Effective Date of this Notice: March 24, 2003
As Required by the Privacy Standards of the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
THIS PRIVACY NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU (AS A PATIENT OF THE HOSPITAL) MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW THIS PRIVACY NOTICE CAREFULLY
I. OUR COMMITMENT TO YOUR PRIVACY
Stephens County Hospital is committed to maintaining the privacy of your protected health information (PHI). The terms of this Privacy Notice apply to all records containing your PHI that are created or retained by the Hospital. We are required by federal and state law to maintain the privacy of your PHI maintained in such records. We are also required by law to provide you with this Privacy Notice of our legal duties and the privacy practices that we have established and which we maintain in the Hospital concerning your PHI. We must follow the terms of the Privacy Notice that we have in effect at the time.
This Privacy Notice provides you with the following important information:
• How we may use and disclose your PHI.
• Your privacy rights with respect to your PHI.
• Our obligations concerning the use and disclosure of your PHI.
• Important contact information.
II. CHANGES TO THIS PRIVACY NOTICE
We reserve the right to revise or amend this Privacy Notice. Any revision or amendment to this Privacy Notice will be effective for all your records that the Hospital has created or maintained in the past, and for any of your records that we may create or maintain in the future. We will post a copy of our current Notice in the Hospital in a visible location at all times. You may request a copy of our most current Notice at any time.
III. WE MAY USE AND DISCLOSE YOUR PROTECTED HEALTH INFORMATION (PHI) IN THE FOLLOWING WAYS
The following categories describe and give some examples of the different ways in which we may use and disclose your PHI. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose PHI will fall within one of the categories listed below.
1. Treatment. We may use your PHI to provide hospital services to you. For example, we may provide x-rays or diagnostic tests at the request of your attending physician. Your physician may use the results to reach a diagnosis, in which case the Hospital would use the test results to provide necessary services to treat your injury or illness. We will also provide your physician or a subsequent healthcare provider with copies of various reports that should assist him/her in treating you once you are discharged from this hospital.
2. Payment. We may use and disclose your PHI in order to bill and collect payment from you, Medicare or Medicaid, an insurance company, or other designated third party payor, for the treatment and services we provide to you. For example, we may contact your health plan to certify that you are eligible for benefits, and we may provide your plan with details regarding your treatment to determine if the plan will cover, or pay for, your treatment.
3. Healthcare Operations. We may use and disclose your PHI to operate our business. For example, the Hospital may use your PHI to conduct quality assessment and improvement activities, review the performance of physicians on our Medical Staff or of our healthcare professionals employed by the Hospital, or for general management or business planning for the Hospital. This information will then be used in an effort to continually improve the quality and effectiveness of the healthcare and service we provide.
4. Medical Staff Members. Stephens County Hospital and the independent physicians and other health care providers who are members of a Stephens County Hospital facility’s medical staff are considered to be an organized health care arrangement under federal law for the specific purpose of sharing patient information. As such, Stephens County Hospital and its medical staff will share health information about patients necessary to carry out treatment, payment and health care operations. Although all independent medical staff members who provide care at Stephens County Hospital follow the privacy practices described in this Notice, they exercise their own independent medical judgment in caring for patients and they are solely responsible for their own compliance with the privacy laws. Stephens County Hospital and independent medical staff members remain completely separate and independent entities that are legally responsible for their own actions.
5. Health Information Exchanges (HIE). Health information exchanges allow health care providers, including Stephens County Hospital, to share and receive information about patients, which assists in the coordination of patient care. Stephens County Hospital participates in a HIE that may make your health information available to other providers, health plans, and health care clearinghouses for treatment or payment purposes. Your health information may be included in the HIE. We may also make your health information available to other health exchange services that request your information for coordination of your treatment and/or payment for services rendered to you. Participation in the HIE is voluntary, and you have the right to opt out.
6. Stephens County Hospital Directory. We may use or disclose health information about you in the patient directory while you are a patient at a Stephens County Hospital facility. This information may include your name, location in the facility, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The directory information, except for your religious affiliation, may be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they don’t ask for you by name. This is so your family, friends and clergy can visit you in the hospital and generally know how you are doing. You will be given the option not to be listed in the directory. If you choose not to be listed in the directory, we will not be able to tell any family or friends that you are in the facility, nor will we be able to tell flower couriers where you are located.
7. Organized Health Care Arrangement. Stephens County Hospital facilities are clinically integrated and part of an organized health care arrangement (OCHA) with its components and other Stephens County Hospital entities. Your health information may be disclosed between the hospital’s covered components and the hospital may disclose your health information to Stephens County Hospital entities if necessary to carry out treatment, payment or health care operations related to the OCHA. All components of the OCHA arrangement are required to abide by this Notice.
8. Appointment Reminders. We may use and disclose your PHI to contact you and remind you of an appointment for an inpatient admission or for scheduled outpatient services.
9. Communication with Individuals Involved in Your Care. Unless you object, Health Professionals, using their best judgement, may disclose to a family member, other relative, close personal friend or any other person you identify, health information relevant to that person’s involvement in your care or payment related to your care. As stated in Section V, you have the right to request restrictions on who receives your medical information. Therefore, if there are specific family members or other persons to whom you do not want your PHI disclosed, please let us know in the manner required by Section V. In addition, we may disclose health information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
10. Notification. We may use or disclose information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, your location, and general condition.
11. Business Associates. There are services provided in our organization through contracts with business associates. Examples include physician services in the Emergency Department, Radiology, and Pathology. When these services are contracted, we may disclose your health information to our business associate so that they can perform the job we’ve asked them to do and bill you or your third party for services rendered. So that your health information is protected however, we require the business associate to appropriately safeguard your information.
12. Fundraising Activities. The Hospital may use your PHI to contact you in an effort to raise money for our organization and its operations. We may disclose your PHI to a foundation related to our organization so that the foundation may contact you in raising money for our organization. In such cases, we would only release contact information; such as your name, address, and phone number and the dates you received treatment or services at the Hospital. If you do not want us to contact you for such fundraising efforts, you must notify the Quality Improvement Director/Privacy Officer .
IV. USE AND DISCLOSURE OF YOUR PHI IN CERTAIN SPECIAL CIRCUMSTANCES
The following categories describe special situations in which the Hospital may use or disclose your PHI:
1. As Required by Law. The Hospital will disclose PHI when required to do so by federal, state or local law.
2. Public Health Risks. The Hospital will disclose your PHI to public health or government authorities that are authorized by law to collect information for purposes such as, but not limited to, the following:
• Maintaining vital records, such as births and deaths.
• Reporting child abuse or neglect.
• Preventing or controlling disease, injury or disability.
• Notifying a person regarding potential exposure to a communicable disease.
• Notifying a person regarding a potential risk for spreading or contracting a disease or condition.
• Reporting reactions to drugs or problems with products or devices.
• Notifying appropriate government agency (ies) and authority (ies) regarding the potential abuse or neglect of an adult patient (including domestic violence); (however, we will only disclose this information if the patient agrees or we are required or authorized by law to disclose this information).
• Notifying your employer under limited circumstances required by law primarily relating to workplace injury or illness or medical surveillance.
3. Health Oversight Activities. The Hospital may disclose your PHI to a public health oversight agency for oversight activities authorized by law. Oversight activities can include, for example, investigations, inspections, audits, surveys, licensure and disciplinary actions, or other activities necessary for the government to monitor government programs, compliance with civil rights laws and the healthcare system in general.
4. Lawsuits and Similar Proceedings. The Hospital may use and disclose your PHI in response to a court or administrative order, if you are involved in a lawsuit or similar proceeding. The Hospital also may disclose your PHI in response to a discovery request, subpoena, or other lawful process by another party involved in a dispute, but only if the requesting party has made an effort to inform you of the request or to obtain a qualified protective order protecting the information the party has requested.
5. Law Enforcement. The Hospital may release PHI if asked to do so by appropriate law enforcement officials as permitted or required under the HIPAA privacy standards. Some of the circumstances under which the Hospital may release PHI to law enforcement protective officials include the following:
• The Hospital provides treatment for certain types of wounds and physical
injuries, as required by law.
• The Hospital provides treatment to a person believed to be a crime victim,
in certain situations.
• Where a patient of the Hospital has died, certain healthcare professionals at the Hospital suspect that the death was caused by criminal conduct.
• In circumstances where the Hospital reasonably suspects that criminal conduct occurred at the Hospital.
• In response to a warrant, summons, court order, subpoena or similar legal process.
• To assist in identifying or locating a suspect, material witness, fugitive or
• In an emergency, to report a crime (including the location or victim(s) of
the crime, or the description, identity or location of the perpetrator).
6. Coroners, Medical Examiners, and Funeral Directors. The Hospital may release PHI to a medical examiner or coroner to identify a deceased individual or to identify the cause of death. If necessary, we also may release information in order for funeral directors to perform their services.
7. Organ and Tissue Donation. Consistent with applicable law, we may disclose PHI to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
8. Serious Threats to Health or Safety. The Hospital may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, the Hospital will only make disclosures to a person or organization able to help prevent the threat.
9. Military. If you are a member (or veteran) of U.S. or foreign military forces, the Hospital may release your PHI as required by the appropriate authorities.
10. National Security. The Hospital may disclose your PHI to federal officials for intelligence and national security activities authorized by law. The Hospital also may disclose your PHI to federal officials in order to protect the President, other officials or foreign heads of state, or to conduct investigations.
11. Inmates. If you are an inmate of a correctional institution, or under the custody of law enforcement officials, the Hospital may disclose your PHI to such correctional institutions or law enforcement officials. Disclosure for these purposes would be necessary: (a) for the institution to provide healthcare services to you, (b) for the safety and security of the institution, and/or (c) to protect your health and safety or the health and safety of other individuals.
12. Workers Compensation. We may disclose health information to the extent authorized by and to the extent necessary to comply with laws relating to workers compensation or other similar programs established by law.
13. Research. Under certain circumstances, the Hospital may use and disclose your PHI for research purposes. For example, a research project may involve comparing the health and recovery of all patients who received one medication or one treatment protocol to those who received another, for the same condition. We will almost always ask for your permission before using or disclosing your PHI for research purposes. All research projects are subject to a special approval process. This process evaluates a proposed research project and its use of medical information, trying to balance the research needs with patients’ need for privacy of their medical information. Before we use or disclose PHI for research, the project will have been approved through this research approval process and only approved information will be used or disclosed. However, we may disclose PHI, without first going through the special approval process, to people preparing to conduct a research project (for example, to help them look for patients with specific medical needs that would possibly benefit from the study). In these situations, the medical information they review does not leave the Hospital and is not further used by the researcher.
V. YOUR RIGHTS REGARDING YOUR PHI
You have the following rights regarding the PHI that we maintain about you:
1. Requesting Restrictions. You have the right to request a restriction on the Hospital’s use or disclosure of your PHI for treatment, payment or healthcare operations. Additionally, you have the right to request that the Hospital restrict its disclosure of your PHI to only certain individuals involved in your care or the payment for your care, such as family members and friends. Note that the Hospital is not required to agree to your request. If Stephens County Hospital, does agree, however, the Hospital is bound by its agreement, except when otherwise required or permitted by law, or when the restricted information is necessary to treat you in an emergency. In order to request a restriction on our use or disclosure of your PHI, you must make your request to the QI Director/Privacy Officer at the Hospital , in accordance with the Hospital’s policies. Your request must be in writing and must describe in a clear and concise fashion:
- The information you wish restricted and how you want it restricted;
- Whether you are requesting to limit the Hospital’s use of your PHI, the Hospital’s disclosure of your PHI, or both; and
- To whom you want the limits to apply.
2. Confidential Communications. You have the right to request that the Hospital communicate with you about your health and related issues in a particular manner or at a certain location. For instance, you may ask that we contact you at home, rather than at work, or by mail, rather than by telephone. We will accommodate reasonable requests, but we are not required to accommodate all requests. In order to request a type of confidential communication, you must make a written request to the QI Director/Privacy Officer at the Hospital , specifying the requested method of contact, or the location where you wish to be contacted. You do not need to give a reason for your request.
3. Access and Copies. You have the right to inspect and obtain a copy of the PHI that we maintain about you, including patient medical records and billing records. Note, however, that you do not have the right to inspect or obtain a copy of psychotherapy notes maintained by the Hospital, or of certain other information that may be restricted by law or pursuant to a legal or administrative process or proceeding. You must submit your request in writing, to Stephens County Hospital , Medical Records, 163 Hospital Drive Toccoa, GA, 30577 , in order to inspect and/or obtain a copy of your PHI. The hospital may charge a fee for the costs of copying, mailing, labor and supplies associated with your request in accordance with Georgia Law. Please contact the Medical Records Department for information on such fees.
4. Right to Amend. If you feel that PHI that the Hospital maintains about you is incorrect or incomplete, you may ask the Hospital to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Hospital.
To request an amendment, your request must be in writing and submitted to the QI Director/Privacy Officer. In addition, the Hospital may deny your request if you request an amendment to information that:
- Was not created by the Hospital, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the medical information kept by or for the Hospital;
- Is not part of the information you would be permitted to inspect and copy; or
- Is accurate and complete
5. Accounting of Disclosures. You have the right to request an “accounting of disclosure”. An “accounting of disclosure” is a list of certain non-routine disclosures that the Hospital has made of your PHI for non-treatment or operations purposes. The Hospital is not required to provide you with an accounting of the following disclosures:
- Disclosures for treatment, payment or the healthcare operations of the Hospital;
- Disclosures to you;
- Disclosures incident to uses or disclosures of your information for permitted purposes;
- Disclosures that you have authorized us to make;
- Disclosures from the Hospital’s directory; to others involved in your care; or for notifying your family member or personal representative about your general condition, location, or death when you have had the opportunity to agree to such disclosures (or they were otherwise permitted);
- Disclosures for national security of law enforcement;
- Disclosures that were part of a “Limited Data Set” (which is a set of information containing only limited amounts of identifiable information, as permitted by the HIPAA Privacy Rules); or
- Disclosures that occurred prior to March 24, 2003.
In order to obtain an “accounting of disclosures”, you must submit your request in writing to the QI Director/Privacy Officer. All requests for an “accounting of disclosures” must state a time period, which may not be longer than six (6) years from the date of disclosure and may not include dates before March 24, 2003. The first list you request within a 12- month period is free of charge. The Hospital will notify you of the costs involved with additional requests, and you may withdraw or modify your request before you incur any costs.
6. Right to a Paper Copy of This Notice. You are entitled to receive a paper copy of our Notice of Privacy Practices. You may ask us to give you a copy of this notice at any time. To obtain a paper copy of this Notice, contact the QI Director/Privacy Officer.
7. Right to File a Complaint. If you believe that your privacy rights have been violated by the Hospital or by an employee of the Hospital, you may file a complaint with the Hospital or with the Secretary of the Department of Health & Human Services. Your complaint with the Secretary of the Department of Health and Human Services should be directed to http://www.hhs.gov/ocr/privacy/hipaa/complaints. You will not be penalized for filing a complaint.
Because we are always interested in improving the quality of services provided to you, we would encourage you to contact the hospital first. Any complaint should be made in writing to the QI Director/Privacy Officer. You will not be penalized for filing a complaint.
8. Right to Provide an Authorization for Other Uses and Disclosures. We will obtain your written authorization for uses and disclosures that are not identified by this Notice or permitted or required by applicable law. Any authorization you provide to us regarding the use and disclosure of your PHI may be revoked at any time in writing. After you revoke your authorization, we will no longer use or disclose your PHI for the reasons described in the authorization.
9. Right to Receive Notification of a Breach of Your Health Information. We have put in place reasonable processes and procedures to protect the privacy and security of your health information. If there is an unauthorized acquisition, access, use, or disclosure of your protected health information we will notify you as required by law. The law may not require notice to you in all cases. In some situations, even if the law does not require notification, we may choose to notify you.
IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE PLEASE CONTACT:
Tina DeBord, RHIA, QI Director/Privacy Officer
163 Hospital Drive
Toccoa , GA 30577
Telephone #: 706-282-4256 Fax#: 706-886-8045