THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices (“Notice”) covers an Affiliated Covered Entity (“ACE”). When this Notice refers to Empass Healthcare or “we,” it is referring to Empass Healthcare (“Empass Healthcare”), and all other covered entities under Empass Healthcare common ownership or common control. Each of these entities are “covered entities” under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder (collectively, “HIPAA”).
Pursuant to 45 C.F.R. § 164.105(b), Empass Healthcare and all other covered entities under Empass Healthcare common ownership or common control, hereby designate themselves as a single covered entity for purposes of compliance with HIPAA. The single covered entity shall be known as the “Empass Healthcare Affiliated Covered Entity” or the “Empass Healthcare ACE.” This designation may be amended from time to time to add new covered entities that are under the common ownership of Empass Healthcare Corporation.
This Notice describes how we may use and disclose your protected health information to carry out treatment, payment or healthcare operations and for other purposes that are permitted or required by law. It also describes your rights to access and control your protected health information. “Protected health information” is information about you, including demographic information, that may identify you and that relates to your past, present or future physical or mental health or condition, related healthcare services and payment for such healthcare services.
We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We are required by law to maintain the privacy of your protected health information and to provide you with Notice of our legal duties and privacy practices with respect to your protected health information. We are required to abide by the terms of this Notice. We may change the terms of our Notice at any time. The new Notice will be effective for all protected health information that we maintain at that time. Upon your request, you can receive any revised Notice of Privacy Practices by accessing our website Empass.com, contacting the hospital where you were seen or the privacy officer at firstname.lastname@example.org. Just request that a revised copy be sent to you in the mail or ask for one at your next appointment.
1. HOW WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION
Your healthcare provider will use or disclose your protected health information as described in Section 1. Your protected health information may be used and disclosed by your healthcare provider, our office staff and others outside of our hospital that are involved in your care and treatment for the purpose of providing healthcare services to you. Your protected health information may also be used and disclosed to pay your healthcare bills and to support the operation of Empass Healthcare.
Following are examples of the types of uses and disclosures of your protected healthcare information that Empass Healthcare is permitted to make. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by our hospital.
Treatment. We will use protected health information about you to provide you with medical treatment or services. We will disclose medical information about you to doctors, nurses, technicians, medical students or other personnel who are involved in your care. Different departments of our hospital also may share protected health information about you in order to coordinate your needs such as prescriptions, lab work and X-rays. We also may disclose protected health information about you to individuals outside of Empass Healthcare who may be involved in your medical care, such as family members or others we use to provide services that are part of your care. When required, we will obtain your authorization before disclosing any of your information.
Payment. Your protected health information will be used or disclosed, as needed, to obtain payment for your healthcare services. This may include certain activities that your health insurance plan may undertake before it approves or pays for the healthcare services we recommend for you such as: making a determination of eligibility or coverage for insurance benefits, reviewing services provided to you for medical necessity and undertaking utilization review activities. For example, obtaining approval for a hospital stay may require that your relevant protected health information be disclosed to the health plan to obtain approval for the hospital admission.
Healthcare operations. We may use or disclose, as needed, your protected health information to support the business activities of your healthcare provider and Empass Healthcare. These activities include, but are not limited to, quality assessment activities, employee review activities, training of medical students, licensing, and conducting or arranging for other healthcare operations.
For example, your health information may be disclosed to members of the medical staff, risk or quality improvement personnel and others to:
- Evaluate the performance of our staff
- Assess the quality of care and outcomes in your case and similar cases
- Learn how to improve our facilities and services
- Determine how to continually improve the quality and effectiveness of the healthcare we provide.
- In addition, we may use a sign-in sheet at the registration desk where you will be asked to sign your name and indicate your physician or therapist. We may also call you by name in the waiting room when your healthcare provider is ready to see you. We may use or disclose your protected health information, as necessary, to contact you to remind you of your appointment.
We will share your protected health information with third party “business associates” that may perform various activities (e.g., billing, transcription services) for Empass Healthcare. Whenever an arrangement between our hospital and a business associate involves the use or disclosure of your protected health information, we will have a written contract that contains terms that will protect the privacy of your protected health information.
We may use or disclose your protected health information, as necessary, to provide you with information about treatment alternatives or other health- related benefits and services that may be of interest to you.
Other permitted and required uses and disclosures that may be made with your agreement, or opportunity to object. You have the opportunity to agree or object to the use or disclosure of all or part of your protected health information for the following purposes. If you are not present or able to agree or object to the use or disclosure of the protected health information, then your healthcare provider may, using professional judgment, determine whether the disclosure is in your best interest. In this case, only the protected health information that is relevant to your healthcare will be disclosed.
We may use and disclose your protected health information in the following instances where you have agreed to the use or disclosure, been given an opportunity to object, or where a healthcare provider has determined that the use or disclosure is in your best interest.
Hospital directories. Unless you object, we will use and disclose in our hospital directory your name, the location where you are receiving care, your condition (in general terms) and your religious affiliation. All of this information, except religious affiliation, will be disclosed to people that ask for you by name. Members of the clergy will also be told of your religious affiliation.
Others involved in your healthcare. Unless you object, we may disclose to a member of your family, a relative, a close friend or any other person you identify, your protected health information that directly relates to that person’s involvement in your healthcare. If you are unable to agree or object to such a disclosure, we may disclose such information, as necessary, if we determine that it is in your best interest based on our professional judgment. We may use or disclose protected health information to notify or assist in notifying a family member, personal representative or any other person that is responsible for your care of your location, general condition or death. Finally, we may use or disclose your protected health information to provide information about your location, general condition, or death to family, other individuals involved in your healthcare, or a public or private entity that is authorized to assist in disaster relief efforts.
Participation in a Health Information Exchange (HIE): If your Empass Healthcare facility is participating in a HIE, then we may use or disclose your protected health information to an electronic HIE for your treatment and to improve the quality of medical care we provide our patients. To the extent permitted under applicable law, other healthcare providers, such as physicians, hospitals and other healthcare facilities involved in your care, may also have access to your information in the HIE for similar purposes.
You have the right to decline to participate in the HIE. If you choose to decline participation in the HIE, we will not use or disclose any of your information in connection with the HIE. Additional information about HIE participation will be provided to you as applicable.
Other permitted and required uses and disclosures that may be made without your authorization or opportunity to object. We may use or disclose your protected health information without your authorization in the following situations:
Required by law. We may use or disclose your protected health information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. You will be notified, as required by law, of any such uses or disclosures.
Public health. We may disclose your protected health information for public health activities and purposes to a public health authority or its contractor that is permitted by law to collect or receive the information. This may include disclosures for the purpose of preventing or controlling disease, injury or disability, reporting child abuse or neglect, for FDA-regulated products or activities, or workplace medical surveillance. We may also disclose your protected health information, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.
Communicable diseases. We may disclose your protected health information, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.
Health oversight. We may disclose protected health information to a health oversight agency for oversight activities authorized by law. These oversight activities may include audits; civil, administrative or criminal investigations, actions, or proceedings; inspections; licensing or disciplinary actions; or other activities necessary for oversight of the healthcare system or government benefit programs, or oversight of entities subject to government regulatory programs or civil rights laws for which health information is necessary for determining compliance.
Abuse, neglect or domestic violence. We may disclose your protected health information to a public health authority or other appropriate government authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your protected health information to a governmental entity or agency (including a social or protective services agency) authorized to receive such information if we believe that you have been a victim of abuse, neglect or domestic violence. In this case, the disclosure will be made consistent with any requirements of applicable federal and state laws.
Food and Drug Administration. We may disclose your protected health information to a person or company required by the Food and Drug Administration to: report adverse events, product defects or problems, biologic product deviations, or track products; to enable product recalls; to make repairs or replacements or to conduct post marketing surveillance, as required.
Legal proceedings. We may disclose protected health information in the course of any judicial or administrative proceeding in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), or in response to a subpoena, discovery request or other lawful process if certain conditions are met.
Law enforcement. We may disclose protected health information to a law enforcement official for law enforcement purposes, so long as applicable legal requirements are met. These law enforcement purposes include (1) responses to court orders, court-ordered warrants, court-issued subpoenas, grand jury subpoenas, or administrative requests that satisfy certain criteria (2) limited information requests for identification and location purposes
(3) pertaining to victims of a crime (4) suspicion that death has occurred as a result of criminal conduct (5) in the event that a crime occurs on the premises of Empass Healthcare and (6) medical emergency (not on Empass Healthcare premises) when it is likely that a crime has occurred.
Coroners, funeral directors and organ donation. We may disclose protected health information to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law. We may also disclose protected health information to a funeral director, as authorized by law, to permit the funeral director to carry out their duties with respect to the decedent. We may disclose such information in reasonable anticipation of death.
Protected health information may be used and disclosed to organ procurement organizations or other entities engaged in procurement, banking or transplantation of cadaveric organs, eyes or tissue for the purpose of cadaveric organ, eye or tissue donation and transplantation.
Research. We may disclose your protected health information to researchers when their research has been approved by an institutional review board or a privacy board that has reviewed the research proposal and established protocols to ensure the privacy of your protected health information.
To avert a serious threat to health or safety. Consistent with applicable federal and state laws, we may disclose your protected health information if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or disclosure is necessary for law enforcement authorities to identify or apprehend an individual.
Military activity, national security and other specialized government functions. When the appropriate conditions apply, we may use or disclose protected health information: (1) about individuals who are Armed Forces personnel or foreign military personnel for activities deemed necessary by appropriate military command authorities; (2) to authorized federal officials for the conduct of authorized intelligence, counter-intelligence and other national security activities; (3) to authorized federal officials for the provision of protective services to the President, foreign heads of state, or certain other persons; and (4) to a correctional institution or custodial law enforcement official that has custody of the individual who is the subject of the private health information.
Workers’ compensation. Your protected health information may be disclosed by us as authorized to comply with workers’ compensation laws and other similar legally established programs.
Required uses and disclosures. Under the law, we must make disclosures to you or your personal representative (who has authority to act on your behalf in making decisions relating to your healthcare), and when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the requirements of federal medical privacy regulations at 45 CFR section 164.500 et.seq.
Authorization required for other uses and disclosures. Other uses and disclosures will be made only with your written authorization. After giving authorization, you may revoke such authorization by submitting a request in writing to CEO/administrator at Empass Healthcare.
Notification of a breach of protected health information. Your healthcare provider must notify you of the acquisition, access, use or disclosure of your unsecured protected health information in a manner not permitted under the HIPAA Privacy Rule, if such improper access, use or disclosure compromises the security or privacy of this information.
2. YOUR RIGHTS
Following is a statement of your rights with respect to your protected health information and a brief description of how you may exercise these rights.
You have the right to inspect and obtain a copy of your protected health information. This means you may inspect and obtain a copy of protected health information about you that is contained in a designated record set for as long as we maintain the protected health information in the designated record set. A “designated record set” contains medical and billing records and any other records that your healthcare provider and Empass Healthcare use for making decisions about you within 30 days of your request.
You have the right to obtain an electronic copy of your protected health information. An individual has the right to request and obtain a copy of his/ her protected health information maintained electronically in one or more designated record sets, if it is readily producible. If so, an electronic copy must be provided to the individual within 15 days.
Under federal law, however, you may not inspect or copy the following records; psychotherapy notes; and information compiled in reasonable anticipation of, or use in, a civil, criminal or administrative action or proceeding. Depending on the circumstances, a decision to deny access may be reviewable. Please contact our medical records department to request access to your medical or billing records or if you have questions about such access. If you request a copy of your information, we may charge a fee for the costs of copying, mailing and any other supplies associated with your request.
You have the right to request a restriction of your protected health information. This means you may ask us not to use or disclose any part of your protected health information other than for treatment, payment or healthcare operations. You may also request that any part of your protected health information not be disclosed to family members, friends or other individuals who may be involved in your care or payment for care or for notification purposes as described in this Notice. Your request must state the specific restriction requested and to whom you want the restriction to apply.
Your healthcare provider is not required to agree to restrictions you may request. If the healthcare provider believes it is in your best interest to permit use and disclosure of your protected health information, we will not agree to your request for restriction. If your healthcare provider does agree to the requested restriction, we may not use or disclose your protected health information in violation of that restriction unless it is needed to provide emergency treatment. With this in mind, please discuss any restriction you wish to request with your healthcare provider.
Your healthcare provider is required to agree to restrictions you may request for the following: If you request a restriction of disclosure to health plans for services or products paid for in full as “out-of-pocket” expenses, your healthcare provider must restrict such disclosures.
You have the right to request to receive confidential communication from us by alternative means or at an alternative location. You have the right to request that we communicate with you about medical matters by alternative means or at alternative locations. We will accommodate reasonable requests. We may also condition this accommodation by asking you for information as to how payment will be handled for such an accommodation or specification of an alternative address or other method of contact. We will not request an explanation from you as to the basis for the request. Please make this request in writing to our medical records department.
You may have the right to have your healthcare provider amend your protected health information. This means you may request an amendment of protected health information about you in a designated record set for as long as we maintain this information in the designated record set. In certain cases, we may deny your request for an amendment. If we deny your request for amendment, you have the right to file a statement of disagreement with us, and we may prepare a rebuttal to your statement; we will provide you with a copy of any such rebuttal.
Your request must be in writing. Please contact our medical records department with any questions about amending your medical record.
You have the right to receive an accounting of certain disclosures we have made, if any, of your protected health information. This right applies to disclosures for purposes other than treatment, payment or healthcare operations as described in this Notice. It excludes disclosures we may have made to you, in accordance with your authorization, for a hospital directory, to family members or friends involved in your care, or for notification purposes.
You have the right to receive specific information regarding these disclosures that occurred within six years prior to your request for information. You may request an accounting of disclosures for a shorter time frame. The right to receive this information is subject to certain exceptions, restrictions and limitations.
You have the right to obtain a paper copy of this Notice from us. You have the right to a paper copy of this Notice, even if you have agreed to receive the Notice electronically. You may ask us to give you a copy of this Notice at any time. To request a copy of this Notice, you may ask the director of HIMS.
You may file a complaint with us or with the Secretary of Health and Human Services if you believe your privacy rights have been violated by us. You may file a complaint with us by notifying our privacy officer of your complaint. We will not retaliate against you for filing a complaint.
You may contact our privacy officer at 505-389-2279 or email@example.com for further information about the complaint process.
4. CHANGES TO THIS NOTICE
We reserve the right to change this Notice and the revised or changed Notice will be effective for information we already have about you as well as any information we receive in the future. The current Notice will be posted in the facility and on our website and include the effective date. In addition, each time you are admitted to the hospital for treatment or healthcare service as an inpatient or outpatient, we will offer you a copy of the current Notice in effect.
For more information about this Notice of your privacy, you may contact our privacy officer at 505-389-2279 or firstname.lastname@example.org.
This Notice was published and becomes effective on September 1, 2018.