top of page

Privacy Policy and Notice of Privacy Practices

Website Privacy Policy


Your privacy is very important to our practice. The information on this site is protected by state and federal laws including the Health Insurance Portability and Accountability Act (HIPAA).


If you have questions or wish to learn more about the privacy and security of your protected health information, please contact Jennifer Schiavi, NP in Family Health PLLC or see the Notice of Privacy Practices.

Jennifer Schiavi NP in Family Health PLLC's Notice of Privacy Practices

Jennifer Schiavi, NP in Family Health PLLC’s Notice of Privacy Practices 



Jennifer Schiavi, NP in Family Health PLLC 

402 North Cayuga Street 

Ithaca, New York 14850

Effective date: August 9, 2023


This is a summary of how we may use and disclose your protected health information and your rights and choices when it comes to your information. We will explain these in more detail on the following pages. 

Your Rights

You have the right to:

·      Get a copy of your paper or electronic protected health information.

·      Correct your protected health information.

·      Ask us to limit the information we share, in some cases.

·      Get a list of those with whom we've shared your information.

·      Request confidential communication.

·      Get a copy of this privacy notice.

·      Choose someone to act for you.

·      File a complaint if you believe we have violated your privacy rights.

Your Choices

You have some choices about how we use and share information as we:

·      Communicate with you.

·      Tell family and friends about your condition.

·      Provide disaster relief.

·      Provide mental health care.

Our Uses and Disclosures 

We may use and disclose your information as we:

·      Treat you. 

·      Bill for services. 

·      Run our organization. 

·      Do research. 

·      Comply with the law. 

·      Respond to organ and tissue donation requests. 

·      Work with a medical examiner or funeral director.

·      Address workers' compensation, law enforcement, and other government requests.

·      Respond to lawsuits and legal actions.


Jennifer Schiavi, NP in Family Health PLLC (Schiavi PLLC or We) respects your privacy. We are also legally required to maintain the privacy of your protected health information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state laws. We follow state privacy laws when they are stricter or more protective of your PHI than federal law.

As part of our commitment and legal compliance, we are providing you with this Notice of Privacy Practices (Notice). This Notice describes:

·      Our legal duties and privacy practices regarding your PHI, including our duty to notify you following a data breach of your unsecured PHI. 

·      Our permitted uses and disclosures of your PHI.

·      Your rights regarding your PHI. 


If you have any questions about this Notice, please contact Jennifer Schiavi, NP.

PHI Defined

Your PHI:

·      Is health information about you:

·      which someone may use to identify you; and

·      which we keep or transmit in electronic, oral, or written form. 

·      Includes information such as your:

·      name;

·      contact information;

·      past, present, or future physical or mental health or medical conditions; 

·      payment for health care products or services; or

·      prescriptions.


We create a record of the care and health services you receive, to provide your care, and to comply with certain legal requirements. This Notice applies to all the PHI that we generate. 

We follow and our employees and other workforce members follow the duties and privacy practices that this Notice describes and any changes once they take effect. 

Changes to this Notice 

We can change the terms of this Notice, and the changes will apply to all information we have about you. The new notice will be available on request, in our office, and on our website. 

Data Breach Notification 

We will promptly notify you if a data breach occurs that may have compromised the privacy or security of your PHI. We will notify you within the legally required time frame/no later than 60 days after we discover the breach. Most of the time, we will notify you in writing, by first-class mail, or we may email you if you have provided us with your current email address and you have previously agreed to receive notices electronically. In some circumstances, our business associates, which are described in more detail below, may provide the notification. In limited circumstances when we have insufficient or out-of-date contact information, we may provide notice in a legally acceptable alternative form.

Your Rights 

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

You have the right to:

·      Get a copy of your PHI. You can ask to see or obtain an electronic or paper copy of the PHI that we maintain about you (right to request access). Alternatively, you may request a summary of your PHI or an explanation of your PHI. Some clarifications about your access rights: 

  • we may require you to make access requests in writing/by submitting an electronically signed form provided by Schiavi PLLC;

  • we may charge a reasonable, cost-based fee for the costs of copying, mailing, or other supplies associated with your request in compliance with applicable federal and/or state laws;

  • you may request that we provide a copy of your PHI to a family member, another person, or a designated entity. In such case, we require that you submit such requests in writing via our HIPAA Authorization to Use and Disclosure Protected Health Information form.  That form must clearly identify the designated person and where to send the PHI. 

  • Ask us to correct your medical record. You may ask us to correct or amend PHI that we maintain about you that you think is incorrect or inaccurate. 

  • Ask us to limit what we use or share. You have the right to ask us to limit what we use or share about your PHI (right to request restrictions). You can contact us and request us not to use or share certain PHI for treatment, payment, or operations or with certain persons involved in your care. We require that you submit this request in writing, using our HIPAA Authorization to Use and Disclosure Protected Health Information form.  For these requests:

    • we are not required to agree;

    • we may say "no" if it would affect your care; but

    • we will agree not to disclose information to a health plan for purposes of payment or health care operations if the requested restriction concerns a health care item or service for which you or another person, other than the health plan, paid in full out-of-pocket, unless it is otherwise required by law.

  • Get a list of those with whom we've shared your PHI. You have the right to request an accounting of certain PHI disclosures that we have made. For these requests:

    • we will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures, such as any you asked us to make; and

    • we will provide one accounting a year for free, but will charge a reasonable, cost-based fee if you ask for another one within 12 months. We will notify you about the costs in advance and you may choose to withdraw or modify your request at that time.

  • Choose someone to act for you. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your PHI. 

  • Request confidential communications. You have the right to request that we communicate with you about health matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or at a specific address. For these requests: 

    • you must specify how or where you wish to be contacted; and

    • we will accommodate reasonable requests.

  • Make a complaint. You have the right to complain if you feel we have violated your rights. We will not retaliate against you for filing a complaint. You may either file a complaint:

    • directly with us by contacting Jennifer Schiavi, NP. All complaints must be submitted in writing; or

    • with the Office for Civil Rights at the US Department of Health and Human Services by: 

Sending a letter to:

Centralized Case Management Operations
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington, D.C. 20201

Calling  (800) 368-1019; or 




Your Choices 

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, please contact us and we will make reasonable efforts to follow your instructions.

In these cases, you have both the right and choice to tell us whether to:

  • Share information, such as your PHI, general condition, or location, with your family, close friends, or others involved in your care.

  • Share information in a disaster relief situation, such as to a relief organization to assist with locating or notifying your family, close friends, or others involved in your care.

If you are not able to tell us your preference, for example if you are unconscious, we may share your information if we believe it is in your best interest, according to our best judgment. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In these cases, we will not share your information unless you give us your written permission:

·      Most sharing of a mental health care professional's notes (psychotherapy notes).

·      Other uses and disclosures not described in this Notice. 

You may revoke your authorization at any time, but it will not affect information that we already used and disclosed. 

Uses and Disclosures of Your PHI 

The law permits or requires us to use or disclose your PHI for various reasons, which we explain in this Notice. We have included some examples, but we have not listed every permissible use or disclosure. When using or disclosing PHI or requesting your PHI from another source, we will make reasonable efforts to limit our use, disclosure, or request about your PHI to the minimum we need to accomplish our intended purpose.

Uses and Disclosures for Treatment, Payment, or Health Care Operations

  • Treatment. We may use or disclose your PHI and share it with other professionals who are treating you, including doctors, nurses, technicians, medical students, or hospital personnel involved in your care. For example, we might disclose information about your overall health condition to physicians who are treating you for a specific injury or condition.

  • Billing and payment. We may use and disclose your PHI to bill and get payment from health plans or others. For example, we share your PHI with your health insurance plan so it will pay for the services you receive.

  • Running our organization. We may use and disclose your PHI to run our practice, improve your care, and contact you when necessary. For example, we may use your PHI to manage the services and treatment you receive or to monitor the quality of our health care services.


Other Uses and Disclosures 

We may share your information in other ways, usually for public health or research purposes or to contribute to the public good. For more information on permitted uses and disclosures, see For example, these other uses and disclosures may involve: 

  • Our business associates. We may use and disclose your PHI to outside persons or entities that perform services on our behalf, such as auditing, legal, or transcription (Business Associates). The law requires our business associates and their subcontractors to protect your PHI in the same way we do. We also contractually require these parties to use and disclose your PHI only as permitted and to appropriately safeguard your PHI.

  • Complying with the law. For example, we will share your PHI if the Department of Health and Human Services requires it when investigating our compliance with privacy laws.

  • Helping with public health and safety issues. For example, we may share your PHI to:

    • report injuries, births, and deaths; 

    • prevent disease; 

    • report adverse reactions to medications or medical device product defects; 

    • report suspected child neglect or abuse, or domestic violence; or 

    • avert a serious threat to public health or safety.

  • Responding to legal actions. For example, we may share your PHI to respond to:

    • a court or administrative order or subpoena;

    • discovery request; or

    • another lawful process.

  • Research. For example, we may share your PHI for some types of health research that do not require your authorization, such as if an institutional review board (IRB) has waived the written authorization requirement.

  • Working with medical examiners or funeral directors. For example, we may share PHI with coroners, medical examiners, or funeral directors when an individual dies.

  • Responding to organ and tissue donation requests. For example, we may share your PHI to arrange an authorized organ or tissue donation from you or a transplant for you.

  • Addressing workers' compensation, law enforcement, or other government requests. For example, we may use and disclose your PHI for:

    • workers' compensation claims; 

    • health oversight activities by federal or state agencies;

    • law enforcement purposes or with a law enforcement official; or

    • specialized government functions, such as military and veterans' activities, national security and intelligence, presidential protective services, or medical suitability. 

HIPAA Notice of Privacy Practices Acknowledgment

I acknowledge that I have received the HIPAA Notice of Privacy Practices (the “Notice’) from Jennifer Schiavi, NP in Family Health PLLC (the “Provider”) and that I have been provided an opportunity to review it. I understand that:

  • I have certain rights to privacy regarding my protected health information.

  • The Provider can and will use my health information for purposes of my treatment, payment for treatment, and health care operations.

  • The Notice explains in more detail how the Provider may use and share my protected health information for other purposes.

  • I have the rights regarding my protected health information listed in the Notice.

  • The Provider has the right to change the Notice from time to time and I can obtain a current copy of the Notice by contacting the person listed in the Notice.

  • This Notice may be executed in hard copy or electronic format.

bottom of page