HIPAA Privacy Notice
Updated May 13, 2003
THIS JOINT NOTICE IS BEING PROVIDED TO YOU ON BEHALF OF ST. BARNABAS HOSPITAL AND ITS MEDICAL STAFF WITH RESPECT TO SERVICES PROVIDED AT THE HOSPITAL FACILITIES. IT DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
St. Barnabas Hospital and its medical staff understand that your medical information is private and confidential. Further, we are required by law to maintain the privacy of “protected health information.” “Protected health information” includes any individually identifiable information that we obtain from you or others that relates to your past, present or future physical or mental health, the health care you have received, or payment for your health care.
As required by law, this notice provides you with information about your rights and our legal duties and privacy practices with respect to the privacy of protected health information. This notice also discusses the uses and disclosures we will make of your protected health information. We must comply with the provisions of this notice as currently in effect, although we reserve the right to change the terms of this notice from time to time and to make the revised notice effective for all protected health information we maintain. You can always request a written copy of our most current privacy notice from the Hospital or you can access it on our website at www.sbhny.org.
PERMITTED USES AND DISCLOSURE
We can use or disclose your protected health information for purposes of treatment, payment and health care operations. For each of these categories of uses and disclosures, we have provided a description and an example below. However, not every particular use or disclosure in every category will be listed.
1. Treatment means the provision, coordination or management of your health care, including consultations between health care providers relating to your care and referrals for health care from one health care provider to another. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process. In addition, the doctor may need to contact a physical therapist to create the exercise regimen appropriate for your treatment.
2. Payment means the activities we undertake to obtain reimbursement for the health care provided to you, including billing, collections, claims management, determinations of eligibility and coverage and other utilization review activities. For example, prior to providing health care services, we may need to provide information to your Third Party Payor about your medical condition to determine whether the proposed course of treatment will be covered. When we subsequently bill the Third Party Payor for the services rendered to you, we can provide the Third Party Payor with information regarding your care if necessary to obtain payment. Federal or State law may require us to obtain a written release from you prior to disclosing certain specially protected health information for payment purposes, and we will ask you to sign a release when necessary under applicable law.
3. Health care operations means the support functions of the Hospital, related to treatment and payment, such as quality assurance activities, case management, receiving and responding to patient comments and complaints, physician reviews, compliance programs, audits, business planning, development, management and administrative activities. For example, we may use your protected health information to evaluate the performance of our staff when caring for you. We may also combine health information about many patients to decide what additional services we should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical students and others for review and learning purposes. In addition, we may remove information that identifies you from your patient information so that others can use the de-identified information to study health care and health care delivery without learning who you are.
OTHER USES AND DISCLOSURES OF PROTECTED HEALTH INFORMATION
In addition to using and disclosing your information for treatment, payment and health care operations, we may use your protected health information in the following ways:
1. We may contact you to provide appointment reminders for treatment or medical care.
2. We may contact you to tell you about or recommend possible treatment alternatives or other health-related benefits and services that may be of interest to you.
3. We may disclose to your family or friends or any other individual identified by you protected health information directly related to such person’s involvement in your care or the payment for your care. We may use or disclose your protected health information to notify, or assist in the notification of, a family member, a personal representative, or another person responsible for your care, of your location, general condition or death. If you are present or otherwise available, we will give you an opportunity to object to these disclosures, and we will not make these disclosures if you object. If you are not present or otherwise available, we will determine whether a disclosure to your family or friends is in your best interest, taking into account the circumstances and based upon our professional judgment.
4. We may include certain limited information about you in the hospital directory while you are a patient at the Hospital. This information may include your name, location in the Hospital, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The directory information, except for your religious affiliation, may be released to people who ask for you by name. Your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they do not ask for you by name. This will allow your family, friends, and clergy to visit you in the Hospital and generally know how you are doing. You will have the opportunity to request that your information not be listed in the directory.
5. When permitted by law, we may coordinate our uses and disclosures of protected health information with public or private entities authorized by law or by charter to assist in disaster relief efforts.
6. We will allow your family and friends to act on your behalf to pick-up filled prescriptions, medical supplies, X-rays, and similar forms of protected health information, when we determine, in our professional judgment, that it is in your best interest to make such disclosures.
7. Subject to applicable law, we may make incidental uses and disclosures of protected health information. Incidental uses and disclosures are by-products of otherwise permitted uses or disclosures which are limited in nature and cannot be reasonably prevented.
8. We may contact you as part of our fund-raising and marketing efforts as permitted by applicable law.
9. We may use or disclose your protected health information for research purposes, subject to the requirements of applicable law. For example, a research project may involve comparisons of the health and recovery of all patients who received a particular medication. All research projects are subject to a special approval process which balances research needs with a patient’s need for privacy. When required, we will obtain a written authorization from you prior to using your health information for research.
10. We will use or disclose protected health information about you when required to do so by applicable law.
Note: In accordance with applicable law, we may disclose your protected health information to your employer if we are retained to conduct an evaluation relating to medical surveillance of your workplace or to evaluate whether you have a work-related illness or injury. You will be notified of these disclosures by your employer or the Hospital is required by applicable law.
Subject to the requirements of applicable law, we will make the following uses and disclosures of your protected health information:
1. Organ and Tissue Donation. If you are an organ donor, we may release health information to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
2. Military and Veterans. If you are a member of the Armed Forces, we may release health information about you as required by military command authorities. We may also release health information about foreign military personnel to the appropriate foreign military authority.
3. Worker’s Compensation. We may release health information about you for programs that provide benefits for work-related injuries or illnesses.
4. Public Health Activities. We may disclose health information about you for public health activities, including disclosures:
(a) to prevent or control disease, injury or disability;
(b) to report births and deaths;
(c) to report child abuse or neglect;
(d) to persons subject to the jurisdiction of the Food and Drug Administration (FDA) for activities related to the quality, safety, or effectiveness of FDA-regulated products or services and to report reactions to medications or problems with products;
(e) to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition;
(f) to notify the appropriate government authority if we believe that an adult patient has been the victim of abuse, neglect or domestic violence. We will only make this disclosure if the patient agrees or when required or authorized by law.
5. Health Oversight Activities. We may disclose health information to Federal or State agencies that oversee our activities. These activities are necessary for the government to monitor the health care system, government benefit programs, and compliance with civil rights laws or regulatory program standards.
6. Lawsuits and Disputes. If you are involved in a lawsuit or a dispute, we may disclose health information about you in response to a court or administrative order. We may also disclose health information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if the Hospital is given assurances that efforts have been made by the person making the request to tell you about the request or to obtain an order protecting the information requested.
7. Law Enforcement. We may release health information if asked to do so by a law enforcement official:
(a) In response to a court order, subpoena, warrant, summons or similar process;
(b) To identify or locate a suspect, fugitive, material witness, or missing person;
(c) About the victim of a crime under certain limited circumstances;
(d) About a death we believe may be the result of criminal conduct;
(e) About criminal conduct on our premises; and
(f) In emergency circumstances, to report a crime, the location of the crime or the victims, or the identity, description or location of the person who committed the crime.
8. Coroners, Medical Examiners and Funeral Directors. We may release health information to a coroner or medical examiner. Such disclosures may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release health information about patients to funeral directors as necessary to carry out their duties.
9. National Security and Intelligence Activities. We may release health information about you to authorized Federal officials for intelligence, counterintelligence, or other national security activities authorized by law.
10. Protective Services for the President and Others. We may disclose health information about you to authorized Federal officials so they may provide protection to the President or other authorized persons or foreign heads of state or may conduct special investigations.
11. Inmates. If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release health information about you to the correctional institution or law enforcement official. This release would be necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
12. Serious Threats. As permitted by applicable law and standards of ethical conduct, we may use and disclose protected health information if we, in good faith, believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or is necessary for law enforcement authorities to identify or apprehend an individual.
Note: HIV-related information, genetic information, alcohol and/or substance abuse records, mental health records and other specially protected health information may enjoy certain special confidentiality protections under applicable State and Federal law. Any disclosures of these types of records will be subject to these special protections.
OTHER USES OF YOUR HEALTH INFORMATION
Other uses and disclosures of protected health information not covered by this notice or the laws that apply to us will be made only with your permission in a written authorization. You have the right to revoke that authorization at any time, provided that the revocation is in writing, except to the extent that we already have taken action in reliance on your authorization.
1. You have the right to request restrictions on our uses and disclosures of protected health information for treatment, payment and health care operations. However, we are not required to agree to your request. To request a restriction, you must make your request in writing to Department of Medical Records.
2. You have the right to reasonably request to receive confidential communications of protected health information by alternative means or at alternative locations. To make such a request, you must submit your request in writing to Department of Medical Records.
3. You have the right to inspect and copy the protected health information contained in your medical and billing records and in any other Hospital records used by us to make decisions about you, except:
(a) for psychotherapy notes, which are notes that have been recorded by a mental health professional documenting or analyzing the contents of conversations during a private counseling session or a group, joint or family counseling session and that have been separated from the rest of your medical record;
(b) for information compiled in reasonable anticipation of, or for use in, a civil, criminal, or administrative action or proceeding;
(c) for protected health information involving laboratory tests when your access is restricted by law;
(d) if you are a prison inmate, obtaining a copy of your information may be restricted if it would jeopardize your health, safety, security, custody, or rehabilitation or that of other inmates, or the safety of any officer, employee, or other person at the correctional institution or person responsible for transporting you;
(e) if we obtained or created protected health information as part of a research study, your access to the health information may be restricted for as long as the research is in progress, provided that you agreed to the temporary denial of access when consenting to participate in the research;
(f) for protected health information contained in records kept by a Federal agency or contractor when your access is restricted by law; and
(g) for protected health information obtained from someone other than us under a promise of confidentiality when the access requested would be reasonably likely to reveal the source of the information.
In order to inspect and copy your health information, you must submit your request in writing to Department of Medical Records at our Hospital. If you request a copy of your health information, we may charge you a fee for the costs of copying and mailing your records, as well as other costs associated with your request.
We may also deny a request for access to protected health information if:
(i) a licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to endanger your life or physical safety or that of another person;
(ii) the protected health information makes reference to another person (unless such other person is a health care provider) and a licensed health care professional has determined, in the exercise of professional judgment, that the access requested is reasonably likely to cause substantial harm to such other person; or
(iii) the request for access is made by the individual’s personal representative and a licensed health care professional has determined, in the exercise of professional judgment, that the provision of access to such personal representative is reasonably likely to cause substantial harm to you or another person.
If we deny a request for access for any of the three reasons described above, then you have the right to have our denial reviewed in accordance with the requirements of applicable law.
4. You have the right to request an amendment to your protected health information, but we may deny your request for amendment, if we determine that the protected health information or record that is the subject of the request:
(a) was not created by us, unless you provide a reasonable basis to believe that the originator of protected health information is no longer available to act on the requested amendment;
(b) is not part of your medical or billing records or other records used to make decisions about you;
(c) is not available for inspection as set forth above; or
(d) is accurate and complete.
In any event, any agreed upon amendment will be included as an addition to, and not a replacement of, already existing records. In order to request an amendment to your health information, you must submit your request in writing to Department of Medical Records at our Hospital, along with a description of the reason for your request.
5. You have the right to receive an accounting of disclosures of protected health information made by us to individuals or entities other than to you for the six prior years prior to your request, except for disclosures:
(a) to carry out treatment, payment and health care operations as provided above;
(b) incident to a use or disclosure otherwise permitted or required by applicable law;
(c) pursuant to a written authorization obtained from you;
(d) for the Hospital’s directory or to persons involved in your care or for other notification purposes as provided by law;
(e) for national security or intelligence purposes as provided by law;
(f) to correctional institutions or law enforcement officials as provided by law;
(g) as part of a limited data set as provided by law; or
(h) that occurred prior to April 14, 2003.
To request an accounting of disclosures of your health information, you must submit your request in writing to Department of Medical Records at our Hospital. Your request must state a specific time period for the accounting (e.g., the past three months). The first accounting you request within a twelve (12) month period will be free. For additional accountings, we may charge you for the costs of providing the list. We will notify you of the costs involved, and you may choose to withdraw or modify your request at that time before any costs are incurred.
If you believe that your privacy rights have been violated, you should immediately contact the HIPAA Privacy Officer at the Hospital at (718) 960-5577. We will not take action against you for filing a complaint. You also may file a complaint with the Secretary of Health and Human Services.
If you have any questions or would like further information about this notice, please contact the HIPAA Information Officer, Department of Medical Records, (718) 960-6255.