Notice of HIPAA Privacy Practices
This Notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. (CMC-706)
Understanding Your Health Record/Information
Each time you visit Catholic Medical Center, a department of Catholic Medical Center, or one of its physicians practices (hereinafter “CMC”), a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information, often referred to as your health or medical record, serves as a:
Basis for planning your care and treatment;
Means of communication among the many health professionals who contribute to your care;
Legal document describing the care you received;
Means by which you or a third-party payer can verify that services billed were actually provided;
A tool in educating health professionals and a source of data for medical research;
A source of information for public health officials charged with improving the health of the nation;
A source of data for facility planning and marketing; and,
A tool with which we can assess and continually work to improve the care we render and the outcomes we achieve.
Understanding what is in your record and how your health information is used helps you toensure its accuracy; better understand who, what, when, where, and why others may access your health information; and, make more informed decisions when authorizing disclosure to others.
Your Health Information Rights
Although your health record is the physical property of CMC as the facility that compiled it, the information contained within it belongs to you. You have the right to:
· Obtain a paper copy of this Notice of HIPAA Privacy Practices upon request;
· Inspect and obtain a copy your health record, including a readily producible electronic copy, as provided for in federal regulations (45 C.F.R. §164.524);
· Request a restriction on certain uses and disclosures of your information as provided by federal regulations (45 C.F.R. §164.522). CMC is not required to agree to a requested restriction unless the request is to restrict health information to a health plan when you have paid for such applicable services out of your pocket in full;
· Request an amendment to your health record by submitting information in writing about how the information is inaccurate or incomplete. As provided in federal regulations (45 C.F.R. §164.526), CMC is not required to agree to certain requested amendments, such as where the information is accurate and complete;
· Obtain an accounting of disclosures of your health information as provided in federal regulations (45 C.F.R. §164.528);
· Request communications of your health information by alternative means or at alternative locations; and,
· Revoke your authorization to use or disclose health information except to the extent that action has already been taken.
You can exercise these rights by contacting CMC’s Health Information Management Department at (603) 663-6518 or CMC’s HIPAA Privacy Officer at (603) 663-6651.
CMC is required to:
· Provide you with this Notice as to our legal duties and privacy practices with respect to information we collect and maintain about you;
· Abide by the terms of this Notice and maintain the privacy of your health information;
· Notify you if we are unable to agree to a requested restriction or amendment;
· Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations, e.g., Electronic Transmission;
· Obtain your written authorization to use or disclose your health information for reasons other than those listed in this Notice and permitted under law; and
· Notify you if your health information has been breached. Pursuant to federal regulations, breach notification must occur by first class mail within 60 days of the event. A breach occurs when there has been an unauthorized acquisition, access, use or disclosure of your health information that compromises the privacy or security of your health information based on a regulatory four factor risk assessment.
We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. Should our privacy practices change, we will post a revised Notice in brochure racks throughout the organization and on our Internet site. We will not use or disclose your health information without your authorization, except as described in this Notice. This Notice first took effect on 4/1/2003, and was revised on 11/21/2006, 6/1/2012, 6/7/2013, and 12/6/2013.
For More Information or to Report a Problem
If have questions and would like additional information, you may contact CMC’s HIPAA Privacy Officer at (603) 663-6651. If you believe your privacy rights have been violated, you may complain to CMC’s HIPAA Privacy Officer and you may also file a complaint with the Office for Civil Rights at the address below:
Region I, Office for Civil Rights
Department of Health and Human Services
Government Center, JF Kennedy Federal Building, Room 1875
Boston, Massachusetts 02203
You will not be retaliated against for filing a complaint.
Uses and Disclosures of Health Information
We use and disclose health information about you for treatment, payment and health care operations (TPO) within the CMC health care system and elsewhere. We have provided some examples of TPO below.
We will use your health information for treatment.
For example:Information obtained by a nurse, physician, or other member of your health care team will be recorded in your record and used to determine the course of treatment that should work best for you. Your physician will document in your record his or her expectations of the members of your health care team. Members of your health care team will then record the actions they took and their observations. In that way, the physician will know how you are responding to treatment.
We will also provide your physician or a subsequent health care provider with copies of various reports that should assist him or her in treating you once you’re discharged from this hospital.
We will use your health information for payment.
For example:A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used.
We will use your health information for regular health operations.
For example:Members of the medical staff, the risk or quality improvement manager, or members of the quality improvement team may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and service we provide.
In addition to our use of health information for treatment, payment and health care operations, there are other circumstances in which we may use and disclose your health information without your authorization. We have provided below a list of those circumstances.
Business Associates:There are some services provided in our organization through contacts with business associates. Examples include physician services in the Emergency Department, radiology and certain laboratory tests. When these services are contracted, we may disclose your health information to our business associate so that they can perform the job we’ve asked them to do and bill you or your third-party payer for services rendered. To protect your health information, however, we require the business associate and their subcontractors to appropriately safeguard your information.
NH Health Information Organization (NHHIO): We may transmit your health information for your care and treatment through the NHHIO, a 501(c)(3) non-profit organization that has established a statewide electronic health network to share patient health information between health care providers in a timely, secure, and confidential manner. If you do not wish for us to transmit your health information for your care and treatment through the NHHIO, you may opt-out by submitting your request in writing to CMC, Information Systems Department, Attn: HIPAA Security Officer, 100 McGregor Street, Manchester, NH 03102.
Directory: Unless you notify us that you object, we will use your name, location in the facility, general condition, and religious affiliation for directory purposes. This information may be provided to members of the clergy and, except for religious affiliation, to other people who ask for you by name.
Appointment Reminders:We may use or disclose your health information to provide you with appointment reminders (such as voicemail messages, postcards or letters).
Notification:We may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, your location, and general condition.
Communication with Family:Health professionals, using their best judgment, may disclose to a family member, other relative, close personal friend or any other person you identify, health information relevant to that person’s involvement in your care or payment related to your care.
Research:We may disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information.
Funeral Directors:We may disclose health information to funeral directors consistent with applicable law to carry out their duties.
Organ Procurement Organizations:Consistent with applicable law, we may disclose health information to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
Marketing:We may contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you. We are required to obtain your authorization for other marketing activities and if we will receive direct or indirect payment for your health information. We are prohibited from selling your health information without your specific, written authorization.
Fundraising: We may use your name, address, telephone number, age, date of birth, gender, date(s) of service, general department of service, treating physician information, insurance status, and outcome information to contact you as part of fundraising efforts for CMC. Any funds raised are used to expand and improve the services and programs we provide to the community. If you do not wish to receive fundraising requests in support of CMC, you may opt-out by sending a letter to CMC, Office of Philanthropy, 100 McGregor Street, Manchester, NH 03102. In the event that you contact us with this request, CMC shall ensure that you do not receive any fundraising communications from us in the future.
Food and Drug Administration (FDA):We may disclose to the FDA health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
Workers Compensation:We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.
Public Health:As required by law, we may disclose your health information to public health or legal authorities charged with preventing or controlling disease, injury, or disability, as well as reporting newly diagnosed cases of cancer to the New Hampshire State Cancer Registry for the purposes of identifying clusters of cancer cases and attempting to identify causes of cancer. We may make such disclosures through the NHHIO.
Correctional Institution:If you are an inmate at a correctional institution, we may disclose to the institution or their agents health information necessary for your health and to protect the health and safety of other individuals.
Law Enforcement:We may disclose health information for law enforcement purposes as required by law or in response to a patient authorization or court order.
Abuse or Neglect:We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect or domestic violence or the possible victim of other violent crimes. We may disclose your health information to the extent necessary to avert a serious threat to your health or safety or the health or safety of others.
Safety: Federal law allows Catholic Medical Center to disclose your health information to appropriate health oversight agencies, public health authorities or attorneys, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or have otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.