Notice of Privacy Practices for Patients of Jennie Stuart Health
Effective Date: August 2013
Please review this document carefully as it
describes how medical information about you may be used and disclosed. It also
describes how you can obtain access to your medical information.
Jennie Stuart Health ("Hospital"),
its medical staff, and its other healthcare providers are part of a team whose
goal is to provide quality care to our patients. Sharing information among the
physicians and other healthcare providers and appropriate staff members makes
it possible to provide the best care possible. All of the staff members working
in the hospital setting have agreed to abide by this Notice of Privacy
Practices (NPP) while working in the Hospital’s facilities.
The Hospital creates a record of
the care and services you receive in the Hospital and in other Hospital
facilities. Your medical records and billing information are created and
retained on a computer system that includes Electronic Health Records. That
system is accessible to Hospital personnel and members of the medical staff,
and these persons are able to access and use your Protected Health Information
to carry out treatment, payment, or Hospital operations. The Hospital uses certain
safeguards, such as personnel training, written policies, password protection,
and document encryption, to prevent improper access or useof information maintained on our computer system.
We are required by law to
protect your privacy and the confidentiality of your Protected Health
Information, to provide you with notice of our legal duties and privacy practices,
and to notify you in the event of any breach of unsecured protected health
information about you. This NPP describes your rights and our legal duties
regarding your Protected Health Information.
Definitions:
- Protected Health Information or PHI is your personal and protected health information that we use to provide your treatment, to bill for the services we provide, and to carry out administrative duties of the Hospital.
- Privacy Officer is the individual at the Hospital who is responsible for developing and implementing all Hospital policies and procedures relating to your PHI and for receiving and investigating any concerns or complaints you may have about the use or disclosure of your PHI. While you are in the Hospital, you may contact the Privacy Officer by dialing the Hospital Operator, or asking a Hospital staff member to contact the Privacy Officer for you. Outside of the hospital, you may contact the Privacy Officer by calling the hospital’s main number and asking the Operator to connect you. Your treatment will not be negatively affected, and you will not be retaliated against for expressing a concern or making a complaint to the Privacy Officer.
- Business Associate is an individual or business independent of the Hospital that works for the Hospital to help provide the Hospital or you with services. For example, if the Hospital used an outside company to file patients’ insurance claims, that company would be a Business Associate. Business Associates who have access to your PHI have a legal obligation to protect it from improper use or disclosure.
- Authorization. We will obtain your permission to use or disclose your protected health information for purposes other than for your treatment, to obtain payment of your bills and for health care operations of this hospital.
- Disclosure means releasing or giving your PHI to another party.
- Health Information Network. The Hospital may participate in a digital health information exchange with other healthcare providers and health plans, in which your patient data would be sent to a secure electronic network and would be accessible to other network members who were also treating you, those who pay for your care, and for operational purposes. Any such network would be committed to protecting the privacy of your information.
Uses of your Protected Health Information that do not Require your Authorization
Jennie Stuart Health may
use and disclose your PHI, without
your authorization, for the following treatment, payment, and healthcare
operations:
- Treatment. The Hospital may use your PHI to provide you with medical treatment or services. We may disclose your PHI to doctors, nurses, technicians, medical students, or other hospital personnel who are involved in taking care of you at the Hospital. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to tell the dietitian if you have diabetes so that we can arrange for appropriate meals. Different departments of the Hospital also may share your PHI in order to coordinate the different services you need, such as prescriptions, lab work, and x-rays. We also may disclose your PHI to individuals outside of the Hospital who will be providing your follow-up care. For example, we may disclose PHI about your treatment at the Hospital to your primary care doctor so he or she may provide for your care.
- Payment. We may use and disclose your protected health information when billing your insurance company in order to receive payment for the treatment and services you received at the hospital. We may also give your protected health information to your insurance company in order to obtain a pre-certification for future treatment. We may also provide your physicians or their billing agents with information so they can send bills to your insurance company or to you.
- Healthcare Operations. We may use and disclose your PHI for the Hospital’s healthcare operations. These uses and disclosures are necessary to run the Hospital and make sure that all of our patients receive quality care. For example, we may use PHI about your high blood pressure to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine the PHI of many Hospital patients to decide what additional services the Hospital should offer, what services are not needed, and whether certain new treatments are effective. We may also combine the PHI of our patients with the PHI of patients from other hospitals to compare our services with those at other facilities and to see what improvements we can make in the services we offer. For example, we may combine the PHI of the Hospital patients who have high blood pressure to compare it with the PHI of other hospitals’ patients with high blood pressure, so that we can make improvements in the care and services that the Hospital provides to these patients.
- Business Associates.We may disclose your protected health information to Business Associates independent of the Hospital with whom we contract to provide services on our behalf. However, we will only make these disclosures if we have received satisfactory assurance that the Business Associate and any subcontractors will properly safeguard your privacy and the confidentiality of your protected health information. For example, we may contract with a company outside of the Hospital to provide accounting or billing services for the Hospital.
Uses of your Protected Health Information that Require Authorization or an Opportunity to Object
Jennie
Stuart Health may use and disclose your PHI, with your authorization or subject to your right to object, for the
following purposes:
- Appointment Reminders. We may use and disclose your PHI to contact you with a reminder that you have an appointment for treatment or medical care at the Hospital. This may be done through an automated system or by one of our staff members. If you are not at home, we may leave this information on your answering machine or in a message left with the person answering the telephone. You have the right to stop appointment reminders by notifying us of your decision in writing.
- Health Related Benefits and Services. We may use and disclose your PHI to tell you about health-related benefits or services or to recommend possible treatment options or alternatives that may be of interest to you. You may notify us in writing if you wish to restrict the manner in which we tell you about such benefits or services, for example, if you do not want to be contacted at home, or if you prefer to be contacted by mail.
- Hospital Directory. We may include limited information about you in the Hospital directory while you are a patient in the Hospital. This information may include your name, location in the Hospital, your general condition (e.g., good, fair, serious, or critical) and your religious affiliation. Except for your religious affiliation, this information may be disclosed to individuals who ask for you by name. Your religious affiliation may be disclosed to a member of the clergy, such as a priest or rabbi, even if they don’t ask for you by name. This is so your family, friends, and clergy can visit you in the Hospital and generally know how you are doing. You may ask not to be included in the Hospital directory by notifying admitting personnel or contacting the Privacy Officer.
- Individuals Involved in Your Care or Payment for Your Care. We may disclose to a family member, close friend, or other individual you identify, the PHI that is directly relevant to that person’s involvement in your healthcare and/or payment for your healthcare. For example, we may go over your discharge instructions with the person who will be caring for you when you leave the Hospital. We may also disclose protected health information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
- Disclosure after Death.We may disclose relevant PHI to persons who were involved in your care or payment for your care, following your death. If you know you do not want that information shared in the future, you may object to these disclosures by notifying the Privacy Officer.
- Research. Under certain circumstances, the Hospital may use and disclose your PHI for research purposes. For example, a research project may involve comparing the health of patients who received one medication to those who received another for the same condition. All research projects, however, are subject to a special approval process. This process evaluates a proposed research project and its use of PHI, trying to balance the needs of research with patients’ need for privacy of their PHI. Before we use or disclose medical information for research, the project will have been approved through this approval process. We may, however, disclose PHI about you to people preparing to conduct a research project, to help them look for patients with specific medical needs or conditions, so long as the PHI they review does not leave the hospital. We will almost always ask for your specific permission if the researcher will have access to your name, address, or other information that reveals who you are, or will be involved in your care at the Hospital.
- As Required by Law. We will disclose PHI about you when required to do so by federal, state, or local law. For example, Kentucky law requires us to report any births or deaths that occur in the hospital to the Kentucky Department of Public Health.
- To Avert a Serious Threat to Health or Safety. The Hospital and its professional staff may use and disclose your PHI when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat. Any disclosure will be made only to someone who is likely to be able to prevent or reduce the threat.
- Organ and Tissue Donations. If you are an organ donor, we may release your PHI to organizations that handle organ donations or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
- Military. If you are a member of the armed forces, the Hospital and its professional staff may release your PHI as required by military command authorities. We may also release PHI about foreign military personnel to the appropriate foreign military authority.
- Workers Compensation. We may release PHI about you for workers’ compensation or similar programs as authorized by state laws. These programs provide benefits for work-related injuries or illness.
- Public Health Risks. We may disclose PHI about you for public health activities, to, for example:
- prevent or control disease, injury or disability;
- report births and deaths;
- report child abuse or neglect;
- report reactions to medications or problems with products;
- notify people of recalls of products they may be using;
- notify the Kentucky Department of Public Health that a person may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
- notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence, if you agree or when required by law.
- Health Oversight Activities. The Hospital and its professional staff may disclose PHI to a health oversight agency for activities necessary for the government to monitor the healthcare system, government programs, and compliance with applicable laws. These oversight activities include, for example, audits, investigations, inspections, medical device reporting, and licensure.
- Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose PHI about you in response to a court or administrative order. We may also disclose PHI about you in response to a court order, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you or your representative about the request or to obtain an order protecting the information requested.
- Law Enforcement. We may release your PHI if asked
Your Rights Regarding Your Protected Health Information
You have the following rights regarding the PHI we maintain about you:
- Right to Inspect and Copy. You have the right to inspect and request a copy of your PHI maintained in the "designated record set," except as prohibited by law. The "designated record set" is the PHI in your medical and billing records used to make decisions about your care and payment for your care, as determined by the Hospital. You also have the right to authorize third parties (such as a family member) to obtain your PHI.
To inspect and/or request a copy of your PHI in the designated record set, you must submit your request in writing on an approved Authorization form. You may obtain an Authorization form by contacting the Privacy Officer. If you request a copy of your PHI, we may charge a reasonable fee to offset the costs associated with your request. You will be advised of any applicable fees at the time you make your request.
We may deny your request to inspect and copy in certain circumstances. If you are denied access to certain PHI, you may request that the denial be reviewed. Another licensed health care professional chosen by the Hospital will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
- Right to Amend. If you believe that PHI we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Hospital. To request an amendment, your request must be made in a writing that states the reason for the request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that: - was not created by the Hospital or its professional staff, unless the person or entity that created the information is no longer available to make the amendment;
- is not part of the PHI kept by or for the Hospital;
- is not part of the information which you would be permitted to inspect and copy; or
- is accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request one free accounting every 12 months of certain disclosures we have made of your PHI. This accounting does not include disclosures made:
- To carry out treatment, payment, or healthcare operations;
- To you, of your own PHI;
- Incident to a use or disclosure permitted by law;
- Pursuant to your signed Authorization;
- For national security or intelligence purposes;
- To correctional institutions or law enforcement officials;
- For your inclusion in the Hospital directory;h. As part of a limited data set not including your individually identifiable information; or
- Right to Request Restrictions. You have the right to request a restriction or limitation on the PHI we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the PHI we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery you had. You also have a right to request that we restrict disclosures to a health plan or insurance company if the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you (or a person other than the health plan or someone else on your behalf) have paid the Hospital in full.
In certain circumstances, we are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.
To request restrictions, you must make your request in writing. We will assist you or provide you with a form for this purpose upon request. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply. - Right to Request Confidential Communications. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.
To request confidential communications, you must make your request in writing. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. (For example, if request that we only contact you at work, you must provide us with your work contact information.) - Right to a Paper Copy of This NPP. You have the right to a paper copy of this NPP. You may ask us to give you a copy of this NPP at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
To obtain a paper copy of this notice, contact:
Privacy Officer
Jennie Stuart Medical Center
PO Box 2400
Hopkinsville, KY 42240
(270) 887-0100 ext. 6834
You may download a copy of this NPP to the right above.
Changes to this Notice
We reserve the right to change this privacy notice. We reserve the right to make the revised or changed
notice effective for PHI we already have about you as well as any PHI we
receive in the future. We will post a
copy of the current NPP in the hospital and on our website. The effective date of the NPP will be on the
first page, near the top. In addition,
each time you register at the Hospital for treatment or health care services we
will make available to you a copy of the current NPP.
Authorization for Other Uses of Protected Health Information
Other uses and disclosures of
PHI that are not covered by this notice or the laws that apply to us will be
made only with your written Authorization.
If you provide us Authorization to use or disclose PHI about you, you
may revoke that Authorization, in writing, at any time. If you revoke your Authorization, we will no
longer use or disclose PHI about you for the reasons covered by your written
Authorization. You understand that we
are unable to take back any disclosures we have already made with your Authorization,
and that we are required to retain our records of the care that we provided to
you.
Complaints
If you believe your privacy rights have been violated, you may file a written complaint with the Hospital Privacy Officer or with the Office for Civil Rights at the U.S. Department of Health and Human Services.To file a written complaint with
the Hospital, write:
Privacy Officer
Jennie Stuart Medical Center
PO Box 2400
Hopkinsville, KY 42240
(270) 887-0100 ext. 6834
To file a complaint with the
Office for Civil Rights, contact:
Office for Civil Rights
U.S. Department of Health and
Human Services
or
Office for Civil Rights, DHHS
Sam Nunn Atlanta Federal Center,
Suite 16T
7061
Forsyth Street, S.W.
Atlanta, GA 30303-8909
You
will not be penalized or retaliated against for filing a complaint.