Notice of Privacy Practices
NOTICE OF PRIVACY PRACTICES
This Notice Describes How Medical Information about You May Be Used and Disclosed and How You Can Get Access to This Information
PLEASE REVIEW CAREFULLY.
If you have any questions about this notice, please contact the Facility Privacy Officer at the contact information listed at the end of this notice.
Who Will Follow This Notice: This notice describes the facility’s practices and that of:
- Any health care professional authorized to enter information into your facility chart.
- All departments and units of the facility, including outpatient facilities.
- Any member of a volunteer group allowed to help you while you are in the facility.
- All employees, staff, agents and other facility personnel.
- Health care providers and their authorized representatives that are members of the facility’s organized health care arrangement, or “OHCA.” These health care providers and their authorized representatives will be operationally and/or clinically integrated with the facility, or will otherwise be permitted by law to receive your information. For example, to the extent permitted by law and in accordance with our policies, the facility will share your medical information with physicians who are members of the facility’s medical staff, even if the physician is not employed by the facility.
- All entities, sites and locations within this facility’s system will follow the terms of this notice. They also may share medical information with each other for treatment, payment and health care operations purposes.
- The facility may participate in one or more shared electronic medical records (SEMRs) with other health care providers for treatment, payment, and healthcare operations purposes. SEMR participants who do not follow this notice will follow their own notice of privacy practices.
Our Pledge Regarding Medical Information: We understand that medical information about you and your healthcare is personal. We are committed to protecting medical information about you. A record is created of the care and services you receive at this facility. This record is needed to provide the necessary care and to comply with legal requirements. This notice applies to all of the records of your care generated by the facility. The terms “information” and “medical information” in this notice include any information that we maintain that reasonably can be used to identify you and that relates to your physical or mental health condition, the provision of health care to you, or the payment for your health care. Your personal physician may have different policies or notices regarding the physician’s use and disclosure of your medical information in the physician’s office or clinic.
This notice will tell about the ways in which the facility may use and disclose medical information about you. Also described are your rights and certain obligations we have regarding the use and disclosure of medical information.
The law requires the facility to:
- Make sure that medical information that identifies you is kept private;
- Inform you of our legal duties and privacy practices with respect to medical information about you;
- Notify you if unsecured medical information about you is affected by a breach; and
- Follow the terms of the notice that is currently in effect. This notice is effective as of September 23, 2013.
HOW THE FACILITY MAY USE and DISCLOSE YOUR MEDICAL INFORMATION:
The following categories describe different ways we may use and disclose medical information about you. Not every possible use or disclosure within a category will be listed or explained. However, all of the ways we are permitted to use and disclose medical information will fall within one of these categories. Except with respect to Highly Confidential Information (described below), we are permitted to use and disclose your health information for the following purposes:
- Treatment. Your medical information may be used to provide you with medical treatment or services. This medical information may be disclosed to physicians, nurses, technicians, and others involved in your care, including employees, contractors, volunteers, students and interns at the facility or outside the facility. This includes using and disclosing your information to treat your illness or injury, to contact you to provide appointment reminders or to give you information about treatment options or other health related benefits and services that may interest you.
- For example: A physician treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. The physician may need to tell the dietitian about the diabetes so appropriate meals can be arranged. Different departments of the facility may also share medical information about you in order to coordinate your different needs, such as prescriptions, lab work and X-Rays. The facility also may disclose medical information about you to people outside the facility who may be involved in your medical care after you leave the facility, such as family members, home health agencies, and others who provide services that are part of your care.
- Payment. Your medical information may be used and disclosed so that the treatment and services received at the facility may be billed and payment may be collected from you, your insurance company and/or a third party.
- For example: To the extent insurance will be responsible for reimbursing the facility for your care, the health plan or insurance company may need information about surgery you received at the facility, so they can provide payment for the surgery. Information may also be given to someone who helps pay for your care. Your health plan or insurance company may also need information about a treatment you are going to receive to obtain prior approval or to determine whether they will cover the treatment.
Please note we will comply with your request not to disclose your health information to your health plan if the information relates solely to a healthcare item or service for which you have paid out of pocket and in full to us. This restriction does not apply to the use or disclosure of your health information for your medical treatment.
- Health Care Operations. Your medical information may be used and disclosed for purposes of furthering day-to-day facility operations. These uses, and disclosures, are necessary to run the facility and to monitor the quality of care our patients receive.
- For example: Subject to any limitations described in this notice, your medical information may be:
- Reviewed to evaluate the treatment and services performed by our staff in caring for you, including peer review bodies or accreditation organizations.
- Combined with that of other facility patients to decide what additional services the facility should offer, what services are not needed, and whether certain new treatments are effective.
- Disclosed to physicians, nurses, technicians, and students for review and learning purposes.
- Disclosed to accountants, attorneys, consultants, and others to make sure we comply with applicable laws.
- Combined with information from other facilities to compare how we are doing and see where we can improve the care and services offered. Information that identifies you in this set of medical information may be removed so others may use it to study health care and health care delivery without knowing who the specific patients are.
- Organized Health Care Arrangement: The covered entities participating in an OHCA with the facility will share protected health information with each other, as necessary to carry out treatment, payment, or health care operations relating to the OHCA.
- Limited Data Sets and De-Identified Information: We may use or disclose medical information about you to create a Limited Data Set or de-identified data, and use and disclose such information as permitted by law.
- Census Information: Limited information about you may be used in the census report or patient directory while you are a patient at the facility. This information may include your name, location in the facility, and general condition. Additionally, your religious affiliation may be disclosed to members of the clergy. You may restrict of prohibit some or all of the uses or disclosures of this information through the census report or patient directory by notifying the Facility Privacy Officer or another hospital designated individual.
- Individuals Involved in Your Care. Under certain circumstances, we may share your medical information with a family member, guardian or other individuals involved in your care. They may also be told about your condition unless you have requested additional restrictions. In addition, your medical information may be disclosed to an entity assisting in a disaster relief effort, so your family can be notified about your condition, status, and location. Additionally, we may disclose medical information to a person or entity that will assist in notifying a patient’s family member of the patient’s location, general condition, or death.
- Research. Under certain circumstances, your medical information may be used and disclosed for research purposes. Federal law permits use of medical information for research purposes either with patient authorization or with approval by an Institutional Review Board or privacy board before any research study begins. In some situations, limited information may be used before approval of the research study to allow a researcher to determine feasibility of the research. Institutional Review Boards and privacy boards follow a special review process to protect patient privacy, safety, and welfare.
- Marketing Activities. We may, without obtaining your authorization and so long as we do not receive payment from a third party for doing so, 1) provide you with marketing materials in a face-to-face encounter, 2) give you a promotional gift of nominal value, or 3) tell you about our own health care products and services. We will ask your permission to use your medical information for any other marketing activities or for any disclosure which constitutes a sale of your medical information.
- Fundraising. We may, in some circumstances, perform fundraising activities to raise funds for the facility. You also have the right to opt out of receiving this type of communication.
- Business Associates. There are some services provided by the facility through contracts with business associates. For example, the copy service we use when making copies of your records may be a business associate. When these services are contracted, we may disclose medical information to our business associates so that they may perform the job we have asked them to do.
- Participation in Health Information Exchanges. We may participate in one or more health information exchanges (HIEs) and may electronically share your health information for treatment, payment and permitted healthcare operations purposes with other participants in the HIE – including entities that may not be listed under “Who Will Follow This Notice” on the first page of this notice. Depending on State law requirements, you may be asked to “opt-in” in order to share your information with HIEs, or you may be provided the opportunity to “opt-out” of HIE participation. HIEs allow your health care providers to efficiently access and use your pertinent medical information necessary for treatment and other lawful purposes. We will not share your information with an HIE unless both the HIE and its participants are subject to HIPAA’s privacy and security requirements.
- As Required by Law. Your medical information will be disclosed when required to do so by federal, state, or local authorities, laws, rules and/or regulations.
- Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, your medical information will be disclosed in response to a court or administrative order. We may also disclose your medical information in response to a subpoena, discovery request, or other lawful process when we are legally required to respond.
- Law Enforcement. Your medical information may be disclosed if requested by a law enforcement official:
- In response to a court order, subpoena, warrant, summons or similar process;
- To identify or locate a suspect, fugitive, material witness, or missing person;
- About the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement;
- About a death we believe may be the result of criminal conduct;
- About criminal conduct on the facility’s premises; or
- In emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
- National Security and Intelligence Activities. Your medical information will be released to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
- Protective Services for the President and Others. Your medical information may be disclosed to authorized federal officials, so they may provide protection to the President, other authorized persons or foreign heads of state or conduct special investigations.
- Serious Threat to Health or Safety. Your medical information may be used and disclosed when consistent with applicable law and ethical standards in order to prevent or lessen a serious and imminent threat to the health and safety of the public or a person. Any disclosure, however, would only be to someone able to lessen or prevent the threat.
- Health Oversight Activities. Your medical information may be disclosed to a health oversight facility for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
- Organ and Tissue Donation. If you are an organ or tissue donor, your medical information may be released to organizations that handle organ procurement or organ, eye and tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
- Medical Devices. Your social security number and other required information will be released in accordance with federal laws and regulations to the manufacturer of any medical device(s) you have implanted or explanted during this hospitalization and to the Food and Drug Administration, if applicable. This information may be used to locate you should there be a need with regard to such medical device(s).
- Military and Veterans. If you are a member of the armed forces, your medical information may be released as required by military command authorities. If you are a member of the foreign military personnel, your medical information may be released to the appropriate foreign military authority.
- Workers’ Compensation. If you seek treatment for a work-related illness or injury, we may disclose medical information in accordance with state-specific laws regarding workers’ compensation claims or other similar programs, established by law, that provide benefits for work-related injuries or illness without regard to fault.
- Public Health Activities. Your medical information may be used and disclosed for public health activities. These activities generally include the following:
- To prevent or control disease, injury or disability;
- To report births and deaths;
- To report suspected child abuse or neglect;
- To report reactions to medications or problems with products;
- To notify people of recalls of products they may be using;
- To notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
- To notify the appropriate government authority if we believe a patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if you agree or when required or authorized by law.
- Coroners, Medical Examiners, and Funeral Directors. Your medical information may be released to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients of the facility to funeral directors as necessary to carry out their duties.
- Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official. This release would be necessary for the following reasons:
- For the institution to provide you with health care;
- To protect the health and safety of you and others;
- For the safety and security of the correctional institution.
HIGHLY CONFIDENTIAL INFORMATION:
Federal and/or State law require special privacy protections for certain highly confidential information about you, including your health information that is maintained in psychotherapy notes. Similarly, Federal and/or State law may provide greater protections than HIPAA for the following types of information, in which case we will comply with the law that provides your information with the greatest protection and you with the greatest privacy rights: (1) mental health and developmental disabilities; (2) alcohol and drug abuse prevention, treatment and referral; (3) HIV/AIDS testing, diagnosis or treatment; (4) communicable diseases; (5) genetic testing; (6) child abuse and neglect; (7) domestic or elder abuse; and/or (8) sexual assault. In order for your highly confidential information to be disclosed for a purpose other than those permitted or required by law, your written authorization is required.
YOUR WRITTEN AUTHORIZATION:
We will first obtain your written authorization before using or disclosing your medical information for any purpose not described above, including disclosures that constitute the sale of protected health information or for marketing communications paid for by a third party (excluding refill reminders, which the law permits without your authorization). If you provide the facility permission to use or disclose your medical information, you may revoke that permission, in writing to the Facility Privacy Officer, at any time. If you revoke your permission, we will no longer use or disclose your medical information for the reasons covered in your written authorization. You understand that we are unable to take back any disclosures already made with your permission, and that we are required to retain our records of the care that the facility provided to you.
- Changes To This Notice. We reserve the right to change this notice and make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. The facility will post a current copy of the notice with the effective date. In addition, each time you register at, or are admitted to, the facility for treatment or health care services as an inpatient or outpatient, we will offer you a copy of the current notice in effect.
- Complaints. You will not be retaliated against for filing a complaint. If you believe your privacy rights have been violated, you may file a complaint with the facility and/or with the Secretary of the Department of Health and Human Services. Some States may allow you to file a complaint with State’s Attorney General, Office of Consumer Affairs or other State agency as specified by applicable State law. To file a complaint with the facility, submit your complaint to the facility’s Privacy Officer in writing at the address at the end of this notice. The facility’s Privacy Officer can provide you with contact information for the Secretary of the Department of Health and Human Services as well as the State agency or agencies authorized to accept your complaints.
YOUR RIGHTS REGARDING YOUR MEDICAL INFORMATION:
You have the following rights regarding medical information the facility maintains about you:
** NOTE: All Requests Must Be Submitted in Writing to the Facility Privacy Officer.
- Right to Request Access to Your Health Information. You have the right to inspect and copy medical information that may be used to make decisions about your care for as long as we maintain such information. Such access will be granted by the facility in accordance with applicable law.
To inspect and copy medical information or to receive an electronic copy of the medical information, you must submit a written request. You may direct the facility to transmit the copy to another entity or person that you designate provided the choice is clear, conspicuous, and specific. If you request a paper copy of your information, we may charge a fee for the cost of copying, mailing or other supplies associated with your request.
If the facility uses or maintains an electronic health record with respect to your medical information, you have the right to obtain an electronic copy of the information if you so choose. The facility may charge a fee equal to its labor cost in providing the electronic copy (e.g., costs may include the cost of a flash drive, if that is how you request a copy of your information be produced). If you request an electronic copy of your information, we will provide the information in the format requested if it is feasible to do so. Please be aware that if you request us to share medical information by unencrypted e-mail, there is some risk that it could be read or accessed by a third party. We will confirm that you want to receive medical information by unencrypted e-mail before sending it to you.
We may deny your request to inspect and copy in some limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Depending on the reason for the denial, another licensed health care professional, other than the person who denied your request, may be chosen by the facility to review your request and the denial. The facility will comply with the outcome of the review.
- Right to Amend. If you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment as long as the information is kept by or for the facility.
To request an amendment, you must submit a written request to the Facility Privacy Officer. You must also provide a reason that supports your request.
Your request for an amendment may be denied if:
- Your request is not in writing or does not include a reason to support the request;
- The medical information was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- The medical information is not part of the medical information kept by or for the facility;
- The medical information is not part of the information you would be permitted to inspect and copy; or
- The medical information is accurate and complete.
- Right to an Accounting of Disclosures. You have the right to request an “accounting of disclosures.” This is a list of certain disclosures we made outside of the facility of your medical information.
To request this list or accounting of disclosures:
- You must submit your request in writing to the Facility Privacy Officer or Health Information Management (HIM) Department on the Written Request For Accounting of Disclosures Form.
- Your request must state a time period, which may not be longer than six years and may not include dates before April 14, 2003.
- Your request should indicate in what form you want the list (for example, on paper, electronically).
The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
- Right to Request Restrictions. You have a right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations, except for in the case of emergency. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member. However, we are not legally required to agree to such a restriction and we reserve the right to deny such request for any reason, including that a restriction of your information may hinder your quality of care. For any agreement to a restriction to be binding on the facility, it must be in writing and signed by the Facility Privacy Officer (FPO) and the Health Information Management (HIM) Director.
To request restrictions, you must make your request in writing to the FPO or HIM Director on the Written Request for Restrictions Form. In your request, you must tell us:
- What information you want to limit;
- Whether you want to limit our use, disclosure or both;
- To whom you want the limits to apply, for example, disclosures to your spouse.
- Right to Request Confidential Communication. You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. To request confidential communications, you must make your request in writing to the Facility Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.
- For example: You can ask that we only contact you at your work or cell phone number or by mail to a specific address.
- Right to Be Notified of Breach. We will notify you if we or our business associate discovers a breach of your unsecured protected health information.
- Right to a Paper Copy of This Notice. You have the right to a paper copy of this notice. You may ask us to give you a copy at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
Vista Health complies with applicable Federal civil rights laws and does not discriminate on the basis of race, color, national origin, age, disability, or sex.
If you have any questions about this notice, please contact the Facility Privacy Officer at 1-618-998-7000. Additionally, you can contact the FPO in writing at the following address:
VISTA MEDICAL CENTER
Facility Privacy Officer
1324 N. SHERIDAN ROAD
WAUKEGAN, IL 60085