Patient Rights & Privacy

Use the following links to jump to the section you are interested in:

Notice of HIPAA Privacy Practices
Patient's Rights and Responsibilities
Website Disclaimer
Agreement/Terms of Use

Notice of HIPAA Privacy Practices


Understanding Your Health Record/Information 

Each time you visit Catholic Medical Center, a department of Catholic Medical Center, or one of its physicians practices (hereinafter “CMC”), a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, and a plan for future care or treatment. This information, often referred to as your health or medical record, serves as a: 
  • Basis for planning your care and treatment; 
  • Means of communication among the many health professionals who contribute to your care; 
  • Legal document describing the care you received; 
  • Means by which you or a third-party payer can verify that services billed were actually provided; 
  • A tool in educating health professionals and a source of data for medical research; 
  • A source of information for public health officials charged with improving the health of the nation; 
  • A source of data for facility planning and marketing; and,  
  • A tool with which we can assess and continually work to improve the care we render and the outcomes we achieve.
Understanding what is in your record and how your health information is used helps you to ensure its accuracy; better understand who, what, when, where, and why others may access your health information; and, make more informed decisions when authorizing disclosure to others. 

Your Health Information Rights 
Although your health record is the physical property of CMC as the facility that compiled it, the information contained within it belongs to you. You have the right to: 
  • Obtain a paper copy of this Notice of HIPAA Privacy Practices upon request; 
  • Inspect and obtain a copy your health record, including a readily producible electronic copy, as provided for in federal regulations (45 C.F.R. §164.524); 
  • Request a restriction on certain uses and disclosures of your information as provided by federal regulations. As provided in federal regulations (45 C.F.R. §164.522), CMC is not required to agree to a requested restriction unless the request is to restrict health information to a health plan when you have paid for such applicable services out of your pocket in full;
  • Request an amendment to your health record by submitting information in writing about how the information is inaccurate or incomplete. As provided in federal regulations (45 C.F.R. §164.526), CMC is not required to agree to certain requested amendments, such as where the information is accurate and complete; 
  • Obtain an accounting of disclosures of your health information as provided in federal regulations (45 C.F.R. §164.528); 
  • Request communications of your health information by alternative means or at alternative locations; and 
  • Revoke your authorization to use or disclose health information except to the extent that action has already been taken.

You can exercise these rights by contacting CMC’s Health Information Management Department at 603.663.6518 or CMC’s HIPAA Privacy Officer at 603.663.6651.

Our Responsibilities 
CMC is required to: 
  • Provide you with this Notice as to our legal duties and privacy practices with respect to information we collect and maintain about you;
  • Abide by the terms of this Notice and maintain the privacy of your health information;
  • Notify you if we are unable to agree to a requested restriction or amendment;
  • Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations, e.g., Electronic Transmission;
  • Obtain your written authorization to use or disclose your health information for reasons other than those listed in this Notice and permitted under law; and
  • Notify you if your health information has been breached. Pursuant to federal regulations, breach notification must occur by first class mail within 60 days of the event. A breach occurs when there has been an unauthorized acquisition, access, use or disclosure of your health information that compromises the privacy or security of your health information based on a regulatory four factor risk assessment.

We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law. Should our privacy practices change, we will post a revised Notice on our Internet site. We will not use or disclose your health information without your authorization, except as described in this Notice. This Notice first took effect on 4/1/03, and was revised on 11/21/06, 6/1/12, 6/7/13, 12/6/13, 12/6/19, and 12/1/21.

For More Information or to Report a Problem 
If have questions and would like additional information, you may contact CMC’s HIPAA Privacy Officer at 603.663.6651. If you believe your privacy rights have been violated, you may complain to CMC’s HIPAA Privacy Officer and you may also file a complaint with the Office for Civil Rights at the address below:

Centralized Case Management Operations
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F HHH Bldg. Washington, D.C. 20201

or email:

You will not be retaliated against for filing a complaint.

Uses and Disclosures of Health Information 
We use and disclose health information about you for treatment, payment, and health care operations (“TPO”) within the CMC health care system and elsewhere. We have provided some examples of TPO below.

We will use and disclose your health information for treatment.
For example: Information obtained by a nurse, physician, or other member of your health care team will be recorded in your record and used to determine the course of treatment that should work best for you. Your physician will document in your record his or her expectations of the members of your health care team. Members of your health care team will then record the actions they took and their observations. In that way, the physician will know how you are responding to treatment.

We will also provide your physician or a subsequent health care provider with copies of various reports that should assist him or her in treating you once you’re discharged from this hospital. We may also provide automated notifications, directly or through an intermediary, at the time of your registration to the emergency department, admission to the hospital, transfer, and discharge.  These notifications may go to your established primary care provider/practice, other established provider(s)/practice(s), and post-acute care service providers and suppliers in order to facilitate the exchange of your health information in a timely, secure, and confidential manner. If you do not wish for us to send these notifications automatically, then you must opt-out by submitting your request in writing to Catholic Medical Center, Attn: HIPAA Privacy Officer, 100 McGregor Street, Manchester, NH 03102. 

We will use and disclose your health information for payment.
For example: A bill may be sent to you or a third-party payer. The information on or accompanying the bill may include information that identifies you, as well as your diagnosis, procedures, and supplies used.

We will use and disclose your health information for regular health operations.
For example: Members of the medical staff, the risk manager, or members of the quality improvement team may use information in your health record to assess the care and outcomes in your case and others like it. This information will then be used in an effort to continually improve the quality and effectiveness of the health care and service we provide.
In addition to our use of health information for treatment, payment and health care operations, there are other circumstances in which we may use and disclose your health information without your authorization. We have provided below a list of those circumstances.

Business Associates: There are some services provided in our organization through contacts with business associates. Examples include physician services in the Emergency Department, radiology and certain laboratory tests. When these services are contracted, we may disclose your health information to our business associate so that they can perform the job we’ve asked them to do and bill you or your third-party payer for services rendered. To protect your health information, however, we require the business associate and their subcontractors to appropriately safeguard your information. 

Directory: Unless you notify us that you object, we will use your name, location in the facility, general condition, and religious affiliation for directory purposes. This information may be provided to members of the clergy and, except for religious affiliation, to other people who ask for you by name. 

Appointment Reminders: We may use or disclose your health information to provide you with appointment reminders (such as voicemail messages, postcards or letters). 

Notification: We may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, your location, and general condition. 

Communication with Family: Health professionals, using their best judgment, may disclose to a family member, other relative, close personal friend or any other person you identify, health information relevant to that person’s involvement in your care or payment related to your care. 

Research: We may disclose information to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of your health information. 

Funeral Directors: We may disclose health information to funeral directors consistent with applicable law to carry out their duties. 

Organ Procurement Organizations: Consistent with applicable law, we may disclose health information to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant. 

Marketing: We may contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you. We are required to obtain your authorization for other marketing activities and if we will receive direct or indirect payment for your health information. We are prohibited from selling your health information without your specific, written authorization. 

Fundraising: We may use your name, address, telephone number, age, date of birth, gender, date(s) of service, general department of service, treating physician information, insurance status, and outcome information to contact you as part of fundraising efforts for CMC. Any funds raised are used to expand and improve the services and programs we provide to the community. If you do not wish to receive fundraising requests in support of CMC, you may opt-out by sending a letter to CMC, Office of Philanthropy, 100 McGregor Street, Manchester, NH 03102. In the event that you contact us with this request, CMC shall ensure that you do not receive any fundraising communications from us in the future. 

Food and Drug Administration (FDA): We may disclose to the FDA health information relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement. 

Workers Compensation: We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law. 

Public Health and Oversight: As required by law, we may disclose your health information to public health or legal authorities charged with overseeing government health care systems or preventing or controlling disease, injury, or disability.  We may also report certain diagnoses to state and other registries in which CMC participates for the purposes of identifying clusters of cases and improving outcomes

Correctional Institution: If you are an inmate at a correctional institution, we may disclose to the institution or their agents health information necessary for your health and to protect the health and safety of other individuals. 

Law Enforcement: We may disclose health information for law enforcement purposes as required by law or in response to a patient authorization or court order. 

Abuse or Neglect: We may disclose your health information to appropriate authorities if we reasonably believe that you are a possible victim of abuse, neglect or domestic violence or the possible victim of other violent crimes. We may disclose your health information to the extent necessary to avert a serious threat to your health or safety or the health or safety of others. 

Safety: Federal law allows Catholic Medical Center to disclose your health information to appropriate health oversight agencies, public health authorities or attorneys, provided that a work force member or business associate believes in good faith that we have engaged in unlawful conduct or have otherwise violated professional or clinical standards and are potentially endangering one or more patients, workers or the public.

All patients at Catholic Medical Center have the following rights:

  1. The patient shall be treated with consideration, respect, and full recognition of the patient's dignity and individuality, including privacy in treatment and personal care and including being informed of the name, licensure status, and staff position of all those with whom the patient has contact, pursuant to RSA 151:3-b.
  2. The patient shall be fully informed of a patient's rights and responsibilities and of all procedures governing patient conduct and responsibilities. This information must be provided orally and in writing before or at admission, except for emergency admissions. Receipt of the information must be acknowledged by the patient in writing. When a patient lacks the capacity to make informed judgments the signing must be by the person legally responsible for the patient.
  3. The patient shall be fully informed in writing in language that the patient can understand, before or at the time of admission and as necessary during the patient's stay, of the facility's basic per diem rate and of those services included and not included in the basic per diem rate. A statement of services that are not normally covered by medicare or medicaid shall also be included in this disclosure.
  4. The patient shall be fully informed by a health care provider of his or her medical condition, health care needs, and diagnostic test results, including the manner by which such results will be provided and the expected time interval between testing and receiving results, unless medically inadvisable and so documented in the medical record, and shall be given the opportunity to participate in the planning of his or her total care and medical treatment, to refuse treatment, and to be involved in experimental research upon the patient's written consent only. For the purposes of this paragraph "health care provider'' means any person, corporation, facility, or institution either licensed by this state or otherwise lawfully providing health care services, including, but not limited to, a physician, hospital or other health care facility, dentist, nurse, optometrist, podiatrist, physical therapist, or psychologist, and any officer, employee, or agent of such provider acting in the course and scope of employment or agency related to or supportive of health care services.
  5. The patient shall be transferred or discharged after appropriate discharge planning only for medical reasons, for the patient's welfare or that of other patients, if the facility ceases to operate, or for nonpayment for the patient's stay, except as prohibited by Title XVIII or XIX of the Social Security Act. No patient shall be involuntarily discharged from a facility because the patient becomes eligible for medicaid as a source of payment.
  6. The patient shall be encouraged and assisted throughout the patient's stay to exercise the patient's rights as a patient and citizen. The patient may voice grievances and recommend changes in policies and services to facility staff or outside representatives free from restraint, interference, coercion, discrimination, or reprisal.
  7. The patient shall be permitted to manage the patient's personal financial affairs. If the patient authorizes the facility in writing to assist in this management and the facility so consents, the assistance shall be carried out in accordance with the patient's rights under this subdivision and in conformance with state law and rules.
  8. The patient shall be free from emotional, psychological, sexual and physical abuse and from exploitation, neglect, corporal punishment and involuntary seclusion.
  9. The patient shall be free from chemical and physical restraints except when they are authorized in writing by a physician for a specific and limited time necessary to protect the patient or others from injury. In an emergency, restraints may be authorized by the designated professional staff member in order to protect the patient or others from injury. The staff member must promptly report such action to the physician and document same in the medical records.
  10. The patient shall be ensured confidential treatment of all information contained in the patient's personal and clinical record, including that stored in an automatic data bank, and the patient's written consent shall be required for the release of information to anyone not otherwise authorized by law to receive it. Medical information contained in the medical records at any facility licensed under this chapter shall be deemed to be the property of the patient. The patient shall be entitled to a copy of such records upon request. The charge for the copying of a patient's medical records shall not exceed $15 for the first 30 pages or $.50 per page, whichever is greater; provided, that copies of filmed records such as radiograms, x-rays and sonograms shall be copied at a reasonable cost.
  11. The patient shall not be required to perform services for the facility. Where appropriate for therapeutic or diversional purposes and agreed to by the patient, such services may be included in a plan of care and treatment.
  12. The patient shall be free to communicate with, associate with, and meet privately with anyone, including family and resident groups, unless to do so would infringe upon the rights of other patients. The patient may send and receive unopened personal mail. The patient has the right to have regular access to the unmonitored use of a telephone.
  13. The patient shall be free to participate in activities of any social, religious, and community groups, unless to do so would infringe upon the rights of other patients.
  14. The patient shall be free to retain and use personal clothing and possessions as space permits, provided it does not infringe on the rights of other patients.
  15. The patient shall be entitled to privacy for visits and, if married, to share a room with his or her spouse if both are patients in the same facility and where both patients consent, unless it is medically contraindicated and so documented by a physician. The patient has the right to reside and receive services in the facility with reasonable accommodation of individual needs and preferences, including choice of room and roommate, except when the health and safety of the individual or other patients would be endangered.
  16. The patient shall not be denied appropriate care on the basis of race, religion, color, national origin, sex, age, disability, marital status, or source of payment, nor shall any such care be denied on account of the patient's sexual orientation.
  17. The patient shall be entitled to be treated by the patient's physician of choice, subject to reasonable rules and regulations of the facility regarding the facility's credentialing process.
  18. The patient shall be entitled to have the patient's parents, if a minor, or spouse, or next of kin, or a personal representative, if an adult, visit the facility, without restriction, if the patient is considered terminally ill by the physician responsible for the patient's care.
  19. The patient shall be entitled to receive representatives of approved organizations as provided in RSA 151:28.
  20. The patient shall not be denied admission to the facility based on medicaid as a source of payment when there is an available space in the facility.
  21. Subject to the terms and conditions of the patient's insurance plan, the patient shall have access to any provider in his or her insurance plan network and referral to a provider or facility within such network shall not be unreasonably withheld pursuant to RSA 420-J:8, XIV.
  22. Patients have the right to request that their wishes about organ donation be documented in the medical record. The patient shall not be denied admission, care or services based solely on the patient's vaccination status.
  23. Patient Support.
a. In addition to the rights specified in paragraph XVIII, the patient shall be entitled to designate a spouse, family member, or caregiver who may visit the facility while the patient is receiving care.  A patient who is a minor may have a parent, guardian, or person standing in loco parentis visit the facility while the minor patient is receiving care.
b. Exceptions.
1. Notwithstanding subparagraph (a), a healthcare facility may establish visitation policies that limit or restrict visitation when:
A. The presence of visitors would be medically or therapeutically contraindicated in the best clinical judgment of health care professionals'
B. The presence of visitors would interfere with the care of or rights of any patient;
C. Visitors are engaging in disruptive, threatening, or violent behavior toward any staff member, patient, or another visitor; or
D. Visitors are non compliant with written hospital policy.

2. Upon request, the patient or patient's representative, if the patient is incapacitated, shall be provided the reason for denial or revocation of visitation rights under this paragraph.
c. A health care facility may require visitors to wear personal protective equipment provided by the facility, or provided by the visitor and approved by the facility.  A health care facility may require visitors to comply with reasonable safety protocols and rules of conduct.  The health care facility may revoke visitation rights for failure to comply with this subparagraph. 
d. Nothing in this paragraph shall be construed to require a health care facility to allow a visitor to enter an operating room, isolation room, isolation unit, behavioral health setting or other typically restricted area or to remain present during the administration of emergency care in critical situations. Nothing in this paragraph shall be construed to require a health care facility to allow a visitor access beyond the rooms, units, or wards in which the patient is receiving care or beyond general common areas in the health care facility.
e. The rights specified in this paragraph shall not be terminated, suspended, or waived by the health care facility, the department of health and human services, or any governmental entity, notwithstanding declarations of emergency declared by the governor or the legislature. No health care facility licensed pursuant to RSA 151:2 shall require a patient to waive the rights specified in this paragraph.
  1. Patient Responsibilities
    In addition to their rights as prescribed by the laws of the State of New Hampshire, CMC patients and their surrogate decision-makers have the following responsibilities:

    Provision of Information—Patients have the responsibility to provide, to the best of their knowledge, accurate and complete information about present complaints, past illnesses, hospitalizations, medications, and other matters relating to their health.

    Compliance with Instructions—Patients are responsible for following the treatment plan recommended by the practitioner primarily responsible for their care.

    Refusal of Treatment—Patients are responsible for their actions if they refuse treatment or do not follow the practitioner’s instructions.

    Hospital Charges—Patients are responsible for assuring that they meet their financial obligation for healthcare services rendered as soon as possible after discharge.

    Hospital Rules and Regulations—Patients are responsible for following hospital rules and regulations affecting patient care and conduct.

    Respect and Consideration—Patients are responsible for being considerate of the rights of other patients and hospital personnel, and for assisting in the control of noise, smoking, and the number of visitors.

    Pediatric and Adolescent Patients—Minors, because of their age and competence, exercise their consent to treatment through their parents or legal guardian unless other otherwise specified by law. The same rights and responsibilities extended to adult patients at Catholic Medical Center are extended to pediatric and adolescent patients and families.

    Pain Management—Patients are responsible for asking your doctor or nurse what to expect regarding pain and pain management, discussing with them pain relief options, working with them in developing a pain management plan, asking for pain relief when pain first begins, helping your doctor and nurse measure your pain, and informing the doctor or nurse if your pain is not relieved.

    Patient's Rights and Responsibilities are further described in the Patient Information booklet provided to each patient. Inquiries regarding this information should be addressed to the Department Director of the area in which care is being provided. Additional questions or concerns should be referred to the Patient Advocacy Program at Catholic Medical Center 603.663.8020.

    Patients with mental illness have a right to contact the NH Disability Rights Center to speak with an attorney. Please contact: 
    Disability Rights Center–NH
    64 North Main Street, Suite 2, 3rd Floor
    Concord NH 03301
    TDD: 1-800-834-1721

For complaints related to the quality of care, please contact DNV using their online tool:
or contact: DNV Healthcare USA Inc.
Attn: Hospital Complaints
4435 Aicholtz Road, Suite 900
Cincinnati OH 45245
tel: 866.496.9647
fax: 281.870.4818

Website Disclaimer
All information provided by the Catholic Medical Center (CMC) website is provided for informational purposes only and does not constitute a legal contract between CMC and any person. Information on this website is subject to change without prior notice. Since medical developments occur daily, this site may contain outdated material. Although every reasonable effort is made to present current and accurate information, CMC makes no guarantees of any kind.

Information on the CMC website is not provided as medical advice, does not establish a patient-provider relationship, and is not intended nor should be assumed to guarantee a specific result. CMC makes no claim that the information presented in this site is comprehensive, or that other treatment options may be any more or less effective than those described here.

In no event shall CMC, any subsidiary or affiliate, or employee or representative thereof be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use or reliance on such content, goods, or services available on or through any site or resource.

Health related topics found on any page should not be used for diagnostic purposes or be substituted for medical advice. Only a qualified health care provider may dispense medical advice. As with any new or ongoing treatment, always consult your professional health care providers before beginning any treatment. If you do not have a health care provider, you may contact (603) 626-2626 for a listing of providers in your area.

CMC, any subsidiary or affiliate, or employee or representative thereof, assumes no responsibility or liability for any consequence resulting directly or indirectly for any action or inaction you take based on or made in reliance on the information, services or material on or linked to this site.

CMC, any subsidiary or affiliate, or employee or representative thereof shall not be accountable in any way for any use, misuse, self-diagnosis, self-treatment, failure to obtain medical information from a qualified physician, any other lack of action, inappropriate action or delay in seeking appropriate medical treatment for any condition, concern, or event.

CMC makes links available to other Internet sites that may have information of general interest. CMC is in no way responsible for the availability, accuracy, or content of those external sites, nor does it endorse them.

All information contained in this website is copyright protected, unless otherwise noted. Information may be reprinted and or downloaded for personal, non-commercial use only, provided the source of the material is identified and includes a statement that the materials are protected by copyright law. Permission to reprint or electronically reproduce any document or graphic in whole or in part for any non-personal or commercial use is prohibited unless prior written consent is obtained from the respective copyright holder.

Agreement/Terms of Use
By using this website, you agree that you understand and accept the terms listed above. If you do not agree to these terms, you may not use this website. Privacy as it applies to the Internet is changing at a rapid pace. We reserve the right to change our privacy practices to remain in compliance with state and federal laws.

Catholic Medical Center is committed to the principle of fair and ethical business practices, which includes ensuring the utmost security and confidentiality of records and related information for all its patients, employees, and organizational and administrative operations.

Any breach of confidentiality, including, but not limited to, unauthorized discussion or use of or access to information related to a patient, employee, or Catholic Medical Center's operations, represents a failure to meet the professional and ethical standards expected of all employees, and constitutes a violation of this policy. Records and data which are expressly protected under this policy include, but are not limited to: medical records, appointment scheduling, payroll and personnel records, billing information, contracts, demographics, financial records, marketing and fund development strategies, and present or future business plans. Methods of disclosure include, but are not limited to: data transfer or transmission, verbal or written disclosures, news releases, faxes, documents left in full or partial view, including unattended, connected computer workstations.

The Information Systems Group has implemented systems designed to maximize protection and minimize exposure by unauthorized individuals while promoting valid commerce and communication with other institutions and individuals outside the organization. Catholic Medical Center views any violation of this policy seriously and will take appropriate action upon notification of a breach of confidentiality.

ver 1/2023