HIPAA NOTICE OF PRIVACY PRACTICES (NPP)

Effective Date: November, 2025
Last Updated: November, 2025

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

WHO WE ARE
Roy Kim, MD Plastic Surgery, located in California, is required by law to maintain the privacy and security of your protected health information, referred to as PHI.

OUR LEGAL DUTIES
We must protect the privacy and security of your PHI. 

We must provide you with this Notice and follow it. 

We will notify you if a breach occurs that may have compromised the privacy or securitof your PHI. 

We will not use or share your information other than as described in this Notice unless you authorize us in writing. You may revoke an authorization at any time in writing, except to the extent we have already acted in reliance on it.

HOW WE MAY USE AND DISCLOSE YOUR PHI WITHOUT YOUR AUTHORIZATION
We may use and disclose PHI to provide, coordinate, or manage your care and related services, including consultations and referrals with other health care providers involved in your care.
We may use and disclose PHI to bill and collect payment from you, your health plan, or a third party, including verifying coverage, obtaining prior authorizations, and determining eligibility for benefits.
We may use and disclose PHI for quality assessment and improvement, accreditation, licensing, training, auditing, and general administrative purposes, as well as business planning and compliance activities.

Subject to conditions and limits, we may also use or disclose PHI for public health and safety purposes; 

   to report abuse, neglect, or domestic violence

   for health oversight activities such as inspections and audits

   in judicial and administrative proceedings; for law enforcement purposes

   to coroners, medical examiners, and funeral directors

   for organ and tissue donation

   for approved research or research with appropriate safeguards

   for workers’ compensation and similar programs

   for specialized government functions such as military or national security when applicable

   and as otherwise required by federal, state, or local law.

USES AND DISCLOSURES THAT REQUIRE YOUR WRITTEN AUTHORIZATION
We will obtain your written authorization before using or disclosing PHI for most marketing purposes, before selling your PHI, before using your name, likeness, images, or testimonials that identify you as a patient in public-facing materials, and before disclosing psychotherapy notes except as permitted by law. 

If you authorize a use or disclosure, you may revoke that authorization in writing at any time, except to the extent we have already relied on it.

YOUR RIGHTS REGARDING YOUR PHI
You may request an electronic or paper copy of your medical record and other PHI we maintain about you. We will provide a copy or summary, usually within 30 days of your request, and reasonable cost-based fees may apply.
You may request that we amend PHI you believe is incorrect or incomplete. We may deny the request in certain circumstances and will provide a written explanation within 60 days.
You may request that we contact you by alternative means or at alternative locations, such as a different mailing address or phone number, and we will accommodate reasonable requests.
You may request restrictions on certain uses or disclosures of your PHI. We are not required to agree to most restrictions. 

If you pay in full out of pocket for a service, you may request that we not share information about that service with your health plan for payment or operations, and we will honor this unless required by law.
You may request a list of certain disclosures of your PHI made during the past six years, excluding those for treatment, payment, health care operations, and certain other disclosures.
You may request a paper copy of this Notice at any time, even if you agreed to receive it electronically.
If you have given someone medical power of attorney or someone is your legal guardian, that person may exercise your rights and make choices about your PHI. We will verify their authority before acting.

YOUR CHOICES
In certain situations you may tell us your preferences about what we share. 

You may direct us to share information with family members, close friends, or others involved in your care, and you may authorize disclosures in disaster relief situations. 

If you are unable to tell us your preference, for example if you are unconscious, we may share information if we believe it is in your best interest and permitted by law.

COMMUNICATIONS, TEXTS, AND EMAIL
We may contact you for appointment reminders and administrative matters. If you choose to communicate with us by standard text or email, understand that these methods may carry some security risk. You may opt out or request more secure options at any time.

ONLINE TECHNOLOGIES AND HOW WE HANDLE PHI
We maintain PHI in a separate, secure electronic medical record system that is not integrated with our public website at drkim.com. 

We exchange PHI with patients only through secure methods, such as a link to our patient portal or other approved secure channels. Please do not submit PHI through general website forms.

STATE AND FEDERAL LAW
In some situations, California or other federal laws provide additional protections for certain types of information, including mental health records, substance use disorder treatment records, HIV or AIDS-related information, and genetic testing information. Where these laws are more protective, we will follow them.

BREACH NOTIFICATION
We will notify you, as required by law, if there is a breach of your unsecured PHI.

COMPLAINTS AND QUESTIONS; NON-RETALIATION
If you believe your privacy rights have been violated, you may file a complaint with us or with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

Practice contact for privacy questions or complaints:

info@drkim.com
(415) 362-1846
Roy Kim, MD –  450 Sutter Street, Suite 1440, San Francisco, CA 94108.

To file with HHS Office for Civil Rights, visit https://www.hhs.gov/hipaa/filing-a-complaint/ or submit through the OCR Complaint Portal.

CHANGES TO THIS NOTICE
We may change this Notice, and changes will apply to all PHI we maintain. The Last Updated date reflects the most recent revision. We will post the current Notice in our office and on our website.

ACKNOWLEDGMENT OF RECEIPT
You may be asked to sign a separate form acknowledging that you received this Notice. Your care is not conditioned on signing the acknowledgment.