Privacy / HIPAA
PRMC and Physicians Providing Treatment at PRMC Notice of Privacy Practices, Effective September 23, 2013.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
The federal Health Insurance Portability and Accountability Act (HIPAA) of 1996 contains provisions that give you greater access to your health information. This includes your medical record, your billing and insurance records, and any other information the hospital might collect to provide healthcare services to you or to receive payment for the healthcare services rendered. In essence, HIPAA provides you with greater control over how your health information is used and disclosed.
HIPAA also outlines the responsibilities that health care providers and insurance plans have to keep your health information confidential. For example, HIPAA requires we provide you with this Notice and that we follow its terms and the commitments we make in it.
In addition, unless it is specifically provided for by HIPAA, we may not use or disclose your health information without your written authorization. You may revoke your authorization at any time.
This JOINT NOTICE applies to PRMC and any physician while he or she provides treatment to you at PRMC. PRMC and the physicians will share your health information as necessary to carry out treatment, payment, or health care operations of PRMC or the physicians.
This Joint Notice will only apply to treatment received at PRMC.
We may change this Notice in the future. You can always request the most current version of our Notice. If you are admitted or registered after we change our Notice, we will offer to provide you a copy. We will honor the terms of the Notice currently in effect.
HOW WE MAY USE AND DISCLOSE YOUR HEALTH INFORMATION
The following categories describe the different ways in which HIPAA allows PRMC to use and disclose your health information without your authorization. We have not provided an exhaustive list of every type of use or disclosure we are permitted to make. The different ways we are permitted to use and disclose your health information do fall within one of the following categories.
PRMC will use and disclose your health information as necessary for you to receive treatment. For example, your physician may order laboratory tests (such as blood or urine tests) that you have done at PRMC. Your physician will use the results of those tests to diagnose your health and to provide further treatment to you. Our employees may use or disclose your health information to your physician, other caregivers, your designated advocates, or members of your family to assist in your care.
PRMC will use and disclose your health information in order to bill and collect payment for the services and items you receive from us. For example, we may contact your health insurer to certify that you are eligible for benefits (and for what range of benefits). We may provide your insurer with details regarding your treatment to determine if your insurer will cover, or pay for, your treatment. We also may use and disclose your health information to obtain payment from third parties that may be responsible for such costs.
PRMC will use and disclose your health information within our own organization so that the hospital runs efficiently and complies with state and federal laws. For example, we may disclose your health information to our accreditation and patient satisfaction surveyors to help us evaluate the quality of care we provide. Similarly, we may use your health information to conduct cost-management and business planning activities to identify new services needed in the community. In addition, we may disclose your information to physicians, nurses, and students enrolled in formal healthcare educational programs for review and learning purposes. PRMC may also disclose your information to one of our business associates, individuals or entities not employed by PRMC but who perform certain functions for us or provide services on our behalf. However, we have contracts with all of our business associates, and these contracts prohibit them from using or disclosing the health information for reasons other than those specified in the contract. Your health information might be used by, created by, stored at, or disclosed to a business associate, but only for the limited purposes required for the business associate to function on our behalf. Whenever PRMC discloses your health information for these purposes, we will delete, to the extent possible, any information that could be used to identify you, such as your name, address, telephone numbers, Social Security number, date of birth, etc.
PERMITTED USES AND DISCLOSURES
As required by law
PRMC will use or disclose medical information about you when required to do so by applicable state or federal law. For example, the State of Texas requires every hospital to submit information about every patient discharged from the hospital. PRMC provides the State of Texas with information about the patients who were discharged from PRMC at least four times per year.
For public health activities
PRMC may disclose your medical information for public health activities. For example, we must notify the State Department of Health if a patient has a communicable disease. We must also report births and deaths to the Texas Bureau of Vital Statistics.
Victims of abuse, neglect, or domestic violence
PRMC may disclose your health information to a government authority if we believe you are a victim of abuse, neglect, or domestic violence. If such a disclosure is made, you will be informed, unless informing you would place you at risk of serious harm. For instance, PRMC must notify Adult Protective Services if an elderly patient comes to the hospital and appears to have been a victim of neglect.
For Health Oversight activities
PRMC may disclose your health information to a health oversight agency for activities authorized by law. For example, Medicare auditors come to PRMC at least once per year to audit the Medicare claims submitted by PRMC.
For judicial and administrative proceedings
PRMC will respond to a valid subpoena for records when such records are necessary to a lawsuit. For example, if your mother has Alzheimer’s Disease, and you are asking the court to make you her guardian, your attorney might subpoena your mother’s records from PRMC and PRMC would provide them.
For law enforcement purposes
We may release your health information if asked to do so by law enforcement officials, so long as: 1) the information sought is relevant and material to a legitimate law enforcement inquiry, 2) the request for your information is specific and limited in scope, and 3) the request comes in the form of a warrant, subpoena, or summons issued by a court.
For example, if you were a victim of a crime and came to PRMC for treatment, we would only provide your information to the requesting officer if either you asked us to or you were unconscious. The information we release to law enforcement in this situation is limited to your contact information and a general term (stable, critical, etc.) about your condition
PRMC may release your health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or to determine the cause of death. We may also release medical information about patients of the hospital to funeral directors as necessary to carry out their duties.
For cadaveric organ, eye, or tissue donation purposes
We may disclose your medical information to organizations that handle organ and tissue procurement, banking, or transplantation. For example, we may provide your health information to an organ donation center if such information is needed to include you on a list of individuals awaiting an organ for transplant or if you are listed as an organ donor.
For research purposes
Under certain circumstances we may use and disclose your health information for research purposes. However, we will only disclose information that can be used to identify you when the research that is being conducted could not be conducted without the identifying information.
To avert a serious threat to health or safety
Our organization may use and disclose your medical information when necessary to reduce or prevent a serious threat to your health and safety or the health and safety of another individual or the public. Under these circumstances, we will only make disclosures to a person or organization able to help prevent the threat.
For specialized government functions
We may disclose medical information of military personnel and veterans in certain situations. We may also disclose your health information for national security purposes, such as for protecting the President of the United States or for conducting intelligence operations.
Our organization may release your health information to comply with laws relating to workers’ compensation and similar programs.
We may use and disclose your health information to remind you of a scheduled appointment or to provide you with information about treatment alternatives or other health-related benefits or services that may be of interest to you.
We may use your health information to raise funds for our organization. The money raised through our fundraising activities is used to expand and support the healthcare services and educational programs we provide to the community. You have the right to opt out of any fundraising communications. If you wish opt out of any fund
Other than the uses and disclosures described above, we will not use or disclose medical information about you without an “authorization” that is signed by you or, if you are unable to sign the authorization, by your personal representative. For example, we may wish to use or disclose your health informationfor reasons other than those that are described above – and before we can use or disclose your health information, we must obtain your permission to do so. In those instances, we will contact you to ask you to sign an authorization formand will not use or disclose your health information without your permission. In other instances, you may contact us to ask us to disclose your healthinformation. Before we disclose your health information, we will ask you to sign an authorization formthat gives us permission to do so.
If you sign a written authorization allowing us to disclose health information about you, you may later revoke (or cancel) your authorization in writing (except in very limited circumstances related to obtaining insurance coverage). If you would like to revoke your authorization, you may write the Privacy Officer a letter revoking your authorization or come by the Health Information Services department to fill out an Authorization Revocation form . If you revoke your authorization, we will follow your instructions except to the extent that we have already relied upon your prior authorization and taken some action.
INDIVIDUAL RIGHTS REGARDING YOUR HEALTH INFORMATION
Under HIPAA, you have several specific rights regarding your health information. Some of these rights require you to contact PRMC in writing in order to exercise them. If you are required to contact PRMC in writing, please submit your written request to the Privacy Officer.
Right to Request Restrictions
You have the right to ask that we limit how we use and disclose your health information. Additionally, you have the right to request that we limit our disclosure of your health information to individuals involved in your care or the payment for your care. We are not required to agree to your request (45 CFR § 164.522(a)(1)(ii)). However, if we do agree, we are bound by our agreement except when otherwise required by law, in case of an emergency, or when the information we need to use or disclose is necessary to treat you.
If you have paid in full out of pocket for a service, you have the right to ask that we not disclose the information to your health plan. In this case, your request will be approvedand we will not disclose the service(s) or your payment(s) for the service(s) to your health plan.
Any request for restrictions about how PRMC should use or disclose your health information must be submitted in writing to the Privacy Officer. The Privacy Officer will contact you to advise you of PRMC’s decision.
Right to Receive Confidential Communications
You have the right to request the manner in which, and where we communicate with you regarding your health information. For instance, you may ask that we contact you by mail rather than by telephone, or at home rather than at work. You also have the right to ask us to send your health information to you at a location other than the one we have on file for you. For example, you might want us to send your health information to a post office box instead of your house.
In order to receive a confidential communication or have information sent to a different location, you must provide the information at the time of registration or make your request in writing to the Privacy Officer. In your request, you must specify the requested method of contact and/or the location as appropriate. You are not required to give a reason for your request. PRMC will accommodate all reasonable requests.
Right to Inspect and Copy
You have the right to inspect and obtain a copy of the health information about you that we use and/or store. This includes your medical records and insurance/billing records, but not any psychotherapy notes. If you want to inspect or obtain a printed or an electronic copy of your health information, you must request access to or a copy of your health information in writing. You also have the right to ask us to electronically send your health information to a third party. PRMC charges a fee to cover our costs of copying, mailing, labor and supplies in response to your request, and we will inform you of the estimated cost before processing the request. In only a few, limited circumstances will PRMC deny your request. In cases where we have denied you access to or a copy of your health information, you may request a review of the denial by another healthcare provider not involved in the initial decision.
Right to Request Amendments
You may ask us to amend your health information if you believe it is incorrect or incomplete at any time for as long as that health information is kept by or for PRMC. Your request for amendment(s) must be in writing and must include the reason(s) you believe your information is incorrect or incomplete. Failure to submit a written request with the proper documentation will result in a denial. In addition, your request will be denied if you ask us to amend information that is:
- Accurate and complete;
- Not part of the health information kept by or for PRMC;
- Not part of the health information which you would be permitted to inspect and copy; or
- Not created by PRMC, unless the individual or entity that created the information is not available to amend the information, and PRMC has all the information needed to evaluate and respond to your request.
Right to Receive an Accounting of Disclosures – You have the right to request an accounting of the disclosures PRMC makes of your health information. This accounting will not include any disclosures that PRMC makes for treatment, payment or healthcare operations. Your request for an accounting of disclosures must be submitted in writing. It must include a specific period of time and may not ask for disclosures that were made more than six (6) years before the date of your request
PRMC maintains patients’ health information in PRMC’s Electronic Health Record (HER) system. If you request an accounting of the disclosures of your health information that were made from PRMC’s HER system, that accounting will include only those disclosures made in the past three (3) years, but will also include the accesses and disclosures of your health information that were made for treatment, payment, and healthcare operations.
The first accounting of disclosures you request in a twelve (12) month period will be provided free of charge. There will be a charge for any additional accountings of disclosures requested within the same twelve (12) month period. PRMC will notify you of the costs associated with any additional requests made by you, and you may withdraw your request before you incur any costs.
Right to Notification if a Breach of Your Medical Information Occurs
You also have the right to be notified in the event of a breach of your health information. If a breach of your unsecured (not encrypted) health information occurs, we will notify you promptly with the following information:
- A brief description of how the breach occurred;
- A description of the health information that was involved;
- Recommended steps you can take to protect yourself from harm;
- What steps we are taking in response to the breach, including what we are doing to reduce the harm to you that might have been caused by the breach and what we are doing to protect against any further breaches; and,
- Contact information for and proceduresyou can follow so you can obtain further information.
Right to Obtain a Paper Copy of this Notice
You are entitled to receive a paper copy of this Notice of Privacy Practices the first time you come to PRMC for treatment. However, you may ask for and we will provide you with a copy of this Notice at any time.
Right to File a Complaint
If you believe PRMC has misused or disclosed your health information improperly, you may file a complaint with PRMC by contacting our Privacy Officer at (830) 258-7536. Alternatively, you may file a complaint with the Secretary of the Department of Health and Human Services. All complaints must be submitted in writing to the hospital’s OCR region at:
Office for Civil Rights, Region VI
U.S. Dept. of Health & Human Services
1301 Young St., Suite 1169
Dallas, TX. 75202
(214) 767-4056; Fax
You may also file your complaint or obtain more information by going to the OCR website at: http://hhs.gov/ocr/hipaa, or by calling the OCR at 1-800-368-1019, or by emailing the OCR at OCRComplaint@hhs.gov.
You will not be penalized for filing a complaint.
HEALTH INFORMATION RETENTION POLICY
Health records on adults are maintained for a minimum of 10 years beyond the visit date. Records on minors are retained for a minimum of 10 years or until the minor reaches age 20, whichever is longest. Billing information is maintained for 10 years.
If you have any questions or if you require further information about this Notice of Privacy Practices, please contact:
Privacy Officer, Health Information Services Department
Peterson Regional Medical Center
551 Hill Country Drive
Kerrville, TX 78028
September 23, 2013