Notice of Privacy Practices


As Required by the Privacy Regulations created as a result of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).



If you have any questions about this notice please contact our privacy contact, Brian Loeffler at 802-865-2226

This notice of Privacy Practices describes how we may use and disclose your protected health information to carry out treatment, payment or health care operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” (PHI) is information about you , including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition and related health care services. Our practice is dedicated to maintaining the privacy of your protected health information.

We are required to abide by the terms of this Notice of Privacy Practices. We may revise or amend the terms of our notice, at any time. The new notice will be effective for all protected health information that we have at that time and for future information. We will post our current Notice in a visible location at all times and upon your request, we will provide you with any revised Notice.




1. Uses and Disclosures to carry out treatment, payment or health care operations: Under HIPAA regulations, we do not need to obtain permission to use health information for treatment, payment and health care operations. However, several Vermont state laws require patient consent before health information is used or disclosed by health care providers.

We may use and disclose your Protected Health Information (PHI) for the following reasons:

Treatment: We will use and disclose your PHI to provide, coordinate, or manage your health care related services. This includes the coordination or management of your health care with a third party. Many of the people who work for our practice – including, but not limited to, our massage therapists and physical therapy assistants – may use or disclose your PHI in order to treat your or to assist others in your treatment. Additionally, we may disclose your PHI to others who may assist in your care, such as your spouse, children or parents. Finally, we may also disclose your PHI to other healthcare providers for purposes related to your treatment.

Payment: Your PHI will be used, as needed, to obtain payment for your health care services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the health care services we recommend for you such as; making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity, and undertaking utilization review activities.

Health Operations: We may use or disclose, as needed, your PHI in order to support the business activities of this practice. These activities include, but are not limited to, quality assessment activities, employee review activities, training of students, licensing, and conducting or arranging other business activities.


2. Uses and disclosures that you can agree or object to

We may use and disclose your protected health information in the following instances, which you have the opportunity to object to.

Others involved in your healthcare: Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your PHI that directly relates to that person’s involvement in your health care.

Emergencies: We may use or disclose your PHI in an emergency treatment situation.


3. Uses and disclosures that we will obtain your written authorization for

Marketing: For most marketing purposes we will obtain your written consent; exceptions include if the product or service is directly treatment related, discussed face-to-face or given as a promotional gift of nominal value.


4. Uses and disclosures for which authorization or opportunity to agree or object to is not required:

We may use or disclose your PHI in the following situations:

Required by law: We may use or disclose your PHI to the extent that the use or disclosure is required by law. The use or disclosure will be made in the compliance with the law and will be limited to the relevant requirements of law. You will be notified, as required by law, of any such uses or disclosures.

Public Health: We may use or disclose your PHI for Public health activities and purposes to a public health authority that is required or permitted by law to receive the information. The disclosure will be made for the purpose of controlling or reporting disease, injury or disability. We may also disclose your PHI, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.

Abuse or Neglect: We may disclose your protected health information to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws.

Food and Drug Administration: We may disclose your PHI to a person or company required by the food and drug administration to report adverse events, product defects or problems, biologic product deviations, track products; to enable product recalls; to make repairs or replacements, or to conduct post marketing surveillance, as required.

Maintenance of Vital Records: We may report data such as births and deaths.

Health Oversight: We may disclose PHI to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other governmental regulatory programs and civil rights laws.

Legal Proceedings: We may disclose PHI in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), in certain conditions in response to a subpoena, discovery request or other lawful process.

Law Enforcement: We may also disclose PHI, so long as applicable legal requirements are met, for law enforcement purposes. These law enforcement purposes include (1) legal processes and otherwise required by law, (2) limited information requests for identification and location purposes, (3) pertaining to victims of a crime, (4) suspicion that death has occurred as a result of criminal conduct, (5) in the event that a crime occurs on the premises of the practice, and (6) medical emergency (not on the practice’s premises) and it is likely that a crime has occurred.

Research: We may disclose your PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your PHI. Otherwise, we will ask for a written authorization from you.

Criminal Activity: Consistent with applicable federal and state laws, we may disclose your PHI, if we believe that the use or disclosure is necessary to prevent or lessen a serious imminent threat to the health and safety of a person or the public. We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.

Military Activity and National Security: When the appropriate conditions apply, we may use or disclose PHI of individuals who are Armed Forces personnel (1) for activities deemed necessary by appropriate military command authorities; (2) for the purpose of a determination by the Department of Veterans Affairs of your eligibility for benefits, or (3) to foreign military authority if you are a member of that foreign military services. We may also disclose your PHI to authorized federal officials for conducting national security and intelligence activities, including for the provision of protected services to the president or others legally authorized. 

Workers’ Compensation: Your PHI may be disclosed by us as authorized to comply with workers’ compensation laws and other similar legally-established programs.

Required Uses and Disclosures: Under the law, we must make disclosures to you when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of section 164.500 et.seq.

Disclosures Required by Vermont State Law: Vermont Law requires reporting in the following cases: child abuse, neglect or exploitation, of vulnerable adults; fire-arm related injuries; communicable diseases; fetal deaths; cancer; lead poisoning; blood-alcohol reporting; duty to warn of harm cases. We will disclose information limited to relevant requirements of the law.


Your Rights

Following is a statement of your rights with respect to your PHI and a brief description of how you may exercise these rights.

You have the right to inspect and copy your PHI. This means you may inspect and obtain a copy of PHI about you that is contained in a designated record set for as long as we maintain the PHI. A “designated record set” contains medical and billing records and any other records that your physician and the practice uses for making decisions about you. This may not include psychotherapy notes.

You must submit your request in writing to: On Track, Brian Loeffler, 802-865-2226, in order to inspect or obtain a copy of your IIHI. Our practice may charge a fee for costs of copying, mailing, labor and supplies associated with your request. Our practice may deny your request to inspect and/or copy in certain limited circumstances; however, you may request a review of our denial. Another licensed health care professional chosen by us will conduct reviews.

Please contact Brian Loeffler if you have any questions about access to your medical record.

You have the right to request a restriction of your PHI. This means you may ask not to use or disclose any part of your PHI for the purpose of treatment, payment or healthcare operations. You may also request that any part of your PHI not be disclosed to family members or friends who may be involved in your care or for notification purposes as described in this Notice of Privacy Practices. Your request must state the specific restriction requested and to whom you want the restriction to apply. Your physician is not required to agree to a restriction that you may request. If your physician believes it is in your best interest to permit use and disclosure of your PHI, your PHI will not be restricted. If your physician does agree to the requested restriction, we may not use or disclose you PHI. In violation of that restriction unless it is needed to provide emergency treatment. With this in mind, please discuss any restriction you wish to request with your physician. You may request a restriction by sending a specific request to Brian Loeffler.

You have the right to request that our practice communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than work. In order to request a type of confidential communication, you must make a written request to: Brian Loeffler, On Track, 802-865-2226, specifying the requested method of contact, or the location where you wish to be contacted. Our practice will accommodate reasonable requests. You do not need to give a reason for your request.

You may have the right to have your physician amend your PHI. This means you may request an amendment of PHI about you in a designated record set for as long as we maintain this information. In certain cases, for example if we think the information is correct, or was not created by our practice, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us and we may prepare a rebuttal to your statement and will provide you with a copy of any such rebuttal. Please contact our Privacy Contact to determine if you any questions about amending your medical record. To file an amendment, your request must be in writing and must be submitted to Brian Loeffler, 802-865-2226. 

You have the right to receive an accounting of certain disclosures we have made, if any, of your PHI. This right applies to disclosures for purposes other than treatment, payment or healthcare operations as described in this Notice of Privacy Practices. Accounting is not required for disclosures we may have made to you, incidental disclosures, disclosures you have authorized, disclosures for a facility directory, disclosures to family members or friends involved in your care, or disclosures made to carry out treatment, payment or healthcare operations. You have the right to receive specific information regarding disclosures that occurred after April 14, 2003 up to a six year timeframe. You may request a shorter timeframe. The right to receive this information is subject to certain exceptions, restrictions and limitations.

In order to obtain an accounting of disclosures, you must submit your request in writing to Brian Loeffler, 802-865-2226. The first list you request within a 12-month period is free of charge, but our practice may charge you for additional lists within the same 12-month period. Our practice will notify you of the cost involved with additional requests, and you may withdraw your request before you incur any costs.

You have the right to a paper copy of this notice. You are entitled to receive a copy of our notice of privacy practices even if you have agreed to receive an electronic copy of the notice. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this notice, contact: Brian Loeffler, 802-865-2226.

You have the right to file a complaint if you believe your privacy rights have been violated. You may file a complaint with our practice or with the Secretary of the Department of Health and Human Services. To file a complaint with our practice, contact Brian Loeffler at 802-865-2226. 

This notice was published and become effective on April 14, 2003.