HIPAA Notice of Privacy Practices
Download the Hospital's HIPAA Notice of Privacy Practices
Download the Physician Clinic HIPAA Notice of Privacy Practices
SUMMARY NOTICE OF PRIVACY PRACTICES
We are required by federal law to provide you with a Notice of Privacy Practices that describes how medical information that we maintain about you may be used or disclosed. The Notice describes how, when, and why we use and disclose medical information about you, and provides a description of your rights and our obligations under federal and state privacy laws.
Uses and Disclosures
We are permitted to use and disclose your health information under a variety of circumstances. Sometimes we must obtain your authorization before we use or disclose that information, but in other circumstances we may use your information without your authorization and without informing you of the use or disclosure. Some of the reasons that we may use or disclose your information include:
- To provide information about your health condition to other health care providers who may treat you;
- To provide information about the treatment that we provided in order to obtain payment from your health plan;
- To report a communicable disease, or other legal reporting requirements; or
- To comply with a court order requiring the disclosure of your medical record.
These examples are merely illustrative. For a full description of the uses and disclosures that we are permitted to make, please consult the Notice of Privacy Practices.
While the records that we maintain about you belong to us, under the federal privacy law you have a variety of rights with respect to the information maintained in those records. For instance, you have the right to access and receive a written or electronic copy of the medical information we maintain about you and to request that we amend information that you believe is incomplete or incorrect. Also, you may request a list of certain instances in which we have disclosed medical information about you. You also have the right to be notified following a breach of your unsecured PHI. All of these rights are subject to some exceptions that are described in full in the Notice.
You will be asked to sign an acknowledgment of your receipt of our Notice of Privacy Practices. However, your receipt of care and treatment is not conditioned upon you signing the acknowledgment form.
We are required to provide you with our Notice of Privacy Practices and to abide by its terms. We may change the Notice from time to time. All amendments apply to prior information we may have about you.
Our full Notice of Privacy Practices is available upon request at all registration locations and the Health Information Management Department, and on our website www.stvincenthealthcare.org. Please read it carefully. If you have any questions or require additional information, please contact our Privacy Officer, at (406) 237-3260 or via e-mail at email@example.com.
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
WHO WILL FOLLOW THE PRIVACY PRACTICES IN THIS NOTICE
We provide health care to our patients and residents together with physicians and other health care professionals. This Notice of Privacy Practices (“Notice”) describes how we will use and disclose medical information. The privacy practices described in this Notice will be followed by:
- Any member of our workforce authorized to access your medical record
- Members of our medical staff
- Allied health professionals who participate in your health care
I. Our commitment to safeguard your medical information
Each time you visit our facility, a record of your visit is made. The information we create or receive about your past, present or future physical or mental health is called protected health information (“PHI”). Your medical record is a means of communication among the many health professionals who care for you. PHI may include documentation of your symptoms, examination, test results, diagnoses and treatment. It also includes documents related to billing and payment for care provided.
We are committed to protecting the privacy of your medical information. We are required by law to:
- maintain the privacy of your medical information;
- provide you with this Notice about our privacy practices that explains how, when, and why we use and disclose your PHI;
- abide by the terms of the current Notice;
- make a good faith effort to obtain your written acknowledgment that you have received this Notice; and
- notify you following a breach of your unsecured PHI.
II. How we may use and disclose medical information about you
This Notice informs you about the ways in which we may use and disclose medical information about you. The following categories describe different ways that we use and disclose medical information. For each category of uses or disclosures, we explain what we mean and give some examples to help you better understand the meaning. If a use or disclosure is not included in one of these categories, we will seek your permission first.
Uses and Disclosures without Your Permission
The following categories describe different ways that we are permitted to use and disclose your medical information without your permission (which is called an “authorization” under HIPAA).
For Treatment. We may use and disclose your medical information to provide you with medical treatment and services. We may disclose medical information about you to doctors, nurses, technicians, medical students, and other health care personnel who provide you with health care services or are involved in taking care of you. This may include health care professionals at other facilities, such as your doctor’s office, other hospitals, nursing homes or home health agencies. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process.
For Payment. We may use and disclose your medical information to bill and collect payment for the treatment and services provided to you. This information may include your diagnoses, procedures and supplies used. For example, we may need to give your health insurance plan information about surgery you had at the hospital so your health insurance plan will pay us for the surgery. We may also contact your health insurance plan to obtain prior approval for a treatment you are going to receive or to determine whether it is covered by your plan. We also may provide information about you to other health care providers that have treated you or provided services to you to assist them in obtaining payment.
For Health Care Operations. We may use and disclose your medical information for operations necessary for our facility to function and make sure our patients receive quality care. For example, we may use your medical information in order to evaluate the quality of health care services that you received or to evaluate the performance of the health care professionals who provided health care services to you. This information may also be used in an effort to continually improve the quality and effectiveness of the health care and services we provide. We may disclose your medical information to another health care provider or a health plan that you have a relationship with, for their operations’ activities.
Business Associates. We may disclose your medical information to other companies that help us. These business associates may include billing companies, claims processing companies, collection agencies, accountants, attorneys, consultants, and others that assist us with payment activities or health care operations. We contractually require our business associates to safeguard the privacy and security of your PHI.
Individuals Involved in Your Care or Payment for Your Care. We may disclose medical information about you to a family member, personal representative, or other person involved in your care or responsible for payment of your health care services. We may also discuss your condition with your family or friends and tell them that you are in the hospital. If you do not want us to share information with your family or others involved in your care, please contact the person listed in Section V of this Notice.
Food and Drug Administration (FDA). We may disclose your health information to a person or company subject to the jurisdiction of the FDA to report adverse events, product defects or problems or biologic product deviations; to track FDA-regulated products; to enable product recalls; to make repairs or replacements; or for other purposes related to the quality, safety or effectiveness of a product or activity regulated by the FDA.
Public Safety: We may disclose medical information for public safety purposes in limited circumstances. We may disclose medical information to law enforcement officials in response to a search warrant or a grand jury subpoena. We also may disclose medical information to assist law enforcement officials in identifying or locating a person, to prosecute a crime of violence, to report deaths that may have resulted from criminal conduct, and to report criminal conduct at the facility. We also may disclose your medical information to law enforcement officials and others to prevent a serious threat to health or safety.
Judicial and Administrative Proceedings. We may disclose medical information if we are ordered to do so by a court, for an administrative hearing, or if we receive a subpoena or a search warrant. You will receive advance notice about this disclosure in most situations so that you will have a chance to object to sharing your medical information.
Fundraising Activities. We may use your medical information in an effort to raise funds for our facility, including through our affiliated Foundation. The money raised through these activities is used to expand and support the health care services and educational programs we provide to the community. If you do not wish to receive our fundraising communications, you may notify the Foundation and we will honor your wish. Future treatment or payment will not be conditioned upon your decision regarding receipt of fundraising communications.
Facility Directory. We may include certain limited information about you in our facility directory while you are a patient at our facility. This information may include your name, location in the facility, general condition (such as whether you are in fair, good, or serious condition), and your religious affiliation. The directory information, except for your religious affiliation, may be disclosed to people who ask for you by name. Your religious affiliation may be given to a member of the clergy or designated church representatives even if they don’t ask for you by name. You have the right to withhold information in the facility directory from being disclosed to others. If you do so, it means that we will not be able to tell your friends, family or others (such as florists) where you are. If you want to withhold information in the facility directory, please contact the person listed in Section V of this Notice.
Disaster Relief Efforts. As part of a disaster relief effort, we may disclose your medical information to an agency assisting in the relief effort so that your family can be notified about your condition, status and location. You may have the opportunity to object, unless it would impede our ability to respond to emergency circumstances.
Coroners, Medical Examiners and Funeral Directors. We may disclose health information consistent with applicable law to coroners, medical examiners and funeral directors to assist them in carrying out their duties.
Research. Under certain limited circumstances, we may use and disclose your medical information for research purposes. For example, a research project may involve comparing the health and recovery of all patients who receive one medication to those who receive another for the same condition. All research projects are subject to a special approval process. Before we use or disclose medical information for research, the project will have been approved through this research approval process.
Reports Required by Law. We will disclose your medical information when required to do so by federal, state, or local law. For example, we make disclosures when a law requires that we report information to government agencies and/or law enforcement personnel about victims of abuse, neglect, or domestic violence; when dealing with gunshot and other wounds; to report reactions to medications or problems with products; or to notify people of product recalls.
Public Health Activities. We may disclose your medical information for public health activities. For example, we report information about births, deaths, and various diseases to government officials in charge of collecting that information.
Health Oversight Activities. We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Organ and Tissue Donation. If you are an organ donor, we may notify organ procurement organizations to assist them in organ, eye, or tissue donation and transplants.
Workers’ Compensation. We may disclose your medical information to the extent necessary to comply with laws relating to workers’ compensation or similar programs providing benefits for work-related injuries or illness.
Military, Veterans, National Security and Other Government Purposes. If you are a member of the armed forces, we may release your health information to military command authorities or to the Department of Veterans Affairs if they require us to do so. We may also disclose medical information for certain national security purposes and to the Secret Service to protect the president.
Correctional Institutions. If you are or become an inmate of a correctional institution or under the custody of a law enforcement official, we may disclose your medical information to the correctional institution or law enforcement official. This disclosure may be necessary for the institution (i) to provide you with health care; (ii) to protect your health and safety or the health and safety of others; or (iii) for the safety and security of the correctional institution.
Uses and Disclosures Requiring Your Permission
Other uses and disclosures of medical information not covered by this Notice will be made only with your written permission. If you provide us permission to use or disclose medical information about you, you may revoke that permission, in writing, at any time. If you revoke your permission, we will no longer use or disclose medical information about you for the reasons covered by your written authorization, but we cannot take back any disclosures we have already made based on the permission you gave us before. If you want to revoke your permission, please contact the person listed in Section V of this Notice.
Marketing Activities. We will not use or disclose your PHI to sell you products or services of a third party, unless you provide permission. We may suggest products or services to you during our face-to-face communications.
Sale of PHI. We will not sell your PHI to third parties without your permission.
Medical Information That Has Special Protection
Mental Health Records. The use and disclosure of information obtained in the course of providing mental health services are protected by federal and state laws. We may communicate information for treatment purposes to qualified professionals, for payment purposes or if we receive a court order. Otherwise, we may not disclose any of your mental health information without your permission.
Psychotherapy Notes. Psychotherapy notes are the personal notes of psychotherapists. We must obtain your permission to use or disclose psychotherapy notes, except under limited circumstances.
Alcohol and Drug Abuse Patient Records. Use and disclosure of any medical information about you relative to alcohol or drug abuse treatment programs, is protected by federal law. Generally, we will not disclose any information identifying you as a recipient of alcohol or drug abuse treatment unless: (i) you have consented in writing; (ii) we receive a court order requiring the disclosure; or (iii) the disclosure is made to medical personnel in a medical emergency or to qualified personnel for research, audit, or program evaluation.
HIV/AIDS Information. Use and disclosure of any medical information about you relative to HIV testing, HIV status, or AIDS, is protected by federal and state law. Generally, we will need your permission to disclose this information; however, state law may allow for disclosure of information for public health purposes.
Minors. As a general rule, we disclose PHI about minors to their parents or legal guardians. However, in instances where state law allows minors to consent to their own treatment without parental consent (such as HIV testing), we will not disclose that information to a minor’s parents without the minor’s permission unless otherwise specifically allowed under state law.
Participation in Health Information Networks
We participate in Montana HealthShare, a secure computer network that provides a safe and efficient way to share medical information with other health care providers. For example, if you require emergency medical care while you are traveling, providers at other health care facilities in Montana could have access to your medical information to assist them in caring for you. By participating in this network and other electronic information exchanges, we intend to provide timely information to health care providers involved in your care. If you do not want your information to be shared through Montana HealthShare, you may “opt out” by contacting the person listed in Section V below. This is an “all-or-nothing” choice, because Montana HealthShare cannot block access to some types of medical information while at the same time permit access to other medical information. Opting-out of Montana HealthShare may limit your health care providers’ ability to provide the most effective care for you.
III. Your rights regarding your medical information
The following section describes your rights:
The Right to Inspect and Obtain a Copy of Your Medical Information. You have the right to see and receive a paper or electronic copy of medical information that may be used to make decisions about your care. (The law requires us to keep the original record.) Usually, this includes your medical and billing records. To inspect and/or receive a copy of your medical information, you must submit your request by contacting our Health Information Management (“HIM”) department at (406) 237-3250. If you request a copy of the information, we may charge you a reasonable fee based on our costs.
The Right to Amend. If you believe that medical information we have about you is incorrect or incomplete, you have the right to request that we correct the existing information or add missing information. To request an amendment, you must make the request in writing along with your reason for the request to the person listed in Section V below.
The Right to a List of Disclosures. You have the right to request a list of certain disclosures of your medical information. To request this list or accounting of disclosures, you must submit a request in writing indicating a time period, which can be no longer than six years, to the person listed in Section V below. The first list you request within a 12-month period will be free. For additional lists during the same year, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
The Right to Request Restrictions on How We Use and Disclose Your Medical Information. You may ask us not to use or disclose your medical information for a particular reason related to treatment, payment or health care operations. We will consider your request, but we are not legally obligated to agree to a requested restriction except in the following situation: if you have paid for services out-of-pocket in full, you may request that we not disclose information related solely to those services to your health plan. We are required to abide by such a request, except where we are required by law to make the disclosure. To request restrictions on the use or disclosure of your PHI, you may do so at the time you register for services or by contacting the person listed in Section V below.
The Right to Request Confidential Communications. You have the right to ask that medical information about you be communicated to you in an alternate confidential manner, such as asking that appointment reminders not be left on an answering machine, that mail be sent to an alternate address, or that notices or reminders be sent by e-mail instead of regular mail. We will agree to all reasonable requests so long as we can easily provide it in the format you request. To request medical information be sent to an alternative address or by other means, please contact the person listed in Section V below in writing, or in a clinic setting, please contact the practice manager.
The Right to a Paper Copy of This Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Paper copies are available at our registration locations and our HIM Department. You may also obtain a copy of this Notice on our website at www.stvincenthealthcare.org.
If you believe that we may have violated your rights with respect to your medical information, you may file a written complaint with the person listed in Section V below. You also may send a written complaint to the Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue S.W., Room 515F, HHH Building, Washington, D.C. 20201 within 180 days of an alleged violation of your rights. You will not be penalized for filing a complaint about our privacy practices. You will not be required to waive this right as a condition of treatment.
V. Person to contact for information about this Notice or to complain about our privacy practices
If you have any questions about this Notice or wish to make a complaint about our privacy practices, please contact our Privacy Officer at (406) 237-3260 or via e-mail at firstname.lastname@example.org. Formal complaints must be in writing. Complaint forms are available at all registration areas or from the HIM Department. Complaints should be sent to the Privacy Officer at Attn: Privacy Officer, 1233 North 30th St., Billings, MT 59101, or by e-mail.
We reserve the right to change the terms of this Notice and our privacy policies at any time. We reserve the right to make the revised Notice effective for medical information we already have about you as well as any information we receive in the future. Before we make an important change to our policies, we will promptly change this Notice and post a new Notice in our registration areas. The Notice will contain the effective date. You can also request a copy of this Notice from the contact person listed in Section V above at any time or can view a current copy of the Notice on our website at www.stvincenthealthcare.org.
You will be asked to sign an acknowledgment of your receipt of this Notice of Privacy Practices. We are required by law to make a good faith effort to provide you with our Notice of Privacy Practices and obtain an acknowledgment from you that you received it. Your care and treatment at our facility does not depend on signing the acknowledgment.