This notice describes how medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.
YOUR RIGHTS MATTER. This Notice of Privacy Practices ("NPP") describes your legal rights regarding your health information, explains how Dragonfly Medical and Behavioral Health ("Dragonfly," "we," "us") uses and discloses that information, and tells you how to exercise your rights. We are required by law to maintain the privacy of your Protected Health Information (PHI) and to provide you with this notice.
Dragonfly Medical and Behavioral Health is a healthcare provider offering medical, psychiatric, substance use disorder (SUD), counseling, and peer recovery services in Johnson City, Tennessee. This NPP applies to all records created or maintained by our practice.
We use and disclose health information for the purposes listed below. Except as noted, these uses and disclosures do not require your separate written authorization.
We may use and share your PHI with physicians, nurses, counselors, and other providers involved in your care — including coordination between treating providers and referrals to specialists or labs.
We may use and disclose your PHI to bill and collect payment from you, your insurance plan, or other payers. This may include verifying eligibility, prior authorization, and claims submission.
We may use and disclose your PHI for internal operations including quality improvement, staff training, compliance audits, credentialing, and general administration.
| Purpose | Conditions |
|---|---|
| Required by law | When federal, state, or local law requires disclosure |
| Public health activities | Reporting of communicable disease, vital statistics, FDA-required reporting |
| Health oversight agencies | Government audits, inspections, licensing, or investigations |
| Judicial / administrative proceedings | In response to a court order or lawful subpoena (with required protections) |
| Law enforcement | Limited, as permitted by law; SUD records have heightened restrictions |
| Serious threats to health or safety | To prevent or lessen a serious and imminent threat |
| Workers' compensation | As required by workers' compensation or similar programs |
| Research | Under specific Privacy Rule protections and IRB oversight |
| Coroners / medical examiners | For identification or cause of death purposes |
| Facility directories | Limited information if you are a patient in a facility, unless you object |
| Family / caregivers | With your verbal agreement or when you are incapacitated and it is in your best interest |
| Appointment reminders | Via phone, text, or mail; you may request an alternative contact method |
The following require a signed authorization from you before we may use or disclose your information:
You may revoke a written authorization at any time by submitting a written request to our office. Revocation will not affect actions already taken in reliance on the prior authorization.
You have the right to inspect and receive a copy of your health records, with limited exceptions. You may request records in electronic format. We may charge a reasonable, cost-based fee.
You may request that we correct inaccurate or incomplete information in your record. We may deny the request in certain circumstances and will inform you of our reason in writing.
You may request a list of certain disclosures of your PHI made during the prior six years. Some disclosures (e.g., for treatment, payment, and healthcare operations) are excluded from this accounting.
You may request restrictions on how we use or disclose your information for treatment, payment, or operations. We are required to honor requests to restrict disclosure of PHI to a health plan when you pay for services entirely out-of-pocket and the disclosure is solely for payment or operations.
You may request that we contact you by a specific method or at a specific address (e.g., call your cell phone only, or send mail to an alternate address). We will accommodate reasonable requests.
You may request a paper copy of this NPP at any time, even if you received it electronically.
We will notify you if there is a breach of your unsecured PHI as required by the HIPAA Breach Notification Rule.
To request access, an amendment, an accounting, restrictions, or confidential communications, submit a written request to our Privacy Officer at the contact information below. We will respond within the timeframe required by HIPAA.
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services:
We will not retaliate against you in any way for filing a complaint.
Standard email and standard text messaging are not encrypted and may not be secure. Please use our Patient Portal (dmbhintouch.insynchcs.com) or call our office for any sensitive communications regarding your care.
Questions or requests regarding your medical privacy? Contact our office: