NOTICE OF HEALTH INFORMATION PRACTICES
Effective Date: April 14, 2003
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
WHO WILL FOLLOW THIS NOTICE.
- This notice describes the health information practices of the following UA covered designated health care component of The University of Alabama (a covered hybrid entity) and to the administrative departments at the University of Alabama that provide legal, billing, auditing, or other administrative support for this health care component, including but not limited to The University of Alabama Office of Counsel, The University of Alabama System auditors, the University’s Privacy Officer, Human Resources, and Risk Management : UNIVERSITY MEDICAL CENTER. In addition, this Policy applies to the Capstone Health Services Foundation and to all members of its workforce. These entities are hereby designated as an organized health care arrangement under HIPAA. For purposes of this Policy, these Covered Entities and the University’s affiliated administrative support departments shall be referred to as “University Medical Center”.
OUR PLEDGE REGARDING MEDICAL INFORMATION.
We understand that medical information about you and your health is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive at UMC. We need this record to provide you with quality care and to comply with certain legal requirements. This notice applies to all of the records of your care generated or maintained by the UAHCC, whether made or maintained by UMC personnel or your personal doctor.
This notice will tell you about the ways in which we may use and disclose medical information about you. We also describe your rights and certain obligations we have regarding the use and disclosure of medical information. We are required by law to:
- make sure that medical information that identifies you is kept private;
- give you this notice of our legal duties and privacy practices with respect to medical information about you;
- follow the terms of the notice that is currently in effect.
HOW WE MAY USE AND DISCLOSE MEDICAL INFORMATION ABOUT YOU.
The following categories describe different ways that we use and disclose medical information. Not every use or disclosure in a category will be listed. However, all of the ways we are permitted to use and disclose information will fall within one of the categories.
For Treatment and Treatment Alternatives.
We may use medical information about you to provide, coordinate, or manage your medical treatment and/or related services. We may disclose medical information about you to doctors, nurses, technicians, medical residents, student trainees, volunteers, or other UMC personnel or people outside our facility who are involved in taking care of you. For example, medical information may be shared in order to coordinate different things you may need, such as prescriptions, lab work, and x-rays. We may also disclose your medical information, as necessary, to other physicians or health care providers who may be treating you or to whom you have been referred to ensure that the physician or provider has the necessary information to diagnose or treat you. We also may disclose medical information about you to people outside UMC who may be involved in your medical care after you leave, such as your local physician, family members, clergy or others we use to provide services that are part of your care. We may use and disclose your medical information to tell you about or recommend possible treatment options or alternatives that may be of interest to you.
We may use and disclose medical information about you so that the treatment and services you receive at UMC may be billed to you and payment may be collected from you, an insurance company or a third party. For example, we may need to give your health plan information about a treatment or services you received so your health plan will pay us or reimburse you for those treatments or services. We may also tell your health plan about a treatment you are going to receive to obtain prior approval or to determine whether your plan will cover the treatment.
For Routine Health Care Operations.
We may use and disclose medical information about you for UMC routine health care operations. For example, we may use/disclose your medical information to conduct or arrange for medical reviews, legal services, and auditing functions; to resolve internal grievances; or to conduct other business management and general administrative activities of UMC. These uses and disclosures are necessary to run UMC and make sure that all of our patients/ clients receive quality care. We may also use medical information to review our treatment and services and to evaluate the performance of our staff in caring for you. We may also combine medical information about many UMC patients/clients to decide what additional services UMC should offer, what services are not needed, and whether certain new treatments are effective. We may also disclose information to doctors, nurses, technicians, medical residents, student trainees, and UMC personnel for review and learning purposes. We may also combine the medical information we have with medical information from other entities to compare how we are doing and see where we can make improvements in the care and services we offer. We may remove information that identifies you from this set of medical information so others may use it to study health care and health care delivery without learning who the specific patients are.
Individuals Involved in Your Care or Payment for Your Care.
We may release medical information about you to a friend, relative, family member or any other person you identify who is involved in your medical care. We may also give information to someone who helps pay for your care. We may also tell your family or friends your condition and that you are in the hospital. In addition, we may disclose medical information about you to an entity assisting in a disaster relief effort so that your family can be notified about your condition, status and location.
Appointment Reminders and Health-Related Benefits and Services.
We may use and disclose medical information to contact you as a reminder that you have an appointment for treatment or medical care at UMC or to tell you about health-related benefits or services that may be of interest to you.
Under certain circumstances, we may use and/or disclose medical information about you to researchers when their clinical research study has been approved by an Institutional Review Board. While most clinical research studies require specific patient consent, there are some instances where patient authorization is not required. For example, a research project may involve comparing the health and recovery of all patients who received one medication to those who received another, for the same condition. This would be done through a retrospective record review with no patient contact. The Institutional Review Board reviews the research proposal to make certain that the proposal has established protocols to protect the privacy of your health information.
We may use medical information about you to contact you in an effort to raise money for UMC. We may disclose medical information to a foundation related to UMC so that the foundation may contact you in raising money for UMC. We only would release contact information, such as your name, address and phone number and the dates you received treatment or services at UMC. If you do not want UMC to contact you for fundraising efforts, you must notify the UAHCC Privacy Officer in writing.
Certain Marketing Activities.
UMC may use medical information about you to forward promotional gifts of nominal value, to communicate with you about services offered by UMC, to communicate with you about case management and care coordination and to communicate with you about treatment alternatives.
We may include certain limited information about you in UMC directory while you are a patient/client at UMC. This information may include your name, location in UMC, your general condition (e.g., fair, stable, etc.) and your religious affiliation. The directory information, except for your religious affiliation, may also be released to people who come by or call and ask for you by name. This information and your religious affiliation may be given to a member of the clergy, such as a priest or rabbi, even if they don’t ask for you by name. This is so your family, friends and clergy can visit you and generally know how you are doing.
There are some services provided in UMC through contracts with business associates. Examples include a copy service we use when making copies of your health record, consultants, accountants, lawyers, medical transcriptionists and third-party billing companies. When these services are contracted, we may disclose your health information to our business associate so that they can perform the job we’ve asked them to do. To protect your health information, however, we require the business associate to appropriately safeguard your information.
As Required By Law.
We will disclose medical information about you when required to do so by federal, state or local law.
Public Health Risks & Communicable Diseases.
We may disclose medical information about you to public health or legal authorities charged with preventing or controlling disease, injury, or disability. For example, we are required to report the existence of a communicable disease, such as tuberculosis, to the Alabama Department of Public Health to protect the health and well-being of the general public. We may disclose medical information about you to individuals exposed to a communicable disease or otherwise at risk for spreading the disease. We may disclose medical information to your employer if the employer requires the healthcare services to determine whether you suffered a work-related injury.
Food and Drug Administration (FDA).
We may disclose to the FDA and to manufacturers health information about adverse events with respect to food or supplements or product defects or problems, or post-marketing surveillance information to enable product recalls, repairs, or replacements.
Victims of Abuse, Neglect or Domestic Violence.
We are required to report child, elder and domestic abuse or neglect to the State of Alabama.
Health Oversight Activities.
We may disclose medical information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections, and licensure. These activities are necessary for the government to monitor the health care system, government programs, and compliance with civil rights laws.
Lawsuits and Disputes.
If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request or to obtain an order protecting the information requested. We may disclose medical information for judicial or administrative proceedings, as required by law.
We may release medical information for law enforcement purposes, as required by law. We may disclose medical information: a) in response to a court order, court-ordered subpoena, warrant or summons issued by a judicial officer; b) to identify or locate a suspect, fugitive, material witness or missing person; c) about an individual suspected to be the victim of a crime if, under certain limited circumstances, we are unable to obtain the victim’s agreement; d) about a death we believe may be the result of criminal conduct; e) about criminal conduct occurring on the University’s or UMC’s premises; or f) in medical emergency circumstances, to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime. Coroners, Medical Examiners and Funeral Directors. We may release medical information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person, determine the cause of death, or perform other legal duties. We may also release medical information about patients of the UMC to funeral directors as necessary to carry out their duties.
Organ and Tissue Donation.
If you are an organ donor, we may use or release medical information to organizations that handle organ procurement or other entities engaged in procurement, banking or transportation of organ, eye or tissue to facilitate organ or tissue donation and transplantation.
To Avert a Serious Threat to Health or Safety.
We may use and disclose medical information about you when necessary to prevent or lessen a serious threat to your health and safety or the health and safety of the public or another person. Any disclosure, however, would only be to someone reasonably able to help prevent or lessen the threat.
Military and Veterans.
If you are a member of the armed forces, we may release medical information about you as required by military command authorities. We may also release medical information about foreign military personnel to the appropriate foreign military authority.
National Security and Intelligence Activities.
We may release medical information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
Protective Services for the President and Others.
We may disclose medical information about you to authorized federal officials so they may provide protection to the President or other authorized persons or foreign heads of state or so they may conduct special investigations.
We may release medical information about you for workers’ compensation or similar programs that provide benefits for work-related injuries or illness.
Inmates or Individuals in Custody.
If you are an inmate of a correctional institution or under the custody of a law enforcement official, we may release medical information about you to the correctional institution or law enforcement official.
Other uses and disclosures.
Any other uses and disclosures will be made only with your written authorization.
YOUR RIGHTS REGARDING MEDICAL INFORMATION ABOUT YOU.
Although all records concerning your treatment obtained at UAHCC are the property of UMC, you have the following rights regarding medical information we maintain about you:
Right to Inspect and Copy.
You have the right to inspect and copy medical information that may be used to make decisions about your care. Usually, this includes medical and billing records, but does not include psychotherapy notes; information compiled in anticipation of criminal, civil, or administrative proceedings; or information subject to a law that prohibits access.
To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to UMC Privacy Officer. If you request a copy of the information, we may charge a fee for the costs of copying, mailing or other supplies associated with your request.
We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by UMC will review your request and the denial. The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.
Right to Amend.
If you feel that medical information we have about you in our records is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the UMC.
To request an amendment, your request must be made in writing and submitted to the UMC Privacy Officer. In addition, you must provide a reason that supports your request.
We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- Was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
- Is not part of the medical information kept by or for UMC;
- Is not part of the information which you would be permitted to inspect and copy; or
- Is accurate and complete.
Right to an Accounting of Disclosures.
You have the right to request an “accounting of disclosures.” This is a list of certain disclosures we made of medical information about you for reasons other than treatment, payment, or health care operations as described in this notice. This accounting also will not include disclosures we may have made to you, to family members or friends involved in your care, for notification purposes, or in response to disclosures for which we obtained your authorization/permission.
To request this list or accounting of disclosures, you must submit your request in writing to the UMC Privacy Officer. Your request must state a time period which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Request Restrictions.
You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend.
We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment. To request restrictions, you must make your request in writing to the UMC Privacy Officer. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply, for example, disclosures to your spouse.
Right to Request Confidential Communications.
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.
To request confidential communications, you must make your request in writing to the UAHCC Privacy Officer. We will not ask you the reason for your request. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted and must provide information on how payment will be handled.
Right to Revoke Authorization.
You have the right to revoke your authorization to use or disclose your medical information except to the extent that action has already been taken in reliance on your authorization.
Right to a Paper Copy of This Notice.
You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice.
You may obtain a copy of this notice at our website, hipaa.ua.edu.
To obtain a paper copy of this notice, contact the Medical Records Department.
CHANGES TO THIS NOTICE
We reserve the right to change this notice. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any information we receive in the future. We will post a copy of the current notice in the UMC facility and on our website noted above. The notice will contain on the first page, in the top right-hand corner, the effective date. In addition, each time you visit UMC to receive health care services, we will offer you a copy of the current notice in effect.
FOR MORE INFORMATION OR TO REPORT A PROBLEM
If you have questions and would like additional information, you may contact the UMC Privacy Officer:
805 5th Avenue, East
Tuscaloosa, AL 35401
If you believe your privacy rights have been violated, you may file a complaint with UMC Privacy Officer or with the Secretary of the Department of Health and Human Services. To file a complaint with UMC Privacy Officer, contact Jan Chaisson, Compliance Director of Medical Records, 205-348-1231. All complaints must be submitted in writing. Your complaint may be shared with the UA Privacy Officer and others at the University who assist the UA Privacy Officer and UMC Privacy Officers with HIPAA compliance.
You will not be penalized or retaliated against for filing a complaint.
NOTICE EFFECTIVE DATE:
The effective date of the notice is April 13, 2003.