Notice Of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

Who will follow this notice

This Notice is being given to you because federal law gives you the right to be told ahead of time about how the Allegheny Health Network Providers (AHNP) handle your protected health information (PHI), our Network’s legal duties related to your protected health information and your rights with regard to your protected health information. This notice applies to the privacy practices of the organizations listed below and any other additional entities or physicians that join Allegheny Health Network from time to time. As participants in an Organized Health Care Arrangement (OHCA) we may share with each other your protected health information, and the medical information of others we service, for the health care operations of our joint activities.

• Allegheny Clinic

• Bethel Park Health + Wellness Pavilion

• Emergency Medicine Physicians

• Healthcare@Home

• Jefferson Hospital entities including professional corporations controlled or owned by Jefferson Hospital; Emergency Physicians of Pittsburgh, Ltd.; Mahpareh Mostoufizadeh, M.D.; PC Pathology Group; Pittsburgh Anesthesia Associates, Ltd.; and Jefferson Hospital Medical Staff, Allied Health Professionals, Foundation Radiology Group and all associates, affiliates and doctors who take care of you in the hospitals and in doctors’ offices and other facilities controlled or operated by Jefferson Hospital.

• Lake Erie Medical Group, PC

• Monroeville Surgery Center

• Peters Township Health + Wellness Pavilion

• Premier Medical Associates, PC

• Saint Vincent Health Center and Saint Vincent Health System, including Saint Vincent Medical Education and Research Institute; Saint Vincent Rehab Solutions; Regional Home Health and Hospice; Westminster Family Practice; Saint Vincent Consultants in Cardiovascular Disease; Westfield Memorial Hospital and all associates, affiliates and doctors who take care of you in the hospitals and in doctors’ offices and other facilities controlled or operated by Saint Vincent Health System.

• West Penn Allegheny Health System (WPAHS) entities which include Allegheny General Hospital, Allegheny Medical Practice Network, Allegheny Valley Hospital, Canonsburg Hospital, Canonsburg Ambulance Company, Forbes Hospice, Forbes Hospital, West Penn Hospital, West Penn Allegheny Oncology Network, and all associates, affiliates and doctors who take care of you in the hospitals and in doctors’ offices and other facilities controlled or operated by WPAHS.

• Wexford Health + Wellness Pavilion
• Wexford Hospital

What is a notice of privacy practices?

We must give you a notice that tells you how we may use and share your health information and how you can exercise your health privacy rights. We respect your right to privacy and function to ensure your confidentiality by following federal and state laws concerning protected health information. This Notice describes the manner and means by which AHNP demonstrates the appropriate privacy measures.

We understand that medical information about you and your health is important to you. We are committed to protecting the privacy of your protected health information. “Protected Health Information” (PHI) is your individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health plan, your employer, or a health care clearinghouse that relates to: (i) info your past, present, or future physical or mental health or condition; (ii) the provision of health care to you; or (iii) the past, present, or future payment for the provision of health care to you.

This Notice describes our privacy practices, which include how we may use, disclose, collect, handle, and protect our patients’ PHI. This Notice applies to all of the records of your care generated by us. It also describes your rights and our obligations regarding use and disclosure of your protected health information. We are required by applicable federal and state laws to maintain the privacy of your PHI. We also are required by the HIPAA Privacy Rule (45 C.F.R. parts 160 and 164, as amended) to give you this Notice about our privacy practices, our legal duties, and your rights concerning your PHI.

Understanding your health record / information

Each time you visit a hospital, physician, or other health care provider, a record of your visit is made. Typically, this record contains your symptoms, examination and test results, diagnoses, treatment, response to treatment, and a plan for future care or treatment. This information, often referred to as your health or medical record, serves as a:

• Basis for planning your care and treatment

• Means of communication among the many health professionals who contribute to your care

• Legal document describing the care you received

• Means by which you or a third-party payer can verify that services billed were actually provided

• Tool in educating health professionals

• Potential source of data for medical research

• Source of information for public health officials charged with improving the health of the nation

• Source of data for facility planning and marketing

• Tool with which we can assess and continually work to improve the care we render and the outcomes we achieve

Uses and disclosures of protected health information (PHI)

We use your health information within the AHNP and disclose your health information outside of the AHNP for the reasons described in this Notice. The following categories describe some of the ways that we may use and disclose your health information.

The term “may” means that the AHNP is permitted under federal law to use or disclose this information without obtaining an additional or specific authorization from you to do so. Even though we may be permitted to use or disclose information in a given instance, it does not mean that we will disclose the information.

We will restrict use and disclosure concerning AIDS / HIV, mental health, behavioral health and alcohol and drug treatment or other particular categories of health information based upon state law if state law is more stringent or provides additional patient privacy safeguards not included in federal regulations.

1. Treatment

We use your PHI to enable delivery of health care services and for other activities that are included within the definition of “treatment” as set out in 45 C.F.R. § 164.501. Information obtained by a nurse, physician, or other member of your health care team will be recorded in your record and used to determine the course of treatment that should work best for you. We may disclose your PHI to other doctors, medical students, hospitals, pharmacies or other persons who are integral to providing you care. For example, a doctor treating you for a broken leg may need to know if you have diabetes because diabetes may slow the healing process.

We also may disclose your PHI to others who may help in your care, such as your spouse, children or parents.

2. Payment

We may use and disclose your PHI for all activities that are included within the definition of “payment” as set out in 45 C.F.R. § 164.501. For example, we may use and disclose your PHI to coordinate with you, your insurance company, or another third party to ensure that the health care you receive is billed and paid for appropriately. This PHI may include information that identifies you, as well as your diagnosis, procedures, and supplies used.

Additionally, we may also seek prior payment approval from your health plan concerning treatments you are scheduled to receive or determine if your health plan will pay for the treatment. For example, obtaining approval for a hospital stay may require that your relevant PHI be disclosed to your health plan to obtain approval for hospital admission.

3. Health care operations

We may use and disclose your PHI for all activities included within the definition of “health care operations” as set out in 45 C.F.R § 164.501. These uses and disclosures help us maintain and improve patient care and may be used for our health care operations or the operations of another entity that has a direct treating relationship with you.

We may use PHI about many patients to ascertain what new services to offer, what practices are not needed, and whether certain methods of treatment are effective. We may also disclose PHI to doctors, nurses, technicians and other persons to improve the quality of treatment and service.

• Appointment reminders. We may use and disclose your PHI to contact you and remind you of an appointment.
• Health-related benefits and services. We may use and disclose your PHI to tell you of health-related benefits or services that may be of interest to you.
• Release of information to family / friends. We may disclose your PHI to a friend or family member who is helping you pay for your health care, or who assists in taking care of you, unless you tell us not to do so. We may also disclose information to notify, or assist in notifying, a family member, personal representative or another person responsible for your care of your locations. If you are unable to agree or object to such a disclosure, we may disclose such information as necessary if we determine that it is in your best interest based on our professional judgment.
• Clergy. We may disclose your PHI as permitted by law to ministers, priests or other clergy in order to help them take care of your spiritual needs.

4. Legal obligations and public policy disclosures

We may use and / or disclose your PHI as permitted or required by federal, state or local law, in the following situations:

• To organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplants.

• Your PHI may be released if a work force member or business associate believes in good faith that there has been unlawful conduct or violation of professional or clinical standards which are potentially dangerous to one or more patients, workers or the public.

• To military authorities if you are a member of the armed forces (of either the United States or a foreign government).

• To workers’ compensation or similar programs to the extent authorized by and necessary to comply with laws relating to workers’ compensation or other similar programs established by law.

• To public health or legal authorities for public health activities. For example, to report births and deaths, or for the prevention or control of disease, injury, or disability, or, if directed by the public health authority, to a foreign government agency that is collaborating with the public health authority.

• In response to a court or administrative order, subpoena, discovery request, or other lawful process, but only if efforts have been made to tell you about the request.

• To law enforcement if asked to do so (1) to identify or locate a suspect, fugitive, material witness or missing person; (2) regarding the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; (3) regarding a death we believe may be the result of criminal conduct; (4) regarding criminal conduct at our facilities; or (5) in emergency circumstances to report information regarding a crime.

• We may disclose PHI to a medical examiner or coroner to identify a dead person or to identify the cause of death. If necessary, we will share PHI with funeral directors.

• We may use and disclose your PHI when necessary to reduce or prevent a serious threat to your health and safety or another individual or the public. Under these circumstances, we will only disclose your PHI to the person or organization able to help prevent the threat.

• We may disclose your PHI, if authorized by law, to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.

• We may disclose to the FDA health information related to known adverse events with respect to food, supplements, pharmaceuticals, product defects or information to enable product recalls, repairs or replacements.

• We may disclose your PHI to authorized federal officials for intelligence, counter-intelligence and other national security activities authorized by law.

• We may disclose your PHI to a health oversight agency for purposes of 1) monitoring the health care system, 2) determining benefit eligibility for Medicare, Medicaid and other government benefit programs, and 3) monitoring compliance with government regulations and civil rights laws.

• We may disclose your PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect. In addition, we may disclose your PHI if we believe that you have been a victim of abuse, neglect or domestic violence to the governmental entity or agency authorized to receive such information. In this case, the disclosure will be made consistent with the requirements of applicable federal and state laws. We may disclose your PHI to a correctional institution or law enforcement official if you are an inmate of a correctional institution or under the custody of a law enforcement official.

5. Fundraising activities

We may use contact information, such as your name, address and phone number and the dates you received treatment or services, to contact you in an effort to raise money to support our fundraising efforts. We may disclose this contact information to a related foundation so that the foundation may contact you in raising money to support our fundraising efforts. You have a right to “opt-out” of receiving these communications. If you do not want to be contacted for fundraising efforts, you must notify us in writing.

6. Research

We may use and disclose your PHI for certain research purposes consistent with applicable law. We will obtain authorization to use your PHI for research purposes except when permitted under the privacy regulation at §164.512, such as when an Institutional Review Board or a Privacy Board approved the use or sharing of information without an authorization after reviewing and approving the research and establishing protocols to protect the privacy of the information. If you agree to participate in an approved research study, you will be asked to read and sign an authorization document. Under this circumstance, we may use and disclose medical information about you for the purpose of the research study to which you provided your authorization.

7. Education

We may use and disclose your PHI in the course of training people to become doctors, nurses and other kinds of health care providers.

8. Business associates

We may disclose your PHI to others called “Business Associates,” who perform services on our behalf. An example of a Business Associate is a billing company that bills for the services we provide. The Business Associate must agree in writing to protect the confidentiality of the PHI.

9. Marketing

We may use or disclose your PHI for marketing purposes without your permission in certain situations, such as when we discuss products or services with you face to face or to provide you with an inexpensive promotional gift related to the product or service. We also may contact you to provide information about treatment alternatives or other health-related benefits and services that may be of interest to you when permitted by law. For other types of marketing activities we will obtain your written permission before using or disclosing your PHI.

10. Directory

Unless you notify us that you object, we will use your name, the location at which you are receiving care, phone number and / or room number (if applicable), and religious affiliation or house of worship for directory purposes. Except for religious affiliation or house of worship, this information may be provided to others who ask for you by name.

11. Notification

We may use or disclose your name and / or room number and phone number (if applicable) in order to notify or assist in notifying a family member, personal representative, or another person as may be necessary for your care.

The health information exchange

AHNP may participate in Health Information Exchange (HIE), which will provide you with the choice to opt-in or opt-out. An HIE is a secure electronic data sharing network. In accordance with federal and state privacy regulations, health care providers participate in an HIE to exchange patient information in order to facilitate health care, avoid duplication of services, such as tests, and to reduce the likelihood that medical errors will occur. The HIE allows your health information to be shared among authorized participating health care providers, such as health systems, hospitals and physicians, for the purposes of Treatment, Payment or health care operations purposes. Examples of this health information may include:

• General laboratory, pathology, transcribed radiology reports and EKG Images

• Results of outpatient diagnostic testing (GI testing, cardiac testing, neurological testing, etc.)

• Health maintenance documentation / Medication

• Allergy documentation / Immunization profiles

• Progress notes / Urgent Care visit progress notes

• Consultation notes

• Inpatient operative reports
• Discharge summary / Emergency room visit discharge summary notes
  

All participating providers who provide services to you may have the ability to access your information. Providers that do not provide services to you will not have access to your information. Information may be provided to others as necessary for referral, consultation, treatment or the provision of other health care services, such as pharmacy or laboratory services. All participating providers have agreed to a set of standards relating to their use and disclosure of the information available through the HIE. Your health information shall be available to all participating providers through the HIE.

Other Uses of Health Information
Other uses and disclosures of PHI not covered by this Notice or applicable laws will be made only with your written authorization. For example, we will not sell your PHI without your authorization unless permitted by law. Similarly, most disclosures of psychotherapy notes (if any) require your authorization. You may revoke the authorization, at any time, in writing. The revocation will apply to all disclosures except those which were made prior to receiving the revocation.

Your rights regarding your protected health information

Although your record is the property of AHN, the PHI in it belongs to you. You have the following rights:

1. Right to access, inspect and copy

You have the right to look at or get copies of your PHI in a designated record set. Generally, a “designated record set” contains medical and billing records, as well as other records that are used to make decisions about your health care benefits. However, you may not inspect or copy psychotherapy notes or certain other information that may be contained in a designated record set. You may request that we provide copies in a format other than photocopies, including electronic access. We will use the format you request unless we cannot practicably do so. You must make a request in writing to obtain access to your PHI. To inspect and / or copy your PHI, you may obtain a form to request access by using the contact information listed at the end of this Notice. We may charge you a reasonable, cost-based fee for responding to these requests.

We may deny your request to inspect and copy your PHI in certain limited circumstances. If you are denied access to your information, you may request that the denial be reviewed. A licensed health care professional chosen by us will review your request and the denial. The person performing this review will not be the same one who denied your initial request. Under certain conditions, our denial will not be reviewable. If this event occurs, we will inform you in our denial that the decision is not reviewable.

2. Right to amend

If you believe that your PHI is incorrect or incomplete, you have the right to request that we amend or append your PHI. Your request must be in writing, and it must explain why the information should be amended.

We may deny your request. If you disagree with our decision, you may submit your written statement of disagreement to be appended to the information you wanted amended. If we accept your request to amend the information, we will make reasonable efforts to inform others, including people you name, of the amendment and to include the changes in any future disclosures of that information.

3. Right to an accounting of disclosures

You have a right to an accounting of certain disclosures of your PHI as prescribed by law that are for reasons other than treatment, payment or health care operations.

An “accounting of disclosures” provides a list of disclosures of PHI. The list includes the date(s) of the disclosure, to whom we made the disclosure, a brief description of the information disclosed, and the purpose for the disclosure. The first list you request within a 12-month period will be free. If you request this list more than once in a 12-month period, we may charge you a reasonable, cost-based fee for responding to these additional requests.

4. Right to request restrictions

You may request restrictions on our use and disclosure of your PHI for treatment, payment and health care operations. However, we are not obligated to agree to your request in all situations.

Any agreement we may make to a request for additional restrictions must be in writing signed by a person authorized to make such an agreement on our behalf. You may terminate this restriction if you submit the termination in writing, or if we inform you that we are terminating the restriction. Any termination will apply only to PHI created or received after receipt of the termination.

In your written request tell us: (1) the information whose disclosure you want to limit; and (2) how you want to limit our use and / or disclosure of the information.

In the event that products or services were paid out of pocket in full, at your request, we will not share information about those services with a health plan for purposes of payment or health care operations. “Health plan” means an organization that pays for your medical care.

5. Right to request confidential communications

You have the right to request that we communicate with you in confidence about your PHI by alternative means or to an alternative address. For example, you may ask that we contact you only at your work address or via your work email.

Although you may initiate your request verbally, you must make your request in writing. You do not need to provide a reason for your request. We must reasonably honor your request. However, the request must allow us to communicate and serve you effectively.

6. Right to a paper copy of this notice

You have the right to a paper copy of this Notice. You may obtain a copy of this Notice by requesting it at the AHN entity or AHN website or by contacting the Privacy Officer at the address below.

7. Breach notification

In the event of breach of your unsecured health information, we will provide you notification of such a breach as required by law or where we otherwise deem appropriate.

Changes to this notice

On an ongoing basis, we will review and monitor our privacy practices to ensure the privacy of our patients’ PHI. Due to changing circumstances, it may become necessary to revise our privacy practices and the terms of this Notice. We reserve the right to make changes in our privacy practices, and the new terms of our Notice will become effective for all PHI we created or received before we made the changes. Before we make a material change in our privacy practices, we will change this Notice and post a copy of the current Notice at our facilities.

Complaints

If you are concerned that we may have violated your privacy rights, or you disagree with a decision we made about access to your PHI or in response to a request you made to amend or restrict the use or disclosure of your PHI or to have us communicate with you in confidence by alternative means or at an alternative location, you may complain to us using the contact information listed below.

You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with the address to file your complaint with the U.S. Department of Health and Human Services upon request.

We support your right to protect the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

Contact Information for Questions and Complaints

*Revised January 1, 2015; January 1, 2016.