THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
PROTECTED HEALTH INFORMATION
Information about your health is private. And it should remain private. That is why this healthcare institution is required by federal and state law to protect and maintain the privacy of your health information. We call it “Protected Health Information” (PHI).
The basis for federal privacy protection is the Health Insurance Portability and Accountability Act (HIPAA) and its regulations, known as the “Privacy Rule” and “Security Rule” and other federal and state privacy laws.
WHO WILL FOLLOW THIS NOTICE
This Notice describes the information privacy practices followed by our hospital employees, volunteers, and related personnel.
The practices described in this Notice may also be followed by healthcare providers who are members of our Medical Staff, if they have opted to abide by its contents. Many of our doctors follow the practices contained within this Notice. Other physicians have created their own Notice. Those members of the Medical Staff who opt not to abide by this Notice are required to give you a separate Notice that will explain their privacy practices.
Each participant who joins in this joint Notice of Privacy Practices serves as their own agent for all aspects of HIPAA Compliance, other than the delivery of this joint Notice. For physician specific issues or questions, please feel free to contact your physician directly.
Hospital employees, volunteers, and related personnel, including those members of the Medical Staff who have opted to abide by its contents, must follow this Notice with respect to:
- How we use your PHI
- Disclosing your PHI to others
- Your privacy rights
- Our privacy duties
- Hospital contacts for more information or, if necessary, a complaint
Your personal doctor may have different policies regarding the use and disclosure of PHI created in their offices.
USING OR DISCLOSING YOUR PHI
During the course of your treatment, we use and disclose your PHI. For example, if we test your blood in our laboratory, a technician will share the report with your doctor. Or, we will use your PHI to follow the doctor’s orders for an X-ray, surgical procedure or other types of treatment-related procedures.
After providing treatment, we will ask your insurer to pay us. Some of your PHI may be entered into our computers in order to send a claim to your insurer. This may include a description of your health problem, the treatment we provided and your membership number in your employer’s health plan.
Or, your insurer may want to review your medical record to determine whether your care was necessary. Also, we may disclose to a collection agency some of your PHI for collecting a bill that you have not paid.
For Healthcare Operations
Your medical record and PHI could be used in periodic assessments by physicians about the hospital’s quality of care. Or we might use the PHI from real patients in education sessions with medical students training in our hospital. Other uses of your PHI may include business planning for our hospital or the resolution of a complaint.
Your relationship to us as a patient might require using or disclosing your PHI in order to
- Remind you of an appointment for treatment
- Tell you about treatment alternatives and options
- Tell you about our other health benefits and services
- Ask you to contribute to our charitable activities, unless you tell us not to ask. You have a right to opt out of receiving such communications.
Your Authorization May Be Required
In many cases, we may use or disclose your PHI, as summarized above, for treatment, payment or healthcare operations or as required or permitted by law. In other cases, we must ask for your written authorization with specific instructions and limits on our use or disclosure of your PHI. This includes, for example, uses or disclosures of psychotherapy notes, uses or disclosures for marketing purposes, or for any disclosure which is a sale of your PHI. You may revoke your authorization if you change your mind later.
Certain Uses and disclousres of your PHI required or permitted by law
As a hospital or healthcare facility, we must abide by many laws and regulations that either require us or permit us to use or disclose your PHI.
Required or Permitted Uses and Disclosures
- If you do not verbally object, we may include information identifying you in a visitors’ directory of patients while you are an inpatient in our hospital. This information may include your name, general condition and religious affiliation, if any.
- If you do not verbally object, we may share some of your PHI with a family member or friend involved in your care.
- We may use your PHI in an emergency when you are not able to express yourself.
- We may use or disclose your PHI for research if we receive certain assurances which protect your privacy.
We may also use or disclose your PHI
- When required by law, for example when ordered by a court.
- For public health activities including reporting a communicable disease or adverse drug reaction to the Food and Drug Administration.
- To report neglect, abuse or domestic violence.
- To government regulators or agents to determine compliance with applicable rules and regulations.
- In judicial or administrative proceedings as in response to a valid subpoena.
- To a coroner for purposes of identifying a deceased person or determining cause of death, or to a funeral director for making funeral arrangements.
- For purposes of research when a research oversight committee, called an institutional review board, has determined that there is a minimal risk to the privacy of your PHI.
- For creating special types of health information that eliminate all legally required identifying information or information that would directly identify the subject of the information.
- In accordance with the legal requirements of a Workers’ Compensation program.
- When properly requested by law enforcement officials, for instance in reporting gun shot wounds, reporting a suspicious death or for other legal requirements.
- If we reasonably believe that use or disclosure will avert a health hazard or to respond to a threat to public safety including an imminent crime against another person.
- For national security purposes including to the Secret Service or if you are Armed Forces personnel and it is deemed necessary by appropriate military command authorities.
- In connection with certain types of organ donor programs.
- For surveys, including patient satisfaction surveys.
YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM
Under the federally required privacy program, patients have specific rights.
Your Right to Request Limited Use or Disclosure
You have the right to request that we do not use or disclose your PHI in a particular way. We must abide by your request to restrict disclosures to your health plan (insurer) if:
- the disclosure is for the purpose of carrying out payment or healthcare operations and is not required by law; and
- the PHI pertains solely to a healthcare item or service that you, or someone else other than the health plan (insurer) has paid us for in full.
In other situations, we are not required to abide by your request. If we do agree to your request, we must abide by the agreement.
Your Right to Confidential Communication
You have the right to receive confidential communications of PHI from the hospital at a location that you provide. Your request must be in writing, provide us with the other address and explain if the request will interfere with your method of payment.
Your Right to Revoke Your Authorization
You may revoke, in writing, the authorization you granted us for use or disclosure of your PHI. However, if we have relied on your consent or authorization, we may use or disclose your PHI up to the time you revoke your consent.
Your Right to Inspect and Copy
You have the right to inspect and copy your PHI (or to an electronic copy if the PHI is in an electronic medical record), if requested in writing. We may refuse to give you access to your PHI if we think it may cause you harm, but we must explain why and provide you with someone to contact for a review of our refusal.
Your Right to Amend Your PHI
If you disagree with your PHI within our records, you have the right to request, in writing, that we amend your PHI when it is a record that we created or have maintained for us. We may refuse to make the amendment and you have a right to disagree in writing. If we still disagree, we may prepare a counter-statement. Your statement and our counter-statement must be made part of our record about you.
Your Right to Know Who Else Sees Your PHI
You have the right to request an accounting of certain disclosures we have made of your PHI over the past six years, but not before April 14, 2003. We are not required to account for all disclosures, including those made to you, authorized by you or those involving treatment, payment and healthcare operations as described above. There is no charge for an annual accounting, but there may be charges for additional accountings. We will inform you if there is a charge and you have the right to withdraw your request, or pay to proceed.
Your Right to be Notified of a Breach
You have the right to be notified following a breach of unsecured PHI.
Your Right to Obtain a Paper Copy of This Notice
You have the right to obtain a paper copy of this Notice upon request, even if you have agreed to receive the Notice electronically.
What if I have a complaint?
If you believe that your privacy has been violated, you may file a complaint with us or with the Secretary of Health and Human Services in Washington, D.C. We will not retaliate or penalize you for filing a complaint with us or the Secretary.
- To file a complaint with us, please contact our Risk Management Department or call the UHS Compliance Hotline at 1-800-852-3449. Your complaint should provide specific details to help us in investigating a potential problem.
- To file a complaint with the Secretary of Health and Human Services, write to: 200 Independence Ave., S.E., Washington, D.C. 20201 or call 1-877-696-6775.
Contact for additional information
If you have questions about this Notice or need additional information, you can contact our Risk Management Department (or the UHS Compliance Hotline at 1-800-852-3449).
SOME OF OUR PRIVACY OBLIGATIONS AND HOW WE FULFILL THEM
Federal health information privacy rules require us to give you notice of our legal duties and privacy practices with respect to PHI and to notify you following a breach of unsecured PHI. This document is our notice. We will abide by the privacy practices set forth in this Notice. We are required to abide by the terms of the Notice currently in effect. However, we reserve the right to change this Notice and our privacy practices when permitted or as required by law. If we change our Notice of Privacy Practices, we will provide you with a copy to take with you upon request and we will post the new notice.
Compliance with Certain State Laws
When we use or disclose your PHI as described in this Notice, or when you exercise certain of your rights set forth in this Notice, we may apply state laws about the confidentiality of health information in place of federal privacy regulations. We do this when these state laws provide you with greater rights or protection for your PHI. For example, some state laws dealing with mental health records may require your express consent before your PHI could be disclosed in response to a subpoena. Another state law prohibits us from disclosing a copy of your record to you until you have been discharged from our hospital. When state laws are not in conflict or if these laws do not offer you better rights or more protection, we will continue to protect your privacy by applying the federal regulations.