary clinical staff caring for you will not access your billing information; billing staff will not access your PHI except as needed to complete the claim form for the latest visit; janitorial staff will not access your PHI). All of our team members are trained in HIPAA Privacy rules and sign strict Confidentiality Contracts with regards to protecting and keeping private your PHI. So do our Business Associates and their Subcontractors. Know that your PHI is protected several layers deep with regards to our business relations. Also, we disclose to others outside our staff, only as much of your PHI as is necessary to accomplish the recipients lawful purposes. Still in certain cases, we may use and disclose the entire contents of your medical record:

To you (and your legal representatives as stated above) and anyone else you list on a Consent or Authorization to receive a copy of your records

To healthcare providers for treatment purposes (i.e. making diagnosis and treatment decisions or agreeing with prior recommendations in the medical record)

To the U.S. Department of Health and Human Services (i.e. in connection with a HIPAA complaint)

To others as required under federal or state law To our privacy officer and others as necessary to resolve your complaint or accomplish

your request under HIPAA (i.e. clerks who copy records need access to your entire medical record)

In accordance with HIPAA law, we presume that requests for disclosure of PHI from another Covered Entity (as defined in HIPAA) are for the minimum necessary amount of PHI to accomplish the requestors purpose. Our Privacy Officer will individually review unusual or non-recurring requests for PHI to determine the minimum necessary amount of PHI and disclose only that. For non-routine requests or disclosures, our Privacy Officer will make a minimum necessary determination based on, but not limited to, the following factors:

The amount of information being disclosed The number of individuals or entities to whom the information is being disclosed The importance of the use or disclosure The likelihood of further disclosure Whether the same result could be achieved with de-identified information The technology available to protect confidentiality of the information The cost to implement administrative, technical and security procedures to protect

confidentiality If we believe that a request from others for disclosure of your entire medical record is unnecessary, we will ask the requestor to document why this is needed, retain that documentation and make it available to you upon request. Incidental Disclosure Rule We will take reasonable administrative, technical and security safeguards to ensure the privacy of your PHI when we use or disclose it (i.e. we shred all paper containing PHI, require employees to speak with privacy precautions when discussing PHI with you, we use computer passwords and change them periodically (i.e. when an employee leaves us), we use firewall and router protection to the federal standard, we back up our PHI data off-site and encrypted to federal standard, we do not allow unauthorized access to areas where PHI is stored or filed and/or we have any unsupervised business associates sign Business Associate Confidentiality Agreements).However, in the event that there is a breach in protecting your PHI, we will follow Federal Guide Lines to HIPAA Omnibus Rule Standard to first evaluate the breach situation using the Omnibus Rule, 4-Factor Formula for Breach Assessment. Then we will document the situation, retain copies of the situation on file, and report all breaches (other than low probability as prescribed by the Omnibus Rule) to the US Department of Health and Human Services at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html We will also make proper notification to you and any other parties of significance as required by HIPAA Law. Business Associate Rule Business Associates are defined as: an entity, (non-employee) that in the course of their work will directly / indirectly use, transmit, view, transport, hear, interpret, process or offer PHI for this Facility. Business Associates and other third parties (if any) that receive your PHI from us will be prohibited from re-disclosing it unless required to do so by law or you give prior express written consent to the re-disclosure. Nothing in our Business Associate agreement will allow our Business Associate to violate this re-disclosure prohibition. Under Omnibus Rule, Business Associates will sign a strict confidentiality agreement binding them to keep your PHI protected and report any compromise of such information to us, you and the United States Department of Health and Human Services, as well as other required entities. Our Business Associates will also follow Omnibus Rule and have any of their Subcontractors that may directly or indirectly have contact with your PHI, sign Confidentiality Agreements to Federal Omnibus Standard. Super-confidential Information Rule If we have PHI about you regarding communicable diseases, disease testing, alcohol or substance abuse diagnosis and treatment, or psychotherapy and mental health records (super-confidential information under the law), we will not disclose it under the General or Healthcare Treatment, Payment and Operations Rules (see above) without your first signing and properly completing our Consent form (i.e. you specifically must initial the type of super-confidential information we are allowed to disclose). If you do not specifically authorize disclosure by initialing the super-confidential information, we will not disclose it unless authorized under the Special Rules (see above) (i.e. we are required by law to disclose it). If we disclose super-confidential information (either because you have initialed the consent form or the Special Rules authorizing us to do so), we will comply with state and federal law that requires us to warn the recipient in writing that re-disclosure is prohibited.

Changes to Privacy Policies Rule We reserve the right to change our privacy practices (by changing the terms of this Notice) at any time as authorized by law. The changes will be effective immediately upon us making them. They will apply to all PHI we create or receive in the future, as well as to all PHI created or received by us in the past (i.e. to PHI about you that we had before the changes took effect). If we make changes, we will post the changed Notice, along with its effective date, in our office and on our website. Also, upon request, you will be given a copy of our current Notice. Authorization Rule We will not use or disclose your PHI for any purpose or to any person other than as stated in the rules above without your signature on our specifically worded, written Authorization / Acknowledgement Form (not a Consent or an Acknowledgement). If we need your Authorization, we must obtain it via a specific Authorization Form, which may be separate from any Authorization / Acknowledgement we may have obtained from you. We will not condition your treatment here on whether you sign the Authorization (or not). Marketing and Fund Raising Rules Limitations on the disclosure of PHI regarding Remuneration The disclosure or sale of your PHI without authorization is prohibited. Under the new HIPAA Omnibus Rule, this would exclude disclosures for public health purposes, for treatment / payment for healthcare, for the sale, transfer, merger, or consolidation of all or part of this facility and for related due diligence, to any of our Business Associates, in connection with the business associate's performance of activities for this facility, to a patient or beneficiary upon request, and as required by law. In addition, the disclosure of your PHI for research purposes or for any other purpose permitted by HIPAA will not be considered a prohibited disclosure if the only reimbursement received is a reasonable, cost-based fee to cover the cost to prepare and transmit your PHI which would be expressly permitted by law. Notably, under the Omnibus Rule, an authorization to disclose PHI must state that the disclosure will result in remuneration to the Covered Entity. Notwithstanding the changes in the Omnibus Rule, the disclosure of limited data sets (a form of PHI with a number of identifiers removed in accordance with specific HIPAA requirements) for remuneration pursuant to existing agreements is permissible until September 22, 2014, so long as the agreement is not modified within one year before that date. Limitation on the Use of PHI for Paid Marketing We will, in accordance with Federal and State Laws, obtain your written authorization to use or disclose your PHI for marketing purposes, (i.e.: to use your photo in ads) but not for activities that constitute treatment or healthcare operations. To clarify, Marketing is defined by HIPAAs Omnibus Rule, as "a communication about a product or service that encourages recipients . . . to purchase or use the product or service." Under the Omnibus Rule, we will obtain a written authorization from you prior to recommending you to an alternative therapist, or non-associated Healthcare Covered Entity. Under Omnibus Rule we will obtain your written authorization prior to using your PHI or making any treatment or healthcare recommendations, should financial remuneration for making the

communication be involved from a third party whose product or service we might promote (i.e.: businesses offering this facility incentives to promote their products or services to you). This will also apply to our Business Associate who may receive such remuneration for making a treatment or healthcare recommendations to you. All such recommendations will be limited without your expressed written permission. We must clarify to you that financial remuneration does not include as in-kind payments and payments for a purpose to implement a disease management program. Any promotional gifts of nominal value are not subject to the authorization requirement, and we will abide by the set terms of the law to accept or reject these. The only exclusion to this would include: "refill reminders", so long as the remuneration for making such a communication is "reasonably related to our cost" for making such a communication. In accordance with law, this facility and our Business Associates will only ever seek reimbursement from you for permissible costs that include: labor, supplies, and postage. Please note that generic equivalents , adherence to take medication as directed and self-administered drug or delivery system communications are all considered to be "refill reminders." Face-to-face marketing communications, such as sharing with you, a written product brochure or pamphlet, is permissible under current HIPAA Law. Flexibility on the Use of PHI for Fundraising Under the HIPAA Omnibus Rule use of PHI is more flexible and does not require your authorization should we choose to include you in any fund raising efforts attempted at this facility? However, we will offer the opportunity for you to opt out of receiving future fundraising communications. Simply let us know that you want to opt out of such situations. There will be a statement on your HIPAA Patient Acknowledgement Form where you can choose to opt out. Our commitment to care and treat you will in no way effect your decision to participate or not participate in our fund raising efforts. Improvements to Requirements for Authorizations Related to Research Under HIPAA Omnibus Rule, we may seek authorizations from you for the use of your PHI for future research. However, we would have to make clear what those uses are in detail. Also, if we request of you a compound authorization with regards to research, this facility would clarify that when a compound authorization is used, and research-related treatment is conditioned upon your authorization, the compound authorization will differentiate between the conditioned and unconditioned components. YOUR RIGHTS REGARDING YOUR PROTECTED HEALTH INFORMATION If you got this Notice via email or website, you have the right to get, at any time, a paper copy by asking our Privacy Officer. Also, you have the following additional rights regarding PHI we maintain about you: To Inspect and Copy You have the right to see and get a copy of your PHI including, but not limited to, medical and billing records by submitting a written request to our Privacy Officer. Original records will not leave the premises, will be available for inspection only during our regular business hours, and only if our Privacy Officer is present at all times. You may ask us to give you the copies in a format other than photocopies (and we will do so unless we determine that it is impractical) or ask us to prepare a summary in lieu of the copies. We may charge you a fee not to exceed state law to recover our costs (including postage, supplies, and staff time as applicable, but

excluding staff time for search and retrieval) to duplicate or summarize your PHI. We will not condition release of the copies on summary of payment of your outstanding balance for professional services if you have one). We will comply with Federal Law to provide your PHI in an electronic format within the 30 days, to Federal specification, when you provide us with proper written request. Paper copy will also be made available. We will respond to requests in a timely manner, without delay for legal review, or, in less than thirty days if submitted in writing, and in ten business days or less if malpractice litigation or pre-suit production is involved. We may deny your request in certain limited circumstances (i.e. we do not have the PHI, it came from a confidential source, etc.). If we deny your request, you may ask for a review of that decision. If required by law, we will select a licensed health-care professional (other than the person who denied your request initially) to review the denial and we will follow his or her decision. If we select a licensed healthcare professional who is not affiliated with us, we will ensure a Business Associate Agreement is executed that prevents re-disclosure of your PHI without your consent by that outside professional. To Request Amendment / Correction If another doctor involved in your care tells us in writing to change your PHI, we will do so as expeditiously as possible upon receipt of the changes and will send you written confirmation that we have made the changes. If you think PHI we have about you is incorrect, or that something important is missing from your records, you may ask us to amend or correct it (so long as we have it) by submitting a Request for Amendment / Correction form to our Privacy Officer. We will act on your request within 30 days from receipt but we may extend our response time (within the 30-day period) no more than once and by no more than 30 days, or as per Federal Law allowances, in which case we will notify you in writing why and when we will be able to respond. If we grant your request, we will let you know within five business days, make the changes by noting (not deleting) what is incorrect or incomplete and adding to it the changed language, and send the changes within 5 business days to persons you ask us to and persons we know may rely on incorrect or incomplete PHI to your detriment (or already have). We may deny your request under certain circumstances (i.e. it is not in writing, it does not give a reason why you want the change, we did not create the PHI you want changed (and the entity that did can be contacted), it was compiled for use in litigation, or we determine it is accurate and complete). If we deny your request, we will (in writing within 5 business days) tell you why and how to file a complaint with us if you disagree, that you may submit a written disagreement with our denial (and we may submit a written rebuttal and give you a copy of it), that you may ask us to disclose your initial request and our denial when we make future disclosure of PHI pertaining to your request, and that you may complain to us and the U.S. Department of Health and Human Services. To an Accounting of Disclosures You may ask us for a list of those who got your PHI from us by submitting a Request for Accounting of Disclosures form to us. The list will not cover some disclosures (i.e. PHI given to you, given to your legal representative, given to others for treatment, payment or health-care-operations purposes). Your request must state in what form you want the list (i.e. paper or electronically) and the time period you want us to cover, which may be up to but not more than the last six years (excluding dates before April 14, 2003). If you ask us for this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee to respond, in which case we will tell you the cost before we incur it and let you choose if you want to withdraw or modify your request to avoid the cost. To Request Restrictions

HIPAA made EASY All Rights Reserved

You may ask us to limit how your PHI is used and disclosed (i.e. in addition to our rules as set forth in this Notice) by submitting a written Request for Restrictions on Use, Disclosure form to us (i.e. you may not want us to disclose your surgery to family members or friends involved in paying for our services or providing your home care). If we agree to these additional limitations, we will follow them except in an emergency where we will not have time to check for limitations. Also, in some circumstances we may be unable to grant your request (i.e. we are required by law to use or disclose your PHI in a manner that you want restricted, you signed an Authorization Form, which you may revoke, that allows us to use or disclose your PHI in the manner you want restricted; in an emergency). To Request Alternative Communications You may ask us to communicate with you in a different way or at a different place by submitting a written Request for Alternative Communication Form to us. We will not ask you why and we will accommodate all reasonable requests (which may include: to send appointment reminders in closed envelopes rather than by postcards, to send your PHI to a post office box instead of your home address, to communicate with you at a telephone number other than your home number). You must tell us the alternative means or location you want us to use and explain to our satisfaction how payment to us will be made if we communicate with you as you request. To Complain or Get More Information We will follow our rules as set forth in this Notice. If you want more information or if you believe your privacy rights have been violated (i.e. you disagree with a decision of ours about inspection / copying, amendment / correction, accounting of disclosures, restrictions or alternative communications), we want to make it right. We never will penalize you for filing a complaint. To do so, please file a formal, written complaint within 180 days with: The U.S. Department of Health & Human Services Office of Civil Rights 200 Independence Ave., S.W. Washington, DC 20201 877.696.6775 Or, submit a written Complaint form to us at the following address:

Our Privacy Officer: Nanci Jennings Office Name: Mroz-Baier Breast Care Clinic P.C. Office Address: 6005 Park Avenue, Ste 700 Memphis, TN 38119 Office Phone: 901-527-3391 Office Fax: 901-578-3969 Email Address: mrozbaier @aol.com

You may get your HIPAA Complaint form by calling our privacy officer. These privacy practices are in accordance with the original HIPAA enforcement effective April 14, 2003, and undated to Omnibus Rule effective March 26, 2013 and will remain in effect until we replace them as specified by Federal and/or State Law.

HIPAA made EASY All Rights Reserved

OPTIONAL RULES FOR NOPP Faxing and Emailing Rule When you request us to fax or email your PHI as an alternative communication, we may agree to do so, but only after having our Privacy Officer or treating doctor review that request. For this communication, our Privacy Officer will confirm that the fax number or email address is correct before sending the message and ensure that the intended recipient has sole access to the fax machine or computer before sending the message; confirm receipt, locate our fax machine or computer in a secure location so unauthorized access and viewing is prevented; use a fax cover sheet so the PHI is not the first page to print out (because unauthorized persons may view the top page); and attach an appropriate notice to the message. Our emails are all encrypted per Federal Standard for your protection. Practice Transition Rule If we sell our practice, our patient records (including but not limited to your PHI) may be disclosed and physical custody may be transferred to the purchasing healthcare provider, but only in accordance with the law. The healthcare provider who is the new records owner will be solely responsible for ensuring privacy of your PHI after the transfer and you agree that we will have no responsibility for (or duty associated with) transferred records. If all the owners of our practice die, our patient records (including but not limited to your PHI) must be transferred to another healthcare provider within 90 days to comply with State & Federal Laws. Before we transfer records in either of these two situations, our Privacy Officer will obtain a Business Associate Agreement from the purchaser and review your PHI for super-confidential information (i.e. communicable disease records), which will not be transferred without your express written authorization (indicated by your initials on our Consent form). Inactive Patient Records We will retain your records for seven years from your last treatment or examination, at which point you will become an inactive patient in our practice and we may destroy your records at that time (but records of inactive minor patients will not be destroyed before the childs eighteenth birthday). We will do so only in accordance with the law (i.e. in a confidential manner, with a Business Associate Agreement prohibiting re-disclosure if necessary). Collections If we use or disclose your PHI for collections purposes, we will do so only in accordance with the law.

HIPAA made EASY

All Rights Reserved

HIPAA OMNIBUS RULE PATIENT ACKNOWLEDGEMENT OF RECEIPT OF NOTICE OF PRIVACY PRACTICES

AND CONSENT/ LIMITED AUTHORIZATION & RELEASE FORM You may refuse to sign this acknowledgement & authorization. In refusing we may not be allowed to process your insurance claims.

Date: __________________ The undersigned acknowledges receipt of a copy of the currently effective Notice of Privacy Practices for this healthcare facility. A copy of this signed, dated document shall be as effective as the original. MY SIGNATURE WILL ALSO SERVE AS A PHI DOCUMENT RELEASE SHOULD I REQUEST TREATMENT OR RADIOGRAPHS BE SENT TO OTHER ATTENDING DOCTOR / FACILITIES IN THE FUTURE. _________________________________ ________________________________ Please print name of Patient Please sign for Patient / Guardian of Patient ________________________________ ________________________________ Legal Representative / Guardian Relationship of Legal Representative / Guardian Your comments regarding Acknowledgements or Consents: _______________________________________

_________________________________________________________________

HOW DO YOU WANT TO BE ADDRESSED WHEN SUMMONED FROM THE RECEPTION AREA: First Name Only Proper Sir Name Other ___________________________

PLEASE LIST ANY OTHER PARTIES WHO CAN HAVE ACCESS TO YOUR HEALTH INFORMATION: (This includes step parents, grandparents and any care takers who can have access to this patients records): Name: __________________________ Relationship: ______________________________ Name: __________________________ Relationship: ______________________________ --------------------------------------------------------------------------------------------------------------------------------- I AUTHORIZE CONTACT FROM THIS OFFICE TO CONFIRM MY APPOINTMENTS, TREATMENT & BILLING INFORMATION VIA: Cell Phone Confirmation Text Message to my Cell Phone Home Phone Confirmation Email Confirmation Work Phone Confirmation Any of the Above I AUTHORIZE INFORMATION ABOUT MY HEALTH BE CONVEYED VIA:

Cell Phone Confirmation Text Message to my Cell Phone Home Phone Confirmation Email Confirmation Work Phone Confirmation Any of the Above

I APPROVE BEING CONTACTED ABOUT SPECIAL SERVICES, EVENTS, FUND RAISING EFFORTS or NEW HEALTH INFO on behalf of this Healthcare Facility via:

Phone Message Any of the Above Text Message None of the above (opt out) Email

In signing this HIPAA Patient Acknowledgement Form, you acknowledge and authorize, that this office may recommend products or services to promote your improved health. This office may or may not receive third party remuneration from these affiliated companies. We, under current HIPAA Omnibus Rule, provide you this information with your knowledge and consent. --------------------------------------------------------------------------------------------------------------------------------- Office Use Only As Privacy Officer, I attempted to obtain the patients (or representatives) signature on this Acknowledgement but did not because:

It was emergency treatment _____ I could not communicate with the patient _____ The patient refused to sign _____ The patient was unable to sign because _____ Other (please describe) ____ ____________________________________________

Signature of Privacy Officer

HIPAA made EASY All Rights Reserved

CONSENT FOR RELEASE OF MEDICAL RECORDS AND USE AND

DISCLOSURE OF PROTECTED HEALTH INFORMATION TO A THIRD PARTY

I, _______________________________________, (print name of Patient making Request), hereby authorize

____________________________________________ (hereafter collectively referred to as the Practice) to use

and disclose:

My entire medical or record

Test Results only

Portions of my Medical Record, specifically: _____Films and Reports; _________________________________

Date specific Portions of my Medical Record, From Date: _________________ To Date: __________________

I acknowledge that this Healthcare Facility, in accordance with their Notice of Privacy Practices (NOPP)

and Omnibus HIPAA Law will release my specified medical records to the party listed above. I have reviewed this Practices Notice of Privacy Practices (NOPP) and have been given an opportunity to ask

questions about it, understand it, and do hereby agree to its terms. A copy of this signed, dated Consent

shall be as effective as the original. I release, hold harmless and agree to indemnify this Practice, its

employees and agents for any and all liability (including but not limited to negligence) arising out of or

occurring under this Consent. I specifically authorize this Practice to use and disclose verbally, by mail, fax

or unencrypted email, the following types of super-confidential information as stated in the NOPP (initial

where appropriate):

HIV records (including HIV test results) and sexually transmissible diseases

Alcohol and substance abuse diagnosis and treatment records

Psychotherapy records

Not Applicable

REQUIRED TO COMPLETE:

In accordance with HIPAA Omnibus Rule of 2013, I understand that I need to provide the specifics of this

release request:

1. Date of this Request: ____________________

2. Please Release my records to: Mroz Baier Breast Care Clinic, P.C.

6005 Park Ave, Ste 700, Memphis, TN 38119

3. The Records will be obtained by:

Please allow _____________________________ to pick up a copy of my records (including

Third Party will pick up a copy of my records on or after this date: ______________________

Send Third Party a copy of my records to this address: _________________________________

_________________________________

_________________________________

---------------------------------------------------------------------------------------------------------------------------------------------------------

Patient Sign: ___________________________ DOB: __________ Date: ______________

or

By Patients Representative ____________________________ Date: __________________

(Print name, sign, and describe authority)

----------------------------------------------------------------------------------------------------------------------------------------------------------

OFFICE USE ONLY

Describe what alternative communications were denied this __________ day of _______________, 20________

_____________________________________________________________________________________

Describe what alternative communications were accepted this __________ day of ____________, 20_________

_____________________________________________________________________________________

HIPAA made EASY

All Rights Reserved

Discrimination is Not Tolerated in This Medical Practice

In accordance with the ethical standards of the medical profession, Mroz Baier Breast Care Clinic, PC

complies with applicable Federal civil rights laws and does not discriminate on the basis of race, color,

national origin, age, disability, or sex. Our practice also does not exclude people or treat them

differently due to race, color, national origin, age, disability, or sex. We offer the following:

Complimentary aids and services to people with disabilities to communicate effectively with us, such as:

o Qualified sign language interpreters

o Written information in other formats (large print, audio, accessible electronic formats, other formats)

Complimentary language services to people whose primary language is not English, such as:

o Qualified interpreters

o Information written in other languages

If you need these services, please let our practice know.

If you believe that our practice has failed to provide these services or discriminated in another way on

the basis of race, color, national origin, age, disability, or sex, you can file a grievance in writing with:

Region IV District Office

U.S. Department of Health & Human Services

Office for Civil Rights

101 Marietta Tower, Rm. 1502

Atlanta, GA 30323

(404) 331-2779 (Voice)

(404) 331-2867 (TDD)

You may also contact the Office of Civil Rights by phone at 800-368-1019, or [800-537-7697- if

covered entity has a TDD phone], fax at (202) 619-3818, or by email at ocrmail@hhs.gov.

You may file a grievance in person or by mail, fax, or email. If you need help filing a grievance,

Joseph L. Baier, Jr., Owner, is available to help you.

You can also file a civil rights complaint with the U.S. Department of Health and Human Services,

Office for Civil Rights, electronically through the Office for Civil Rights Complaint Portal, available at

https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf , or by mail or phone at:

U.S. Department of Health and Human Services

200 Independence Avenue, SW

Room 509F, HHH Building

Washington, D.C. 20201

(800) 368-1019, or 800-537-7697 (TDD)

Complaint forms are available at http://www.hhs.gov/ocr/office/file/index.html

mailto:ocrmail@hhs.govhttps://ocrportal.hhs.gov/ocr/smartscreen/main.jsfhttp://www.hhs.gov/ocr/office/file/index.html

TAGLINES TOP 15 LANGUAGES

Spanish:

ATENCIN: si habla espaol, tiene a su disposicin servicios gratuitos de asistencia lingstica. Llame al 1-800-268-1019 (TTY: 1-800-537-7697).

Vietnamese:

CH : Nu bn ni Ting Vit, c cc dch v h tr ngn ng min ph dnh cho bn. Gi s 1-800-268-1019 (TTY: 1-800-537-7697).

Tagalog:

PAUNAWA: Kung nagsasalita ka ng Tagalog, maaari kang gumamit ng mga serbisyo ng tulong sa wika nang walang bayad. Tumawag sa 1-800-

268-1019 (TTY: 1-800-537-7697).

Chinese:

1-800-268-1019 (TTY: 1-800-537-7697).

Korean:

: , . 1-800-268-1019 (TTY: 1-800-537-7697).

.

Russian:

: , . 1-800-268-1019 (: 1-

800-537-7697).

Farsi:

: . 1-800-268-1019 (TTY: 1-800-

537-7697) .

Armenian:

,

: 1-800-268-1019 () 1-800-537-7697)

Japanese:

1-800-268-1019TTY:1-800-537-7697

Arabic:

: . -18002681019 ( : 1-

8005377697).

Panjabi: : , 1-800-268-1019 (TTY: 1-800-537-7697) '

Mon-khmer, Cambodian: ,

1-800-268-1019 (TTY: 1-800-537-7697)

Hmong:LUS CEEV: Yog tias koj hais lus Hmoob, cov kev pab txog lus, muaj kev pab dawb rau koj. Hu rau 1-800-268-1019 (TTY: 1-800-537-

7697).

Hindi: : 1-800-268-1019 (TTY: 1-800-537-7697)

Thai:: 1-800-268-1019 (TTY: 1-800-537-7697).

Christine T. Mroz, M.D. Jane G. Sugar, M.D. Rose Sinclair, MSN, FNP Date: ________________________ Name______________________________________________Sex___Age___Race___Birthday_______________________________

Home Address _________________________________________________ Apt #___ Marital Status: M ___ S ___ D ___W ___

City________________________ State________ Zip____________ Social Security #_______________________________________

Home Phone (____) __________________ Cell Phone (____) ____________________ Work Phone (____) ______________________

(Only if you can receive calls at work)

Employed by _____________________________________________ Address_____________________________________________

Spouse/Parent Name______________________________________ Social Security #_______________________________________

Spouses Birthday________________________ Spouses Employer______________________________________________________

Employer Address ______________________________________ Phone Number (____) _____________________________________

Emergency contact _____________________________________ Phone Number (____) _____________________________________

OB/GYN Name/ Address_________________________________________________________________________________________

Primary Care Physician/Address___________________________________________________________________________________

INSURANCE INFORMATION (May we please make a copy of your card and Drivers License?)

Primary Insurance ________________________________________ Address ______________________________________________

City, State, Zip____________________________________________ Phone Number (______) _________________________________

Policy Number____________________________________________ Group Number or Name _________________________________

Policy Holders Name AND Date of Birth_____________________________________________________________________________

Is Pre-certification required for IN patient and OUT patient services? ______________________________________________________

If so, telephone number__________________________________________________________________________________________

Secondary Insurance ______________________________________ Address _______________________________________________

City, State, Zip ___________________________________________ Phone Number (_____) ___________________________________

Policy Number ___________________________________________ Group Number or Name ___________________________________

Policy Holders Name AND Date of Birth ______________________________________________________________________________

Is Pre-certification required for IN patient and OUT patient services? _______________________________________________________

If so, telephone number____________________________________________________________________________________________

I authorize release of any medical information necessary to process this claim. I also authorize Medicare and/or other

insurance payment of medical benefit to Mroz-Baier Breast Care Clinic for services provided to me. I understand that I am

financially and totally responsible to Mroz-Baier Breast Care Clinic for charges not covered by this assignment. I understand

all payments are due in full at the time of service. If any balance remains I understand payment is due in full 30 days from

first statement date. I authorize refund of overpaid insurance benefits where my coverages are subject to coordination of

benefits. I authorize Mroz-Baier and its collections agency to contact me by telephone at any telephone number associated

with my account, including wireless numbers which could result in charges to me. I authorize Mroz-Baier and its collection

agencies to contact me by text message and/or emails, using any email address I may provide. Methods of contact may

include pre-recorded/artificial voice messages and/or use of an automatic dialing device, if applicable. In the event of

default, I agree to pay all collection fees up to 33.3% and/or court fees including reasonable attorneys fees. I also agree to

give Medical Insurance Filing Services authorization to complete any credit investigation necessary for the processing of this

claim.

PATIENT SIGNATURE___________________________________________DATE______________________________________________

CONCERNING INSURANCE INFORMATION

PLEASE READ THE FOLLOWING AND SIGN THIS FORM

1. In order to meet the needs of our patients, we have enrolled in various managed care programs. As you can imagine, keeping up with all of the individual requirements for

each of these insurance companies can be practically impossible. Each program may have

different requirements or stipulations that can dictate which service can be provided, how

often they can be provided and who may provide them. These rules can vary even in the

same company with varied programs being offered.

2. At Mroz Baier Breast Care Clinic, providing the highest quality in health care to our patients in the atmosphere of genuine care is our primary concern. It would be a big help

to us if you could please let us know what requirements your insurance carrier may have

for the subscriber (you), and of the provider (us).With your cooperation and assistance,

we will be in a better position to meet our goals of better healthcare.

3. Your insurance may not cover every service we provide in our office. This disallowed service may include:

-Diagnostic Mammogram (Know how often your carrier will pay for them)

(77055/77056)

-Office visits (99212, 99214, 99215, 99204, 99205, 99244, 99245) without a referral

through your insurance carrier on file. If your insurance carrier requires a referral, it is

your responsibility to make sure one is obtained from your primary care physician.

Please contact your insurance carrier at the number on the back of your insurance card if

you are uncertain if your policy requires a referral.

4. It is possible that your insurance carrier may not cover everything we do, and in these cases, we will have no choice but to bill you for these services provided.

5. Our office billing practices: It is our offices policy to verify all insurance benefits at the time of service. All unmet deductibles as well as co-pays and/or co-insurance will

be collected at the time of service. If for any reason your insurance carrier leaves

any additional balance as your responsibility, our billing office will send you a

statement by mail. Payment is due in full within 30 days of the statement date.

Partial payments will incur a $5 service charge to the account balance. In the event

of a default of this agreement you will be responsible for collections fees, court costs,

reasonable attorney fees and/or any other fees related to the collection of this debt.

6. Lastly, in the event that you are unable to keep your appointment, we ask that you please contact our office 24 (business) hours prior to your appointment time. For

appointments cancelled or rescheduled within 24 (business) hours of your

appointment, there will be a $50.00 penalty fee charged to you. For no show/no call

appointments, the penalty fee will apply.

If we cooperate together, each one doing their part, you should be able to receive the benefits

offered by your provider, and then we will be able to do what we do to best take care of you.

I understand that my insurance company may disallow and not pay fees related to yearly or

diagnostic examinations, or other services that I may receive in this office. If these charges are

disallowed, I understand that I am responsible for the payment of these fees. I have read and fully

understand this policy. Obviously, this does not include discounts, if any, that we have

contractually obligated ourselves to accept from your insurance carrier. In no case will we bill

balance you for those discounted charges.

__________________________________________________________________

Name Date

HIPAA_info_and_releases.pdfmbprivacyandacknowldgmnt.pdfmbprivacystmnt.pdfprivacyfrontprivacyback

Acknowledgment of Receipt of Privacy Practices

Release_of_Pers_Hlth_Info[1]authorizationtoreleasemedicalrecords

patient_information_and_insurance_formInformationSheet[1].pdfCONCERNING_INSURANCE_INFORMATION[1]