NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
If you have any questions about this notice,
please contact Finger Lakes Health’s Privacy Officer.
OUR PLEDGE REGARDING PROTECTED HEALTH INFORMATION:
We understand that protected health information ("PHI"), which includes electronic PHI, in accordance with the provisions of the Health Insurance Portability and Accountability Act and the Health Information technology for Economic and Clinical Health Act, and their regulations (Collectively the HIPPA Rules), about you and your health is personal. We are committed to protecting PHI. We create a record of the care and services you receive at the hospital and/or nursing home. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated by the hospital and/or nursing home, whether made by our personnel or your personal doctor. Your personal doctor may have different policies or notices regarding the doctor’s use and disclosure of your PHI created in the doctor’s office or clinic.
This notice will tell you about the ways in which we may use and disclose medical your PHI, which includes information about your medical condition and the care and treatment you receive from us. We also describe your rights and certain obligations we have regarding the use and disclosure of PHI.
HOW WE MAY USE AND DISCLOSE YOUR PHI.
The following categories describe different ways that we use and disclose PHI. For each category of uses or disclosures we will explain what we mean and try to give some examples. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.
ØFor Treatment. We may use PHI about you to provide you with medical treatment or services. We may disclose PHI to doctors, nurses, technicians, medical students, or other personnel who are involved in taking care of you at the hospital or nursing home. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so that we can arrange for appropriate meals. Different departments of the hospital also may share PHI in order to coordinate the different things you need, such as prescriptions, lab work and x-rays. We also may disclose PHI to people outside the hospital who may be involved in your medical care after you leave the facility, such as family members, clergy, post-acute care providers (e.g., home care agencies and nursing homes), or others we use to provide services that are part of your care.
ØFor Payment. We may use and disclose PHI about you so that the treatment and services you receive at the hospital or nursing home may be billed to and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about surgery you received at the hospital so your health plan will pay us or reimburse you for the surgery. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
ØFor Health Care Operations. We may use and disclose PHI about you for hospital or nursing home operations. These uses and disclosures are necessary to run the facility and make sure that all of our patients receive quality care. For example, we may use PHI to review our treatment and services and to evaluate the performance of our staff in caring for you, (e.g. customer satisfaction survey process). We may also combine PHI about many hospital or nursing home patients to decide what additional services the hospital or nursing home should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students, and other hospital or nursing home personnel for review and learning purposes. We may also combine the PHI we have with PHI from other hospitals or nursing homes to compare our services and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of PHI so others may use it to study health care services and delivery without identifying specific patient information.
In addition to treatment, payment, and health care operations, we may use and/or disclose your PHI, without a written authorization from you, in the following instances:
- De-identified Information. Your PHI is altered so that it does not identify you and, even without your name, cannot be used to identify you.
- Business Associate. To a business associate, which is someone who we contract with to provide a service necessary for your treatment, payment for your treatment, and health care operations (e.g., billing service or transcription service). We will obtain satisfactory written assurance, in accordance with applicable law and the HIPAA Rules, that the business associate will appropriately safeguard your PHI, and that the business associate will ensure its subcontractors, if any, appropriately safeguard your PHI as well.
- To You or a Personal Representative. To you or to a person who, under applicable law, has the authority to represent you in making decisions related to your health care.
- Public Health Activities. Such activities include, for example, information collected by a public health authority, as authorized by law, to prevent or control disease, injury or disability. This includes reports of child abuse or neglect.
- Food and Drug Administration. If required by the Food and Drug Administration to report adverse events, product detects or problems or biological product deviations, or to track products, or to enable product recalls, repairs or replacements, or to conduct post marketing surveillance.
- Abuse, Neglect or Domestic Violence. To a government authority if we are required by law to make such disclosure. If we are authorized by law to make such a disclosure, we will do so if we believe that the disclosure is necessary to prevent serious harm or if we believe that you have been the victim of abuse, neglect or domestic violence. Any such disclosure will be made in accordance with the requirements of law, which may also involve notice to you of the disclosure.
- Disaster Relief Efforts. To a public or private entity authorized to assist in disaster relief efforts.
Ø Appointment Reminders. We may use and disclose PHI to contact you as a reminder that you have an appointment for treatment or medical care at the hospital.
Ø Treatment Alternatives. We may use and disclose PHI to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
Ø Health-Related Benefits and Services. We may use and disclose PHI to tell you about health-related benefits or services that may be of interest to you.
Ø Disclosures to Schools. Student immunization information may be disclosed to a school without written authorization if the state law requires the school to have immunization records. Authorization may be documented in either written or oral format and noted in the patient medical record.
ØFundraising Activities. We may use PHI about you to contact you in an effort to raise money for the hospital or nursing home and its operations. We may disclose PHI to a foundation related to the hospital or nursing home so that the foundation may contact you in an effort to raise money for the facility. We may use/disclose limited demographic information in such efforts, such as treating service (e.g., cardiology, internal medicine) and your treating physician along with your name, address, phone number and dates of treatment or service at the hospital or nursing home. We only would release contact information, such as your name, address and phone number and the dates you received treatment or services at the hospital or nursing home. If you do not want us to contact you for fundraising efforts, you must notify the Executive Director of our Foundation Office in writing at 196 North Street, Geneva, NY, 14456 or by calling (315) 787-4053. In addition, any fundraising materials sent to you will describe how you may opt out of receiving future communications.
ØHospital Directory. We may include certain limited information about you in the hospital or nursing home directory (patient census) while you are a patient at the facility. This information may include your name, location in the facility, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The directory information, except for your religious affiliation, may also be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. This is so your family, friends and clergy can visit you in the hospital or nursing home.
ØIndividuals Involved in Your Care or Payment for Your Care. In compliance with New York state regulations, we may release PHI about you to a friend or family member who is involved in your medical care. We may also give information to someone who helps pay for your care. We may also tell your family or friends your condition and that you are in the hospital or nursing home.
ØResearch. Under certain circumstances, we may use and disclose PHI about you for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of PHI, trying to balance the research needs with patients’ need for privacy of their PHI. Before we use or disclose PHI for research, the project will have been approved through this research approval process, but we may, however, disclose PHI about you to people preparing to conduct a research project, for example, to help them look for patients with specific medical needs, so long as the PHI they review does not leave the hospital or nursing home. We will almost always ask for your specific permission if a researcher will have access to your name, address or other information that reveals who you are, or will be involved in your care at the hospital or nursing home.
ØAs Required By Law. We will disclose PHI about you when required to do so by federal, state or local law.
Ø To Avert a Serious Threat to Health or Safety. We may use and disclose PHI about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
ØOrgan and Tissue Donation. If you are an organ donor, we may release PHI to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Ø Military and Veterans. If you are a member of the armed forces, we may release PHI about you as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
Ø Workers’ Compensation. We may release PHI for workers’ compensation or similar programs. These programs provide benefits for work-related injuries or illness.
ØPublic Health Risks. We may disclose PHI for public health activities. These activities generally include the following:
· to prevent or control disease, injury or disability;
· to report births and deaths;
· to report child abuse or neglect;
· to report reactions to medications or problems with products;
· to notify people of recalls of products they may be using;
· to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
· to notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
Ø Health Oversight Activities. We may disclose PHI to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, licensure, and New York State SPARCS Data Reporting System. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
ØLawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose PHI about you in response to a court or administrative order. We may also disclose PHI about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested.
ØLaw Enforcement. We may release PHI if asked to do so by a law enforcement official:
· In response to a court order, subpoena, warrant, summons or similar process;
· To identify or locate a suspect, fugitive, material witness, or missing person;
· About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
· About a death we believe may be the result of criminal conduct;
· About criminal conduct at the hospital; and
· In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
ØCoroners, Medical Examiners and Funeral Directors. We may release PHI to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release PHI about hospital patients or nursing home residents to funeral directors as necessary to carry out their duties.
Ø National Security and Intelligence Activities. We may release PHI about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
ØProtective Services for the President and Others. We may disclose PHI about you to authorized federal officials so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
ØInmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release PHI about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
YOUR RIGHTS REGARDING YOUR PHI.
You have the following rights regarding PHI we maintain about you:
ØRight to Inspect and Copy. In compliance with New York State regulations, you have the right to inspect and copy PHI that may be used to make decisions about your care. Usually, this includes medical and billing records, but does not include psychotherapy notes.
To inspect and copy PHI that may be used to make decisions about you, you must submit your request in writing to the hospital or nursing home Medical Records Department, Attn: Release of Information Representative. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing or other supplies associated with your request.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by us will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Ø Right to Amend. If you feel that PHI we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the hospital or nursing home.
To request an amendment, your request must be made in writing and submitted to the hospital or nursing home Health Information Director. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
• Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
• Is not part of the PHI kept by or for the hospital;
• Is not part of the information which you would be permitted to inspect and copy; or
• Is accurate and complete.
ØRight to Breach Notification. You have the right to be notified of a breach of your unsecured PHI. A breach is defined as an acquisition, access, use or disclosure of PHI in a manner not permitted, unless there is a low probability that your PHI has been compromised.
ØRight to Revoke. You have the right to revoke any authorization, in writing, at any time. To request a revocation, you must submit a written request to our Privacy Officer.
Ø Right to an Accounting of Disclosures. In compliance with federal regulations, you have the right to request an "accounting of disclosures." This is a list of the disclosures we made of your PHI.
To request this list or accounting of disclosures, you must submit your request in writing to the hospital’s Medical Records Department, Attn: Release of Information Representative. Your request must state a time period which may not be longer than six years and may not include dates before February 26, 2003. Your request should indicate in what form you want the list (e.g., on paper, electronically, etc.). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Ø Right to Request Restrictions. You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend.
We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
To request restrictions, a request must be made in writing and submitted to the hospital or nursing home Health Information Director within three (3) business days, from date of service. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.
Ø Right to Restrict Upon Payment in Full. You have the right to restrict disclosure of your PHI to your health plan for payment when you make a written request and pay all out of pocket expenses in full for the item or service.
Ø Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location.
Ø To request confidential communications, you must make your request in writing to the hospital or nursing home Medical Records Department, Attn: Release of Information Representative. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
ØRight to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
You may obtain a copy of this notice at our website, www.flhealth.org.
To obtain a paper copy of this notice, please request, in writing, to Finger Lakes Health’s Privacy Officer, C/O Medical Records Department, 196 North Street, Geneva, NY 14456
As detailed in the HIPAA Rules, certain uses and disclosures of psychotherapy notes, uses and disclosures of PHI for marketing purposes (as described in the “Marketing” section of this Privacy Notice), and disclosures that constitute a sale of PHI require a written authorization from you, and other uses and disclosures not otherwise permitted as described in this notice will only be made with your written authorization, which you may revoke at any time as detailed in the “Your Rights Regarding Your PHI” section of this notice.
We may only use and/or disclose your PHI for marketing activities if we obtain from you a prior written authorization. “Marketing” activities include communications to you that encourage you to purchase or use a product or service, and the communication is not made for your care or treatment. Marketing does not include, for example, sending you a newsletter about the hospital or nursing home. Marketing also includes the receipt by us of remuneration, directly or indirectly from a third party whose product or service is being marketed to you. We will inform you if we engage in marketing and will obtain your prior authorization.
CHANGES TO THIS NOTICE.
Ø We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for PHI we already have about you as well as any PHI we receive in the future. We will post a copy of the current notice in the hospital or nursing home. The notice will contain on the first page, in the top right-hand corner, the effective date. In addition, each time you register at or are admitted to the hospital or nursing home for treatment or health care services as an inpatient or outpatient, we will offer you a copy of the current notice in effect.
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services. To file a complaint with us, contact:
Privacy Officer, Medical Records Department
Finger Lakes Health
196 North Street
Geneva, NY, 14456
Phone (315) 787-5080 in Geneva or (315) 531-2080 in Penn Yan.
To file a complaint with the Department of Health and Human Services, contact:
Attn: Regional Manager /Office for Civil Rights
U.S. Department of Health and Human Services
Jacob Javits Federal Building
26 Federal Plaza - Suite 3312
New York, NY, 10278
Voice Phone (800) 368-1019
FAX (212) 264-3039
TDD (800) 537-7697
All complaints must be submitted in writing. You will not be penalized for filing a complaint.
OTHER USES OF PHI.
Other uses and disclosures of PHI not covered by this notice or the laws that apply to us will be made only with your written permission. If you provide us permission to use or disclose PHI, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose PHI about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your permission, and that we are required to retain our records of the care that we provided to you.
For more information, please contact the Finger Lakes Health Privacy Officer at (315) 787-5080 or (315) 531-2080.
Effective Date: September 23, 2013