Notice of Privacy Practices
Effective Date: July 2019
This notice describes how your medical information may be used or disclosed and how you can access the information. Please review it carefully.
Our Pledge Regarding Your Medical Information:
This notice is intended to inform you about our practices related to the protection of your medical information. We are required by law to follow the terms of the current notice.
This notice explains how we may use and disclose (i.e. share) your medical information, our responsibilities related to the use and disclosure of that medical information, and your rights related to medical information we have and maintain about you. When we use the words “medical information,” we mean health information that identifies you, known as Protected Health Information or “PHI.” This notice applies to all such information about your past, present, or future health or conditions; genetic information; pharmacy and prescription records; the reasons you sought care from us; the care received; and the payment for services.
We may ask, but we are not required to ask, your permission for the use or disclosure of your medical information for treatment, payment, or health care operations. We are required to ask for your permission for the use or disclosure of information for other specific purposes or reasons. We have listed some of the types of uses and disclosures below. Not every use or disclosure is covered, but all of the ways we can use and disclose information will fall into one of these categories.
Who Will Follow This Notice
All CoxHealth facilities, departments, clinics and Affiliated Covered Entities existing now or in the future. This notice also applies to all employees, contractors, physicians and other health care providers, volunteers, and students in our facilities. These individuals may share medical information as described here. All are referred to collectively as “CoxHealth”.
When it comes to your medical information, you have the right to:
- Get a copy of your information. We will provide a copy or a summary of your medical information, usually within 30 days of your request. We can charge a reasonable, cost-based fee for this service. Please contact Health Information Management for records.
- Ask us to correct or amend your record if you believe it to be incorrect or incomplete. We have the right to deny your request, but we will tell you why in writing within 60 days. Please contact Health Information Management about this process.
- Request confidential communications or ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address. We will agree to all such requests that are reasonable. Please let CoxHealth know if you have such a request.
- Ask us not to use or share certain information with others. We are not required to agree to your request and certain laws require us to share that information. We may also deny the request if it would affect your care. In addition, if you pay for a service or health care item out-of-pocket in full, you can ask us not to share that information with your health insurer. Please let the HIPAA Privacy and Security Officer know if you have such a request.
- Get a list of who we shared your information with for the last 6 years and why. We will include all the disclosures except for those for treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). One list a year is free. There will be a reasonable, cost-based fee if you ask for another one within 12 months. Please contact the HIPAA Privacy and Security Officer for an accounting of disclosures.
- Promptly get a copy of this privacy notice in paper or electronic form upon request. Please contact the HIPAA Privacy and Security Officer for an additional copy of this notice or visit our website, www.coxhealth.com.
- Choose someone to act for you. We will make sure this person has legal authority to act on your behalf before we take any action. Please let registration, case management or care staff know about this choice.
- Be notified. If there is a breach of your information, we may be required to notify you, including telling you what happened and what you can do to protect yourself.
- File a complaint. Please contact our HIPAA Privacy Officer. You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. We will not retaliate against you for filing a complaint.
Our Uses & Disclosures
We use or share your medical information in the following ways:
We use your medical information and share it with others treating you. For example:
- A doctor treating you for an injury asks another doctor about your overall health as part of treating you.
- A doctor needs to review your records to know your allergies before prescribing drugs.
- Employees need to share your medical information with each other to provide the best healthcare, before and after discharge or treatment.
We use and share your information to run our clinic practices and hospitals, improve your care, provide quality care, and contact you when necessary. For example:
- We manage your treatment within our different hospitals and clinics.
- We share with outside organizations for them to provide services to you on our behalf, such as a referral for care.
- We ask you to rate our staff’s performance and combine it with other patients’ opinions to help us judge whether CoxHealth should add or change services and evaluate our services.
We use and share your information to get payment for services. For example:
- We give your information to your health insurance plan to pay for your services.
- We give your information to our outside billing companies, collections agencies or other covered entities that have provided services to you on our behalf (such as ambulance service providers, Ozark Anesthesia Associates, Inc. and Pathology Services of Springfield, P.C.) so they can collect a payment from you. Please be aware you may receive separate bills.
- We will share your information to a court of law as part of the collections process.
Health Information Exchanges
We participate in one or more Health Information Exchanges (“HIE”) and may electronically share your information for treatment, payment and health care operations purposes with other participants in the HIEs. HIEs allow your health care providers, inside and outside the CoxHealth system, to access and use your information for treatment and other lawful purposes. If you do not opt-out of this exchange of information, we may provide your information to the HIEs in accordance with applicable law.
How else do we share your information?
We also share your information as follows:
- To help with public health and safety issues. Your information is helpful to: prevent or notify others about certain diseases; help with product recalls; report adverse reactions to medications; report suspected abuse, neglect, or violence; an emergency or disaster event; a public health reporting authority; health oversight activities such as audits, investigations, inspections and licensures; and prevent or reduce a serious threat to anyone’s health or safety.
- For research.
- To comply with local, state, and federal law.
- To respond to organ and tissue donation requests.
- To work with a medical examiner, coroner or funeral director.
- To address workers’ compensation, criminal activity, law enforcement, and other government requests.
- To respond to lawsuits, legal actions, administrative orders, or in response to a subpoena.
- Immunization Records. We are required to obtain agreement, whether in writing or verbally, from a parent, guardian, or person acting in loco parentis prior to disclosing or providing proof of immunizations to an educational institution admitting a minor student. No separate written HIPAA authorization is required for this action by CoxHealth.
- Available Services. Unless you tell us otherwise, we will use your information to find benefits or services that may help you.
- Special Circumstances. In addition, CoxHealth reserves the right to allow your medical information to be de-identified and combined with other information in accordance with all applicable laws for uses such as research, public health activities, or other health care operations.
For certain medical information, you can tell us your choices about what we share. For example:
- Facility Directories (Hospital patients only). A facility directory may include your name, location in the facility, general condition, and religious affiliation (if provided). Unless you tell us otherwise, you will be included in the directory and information may be disclosed to people who ask for you by name. Unless you object, visiting community clergy or their staff may obtain your religious affiliation without asking for you by name. This can be prevented by not providing your religious affiliation or by affirmatively objecting.
- Individuals Involved in your Care. We will only disclose your information to a member of your family, a relative, or any other person you identify to us and we will limit such information to what they need to know about your care, unless you tell us otherwise. You will be asked to provide the names of these individuals. We are further permitted to make relevant disclosures to a deceased person’s family and friends under essentially the same circumstances such disclosures were permitted when the patient was alive.
- In an Emergency. Unless we know otherwise, we will use your information in an emergency. We will try to obtain your permission as soon as possible.
- Appointment Reminders / Scheduling / Follow up Calls. We may use and disclose information to contact you about an appointment, a referral visit, or to follow-up with you after a visit. For example, unless you tell us not to, we may leave a brief reminder on your answering machine or voicemail system about an appointment or procedure.
- Fundraising Activities. We may use or disclose your demographic information, health insurance status, general department of service information, treating physician information, outcome information and the dates you received treatment, as necessary, to contact you for fundraising activities supported by our organization. You have the right to opt out of such solicitations by notifying in writing the HIPAA Privacy and Security Officer.
If you are not able to tell us your preferences in the above situations (for example, if you are unconscious), we may share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
We may never share your information without permission for marketing purposes; any transaction in which CoxHealth receives direct or indirect financial payment in exchange for your information; or share your psychotherapy notes with other providers.
We are required by law to maintain the privacy and security of your information and to let you know promptly if a breach occurs that may have compromised the privacy or security of your information. We must follow the duties and privacy practices described in this notice and give you a copy of it. We will not use or share your information other than as described here unless you tell us we can do so. If you tell us we can, you may change your mind at any time by letting us know in writing. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Changes to the Terms of this Notice
This notice can change, and the changes will apply to all your information. The new notice will be available upon request, in our clinics and facilities, and on our website.
If you have any questions about this notice, please contact CoxHealth HIPAA Privacy Officer Tracy Bengsch.