Privacy Notice

Community Health Programs

Notice of Privacy Practices for Community Health Programs

Click below to print out the Privacy Practice pamphlet.

HIPAA

This notice applies to the associates of Ohio University Heritage College of Osteopathic Medicine, Community Health Programs.

The notice covers all volunteers, students, staff, employees who participate in any of our Community Health Programs Services.

This notice describes how your medical information may be used and disclosed and how you can access this information. 

You are encouraged to review this notice and if you have any questions then please contact the Community Health Programs Privacy Officer at  740.593.2432 or 1.800.844.2654.

Our duty is to protect your health information.

We understand that your health information is personal. When you receive healthcare and give this information to doctors, nurses and other caregivers at our facilities, we use that information to create your health record about you and the services and care you receive. This record is protected by law and is called your “protected health information.” This information may be kept in paper or electronic form. We are committed to keeping your health information safe.

According to the law, we must:

-  Make sure that all your protected health information is kept private;

-  Give you this Notice of Privacy Practices explaining our legal duties to safeguard your information;

-  Follow the terms in this notice that are currently in practice at our facilities.

The Notice tells you:

-  The ways that protected health information is used and shared;

-  Your rights;

-  Our duties regarding the use and sharing of protected health information.

HOW WE MAY USE OR SHARE YOUR PROTECTED HEALTH INFORMATION:

There are certain ways that we may use and share your protected health information. This allows us to better address your healthcare needs in our Health System.

For Care and Treatment: 

1.  We may share your protected health information with doctors, nurse, technicians, student trainees, and other staff involved in your healthcare.  

2.  We may share your information with healthcare providers outside our Health System for your treatment if this is needed.  An example would be if you are transferred to another facility for continued care or specialized services.  If you need consultation from a dietitian or from a physical therapist to help you with your recovery.

For payment for your services:

1.  Protected health information may be used or shared with other providers, insurance companies, or health plans so that we can be reimbursed for your care.  Health plans may require that we disclose your treatment plan for prior approval or to determine whether your health plan will cover the treatment.  We may share information to facilitate payment to another provider who has been participating in your care or recovery. 

2.  It is the responsibility of all these business partners to protect any protected health information they receive from us for payment purposes.

Healthcare operations:

1.  Protected health information may be used or shared as necessary and as permitted by law. It is used to help determine how we may improve our care or add services or to improve operations.

2.  Surveys may be conducted to evaluate the care you receive.

3.  Information may be shared for teaching purposes.

4.  Comparative surveys may use the information to study how our healthcare services compare with other facilities. (These studies do not contain identifying information related directly to you). Any business associate helping with these evaluations are also responsible directly for protecting your privacy.

5.  We may use protected health information to help raise money with fund-raising activities. Any individual has the right to ‘opt-out’ of receiving any fundraising communications. 

6.  Appointment reminders may be used to remind you of an appointment. If you do not wish to receive these reminders, be sure to tell the associates handling your registration.

7.  Workers’ Compensation. We share protected health information with workers’ compensation agencies, if needed, for a benefit determination.

8.  Research. We may share protected health information for research when it has been approved through our internal processes which requires that all patient privacy be maintained.

9.  Public health or a threat to health or safety. Information may be shared when necessary to prevent a serious threat to public health and safety, to another individual’s health and safety or your health and safety. Information is used to report diseases, injuries, births, and deaths. Information is shared with coroners and funeral directors for deceased patients.

10. Organ and tissue donation. Protected health information may be released to organizations that handle organ, tissue, and eye procurement to facilitate organ donation and transplantation.

11. As required by law. We may share information about your care when required by federal, state, or local law.

12. Victims of abuse, neglect or domestic violence. We may share certain protected health information with government agencies authorized by law to receive reports of child or elder abuse, neglect, or domestic violence if we believe the patient is a victim.

13. Healthcare oversight. We may share protected health information with agencies involved with audits, inspections, licensing, or investigations.

14. Law enforcement. We may share your protected health information with law enforcement officers if required or permitted by law.

15. Disaster relief. We may share protected health information with an agency that is helping individuals following a disaster so that they may be located by family.

16. All other disclosures require your prior written authorization. Authorization forms are available for patients to sign indicating your written permission to release protected health information to a specific caregiver or other specified individual. This authorization must be signed and dated by the patient or the patients legal representative and may be revoked (or canceled) to stop us from sharing this information. All cancelations must also be in writing. This will apply to future uses not already shared with the provider indicated in the original authorization. The patient’s legal representative must provide documentation on the source of his/her authority to act on behalf of the patient. If the copy of the health record is to be picked up on-site by the patient or the patient’s legal representative, full identification in the form of a photo ID must be provided. The patient has the right to direct that the copy be transmitted directly to an entity or person designated by the patient, provided that any such designation is clear, conspicuous, and specific with complete name, phone number, and mailing address or other identifying information. Authorizations received by fax will be honored as the original document. Faxing PHI to another facility is permitted; however, these outgoing faxes must be accompanied by a confidentiality/disclaimer statement. As an added precaution, staff must telephone the facility before this information is faxed to verify by voice the facility named on the authorization/request and that they are expecting the information. Shortly after the information is faxed, telephone the facility to ensure that it was received.

We will obtain your prior written authorization for uses and disclosures including:

             a. Marketing Communication unless the communication is made directly to you in person, is simply a promotional gift of nominal value, is a prescription refill reminder, general health or wellness information, or a communication about health related products or services that we offer or that are directly related to your treatment.

              b. Psychotherapy Notes unless otherwise permitted or required by law.

We will never sell your personal health information without your prior authorization. We may receive compensation (directly or indirectly) related to an exchange of your personal health information for the following purposes:

  •  Any disclosure permitted by the Privacy Rule if the remuneration is limited to the reasonable cost of preparation and transmittal of the PHI. Permitted costs include labor, materials, supplies for generating, storing, retrieving, and transmitting PHI, and capital and overhead costs. Profits from the disclosure of PHI are not permitted.
  • Disclosures for (i) public health, (ii) treatment of the individual and payment, (iii) the sale, transfer, merger or consolidation of all or part of a covered entity and related due diligence, if the recipient will become a covered entity, (iv) services rendered by a business associate under a business associate agreement at the request of the covered entity, (v) disclosures to provide individuals with access to their PHI or an accounting of disclosures, and (vi) other disclosures required by law, even though there may be a transfer of compensation as a result of these types of disclosures (e.g.., a copying fee for medical records, a cost-based fee for an accounting, service fees under a BA agreement, payment for the sale or transfer of a business, etc.).
  • Further, the following activities are not considered a “sale” under the Final Rule:
  • Payments from grants, contracts or other arrangements to perform programs or activities such as research studies.
  • The exchange of PHI through a health information exchange that is paid fees assessed on participants.

Your rights regarding your protected health information:

1.  Your protected health information as well as your billing records is the property of Ohio University Heritage College of Osteopathic Medicine, Community health Programs. The health information contained in our records is your protected health information. You have the rights to the following regarding your Health information: You have the right to review (please schedule an appointment with the Privacy Officer for a record review:   740-593-2432 or 1-800-844-2654) and/or to receive a copy. You have a right to obtain an electronic copy of your health information that exists in an electronic format and you may direct that copy be transmitted directly to the entity or person designated by you provided that such delegation is clear and specific with complete name and mailing address or other identifying information. Special considerations include:

             a. Psychotherapy notes: may require special approval by the healthcare provider (who would        determine if sharing this type of information would have an adverse effect). 

             b. Information that has been created in preparation for a civil, criminal or administrative action or proceeding.

             c. Other types of information that may be used to make decisions regarding your healthcare.

17.  You must submit a written request for your protected health information to: Community Health Programs, 055 Grosvenor Hall, 1 Ohio University, Athens, Ohio 45701. We may charge for copies of records based on guidelines for pricing set by the Ohio Department of Health.

Right to appeal a denial to access your protected health information.   If your record access has been denied because a healthcare provider decided that sharing information would have an adverse effect, you do have the right to transfer your care to another provider.  With authorization, we will transfer information directly to the health provider of your choice.

Right to Amend.   If you feel there is an error in your protected health information, you may complete a request to amend’ form and submit the request to the Community Health Programs Privacy Officer Privacy Officer at 055 Grosvenor Hall, 1 Ohio University,  Athens, Ohio 45701.Your reason for the change must be included and information to support your request. We may deny your request if it is determined that the information in the record is accurate and  complete.

Right to an Accounting of Disclosures.   Patients have a right to request an accounting of disclosures of protected health information. These requests should include calendar dates that you want to see and must begin on or after April, 2003.

Right to restrict certain disclosures of protected health information.   Patients have the right to restrict certain disclosures of protected health information. We are not required to agree to most requests, however, in cases where the individual pays out-of-pocket in full for the item or service, we must agree to a requested restriction of that information to the individual’s health plan. Such a request will be honored as long as the information is not necessary to explain any other services provided and billed to your health plan.

Right to request confidential communications.  You have the right to request that we communicate with you in a certain way or send information to a certain location. This request should be submitted in writing to the hospital or office where you are receiving services. Your request should include how or where you wish to be contacted and by what method, i.e.. telephone, mail, fax.

Right to be notified of a breach. Individuals have the right to be notified following a breach of unsecured protected health information.

Right to receive a paper copy of this notice.  You have the right to receive a paper copy of this Notice. Paper copies are available in the registration areas. During the registration process, you will be asked to acknowledge receipt of this Notice on your general consent form. We reserve the right to make changes to this Notice. Effective dates are noted.

CONCERNS OR COMPLAINTS: 

If you believe that your privacy rights have been violated, then you may file a complaint by contacting the Community Health Programs Privacy Officer at 740.593.2432 or 800.844.2654.

We will not retaliate against you for filing a complaint.

You may also file a complaint with the U.S.. Office of Civil Rights in Washington D.C.. within 180 days of a violation of your rights.

If you have questions or need a paper copy of this Notice, please contact Community Health Programs Privacy Officer at 740.593.2432 or 1.800.844.2654.

Effective date for the Notice of Privacy Practices:  April 2003.

Revised Notice of Privacy Practices:  June 3, 2015.