This Notice is being given to you because federal law gives you the right to be told ahead of time about how the Allegheny Health Network Providers (AHNP) handle your protected health information (PHI), our Network’s legal duties related to your protected health information and your rights with regard to your protected health information. This notice applies to the privacy practices of the organizations listed below and any other additional entities or physicians that join Allegheny Health Network from time to time. As participants in an Organized Health Care Arrangement (OHCA) we may share with each other your protected health information, and the medical information of others we service, for the health care operations of our joint activities.
We must give you a notice that tells you how we may use and share your health information and how you can exercise your health privacy rights. We respect your right to privacy and function to ensure your confidentiality by following federal and state laws concerning protected health information. This Notice describes the manner and means by which AHNP demonstrates the appropriate privacy measures.
We understand that medical information about you and your health is important to you. We are committed to protecting the privacy of your protected health information. “Protected Health Information” (PHI) is your individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health plan, your employer, or a health care clearinghouse that relates to: (i) info your past, present, or future physical or mental health or condition; (ii) the provision of health care to you; or (iii) the past, present, or future payment for the provision of health care to you.
This Notice describes our privacy practices, which include how we may use, disclose, collect, handle, and protect our patients’ PHI. This Notice applies to all of the records of your care generated by us. It also describes your rights and our obligations regarding use and disclosure of your protected health information. We are required by applicable federal and state laws to maintain the privacy of your PHI. We also are required by the HIPAA Privacy Rule (45 C.F.R. parts 160 and 164, as amended) to give you this Notice about our privacy practices, our legal duties, and your rights concerning your PHI.
Each time you visit a hospital, physician, or other health care provider, a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, response to treatment, and a plan for future care or treatment. This information, often referred to as your health or medical record, serves as a:
We use your health information within the AHNP and disclose your health information outside of the AHNP for the reasons described in this Notice. The following categories describe some of the ways that we may use and disclose your health information.
The term “may” means that the AHNP is permitted under federal law to use or disclose this information without obtaining an additional or specific authorization from you to do so. Even though we may be permitted to use or disclose information in a given instance, it does not mean that we will disclose the information.
We will restrict use and disclosure concerning AIDS / HIV, mental health, behavioral health and alcohol and drug treatment or other particular categories of health information based upon state law if state law is more stringent or provides additional patient privacy safeguards not included in federal regulations.
We use your PHI to enable delivery of health care services and for other activities that are included within the definition of “treatment” as set out in 45 C.F.R. § 164.501. Information obtained by a nurse, physician, or other member of your health care team will be recorded in your record and used to determine the course of treatment that should work best for you. We may disclose your PHI to other doctors, medical students, hospitals, pharmacies or other persons who are integral to providing you care. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process.
We also may disclose your PHI to others who may help in your care, such as your spouse, children or parents.
We may use and disclose your PHI for all activities that are included within the definition of “payment” as set out in 45 C.F.R. § 164.501. For example, we may use and disclose your PHI to coordinate with you, your insurance company, or another third party to ensure that the health care you receive is billed and paid for appropriately. This PHI may include information that identifies you, as well as your diagnosis, procedures, and supplies used.
Additionally, we may also seek prior payment approval from your health plan concerning treatments you are scheduled to receive or determine if your health plan will pay for the treatment. For example, obtaining approval for a hospital stay may require that your relevant PHI be disclosed to your health plan to obtain approval for hospital admission.
We may use and disclose your PHI for all activities included within the definition of “health care operations” as set out in 45 C.F.R § 164.501. These uses and disclosures help us maintain and improve patient care and may be used for our health care operations or the operations of another entity that has a direct treating relationship with you.
We may use PHI about many patients to ascertain what new services to offer, what practices are not needed, and whether certain methods of treatment are effective. We may also disclose PHI to doctors, nurses, technicians and other persons to improve the quality of treatment and service.
We may use and / or disclose your PHI as permitted or required by federal, state or local law, in the following situations:
We may use contact information, such as your name, address and phone number and the dates you received treatment or services, to contact you in an effort to raise money to support our fundraising efforts. We may disclose this contact information to a related foundation so that the foundation may contact you in raising money to support our fundraising efforts. You have a right to “opt-out” of receiving these communications. If you do not want to be contacted for fundraising efforts, you must notify us in writing.
We may use and disclose your PHI for certain research purposes consistent with applicable law. We will obtain authorization to use your PHI for research purposes except when permitted under the privacy regulation at §164.512, such as when an Institutional Review Board or a Privacy Board approved the use or sharing of information without an authorization after reviewing and approving the research and establishing protocols to protect the privacy of the information. If you agree to participate in an approved research study, you will be asked to read and sign an authorization document. Under this circumstance, we may use and disclose medical information about you for the purpose of the research study to which you provided your authorization.
We may use and disclose your PHI in the course of training people to become doctors, nurses and other kinds of health care providers.
We may disclose your PHI to others called “Business Associates,” who perform services on our behalf. An example of a Business Associate is a billing company that bills for the services we provide. The Business Associate must agree in writing to protect the confidentiality of the PHI.
We may use or disclose your PHI for marketing purposes without your permission in certain situations, such as when we discuss products or services with you face to face or to provide you with an inexpensive promotional gift related to the product or service. We also may contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you when permitted by law. For other types of marketing activities we will obtain your written permission before using or disclosing your PHI.
Unless you notify us that you object, we will use your name, the location at which you are receiving care, phone number and / or room number (if applicable), and religious affiliation or house of worship for directory purposes. Except for religious affiliation or house of worship, this information may be provided to others who ask for you by name.
We may use or disclose your name and / or room number and phone number (if applicable) in order to notify or assist in notifying a family member, personal representative, or another person as may be necessary for your care.
AHNP may participate in Health Information Exchange (HIE), which will provide you with the choice to opt-in or opt-out. An HIE is a secure electronic data sharing network. In accordance with federal and state privacy regulations, health care providers participate in an HIE to exchange patient information in order to facilitate health care, avoid duplication of services, such as tests, and to reduce the likelihood that medical errors will occur. The HIE allows your health information to be shared among authorized participating health care providers, such as health systems, hospitals and physicians, for the purposes of Treatment, Payment or health care operations purposes. Examples of this health information may include:
All participating providers who provide services to you may have the ability to access your information. Providers that do not provide services to you will not have access to your information. Information may be provided to others as necessary for referral, consultation, treatment or the provision of other health care services, such as pharmacy or laboratory services. All participating providers have agreed to a set of standards relating to their use and disclosure of the information available through the HIE. Your health information shall be available to all participating providers through the HIE.
Other Uses of Health Information
Other uses and disclosures of PHI not covered by this Notice or applicable laws will be made only with your written authorization. For example, we will not sell your PHI without your authorization unless permitted by law. Similarly, most disclosures of psychotherapy notes (if any) require your authorization. You may revoke the authorization, at any time, in writing. The revocation will apply to all disclosures except those which were made prior to receiving the revocation.
Although your record is the property of AHN, the PHI in it belongs to you. You have the following rights:
You have the right to look at or get copies of your PHI in a designated record set. Generally, a “designated record set” contains medical and billing records, as well as other records that are used to make decisions about your health care benefits. However, you may not inspect or copy psychotherapy notes or certain other information that may be contained in a designated record set. You may request that we provide copies in a format other than photocopies, including electronic access. We will use the format you request unless we cannot practicably do so. You must make a request in writing to obtain access to your PHI. To inspect and / or copy your PHI, you may obtain a form to request access by using the contact information listed at the end of this Notice. We may charge you a reasonable, cost-based fee for responding to these requests.
We may deny your request to inspect and copy your PHI in certain limited circumstances. If you are denied access to your information, you may request that the denial be reviewed. A licensed health care professional chosen by us will review your request and the denial. The person performing this review will not be the same one who denied your initial request. Under certain conditions, our denial will not be reviewable. If this event occurs, we will inform you in our denial that the decision is not reviewable.
If you believe that your PHI is incorrect or incomplete, you have the right to request that we amend or append your PHI. Your request must be in writing, and it must explain why the information should be amended.
We may deny your request. If you disagree with our decision, you may submit your written statement of disagreement to be appended to the information you wanted amended. If we accept your request to amend the information, we will make reasonable efforts to inform others, including people you name, of the amendment and to include the changes in any future disclosures of that information.
You have a right to an accounting of certain disclosures of your PHI as prescribed by law that are for reasons other than treatment, payment or health care operations.
An “accounting of disclosures” provides a list of disclosures of PHI. The list includes the date(s) of the disclosure, to whom we made the disclosure, a brief description of the information disclosed, and the purpose for the disclosure. The first list you request within a 12-month period will be free. If you request this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests.
You may request restrictions on our use and disclosure of your PHI for treatment, payment and health care operations. However, we are not obligated to agree to your request in all situations.
Any agreement we may make to a request for additional restrictions must be in writing signed by a person authorized to make such an agreement on our behalf. You may terminate this restriction if you submit the termination in writing, or if we inform you that we are terminating the restriction. Any termination will apply only to PHI created or received after receipt of the termination.
In your written request tell us: (1) the information whose disclosure you want to limit; and (2) how you want to limit our use and / or disclosure of the information.
In the event that products or services were paid out of pocket in full, at your request, we will not share information about those services with a health plan for purposes of payment or health care operations. “Health plan” means an organization that pays for your medical care.
You have the right to request that we communicate with you in confidence about your PHI by alternative means or to an alternative address. For example, you may ask that we contact you only at your work address or via your work email.
Although you may initiate your request verbally, you must make your request in writing. You do not need to provide a reason for your request. We must reasonably honor your request. However, the request must allow us to communicate and serve you effectively.
You have the right to a paper copy of this Notice. You may obtain a copy of this Notice by requesting it at the AHN entity or AHN website or by contacting the Privacy Officer at the address below.
In the event of breach of your unsecured health information, we will provide you notification of such a breach as required by law or where we otherwise deem appropriate.
On an ongoing basis, we will review and monitor our privacy practices to ensure the privacy of our patients’ PHI. Due to changing circumstances, it may become necessary to revise our privacy practices and the terms of this Notice. We reserve the right to make changes in our privacy practices, and the new terms of our Notice will become effective for all PHI we created or received before we made the changes. Before we make a material change in our privacy practices, we will change this Notice and post a copy of the current Notice at our facilities.
If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI or in response to a request you made to amend or restrict the use or disclosure of your PHI or to have us communicate with you in confidence by alternative means or at an alternative location, you may complain to us using the contact information listed below.
You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request.
We support your right to protect the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
Allegheny Clinic
Chief Privacy Officer
120 5th Avenue Place
Pittsburgh, PA 15222
Allegheny Health Network
Chief Privacy Officer
120 5th Avenue Place
Pittsburgh, PA 15222
Bethel Park Health + Wellness Pavilion
1000-1010 Higbee Drive
Bethel Park, PA 15102
Healthcare@Home
Privacy Officer
Four Allegheny Center Ninth Floor
Pittsburgh, PA 15212
Jefferson Hospital
Privacy Officer
565 Coal Valley Road
Jefferson Hills, PA 15025
Lake Erie Medical Group, PC
Executive Director / Compliance
Liaison 145 West 23rd Street, Suite 202
Erie, PA 16502
Monroeville Surgery Center
4121 Monroeville Boulevard
Monroeville, PA 15146
Peters Township Health + Wellness Pavilion
160 Gallery Drive
McMurray, PA 15317
Premier Medical Associates, PC
Compliance & Privacy Officer
3824 Northern Pike, Suite 700
Monroeville, PA 15146
Saint Vincent Hospital
Privacy Officer
232 West 25th Street
Erie, PA 16544
West Penn Allegheny Health System (includes Allegheny General Hospital, Allegheny Valley Hospital, Canonsburg Hospital, Forbes Hospital and West Penn Hospital)
Privacy Officer
120 5th Avenue Place
Pittsburgh, PA 15222
Wexford Health + Wellness Pavilion
12311 Perry Highway
Wexford, PA 15090
Wexford Hospital
12351 Perry Highway
Wexford, PA 15090
*Revised January 1, 2015; January 1, 2016.
