Privacy Practices Notice
Effective Date: July 7, 2015
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET THIS INFORMATION.
PLEASE REVIEW CAREFULLY.
If you have any questions, please contact our Privacy and Security Officer at the address or phone number at the bottom of this notice.
If you have any questions about this notice or want further information about the matters covered in this notice, please contact our Privacy and Security Officer at the address or phone number on the rear of this notice.
You will receive a copy of the notice the first time you register for treatment with any of us. You will be asked to acknowledge in writing your receipt of this notice.
Who Will Follow This Notice
This notice serves as a single notice for several health care providers that share common ownership or control: Owensboro Health, Inc. d/b/a Owensboro Health Regional Hospital, Inc. (“OHRH”), One Health, Owensboro Medical Center Laboratory, Inc., OH Muhlenberg, LLC d/b/a Owensboro Health Muhlenberg Community Hospital (“OHMCH”), and OMHS Cardiovascular, LLC (collectively referred to herein as “we”, “our” or “us”). The information privacy practices in this notice will be followed by us and by:
- All health care professionals who treat you at any of our locations.
- All of our employees, staff or volunteers.
Our Pledge To You
We understand that medical information about you is personal. We are committed to protecting medical information about you. We create a record of the care and services you receive to provide quality care and to comply with legal requirements. This notice applies to all of the records of your care that we maintain, whether created by facility staff or your personal doctor. Your personal doctor may have different policies or notices regarding the doctor's use and disclosure of your medical information created in the doctor's office. We are required by law to:
- Keep medical information about you private.
- Give you this notice of our legal duties and privacy practices with respect to medical information about you.
- Notify you following a breach of your unsecured medical information.
- Follow the terms of the notice that is currently in effect.
Changes To This Notice
We may change our policies at any time. Changes will apply to medical information we already hold, as well as new information after the change occurs. Before we make a significant change in our policies, we will change our notice and post the new notice in waiting areas, exam rooms, and on our Web site at www.owensborohealth.org. You can receive a paper copy of the current notice at any time by requesting one. The effective date is listed just below the title.
How We May Use And Disclose Medical Information About You
- We may use and disclose medical information about you for treatment (such as sending medical information about you to a specialist as part of a referral or disclosing information about treatment you received at OHRH or OHMCH to your doctor); to obtain payment for treatment (such as sending billing information to your insurance company or Medicare); and to support our health care operations (such as comparing patient data to improve treatment methods).
- Affiliated Covered Entity. We have designated ourselves as a single Affiliated Covered Entity under federal privacy, data breach, and security regulations. This means that we may share your medical information as necessary for treatment, payment, healthcare operations, and other purposes.
- Medical Staff. Because OHRH and OHMCH are clinically integrated care settings, our patients receive care from hospital staff and from independent practitioners on the medical staff. These integrated care settings are Organized Health Care Arrangements (OHCAs) and allow each hospital and its medical staff to share your medical information as necessary for treatment, payment, and health care operations as described above.
- Shared electronic health records/health information.
* We use a shared electronic health record that allows our workforce and the workforce at other healthcare facilities to store, update, access and use your health information.
For example, they may do so as needed at the time you are seeking care, even if they work at different clinics and hospitals. We do this so it is easier for your providers to access your health information when you are seeking care and to better coordinate and improve the quality of your care. For example, if your personal doctor takes part in the shared electronic health record, then he/she can see when you have visited other facilities and physicians that also participate in the shared electronic health record and the treatment you received.
* If you receive care from more than one provider who enters information into the shared electronic health record, your health information will be combined into one record.
Once information is combined, it cannot be separated in the future.
* Our participation in the shared electronic health record makes us part of an OHCA.
The participants in the shared electronic health record OHCA have agreed, as permitted by law, to share and update your health information among themselves for purposes of treatment, payment or health care operations. This arrangement enables us to better address your health care needs. The organizations participating in the shared electronic health record OHCA are not in any way providing healthcare services mutually or on each others behalf. They are separate health care providers and each is individually responsible for its own activities, including compliance with privacy laws, and all health care services it provides. For a list of the healthcare providers that participate in the shared electronic health record OHCA, please visit https://www.owensborohealth.org/epic/physicians/provider-list.
- Kentucky Health Information Exchange. The Kentucky Health Information Exchange("KHIE") makes patient health care information available electronically to the Kentucky Department for Medicaid Services, Kentucky State Laboratory, and certain healthcare providers who are covered by HIPAA and participate in the KHIE (KHIE Participants). KHIE Participants agree to KHIE’s terms and conditions, including its security and privacy requirements, and agree to access the information for purposes of treatment, payment and healthcare operations according to applicable federal and state laws. A detailed description of KHIE can be found at http://khie.ky.gov/PAGES/INDEX.ASPX. Making patient health care information available to participating health care providers through KHIE promotes efficient and quality health care for patients. We are a KHIE Participant. As such, we are able to obtain more complete information about our patients’ medical histories when their health care information is available through KHIE. We make our patients’ healthcare information available to other KHIE Participants who have a need to know it for purposes of treatment, payment and healthcare operations. You may choose not to allow your information to be available through the KHIE. Participation in the KHIE is not a condition of receiving care. However, if you decide not to make your information available to the KHIE, it may limit the information available to your health care providers. Your information is not stored with the KHIE. Rather, information is only pulled through the KHIE when participating providers request your information. Then, a copy of your information is stored with the receiving provider, much like a fax between healthcare providers. Please let us know if you have questions about KHIE or desire not to make your information available through the KHIE.
- We may use or disclose medical information about you without your prior authorization for several other reasons. These reasons include:
* When required by law. We may use or disclose your medical information to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law. If required by law, you will be notified of any such uses or disclosures.
* For public health activities. We may disclose your medical information for public health activities and purposes to:
(i) a public health authority that is permitted by law to collect or receive the information for the purpose of preventing or controlling disease, injury or disability;
(ii) a public health authority or other governmental authority that is authorized by law to receive reports of child abuse or neglect;
(iii) a person subject to the jurisdiction of the Food and Drug Administration (FDA), for public health purposes related to the quality, safety or effectiveness of FDA-regulated products or activities such as collecting or reporting adverse events, dangerous products, and defects or problems with FDA-regulated products;
(iv) a person who may be at risk of contracting or spreading a disease, if such disclosure is authorized by law;
(v) your employer, for the purposes of conducting an evaluation of medical surveillance of the workplace or for the purposes of evaluating whether your have a work-related illness or injury; or
(vi) your school, or your child’s school, if the information is limited to proof of immunization and the school is required by law to have such proof prior to admitting you or your child. We will obtain and document your agreement to such disclosures.
* When we believe you to be a victim of abuse or neglect. We may disclose your medical information if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, if you do not agree to the disclosure, the disclosure will be made insistent with the requirements of applicable federal and state laws, and only if required or authorized by law.
* For health oversight activities. We may disclose your medical information to a health oversight agency for activities authorized by law, such as audits, investigations, and inspections. Oversight agencies seeking this information include government agencies that oversee the health care system, government benefit programs, other government regulatory programs and entities subject to the civil rights laws.
* For judicial and administrative proceedings. We may use or disclose your medical information in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal, or in certain conditions in response to a subpoena, discovery request or other lawful process not accompanied by an order of a court or administrative tribunal.
* For law enforcement purposes. We may disclose your medical information for a law enforcement purpose to a law enforcement official if certain conditions are met.
* So that coroners, medical examiners, and funeral directors can carry out their duties.
We may disclose medical information to a coroner or medical examiner for the purpose of identifying a deceased person, determining cause of death, or performing other duties authorized by law. We may also disclose medical information to funeral directors, consistent with applicable law, where such information is necessary to carry out the funeral directors' duties with respect to the deceased.
* To facilitate organ, eye, or tissue donation and transplantation. We may disclose medical information to organ procurement organizations or other similar entities for the purpose of facilitating organ, eye, or tissue donation and transplantation.
* For research purposes. We may use or disclose your medical information for research purposes, if certain conditions are met.
* To avert a serious threat to health or safety. We may, consistent with applicable law and standards of ethical conduct, use or disclose medical information if we believe that the use or disclosure is necessary to prevent or lessen a serious threat to the health or safety of a person or the public; provided that, if a disclosure is made, it must be to a person(s) reasonably able to prevent or lessen the threat. We may also use or disclose medical information if we believe that the use or disclosure is necessary for law enforcement authorities to identify or apprehend an individual who: (i) admits to participation in a violent crime that we reasonably believe caused serious physical harm to the victim, or (ii) appears to have escaped from a correctional institution or lawful custody.
* For military activities. We may use or disclose medical information of individuals who are Armed Forces personnel for activities deemed necessary to assure proper execution of military missions, provided certain conditions are met. We may also use or disclose medical information of individuals who are foreign military personnel to their appropriate foreign military authority for activities deemed necessary to assure proper execution of military missions, provided certain conditions are met.
* For national security and intelligence activities. We may disclose medical information to authorized federal officials for the conduct of lawful intelligence, counter-intelligence, and other national security activities authorized by the National Security Act and implementing authority. We may also disclose medical information to authorized federal officials for the protection of the President or other persons, or for certain federal investigations.
* For the information of correctional institutions or other law enforcement custodians. Should you be an inmate of a correctional institution or be in the lawful custody of a law enforcement official, we may disclose your medical information to the institution or the official if necessary for your health, the health and safety of other inmates or law enforcement, and the safety of the institution at which you reside. An inmate does not have the right to the Notice of Privacy Practices.
* For workers' compensation purposes. We may disclose your medical information to the extent authorized by and to the extent necessary to comply with laws relating to workers' compensation or to other similar programs established by law.
* We may disclose medical information about you to a friend or family member who is involved in your medical care, or to disaster relief authorities so that your family can be notified of your location and condition.
* We may use or disclose your medical information to notify or assist in notifying a family member, personal representative, or another person responsible for your care, about your location, general condition, or death.
* If you are deceased, we may disclose medical information about you to a friend or family member who was involved in your medical care prior to your death, limited to information relevant to that person’s involvement, unless doing so would be inconsistent with wishes you expressed to us during your life. We are required to protect your medical information in accordance with the Federal HIPAA Privacy Rule for 50 years after your death.
* There are some services provided to us through contracts with entities known as business associates. We will disclose your medical information to our business associates and allow them to create, use and disclose your information to perform their jobs for us. For example, we may disclose your medical information to an outside billing company who assists us in billing insurance companies. To protect your health information, however, we will seek assurances from the business associate that it has implemented appropriate safeguards to protect your information.
* If you are admitted as an OHRH or an OHMCH patient, unless you tell us otherwise, we will list in the patient directory your name, location in the hospital, your general condition (good, fair, etc.) and your religious affiliation, and will release all but your religious affiliation to anyone who asks about you by name. Your religious affiliation may be disclosed only to a clergy member, and even if they do not ask for you by name.
- State law restrictions on information regarding certain conditions. Kentucky has more stringent laws than the HIPAA Privacy Rule with respect to HIV/AIDs status and mental health and chemical dependency, and Indiana has more stringent laws than the HIPAA Privacy Rule with respect to Medicaid information, communicable diseases, mental health, and substance abuse (we are allowed to disclose this information only under certain limited circumstances and/or to specific recipients). In addition, Indiana law generally requires your written authorization to disclose your identity in connection with a release of your medical information for our business purposes, unless essential to the purpose or to quality assurance or peer review. In situations in which these laws apply to your information, we will comply with these more stringent laws.
- We may use, or disclose to a business associate or to Owensboro Health Foundation or any other institutionally-related foundation, the following information to contact you for our fundraising activities: your name, address, other contact information, age, gender and date of birth; the department(s) where you received services, your treating physician, your outcome information, your health insurance status, and the dates you received services. We raise funds to expand and support health-care services, educational programs, and research activities related to curing disease. You have the right to opt out of receiving our fundraising communications. If you opt out of receiving fundraising communications, you can always choose to opt back in with respect to specific campaigns or ask to be contacted for our fundraising efforts by e-mailing or calling us at 270-688-2113. We do not condition treating you on your choice of whether to receive fundraising communications.
- Certain uses and disclosures by us of your medical information require that we obtain your prior written authorization. These include:
* Psychotherapy Notes. If Psychotherapy Notes are created for your treatment, most uses and disclosures of these notes will require your prior written authorization.
“Psychotherapy Notes” means notes recorded (in any medium) by a healthcare provider who is a mental health professional documenting or analyzing the contents of conversation during a private counseling session or a group, joint, or family counseling session and that are separated from the rest of the individual’s medical record.
“Psychotherapy Notes” excludes medication prescription and monitoring, counseling session start and stop times, the modalities and frequencies of treatment furnished, results of clinical tests, and any summary of the following items: diagnosis, functional status, the treatment plan, symptoms, prognosis, and progress to date.
* Marketing. If we use or disclose your medical information for marketing purposes, we must first obtain your written authorization to do so, except if the communication is face-to-face by us to you, or is a promotional gift of nominal value.
* Sale of your medical information. If a disclosure of your medical information would constitute a sale of it, we must first obtain your written authorization to do so.
Other Uses And Disclosures Of Medical Information
- In any other situation not described in this notice, we are required to obtain your written authorization before using or disclosing your medical information. If you choose to authorize use or disclosure, you can later revoke that authorization by notifying us in writing of your decision. However, the revocation will not be effective (1) to the extent we took action in reliance on the authorization before receiving the revocation, or (2) if the authorization was obtained as a condition of obtaining insurance coverage, other law provides the insurer with the right to contest a claim under the policy or the policy itself.
Your Rights Regarding Medical Information About You
- In most cases, you have the right to look at and to get a copy of your medical records and billing records that we maintain or that are maintained for us, when you submit a written request. If the information is maintained electronically and if you request an electronic copy, we will provide you with an electronic copy in the form and format requested by you, if it is readily producible in that form and format (if it is not, then we will agree with you on a readable electronic form and format). You can direct us to transmit the copy directly to another person if you submit a signed written request to our Privacy and Security Officer below that identifies the person to whom you want the copy sent and where to send it in. If you request copies, we may charge a reasonable cost-based fee for the labor involved in copying the information, the supplies for creating the paper copy or the cost of the portable media, postage, and providing a summary of your records, if you request a summary. If we deny your request to review or obtain a copy of your medical or billing records, you may submit a written request for a review of that decision.
- If you believe that information in your medical or billing records is incorrect or if important information is missing, you have the right to request that we correct the records, by submitting a request in writing to our Privacy and Security Officer that provides your reason for requesting the amendment. We could deny your request to amend a record for a number of reasons, including: if the information was not created by us; if it is not part of the information maintained about you by or for us; or if we determine that record is accurate and complete. You may submit a written statement of disagreement with our decision not to amend a record.
- You have the right to a list of those instances where we have disclosed medical information about you, except in certain instances. These instances include: disclosures for treatment, payment and health care operations; disclosures made to you; disclosures incident to a use or disclosure permitted or required by the Federal HIPAA Privacy Rule; disclosures authorized by you; disclosures for our directory; disclosures to persons involved in your care or to disaster relief authorities; disclosures for national security and intelligence purposes; disclosures to correctional institutions or law enforcement officials; disclosures that are part of a limited data set; and disclosures occurring more than six years prior to the date of your request. You must submit a written request to our Privacy and Security Officer to obtain the list of those instances where we have disclosed medical information about you. The request must state the time period desired for the accounting, which must be less than a six-year period from the date of the request. You may receive the list in paper or electronic form. The first disclosure list request in a 12-month period is free; other requests will be charged according to our cost of producing the list. We will inform you of the cost before you incur any costs.
- You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone involved in your care or the payment for your care, like a family member or a friend. For example, you could ask that we not use or disclose information about a surgery you had. We will inform you of our decision on your request. Requests should be submitted in writing to our Privacy and Security Officer whose address is listed at the end of this notice.
We must comply with a request from you not to disclose your medical information to a health plan, if the purpose for the disclosure is not related to treatment, and the healthcare items or services to which the information applies (such as a genetic test) have been paid for out-of-pocket and in full; otherwise, we are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment. Except for restrictions that we must comply with relating to health plans, we may terminate our agreement to a restriction at any time by notifying you in writing, but our termination will only apply to information created or received after we sent you the notice of termination, unless you agree to make the termination retroactive.
- You have the right to receive a paper copy of this notice upon request.
- You have the right to request that medical information about you be communicated to you in a confidential manner, such as sending mail to an address other than your home, by notifying us in writing of the specific way or location for us to use to communicate with you. We may condition our agreement on information as to how payment will be handled and specification of an alternate address or other method of contact.
- If you are concerned that your privacy rights may have been violated, or you disagree with a decision we made about access to your records, you may contact our Privacy and Security Officer (listed below). You may also contact our Compliance Department at 270-691-8240 or the Owensboro Health Hotline, a 24-hour hotline, at 855-632-1920. You may also send a written complaint to the U.S. Department of Health and Human Services Office of Civil Rights. Our Privacy and Security Officer can provide you the address. Under no circumstances will you be penalized or retaliated against for filing a complaint.
Privacy & Security Officer
E-Mail or call 270-417-6990
1201 Pleasant Valley Road
Owensboro, KY 42303