HIPAA and Your Privacy
A Summary of the HIPAA Law
"HIPAA" is an acronym for the Health Insurance Portability & Accountability Act (of 1996). Public Law 104-191 amended the Internal Revenue Service Code of 1986 which was also known as the Kennedy-Kassebaum Act. Title II of the Act, entitled Administrative Simplification, requires:
- Improved efficiency in healthcare delivery by standardizing electronic data interchange, and
- protection of confidentiality and security of health data through setting and enforcing standards.
More specifically, HIPAA called upon the Department of Health and Human Services (HHS) to publish new rules to ensure:
- Standardization of electronic patient health, administrative and financial data.
- Unique health identifiers for individuals, employers, health plans and health care providers.
- Security standards protecting the confidentiality and integrity of "individually identifiable health information," past, present or future.
Madison County Memorial Hospital Notice Of Privacy Practices
This notice describes the Privacy Practices of Madison County Hospital Health Systems, Inc. d/b/a Madison County Memorial Hospital, Four Freedoms Health Services, and applies to members of the medical staff when seeing patients in our facilities. The notice describes how Medical information about you may be used and disclosed, and how you can get access to this information. Please review it carefully.
I. Our responsibilities to safeguard your protected health information.
We are required by law to provide you with this notice about the hospitalís privacy practices that explains how, when, and why we use and disclose your protected health information. With some exceptions, we may not use or disclose any more than the minimum necessary protected health information to accomplish the purpose of the use or disclosure. We are legally required to follow the privacy practices that are described in this notice.
However, we reserve the right to change the terms of this notice and our privacy policies at any time. Any changes will apply to the protected health information we already have. Before we make an important change to our policies, we will promptly change this notice and post a new notice in the Hospitalís main reception area, admissions/emergency room waiting area, the business office reception area, and in the reception areas of all entities affiliated with the Hospital, such as its clinics and home health offices. You can also request a copy of this notice from the hospitalís Privacy Officer at the address listed below at any time.
II. Who will follow this Notice.
Any healthcare professionals authorized to enter information into your medical record, the employees of all departments and units of the system, students and volunteers, we allow to help you while you are in the facility, all contracted services, and all members of our workforce.
III. How your protected health information may be used.
A. We use health information about you for medical treatment purposes, to obtain payment for treatment, and for healthcare operations such as evaluating the quality of care that you receive. For some of these uses or disclosures, we do not need your prior authorization. Below, we describe the different categories of our uses and disclosures that do not need your authorization and give you some examples in each category.
1. For treatment.
For example: Information obtained by a nurse, physician, or other member of your healthcare team will be recorded in your record and used to determine the course of your treatment.
Your physician will document in your record his or her medical orders to the members of your healthcare team. Members of your healthcare team will then record the actions they took to fulfill these orders as well as their observations of your response to these medical treatments. In that way, the physician will know how you are responding to treatment. We may also provide your physician, or a subsequent healthcare provider, with copies of various reports that should assist him or her in treating you once youíre discharged from this hospital.
2. To obtain payment for treatment.
For Example: We may use, and disclose, your protected health information in order to bill and collect payment for the treatment and services provided to you. We may provide portions of your protected health information to our billing department and your (insurance) health plan to get paid for the health care services we provided to you. We may also provide your protected health information to our business associates, such as billing companies, claims processing companies, and others that process our health care claims. ďUnder Florida Law, we are required to have your authorization to disclose your records for payment purposes.Ē
3. For health care operations.
For Example: Members of the medical staff, the risk or quality improvement manager, or members of the quality improvement team, may use information in your health record to assess the care and outcomes in your case. This information can then be used in an effort to continually improve the quality and effectiveness of the healthcare and service we provide.
B. There are other uses and disclosures that do not require your authorization. We may use and disclose your protected health information without your authorization for the following reasons:
1. When a disclosure is required by federal, state or local law, judicial or administrative proceedings, or law enforcement. For example, we make disclosures when a law requires that we report information to government agencies and law enforcement personnel about victims of abuse, neglect, or domestic violence; when dealing with gunshot and other wounds; or when ordered in a judicial or administrative proceeding.
2. For public health activities. For example, we report information about births, deaths, and various diseases, to government officials in charge of collecting that information, and we provide coroners, medical examiners, and funeral directors necessary information relating to an individualís death.
3. For health oversight activities. For instance, we will provide information to assist the government when it conducts an investigation or inspection of a health care provider or organization.
4. For purposes of organ donation. We may notify organ procurement organizations to assist them in organ, eye, or tissue donation and transplants.
5. For research purposes. In certain circumstances, we may provide patient protected health information in order to conduct medical research.
6. To avoid harm. In order to avoid a serious threat to the health and safety of a person or the public, we may provide patient protected health information to law enforcement personnel or persons able to prevent or lessen such harm.
7. For specific government functions. We may disclose patient protected health information of military personnel and veterans in certain situations. And we may disclose patient protected health information for national security purposes, such as protecting the President of the United States or conducting intelligence operations.
8. For workersí compensation purposes. We may provide patient protected health information in order to comply with workersí compensation laws.
9. Appointment reminders and health-related benefits or services. We may use patient protected health information to provide appointment reminders or give you information about treatment alternatives, or other health care services or benefits we offer.
10. Fundraising activities. We may use patient protected health information to raise funds for our organization.
The money raised through these activities is used to expand and support the health care services and educational programs we provide to the community. If you do not wish to be contacted as part of our fundraising efforts, please contact the person in section V below.
C. There are certain uses and disclosures to which you will have the opportunity to object. In the following situations we may disclose your protected health information if we inform you about the disclosure in advance and you do not object. If there is an emergency and you cannot be given the opportunity to object, we may disclose your health information consistent with any prior expressed wishes if it is determined by a healthcare professional that it is in your best interests. If you are unable to consent in an emergency, you will be given the opportunity to object as soon as you are able to do so.
1. Patient Directories. We may include your name, location in this facility, general condition, and religious affiliation, in our patient directory for use by clergy, or visitors who ask for you by name, unless you object in whole or in part.
2. Disclosures to family, friends, or others. We may provide your protected health information to a family member, friend, or other person that you indicate is involved in your care or the payment for your health care, unless you object in whole or in part.
All other uses and disclosures require your prior written authorization. In any other situation not described previously we will ask for your written authorization before using or disclosing any of your protected health information. If you choose to sign an authorization to disclose your protected health information, you can later revoke that authorization in writing to stop any future uses and disclosures (to the extent that we havenít already taken any action relying on the authorization).
IV. Your rights regarding your protected health information.
You have the right to ask that we limit how we use and disclose your protected health information. We will consider your request but are not legally required to accept it. If we accept your request, we will put any limits in writing and abide by them except in emergency situations. You may not limit the uses and disclosures that we are legally required or allowed to make.
You have the right to ask that we send information to you to an alternate address (for example, sending information to your work address rather than your home address) or by alternate means (for example, e-mail instead of regular mail). We must agree to your request so long as we can easily provide it in the format you requested.
In most cases, you have the right to look at or get copies of your protected health information that we have, but you must make the request in writing. If we do not have your protected health information, but we know who does, we will tell you how to get it. We will respond to you within 30 days after receiving your written request. In certain situations, we may deny your request. If we do, we will tell you, in writing, our reasons for the denial and explain your right to have the denial reviewed.
If you request copies of your protected health information, we can charge you up to $1.00 for each page up to twenty-five (25) pages, then 25 cents per page thereafter. Instead of providing the protected health information you requested, we may provide you with a summary or explanation of the information as long as you agree to that and to the cost in advance.
You have the right to get a list of instances in which we have disclosed your protected health information. The list will not include uses or disclosures such as those made for treatment, payment, or health care operations, or pursuant to your authorization, or uses and disclosures made directly to you, to your family, or in our facility directory. The list also will not include uses and disclosures made for national security purposes, to corrections or law enforcement personnel, or before April 14, 2003. We will respond within 60 days of receiving your request. The list we will give you will include disclosures made in the last six years unless you request a shorter time. The list will include the date of the disclosure, to whom your protected health information was disclosed (including their address, if known), a description of the information disclosed, and the reason for the disclosure. We will provide the list to you at no charge, but if you make more than one request in the same 12 month period, we may charge you $1.00 per page, up to twenty-five (25) pages, then 25 cents per page thereafter, for each additional request.
If you believe that there is a mistake in your protected health information or that a piece of important information is missing, you have the right to request that we correct the existing information or add the missing information. You must provide the request and your reason for the request in writing. We will review your request and respond within 60 days of receiving your request. We may deny your request in writing if the protected health information is (i) correct and complete, (ii) not created by us, (iii) not allowed to be disclosed, or (iv) not part of our records. Our written denial will state the reasons for the denial and explain your right to file a written statement of disagreement with the denial.
If you do not file one, you have the right to request your request and our denial be attached to all future disclosures of your protected health information. If we approve your request, we will make the change to your protected health information, tell you that we have done it, and others that need to know about the change to your protected health information.
You have the right to get a copy of this notice by e-mail. Even if you have agreed to receive notice via e-mail, you also have the right to request a paper copy of this notice.
V. How to Complain about our privacy practices.
If you think that we may have violated your privacy rights, or you disagree with a decision we made about access to your protected health information, you may file a complaint with the person listed in Section V below. We will take no retaliatory action against you if you file a complaint about our privacy practices. You also may send a written complaint to the Secretary of the Department of Health and Human Services at the following address:
Unresolved complaints shall be subject to binding arbitration in Madison, Florida, under the rules of the American Arbitration Association with each party to pay its own attorneys fees and costs.
VI. Person to contact for information about this notice or to complain about our privacy practices.
If you have any questions about this notice or any complaints about our privacy practices, or would like to know how to file a complaint with the Secretary of the Department of Health and Human Resources, please contact:
Or call the Hospitalís Corporate Compliance Hotline at (850) 253-1923.
Effective Date of this Notice: April 14, 2003